Dell Networking SONiC: Virtual Router Redundancy Protocol

 

Prerequisites Standard interface naming is used to demonstrate the Concepts. See Dell article 202172 Dell Networking S-Series: Basic Interface Configuration - SONiC 4.0 for more information regarding interface naming

 

Index

Introduction
Create a Virtual Router
Create a Virtual IP Address
Create VRRP Group Priority
Disable Preempt 
Modify Advertisement Interval
Interface Tracking
 

Introduction

Virtual Router Redundancy Protocol (VRRP) allows you to form virtual routers from groups of physical routers on your local area network (LAN). These virtual routing platforms - primary and backup pairs - provide redundancy during hardware failure. VRRP also allows you to configure a virtual router as the default gateway for all your hosts. It also avoids the single point of failure of a physical router.
 

• Provides a virtual default routing platform
• Provides load balancing
• Supports multiple logical IP subnets on a single LAN segment
• Allows simple traffic routing without the single point of failure of a static default route
• Avoids issues with dynamic routing and discovery protocols
• Takes over a failed default router:
  • Within a few seconds
  • With minimum to no traffic loss
  • With no any interaction from the hosts

VRRP configuration VRRP specifies a primary, or active, router that owns the next-hop IP and MAC address for end stations on a LAN. The primary router is chosen from the virtual routers by an election process and forwards packets sent to the next-hop IP address. If the primary router fails, VRRP begins the election process to choose a new primary router which continues routing traffic. 288 Layer 3 VRRP packets transmit with the virtual router MAC address as the source MAC address. The virtual router MAC address associated with a virtual router is in the 00:00:5E:00:01:{VRID} format for IPv4 and 00:00:5E:00:02:{VRID} format for IPv6. The VRID is the virtual router identifier that allows up to 255 IPv4 and IPv6 VRRP routers on a network. The first four octets are unquenchable, the last two octets are 01:{VRID} for IPv4 and 02:{VRID} for IPv6. The final octet changes depending on the VRRP virtual router identifier.
The example shows a typical network configuration using VRRP. Instead of configuring the hosts on network 10.10.10.0 with the IP address of either Router A or Router B as the default router, the default router of all hosts is set to the IP address of the virtual router. When any host on the LAN segment requests Internet access, it sends packets to the IP address of the virtual router. Router A is configured as the primary router with the virtual router IP address and sends any packets addressed to the virtual router to the Internet. Router B is the backup router and is also configured with the virtual router IP address. If Router A, the primary router, becomes unavailable (the connection between the LAN segment and Router A on Eth 1/1/6 goes down), Router B, the backup router, automatically becomes the primary router and responds to packets sent to the virtual IP address. All workstations continue to use the IP address of the virtual router to transmit packets destined to the Internet. Router B receives and forwards packets on interface Eth 1/1/5. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet.
 

Basic VRRP Configuration

 

Create a Virtual Router

VRRP uses the VRID to identify each virtual router configured. Before using VRRP, you must configure the interface with the primary IP address.

• Create a virtual router for the interface with the VRRP identifier (1 to 255), then enter the address-family interface name(ipv4 or ipv6).

sonic(config-if-Vlan100)# vrrp vrrp-id address-family afi-name

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure terminal
DELLSONiC(config)# interface Vlan 100
DELLSONiC(config-if-Vlan100)# vrrp 100 address-family ipv4

• Delete a VRRP identifier and address-family.

DELLSONiC(config-if-Vlan100)# no vrrp 100 address-family ipv4

 

Create a Virtual IP address

Virtual routers contain virtual IP addresses configured for that VRRP group (VRID). A VRRP group does not transmit VRRP packets until you assign the virtual IP address to the VRRP group. 
To activate a VRRP group on an interface, configure at least one virtual IP address for a VRRP group. The virtual IP address is the IP address of the virtual router and does not require an IP address mask. You can configure up to 10 virtual IP addresses on a single VRRP group (VRID).
These rules apply to virtual IP addresses:

• The virtual IP addresses must be in the same subnet as the primary or secondary IP addresses configured on the interface. Though a single VRRP group can contain virtual IP addresses belonging to multiple IP subnets configured on the interface, Dell Technologies recommends configuring virtual IP addresses belonging to the same IP subnet for any VRRP group. An interface on which you enable VRRP contains a primary IP address of 50.1.1.1/24 and a secondary IP address of 60.1.1.1/24. The VRRP group (VRID 1) must contain virtual addresses belonging to subnet 50.1.1.0/24 or subnet 60.1.1.0/24.
• If you configure multiple VRRP groups on an interface, only one of the VRRP groups can contain the interface primary or secondary IP address
• The primary IP address and the virtual IP addresses must be on the same subnet.

