VRRP
This chapter provides information about configuring Virtual Router Redundancy Protocol (VRRP) parameters.
Topics in this chapter include:
VRRP Overview
Virtual Router Redundancy Protocol (VRRP) is a method of implementing a redundant IP interface shared between two or more routers on a common LAN segment, allowing a group of routers to function as one virtual router. If the IP interface of the virtual router is specified as a default gateway on hosts directly attached to the LAN, the routers sharing the IP interface by participating in VRRP as part of the virtual router instance will prevent a single point of failure by ensuring access to this gateway address. VRRP can be implemented on IES and VPRN service interfaces. VRRPv3 can also be implemented on IES and VPRN service interfaces, including r-VPLS interfaces for both IES and VPRN.
The 7705 SAR supports VRRPv3 for IPv4 and IPv6 as described in RFC 5798. Within a VRRP router, the virtual routers in each of the IPv4 and IPv6 address families are in separate domains and do not overlap.
With VRRP, one router is designated as the virtual router in master state (active router) and the other routers in the group act as backups. The active router forwards all packets sent to the virtual IP address. If the router fails, an election process begins and the backup router configured with the highest acceptable priority becomes the active virtual router. The new active router assumes the packet forwarding for the local hosts.
VRRP is supported on Ethernet adapter cards only.
VRRP Master/Backup Configuration shows an example of a VRRP configuration.
VRRP Components
VRRP consists of the following components:
Virtual Router
A virtual router is a logical entity managed by VRRP that acts as a default router for hosts on a shared LAN. It consists of a virtual router ID (VRID) and one or more IP addresses across a common LAN. A VRRP router can back up one or more virtual routers.
The purpose of supporting multiple IP addresses within a single virtual router is for multi-netting. This is a common mechanism that allows multiple local subnet attachments on a single routing interface.
Up to four virtual routers are configurable on a single 7705 SAR interface. The virtual routers must be in the same subnet. Each virtual router has its own VRID, state machine, and messaging instance.
IP Address Owner
VRRP can be configured on a router in either owner or non-owner mode. The owner is the VRRP router that has the virtual router's IP addresses as real interface addresses. This is the router that responds to packets addressed to one of the IP addresses for items such as ICMP pings and TCP connections. All other virtual router instances participating in this message domain must have the same VRID configured and cannot be configured as owner.
The 7705 SAR supports passive VRRP, which does not require multiple VRRP instances to achieve default gateway load balancing. Passive VRRP is a VRRP setting in which the transmission and reception of keepalive messages is completely suppressed; therefore, the IES or VPRN interface always behaves as the active router. Passive VRRP is enabled by adding the passive keyword to the VRRP instance at creation. For passive VRRP, the convergence time for link or node failures is not affected by the VRRP convergence because all nodes in the VRRP instance are acting as active routers.
Primary Address
A primary address is an IP address selected from the set of real interface addresses. For IPv4, VRRP advertisements are always sent using the primary IPv4 address as the source of the IPv4 packet. For IPv6, the link-local address of the interface over which the packet is transmitted is used.
A 7705 SAR IP interface must always have a primary IP address assigned for VRRP to be active on the interface. The 7705 SAR supports primary addresses and multi-netting on the IP interface. The virtual router VRID primary IP address is always the same as the primary address on the IP interface.
Virtual Router in Master State
A physical router that is participating in VRRP and which controls the IP addresses associated with the virtual router is considered to be in the master state, is the active router for the VRRP instance, and is responsible for forwarding packets sent to the VRRP IP addresses. This virtual router is the IP address owner as long as the router is available.
An election process provides dynamic failover of the forwarding responsibility to the backup router if the master becomes unavailable. This allows any of the virtual router IP addresses on the LAN to be used as the default first-hop router by end hosts. VRRP enables a higher-availability default path without requiring configuration of dynamic routing or router discovery protocols on every end host.
If the master is unavailable, each virtual router backup with the same VRID compares its configured priority values with the other backup routers to determine the master role. Priority values are set with the priority command. In case of a tie, the virtual router backup with the highest primary IP address becomes the master.
The preempt parameter is supported and can be set to false (disabled) to prevent a backup router that has a higher priority value from becoming master if an existing non-owner virtual router is the current master. Disabling Preemption ensures that the preferred router regains its master status when service restoration occurs and it goes back on line. Preemption can be enabled or disabled.
