I know Cisco support VRRP and GRRP but I’ve always used HSRP as my redundant gateway of choice. In the scope of the JN0-348 the only redundant gateway is VRRP (Virtual Router Redundancy Protocol). Its similar to HSRP so should not pose much of a config challenge. Let’s run over a few facts:
Router Roles:
VRRP Router – any router participating in the VRRP process.
Master Router – the router doing the forwarding.
Backup Router – the router that will take the forwarding role on in the event of a failure
Virtual Router – the IP address which is the ‘dummy’
Communication:
All the VRRP routers must connect via a common LAN segment and uses multicast IP 224.0.0.18 with a TTL of 255. default timer is 1 second
Master Election:
By configurable priority with 100 being the default. Higher is better. The other option is to assign the Virtual IP to the physical interface of the box you want to be the master. Preemption is off by default and tuneable.
State:
Init – the router is still initialising. Matster, Backup and Transition (between master and backup etc).
Configuration:
The config is a subset of the ip address of the interface. The VRRP Group number must be consistent across all VRRP routers sharing the VIP.
On SRX1
root# set interfaces ge-0/0/5 unit 0 family inet address 172.16.55.251/24 vrrp-group 55 virtual-address 172.16.55.1 root# set interfaces ge-0/0/5 unit 0 family inet address 172.16.55.251/24 vrrp-group 55 priority 120 root# set interfaces ge-0/0/5 unit 0 family inet address 172.16.55.251/24 vrrp-group 55 preempt
On SRX2
root@SRX2# set interfaces fe-0/0/1 unit 0 family inet address 172.16.55.252/24 vrrp-group 55 virtual-address 172.16.55.1
Verification SRX1:
root> show vrrp summary Interface State Group VR state VR Mode Type Address ge-0/0/5.0 up 55 master Active lcl 172.16.55.251 vip 172.16.55.1
Verification SRX2:
root@SRX2> show vrrp summary Interface State Group VR state VR Mode Type Address fe-0/0/1.0 up 55 backup Active lcl 172.16.55.252 vip 172.16.55.1
Saving that 3rd IP address!
We now we can assign the ‘hot’ IP to an actual interface, so here is how it looks from SRX2 point of veiw:
root@SRX2# show interfaces fe-0/0/1 description "*** LAN PORT ***"; unit 0 { family inet { address 172.16.55.1/24 { vrrp-group 55 { virtual-address 172.16.55.1; priority 255; } } } }
Note that when I changed the IP on the fe-0/0/1 interface it ripped out all the VRRP config as its all ‘downstream’ of the IP address. The verification now looks like:
root@SRX2> show vrrp summary Interface State Group VR state VR Mode Type Address fe-0/0/1.0 up 55 master Active lcl 172.16.55.1 vip 172.16.55.1
and the SRX1 which was formerly the master looks like:
root> show vrrp summary Interface State Group VR state VR Mode Type Address ge-0/0/5.0 up 55 backup Active lcl 172.16.55.251 vip 172.16.55.1
So the final test was to pull the cable out of the master (SRX2) and check it fails over nicely. Here is the extract from the log file:
Sep 23 15:37:02 vrrpd[1972]: VRRPD_NEW_MASTER: Interface ge-0/0/5.0 (local address 172.16.55.251) became VRRP master for group 55 with master reason masterNoResponse