 

•  Configure a virtual IP address for this VRRP ID (up to 10 IP addresses)

sonic(config-if-Vlan100-vrrp-ipv4-100)# vip vip-addr 

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure terminal
DELLSONiC(config)# interface Vlan 100
DELLSONiC(config-if-Vlan100)# vrrp 100 address-family ipv4
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# vip 10.10.100.3
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# show configuration
!
vrrp 100 address-family ipv4
 vip 10.10.100.3
DELLSONiC (config-if-Vlan100-vrrp-ipv4-100)#

​​​​​DELLSONiC# show vrrp interface Vlan 100 vrid 100
    Vlan100, VRID 100
    Version is 2
    State is Up
    Virtual IP address:
        10.10.100.3
    Virtual MAC address is 0000.5e00.0164
    Track interface:
        Interface            State  Priority
        Eth1/2                Up      50
    Configured Priority is 150, Current Priority is 150
    Advertisement interval is 10 sec
    Preemption is disabled

Configure VRRP group priority

The router that has the highest primary IP address of the interface becomes the primary. The default priority for a virtual router is 100. If the primary router fails, VRRP begins the election process to choose a new primary router based on the next-highest priority. The virtual router priority is automatically set to 255, if any of the configured virtual IP addresses matches the interface IP address.

• Configure the priority number for the VRRP group (1 to 254; default 100).

sonic(conf-if-Vlan100-vrrp-ipv4-100)# priority number 

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure terminal
DELLSONiC(config)# interface Vlan 100
DELLSONiC(config-if-Vlan100)# vrrp 100 address-family ipv4
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# priority 150
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# show configuration
!
vrrp 100 address-family ipv4
 priority 150
 vip 10.10.100.3
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)#

 

Disable Preempt 

Prevent the backup router with the higher priority from becoming the primary router by disabling the preemption process. The preempt command is enabled by default and forces the system to change the primary router if another router with a higher priority comes online. You must configure all virtual routers in the VRRP group with the same settings. Configure all routers with preempt enabled or configure all with preempt disabled.

• Prevent any backup router with a higher priority from becoming the primary router.

sonic(conf-if-Vlan100-vrrp-ipv4-100)# no preempt 

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure terminal
DELLSONiC(config)# interface Vlan 100
DELLSONiC(config-if-Vlan100)# vrrp 100 address-family ipv4
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# no preempt
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# show configuration
!
vrrp 100 address-family ipv4
 priority 150
 no preempt
 vip 10.10.100.3
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)#

 

Advertisement interval

By default, the primary router transmits a VRRP advertisement to all members of the VRRP group every second, indicating it is operational and the primary router. If the VRRP group misses three consecutive advertisements, the election process begins and the backup virtual router with the highest priority transitions to primary. To avoid throttling VRRP advertisement packets, Dell Technologies recommends increasing the VRRP advertisement interval to a value higher than the default value of one second. If you change the time interval between VRRP advertisements on one router, change it on all participating routers.

• Change the advertisement interval setting in seconds (1 to 255; default 1).

sonic(conf-if-Vlan100-vrrp-ipv4-100)# advertise-interval seconds 

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure terminal
DELLSONiC(config)# interface Vlan 100
DELLSONiC(config-if-Vlan100)# vrrp 100 address-family ipv4
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# advertisement-interval 10
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# show configuration
!
vrrp 100 address-family ipv4
 priority 150
 no preempt
 advertisement-interval 10
 vip 10.10.100.3
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)#

 

Interface Tracking 

You can monitor the state of any interface according to the virtual group. If the interface being tracked goes down, the VRRP group priority decreases by a default value of 10 - also known as cost. If the tracked interface’s state goes up, the VRRP group priority increases by the priority cost. The lowered priority of the VRRP group may trigger an election. As the primary or backup VRRP routers are selected based on the VRRP group’s priority, tracking features ensure that the best VRRP router is the active for that group. The combined priority of the VRRP router is all its tracking interface must be less than 254. If you configure the VRRP group as the owner router with a priority 255, tracking for that group is disabled, regardless of the state of the tracked interfaces. The priority of the owner group always remains 255. 294 Layer 3 For a virtual group, track the line-protocol state of any interface using the interface command. Enter an interface type and slot/port[/breakout-port][:subport] information, or VLAN number.

• Ethernet - Physical interface
• Vlan - VLAN interface, from 1 to 4093 

For a virtual group, track the status of a configured object using the track command and the object number. You can also configure a tracked object for a VRRP group with this command before you create the tracked object. No changes in the VRRP group priority occur until the tracked object is determined to be down.

• Increase the effective priority by weight value if the track interface is up. 

sonic(conf-if-Vlan100-vrrp-ipv4-100)# track-interface interface-name weight wt_value 

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure terminal
DELLSONiC(config)# interface Vlan 100
DELLSONiC(config-if-Vlan100)# vrrp 100 address-family ipv4
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# track-interface Eth1/2 weight 50
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)# show configuration
!
vrrp 100 address-family ipv4
 priority 150
 no preempt
 advertisement-interval 10
 vip 10.10.100.3
 track-interface Eth1/2 weight 50
DELLSONiC(config-if-Vlan100-vrrp-ipv4-100)#

DELLSONiC# show vrrp interface Vlan 100 vrid 100
    Vlan100, VRID 100
    Version is 2
    State is Up
    Virtual IP address:
        10.10.100.3
    Virtual MAC address is 0000.5e00.0164
    Track interface:
        Interface            State  Priority
        Eth1/2                Up      50
    Configured Priority is 150, Current Priority is 150
    Advertisement interval is 10 sec
    Preemption is disabled