While operating as the master, a virtual router routes and originates all IP packets into the LAN using the physical MAC address for the IP interface as the Layer 2 source MAC address, not the VRID MAC address. ARP packets also use the parent IP interface MAC address as the Layer 2 source MAC address while inserting the virtual router MAC address in the appropriate hardware address field. VRRP messages are the only packets transmitted using the virtual router MAC address as the Layer 2 source MAC address.
Virtual Router Backup
A new virtual router master is selected from the set of VRRP virtual router backups available to assume forwarding responsibility for a virtual router if the current master fails.
Owner and Non-owner VRRP
Only one virtual router in the domain is configured as owner. The owner has the same real IP address as the virtual router address and is responsible for forwarding packets sent to this IP address. The owner assumes the role of the virtual router master. All virtual router instances participating in this message domain must have the same VRID configured.
VRRP on a 7705 SAR router can be configured to allow non-owners to respond to ICMP echo requests if they become the virtual router in master state for the VRRP instance. Telnet and other connection-oriented protocols can be configured for master. However, the individual application conversations (connections) do not survive a VRRP failover. A non-owner VRRP router operating as a backup does not respond to any packets addressed to any of the virtual router IP addresses.
The most important parameter defined on a non-owner virtual router instance is the priority parameter. The priority defines the order in which a virtual router is selected as master in the master election process. The priority value and the preempt mode determine which virtual router becomes the virtual router master. In case of tied priority levels, the primary IP address determines which router becomes the master. See Priority and Preempt Mode for details on these parameters.
Configurable Parameters
In addition to virtual IP addresses, to facilitate configuration of a virtual router on 7705 SAR routers, the parameters listed in Owner and Non-Owner Virtual Router Parameters can be defined in owner and non-owner configurations.
Parameter |
Owner Configuration |
Non-owner Configuration |
---|---|---|
✓ |
✓ |
|
✓ |
✓ |
|
✓ |
✓ |
|
✓ |
✓ |
|
✓ |
✓ |
|
✓ |
✓ |
|
✓ |
||
✓ |
||
✓ |
||
✓ |
||
✓ |
||
✓ |
||
✓ |
||
✓ |
Note:
Master down interval and skew time are not configured directly. They are calculated from the configured value of the message interval.
VRID
The VRID must be configured with the same value on each virtual router associated with the virtual IP address or IP addresses. The VRID is placed in all VRRP advertisement messages sent by each virtual router.
Priority
The priority value affects the interaction between all virtual routers with the same VRID participating on the same LAN. The priority value is used during the election process to determine which backup router (or non-owner) assumes the role of master. The priority value can only be configured if the defined IP address on the IP interface is different from the virtual router IP address, meaning that the virtual router is a non-owner.
If the IP address on the IP interface matches the virtual router IP address (owner mode), the priority value is fixed at 255, the highest value possible. This virtual router member is considered the owner of the virtual router IP address. There can only be one owner of the virtual router IP address for all virtual router members.
Priority value 0 is reserved for VRRP advertisement messages. It is used to tell other virtual routers with the same VRID that this virtual router is no longer acting as master, triggering a new election process. If this happens, each virtual router backup sets its master down timer equal to the skew time value. This shortens the time before one of the virtual router backups becomes master. See Master Down Interval and Skew Time for details.
The current virtual router master must transmit a VRRP advertisement message immediately upon receipt of a VRRP message with priority set to 0. This prevents another virtual router backup from becoming master for a short period of time.
Non-owner virtual routers can be configured with a priority of 254 through 1. The default value is 100. It is possible for multiple non-owners to have the same priority value. If a tie is encountered during an election, the router with the highest IP address wins the election.
The priority is also used to determine when to preempt the existing master. If the preempt mode value is true (preempt enabled), VRRP advertisement messages from lower-priority masters are discarded, causing the master down timer to expire and the higher-priority backup router to transition to the master state.
The priority value also dictates the skew time added to the master timeout period. See Skew Time for details.
IP Addresses
Each virtual router with the same VRID is defined with the same set of IP addresses. These are the IP addresses used by hosts on the LAN as gateway addresses. Multi-netting supports eight IP addresses on the IP interface.
Message Interval and Master Inheritance
Each virtual router is configured with a message interval for each VRID within which it participates. This parameter must be set to the same value for every virtual router within a VRID.
