Saturday, March 17, 2018

Extreme Switch - How to Create a Basic VRRP Configuration in EXOS


  • Virtual Router Redundancy Protocol Version 3 for IPv4 and IPv6 (VRRPv3) specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN
  • The VRRP router controlling addresses associated with a virtual router is the Master, and it forwards packets sent to these addresses
  • VRRP Backup routers assume forwarding responsibility for a virtual router should the current VRRP Master router fail
  • Virtual Router support for IPv6 addresses
  • For more on this, see RFC 5798 (VRRP Version 3 for IPv4 and IPv6)

ISC (Inter-Switch Connection)
  • The ISC VLAN is a user-created point-to-point VLAN that carries MLAG control traffic between two MLAG peers
  • This VLAN should be created on both MLAG peers and added to both sides of the port/LAG that directly connects them
  • This VLAN should not carry any other traffic and should not be added to any other ports/LAGs
  • The ISC must be a direct connection between two peers, intermediate switches may disrupt operation
  • (Best Practice) Use a /30 subnet for this VLAN for efficiency
  • (Best Practice) Use an LACP LAG for the ISC connection


Step 0. Create an ISC VLAN on both switches
0-1. Cs1
create vlan isc
configure vlan isc tag 2
configure vlan isc add ports 69 tagged
configure vlan isc ipaddress 172.31.31.2 255.255.255.252

0-2. Cs2
create vlan isc
configure vlan isc tag 2
configure vlan isc add ports 69 tagged
configure vlan isc ipaddress 172.31.31.1 255.255.255.252

This ISC VLAN can be used for MLAG and VRRP.

* Best Practice: Set up the ISC connection with more than two ports as an LACP LAG.
enable sharing 69 grouping 69-70 algorithm address-based L3_L4 lacp



Step 1. Create a VLAN on MLAG peers and add ports to ISC link

create vlan vlan10 tag 10
configure vlan vlan10 add ports 69 tagged

Step 2. Add an IP address to the VRRP VLAN on each MLAG Peers

configure vlan vlan10 ipaddress 192.0.2.2/24
configure vlan vlan10 ipaddress 192.0.2.3/24

Step 3. Create a VRRP router instance on MLAG peers

create vrrp vlan vlan10 vrid 1

Step 4. Add VIP to VRRP instance on each MLAG Peer

configure vrrp vlan vlan10 vrid 1 add 192.0.2.1

Step 5. Configure a priority value on Master VRRP switch

configure vrrp vlan vlan10 vrid 1 priority 200

The default priority is 100. Therefore, priority 200 (Switch 1) will be the Master in this case.
  • Priorities
  1. The router with an IP address equal to the virtual IP address becomes master.
  2. If the virtual IP address is not owned by any of the VRRP routers, the highest configured priority becomes the master.
  3. If priorities are equal, then the higher IP address wins the election.

Step 6. Enable VRRP globally and on each VLAN

enable vrrp


The configuration commands for peer A are as follows:

create vlan vlan10 tag 10
configure vlan vlan10 ipaddress 192.0.2.2/24
enable ipforwarding vlan vlan10
configure vlan vlan10 add ports 69 tagged

 create vrrp vlan vlan10 vrid 1
configure vrrp vlan vlan10 vrid 1 priority 200
configure vrrp vlan vlan10 vrid 1 add 192.0.2.1
enable vrrp


The configuration commands for peer B are as follows:

create vlan vlan10 tag 10
configure vlan vlan10 ipaddress 192.0.2.3/24
enable ipforwarding vlan vlan10
configure vlan vlan10 add ports 69 tagged

 create vrrp vlan vlan10 vrid 1
configure vrrp vlan vlan10 vrid 1 add 192.0.2.1
enable vrrp


The VRRP peers send VRRP packets for a specified advertisement interval. The default value is 2 seconds so the below command will be added automatically.

configure vrrp vlan vlan10 vrid 1 advertisement-interval 2 seconds

The master down interval is based on the advertisement interval and skew time. When the backup router receives no VRRP packets during a master down interval, it becomes a master router.

Step 7. Check the VRRP state on both switches

You should be able to see the 'Master (MSTR)' state on Switch 1 and 'Backup (BKUP) state on Switch2.

Switch1 # show vrrp
                      Virtual                 Master
   VLAN Name VRID Pri IP Address        State MAC Address       TP/TR/TV/P/T    /FR/G
    vlan10(En) 0001 200 192.0.2.1       MSTR 00:00:5e:00:01:01  0  0  0 Y 2      N N
    vlan20(En) 0001 200 10.10.10.1      MSTR 00:00:5e:00:01:01  0  0  0 Y 2      N N

   En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
  TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs, FR-Fabric Routing,
  G-Group

 Total number of VRs : 2
Switch2 # show vrrp
                      Virtual                 Master
   VLAN Name VRID Pri IP Address        State MAC Address       TP/TR/TV/P/T    /FR/G
    vlan10(En) 0001 100 192.0.2.1        BKUP 00:00:5e:00:01:01  0  0  0 Y 2      N N
    vlan20(En) 0001 100 10.10.20.1       BKUP 00:00:5e:00:01:01  0  0  0 Y 2      N N

   En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
  TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs, FR-Fabric Routing,
  G-Group

 Total number of VRs : 2

If the VRID is 1, the MAC address is 00:00:5e:00:01:01.

'show vrrp detail' command will show you some detail information.

Switch1 # show vrrp detail
VLAN:  vlan10 VRID:  1 VRRP:  Enabled State:  MASTER
Virtual Router:  VR-Default
Priority:  200(backup) Advertisement Interval:  2 sec
Version: v3-v2 Preempt:  Yes Preempt Delay: 0 sec
 Virtual IP Addresses:
  192.0.2.1
 Accept mode:  Off            Group : None
 Host-Mobility:  Off
 Host-Mobility Exclude-Ports:
 Checksum:  Include pseudo-header
 Tracking mode:  ALL
 Tracked Pings:  -
 Tracked IP Routes:  -
 Tracked VLANs:  -
 Fabric Routing: Off

 VLAN:  vlan20 VRID:  1 VRRP:  Enabled State:  MASTER
Virtual Router:  VR-Default
Priority:  200(backup) Advertisement Interval:  2 sec
Version: v3-v2 Preempt:  Yes Preempt Delay: 0 sec
 Virtual IP Addresses:
  10.10.20.1
 Accept mode:  Off            Group : None
 Host-Mobility:  Off
 Host-Mobility Exclude-Ports:
 Checksum:  Include pseudo-header
 Tracking mode:  ALL
 Tracked Pings:  -
 Tracked IP Routes:  -
 Tracked VLANs:  -
 Fabric Routing: Off


* Additional Notes

  • VRRP Things to Remember
- The VRRP multicast address is 224.0.0.18.
- The virtual router MAC address is 00:00:5E:00:01:xx.
- Duplicate virtual router IDs are allowed on the router, but not on the same interface.
- A maximum of 7 VRID instances are supported on the router.
- VRRP and Spanning Tree can be simultaneously enabled on the same switch.
- VRRP and ESRP cannot be simultaneously enabled on the same VLAN.
- Extreme Networks does not recommend enabling VRRP and ESRP on the same switch simultaneously.


* Related posts:


Posted by at 11:57 AM
Labels: , , , , , ,

No comments:

Post a Comment