Configuring the message interval value can be done in three ways: using only the milliseconds value, using only the seconds value, or using a combination of the two values, as indicated by the CLI command message interval {[seconds] [milliseconds milliseconds]}. Message Interval Configuration Ranges shows the ranges for each way of configuring the message interval.
Configuration |
IPv4 |
IPv6 |
---|---|---|
Using milliseconds value only |
100 to 900 ms |
10 to 990 ms |
Using seconds value only |
1 to 255 s |
1 to 40 s |
Using combination milliseconds and seconds values |
1 s 100 ms to 255 s 900 ms (1.1 s to 255.9 s) |
1 s 10 ms to 40s 990 ms (1.01 s to 40.99 s) |
Default setting |
1 s |
1 s |
The message interval field in every received VRRP advertisement message must match the locally configured message interval. If a mismatch occurs, then—depending on the inherit parameter configuration (master-int-inherit command is enabled)—the current message interval setting of the master can be used to operationally override the locally configured message interval setting. If the current master changes, the new master setting is used. If the local virtual router becomes master, the locally configured message interval is enforced.
If a VRRP advertisement message is received with a message interval set to a value different from the local value and the inherit parameter is disabled, the message is discarded without processing.
The virtual router master uses the message interval as a timer, specifying when to send the next VRRP advertisement message. Each virtual router backup uses the message interval (with the configured local priority) to derive the master down timer value.
VRRP advertisement messages that are fragmented or contain IP options (IPv4) or extension headers (IPv6) require a longer configured message interval.
The virtual router instance can inherit the master VRRP router’s message interval timer, which is used by backup routers to calculate the master down timer.
The inheritance is only configurable in the non-owner context. It is used to allow the current virtual router master to dictate the master down timer for all virtual router backups.
Master Down Interval
The master down interval is the time that the master router can be operationally down before a backup router takes over. The master down interval is a calculated value used to specify the master down timer. If the master down timer expires, the backup virtual router enters the master state. To calculate the master down interval, the virtual router uses the following formula:
Master Down Interval = (3 ✕ Operational Message Interval) + Skew Time
The operational message interval is dependent upon the state of the inherit parameter, as follows. See Message Interval and Master Inheritance for details.
If the inherit parameter is enabled, the operational message interval is derived from the current master’s message interval field in the VRRP advertisement message.
If the inherit parameter is disabled, the operational message interval must be equal to the locally configured message interval.
The master down timer is only operational if the local virtual router is operating in backup mode.
Skew Time
The skew time is used to add a time period to the master down interval. Skew time is not a configurable parameter. It is derived from the current local priority of the virtual router. To calculate the skew time (as per RFC 5798), the virtual router uses the following formula:
Skew Time = (((256 – priority) ✕ Master_Adver_Interval) / 256) centiseconds
A higher priority value means a smaller skew time. This means that a virtual router with a higher priority transitions to the master router more quickly than a virtual router with a lower priority.
Preempt Mode
Preempt mode is a configured true or false value that controls whether a virtual router backup with a higher priority preempts a lower-priority master. Preempt mode cannot be set to false on the owner virtual router. The IP address owner always becomes master if available. The default value for preempt mode is true.
If the preempt mode is true (enabled), the advertised priority from the incoming VRRP advertisement message from the current master is compared to the local configured priority, with the following results.
If the local priority is higher than the received priority, the received VRRP advertisement message is discarded. This results in the eventual expiration of the master down timer, causing the backup router to transition to the master state.
If the received priority is equal to the local priority, the message is not discarded and the current master is not replaced. The received primary IP address is not part of the decision to preempt and is not used as a tiebreaker if the received and local priorities are equal.
If the preempt mode is false (disabled), the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.
VRRP Message Authentication (IPv4 only)
VRRP message authentication uses a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.
If the authentication-key command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.
VRRP message authentication is applicable to IPv4 VRRP only.
Authentication Failure
Any received VRRP advertisement message that fails authentication is silently discarded with an invalid authentication counter incremented for the ingress virtual router instance.
Virtual MAC Address
The MAC address can be used instead of an IP address in ARP responses if the virtual router instance is master. The MAC address configuration must be the same for all virtual routers with the same VRID; otherwise, the result is indeterminate connectivity by the attached IP hosts. All VRRP advertisement messages are transmitted with the IEEE address as the source MAC address.
BFD-Enable
A BFD session can be used to provide a heartbeat mechanism for a VRRP instance. Only one BFD session can be assigned to a VRRP instance, but multiple VRRP instances can use the same BFD session.
BFD controls the state of the associated interface. By enabling BFD on a protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node.
Initial Delay Timer
A VRRP initialization delay timer can be configured in the range of 1 to 65535 seconds.
VRRP Advertisement Message IP Address List Verification
VRRP messages contain an IP address count field that indicates the number of IP addresses listed in the sequential IP address fields at the end of the message. The 7705 SAR implementation always logs mismatching events. The decision on where and whether to forward the generated messages depends on the configuration of the event manager. The log message is generated by network management and is not the same as the VRRP message.
Each virtual router instance maintains a record of the mismatch states associated with each source IP address in the VRRP master table. If the state changes, a mismatch log message is generated indicating the source IP address within the message, the mismatch or match event, and the time of the event.
If secondary IP addresses are used, the message contains multiple IP addresses, which must match the IP addresses on the virtual router instance. Owner and non-owner virtual router instances have the supported IP addresses explicitly defined, making mismatched supported IP addresses within the interconnected virtual router instances a configuring issue.
IPv6 Virtual Router Instance Operationally Up
When the IPv6 virtual router is properly configured with a minimum of one link-local backup address, the parent interface’s router advertisement must be configured to use the virtual MAC address in order for the virtual router to be considered operationally up.
Policies
Policies can be configured to control VRRP priority with the virtual router instance. A policy can be associated with more than one virtual router instance. Policies can only be configured in the non-owner VRRP context. See VRRP Priority Control Policies for details.
VRRP Priority Control Policies
VRRP supports control policies to manipulate virtual router participation in the VRRP master election process and the state of the master. The local priority value for the virtual router instance is used to control the election process and master state.
This section contains information about the following topics:
VRRP Policy Constraints
Priority control policies can only be applied to non-owner VRRP virtual router instances. Owner VRRP virtual routers cannot be controlled by a priority control policy because they must have a priority value of 255 that cannot be lowered. Only one VRRP priority control policy can be applied to a non-owner virtual router instance.
Multiple VRRP virtual router instances can be associated with the same IP interface, allowing multiple priority control policies to be associated with the IP interface.
An applied VRRP priority control policy only affects the in-use priority on the virtual router instance if the preempt mode has been enabled. A virtual router instance with preempt mode disabled always uses the base priority as the in-use priority, ignoring any configured priority control policy.
VRRP Base Priority
The base priority is the starting priority for the VRRP instance and is set using the service interface priority command. The actual in-use priority for the VRRP instance is derived from the base priority and an optional VRRP priority control policy that modifies the base priority.
VRRP priority control policies are used to either override or adjust the base priority value depending on events or conditions within the chassis.
Non-owner virtual router instances must have a base priority value between 1 and 254. The value 0 is reserved to indicate master termination in VRRP advertisement messages. The value 255 is reserved for the VRRP owner. The default base priority for non-owner virtual router instances is 100.
VRRP Priority Control Policy In-use Priority
A VRRP priority control policy enforces an overall minimum value that the policy can impose upon the VRRP virtual router instance base priority. This value provides a lower limit to the delta priority event manipulation of the base priority.
A delta priority event is a conditional event defined in the priority control policy that subtracts a given amount from the current base priority for all VRRP virtual router instances to which the policy is applied. Multiple delta priority events can apply simultaneously, creating a dynamic priority value. The base priority for the instance, minus the sum of the delta values, sets the actual priority in-use value.
An explicit priority event is a conditional event defined in the priority control policy that explicitly defines the in-use priority for the virtual router instance. The explicitly defined values are not affected by the delta in-use priority limit. If multiple explicit priority events happen simultaneously, the lowest value is used for the in-use priority. The configured base priority is not a factor in explicit priority overrides of the in-use priority.
The allowed range of the delta in-use priority limit is 1 to 254. The default is 1, which prevents the delta priority events from operationally disabling the virtual router instance.
VRRP Priority Control Policy Priority Events
This section contains information on the following topics:
The main function of a VRRP priority control policy is to define conditions or events that impact the ability of the system to communicate with outside hosts or portions of the network. If one or more of these events are true, the base priority on the virtual router instance is either overwritten with an explicit value, or a sum of delta priorities is subtracted from the base priority. The result is the in-use priority for the virtual router instance. Any priority event can be configured as an explicit event or a delta event.
Outside hosts are the network entities that generate the IP user traffic. VRRP communication occurs between the routers on the subnet that are using VRRP. The availability of routes and/or hosts can influence the priority of a VRRP router, making the priority variable. If a backup router loses the ability to route to some destinations, its VRRP priority is reduced, making it less desirable as a backup router in case the master fails.
Explicit events override all delta events. If multiple explicit events occur, the event with the lowest priority value is assigned to the in-use priority. As events clear, the in-use priority is re-evaluated accordingly and adjusted dynamically.
Delta priority events also have priority values. If no explicit events have occurred within the policy, the sum of the occurring delta events priorities is subtracted from the base priority of each virtual router instance. If the result is lower than the delta in-use priority limit, the delta in-use priority limit is used as the in-use priority for the virtual router instance. Otherwise, the in-use priority is set to the base priority less the sum of the delta events.
Each event generates a VRRP priority event message indicating the policy ID, the event type, the priority type (delta or explicit) and the event priority value. Another log message is generated if the event is no longer true, indicating that the event has been cleared.
Priority Event Hold-set Timers
Hold-set timers are used to dampen the effect of a flapping event. A flapping event occurs when an event continually transitions between clear and set. The hold-set timer prevents a set event from transitioning to the cleared state until it expires.
Each time an event transitions between cleared and set, the timer begins to count down to 0. If the timer reaches 0, the event is allowed to enter the cleared state once more. Entering the cleared state is always dependent on the object controlling the event conforming to the requirements defined in the event itself. It is possible, on some event types, to have another set action reset the hold-set timer. This extends the amount of time that must expire before entering the cleared state.
Port Down Priority Event
The port down priority event is associated with a physical port. The port operational state is evaluated to determine a port down priority event or event clear.
If the port operational state is up, the port down priority event is considered false (or cleared). If the port operational state is down, the port down priority event is considered true (or set).
LAG Port Down Priority Event
The LAG port down priority event is associated with a LAG. The event monitors the operational state of each port in the specified LAG.
When one or more of the ports enter the operationally down state, the event is considered to be set. When all the ports enter the operationally up state, the event is considered to be clear. As ports enter the operational up state, any previous set threshold that represents more down ports is considered cleared, while the event is considered to be set.
Host Unreachable Priority Event
The host unreachable priority event creates a continuous ping task that is used to test connectivity to a remote host. For the ping to be successful, the path to the remote host, and the remote host itself, must be capable and configured to accept ICMP echo requests and replies.
The ping task is controlled by interval and size parameters that define how often the ICMP request messages are transmitted and the size of each message. A historical missing reply parameter defines if the ping destination is considered unreachable.
If the host is unreachable, the host unreachable priority event is considered true (or set). If the host is reachable, the host unreachable priority event is considered false (or cleared).
Route Unknown Priority Event
The route unknown priority event defines a task that monitors the existence of a given route prefix in the routing table of the system.
The route monitoring task can be constrained by a condition that allows a prefix that is less specific than the defined prefix to be considered as a match. The source protocol can be defined to indicate the protocol the installed route must be populated from. To further define match criteria when multiple instances of the route prefix exist, an optional next-hop parameter can be defined.
If a route prefix exists within the active route table that matches the defined match criteria, the route unknown priority event is considered false (or cleared). If a route prefix does not exist within the active route table that matches the defined criteria, the route unknown priority event is considered true (or set).
VRRP Non-owner Accessibility
Although only VRRP owners can respond to ping and other management-oriented protocols directed to the VRID IP addresses, the 7705 SAR allows an override of this restraint on a per-VRRP virtual router instance basis.
This section contains information about the following topics:
Non-owner Access Ping Reply
If non-owner access ping reply is enabled on a virtual router instance, ICMP echo request messages destined for the non-owner virtual router instance IP addresses are not discarded at the IP interface if the virtual router is operating in master mode. ICMP echo request messages are always discarded in backup mode.
If non-owner access ping reply is disabled on a virtual router instance, ICMP echo request messages destined for the non-owner virtual router instance IP addresses are silently discarded in both the master and backup modes.
Non-owner Access Telnet
If non-owner access Telnet is enabled on a virtual router instance, authorized Telnet sessions can be established that are destined for the virtual router instance IP addresses if the virtual router is operating in master mode. Telnet sessions are always discarded at the IP interface if destined for a virtual router IP address on a virtual router operating in backup mode. Enabling non-owner access Telnet does not guarantee Telnet access; proper management and security features must be enabled to allow Telnet on this interface and possibly from the given source IP address.
If non-owner access Telnet is disabled on a virtual router instance, Telnet sessions destined for the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes.
Non-owner Access SSH
If non-owner access SSH is enabled on a virtual router instance, authorized SSH sessions can be established that are destined for the virtual router instance IP addresses if the virtual router is operating in master mode. SSH sessions are always discarded at the IP interface when destined for a virtual router IP address on a virtual router operating in backup mode. Enabling non-owner access SSH does not guarantee SSH access; proper management and security features must be enabled to allow SSH on this interface and possibly from the given source IP address. SSH is applicable to IPv4 VRRP only.
If non-owner access SSH is disabled on a virtual router instance, SSH sessions destined for the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes.
VRRP Configuration Process Overview
VRRP Configuration displays the process to provision VRRP parameters.
Configuration Notes
The following are VRRP configuration guidelines and restrictions:
creating and applying VRRP policies are optional
backup command:
the virtual backup IP addresses must be on the same subnet. The backup addresses explicitly define which IP addresses are in the VRRP message IP address list.
in owner mode, the backup IP address must be identical to one of the interface IP addresses
for IPv6, one of the backup addresses configured must be the link-local address of the owner VRRP instance
Configuring VRRP with CLI
This section provides information to configure VRRP using the command line interface.
VRRP Configuration Overview
Configuring VRRP policies and instances on service interfaces is optional. The basic owner and non-owner VRRP configurations on an IES or VPRN service interface must specify the backup ip-address parameter.
VRRP helps eliminate the single point of failure in a routed environment by using virtual router IP addresses shared between two or more routers connecting the common domain. VRRP provides dynamic failover of the forwarding responsibility to the backup router if the master becomes unavailable.
The VRRP implementation allows one master per IP subnet. All other VRRP instances in the same domain must be in backup mode.
Preconfiguration Requirements
VRRP policies:
VRRP policies must be configured before they can be applied to an IES or VPRN VRRP instance. VRRP policies are configured in the config>vrrp context.
If the policy is associated with a VPRN VRRP interface, the VRRP policy configuration must include the VPRN service ID to which the policy applies; otherwise, when the user attempts to associate the policy with the VPRN VRRP interface, an error message indicating that the policy ID does not exist is returned.
Configuring VRRP on an IES or VPRN service interface:
the service customer account must be created prior to configuring an IES or VPRN VRRP instance
the interface address must be specified in both the owner and non-owner IES or VPRN instances
Basic VRRP Configurations
VRRP parameters are configured in the following contexts:
VRRP Policy
Configuring and applying VRRP policies is optional. There are no default VRRP policies. Each policy must be explicitly defined. A VRRP configuration must include the following:
policy ID
service ID (mandatory for VPRN service only)
at least one of the following priority events:
port down
LAG port down
host unreachable
route unknown
Policies can only be applied to non-owner VRRP virtual router instances.
The following example displays a configuration of an IES VRRP policy.
config>vrrp>policy# info
----------------------------------------------
delta-in-use-limit 50
priority-event
port-down 4/1/2
hold-set 43200
priority 100 delta
exit
port-down 4/1/3
priority 200 explicit
exit
lag-port-down 1
number-down 3
priority 50 explicit
exit
exit
host-unreachable 10.10.24.4
drop-count 25
exit
route-unknown 10.10.0.0/32
priority 50 delta
protocol bgp
exit
exit
----------------------------------------------
The following example displays a configuration of a VPRN VRRP policy, with service ID 10 specified.
config>vrrp>policy 1 context 10# info
----------------------------------------------
....
priority event port-down 1/1/1
priority 200 explicit
exit
lag-port-down 1
number-down 3
priority 50 explicit
exit
exit
exit
exit
----------------------------------------------
VRRP IES or VPRN Service Parameters
VRRP parameters are configured within an IES or VPRN service with one of two contexts, owner or non-owner. The status is specified when the VRRP configuration is created. When configured as owner, the virtual router instance has the same real IP addresses as the virtual backup IP addresses. All other virtual router instances participating in this message domain must have the same VRID configured and cannot be configured as owner.
For IPv4 and IPv6, up to two VRRP instances (VRIDs) can be configured on an IES or VPRN service interface. IPv4 can back up a maximum of eight addresses per VRRP instance (one primary and seven secondary). IPv6 can back up a maximum of four addresses (one primary and three secondary).
VRRP parameters configured within an IES or VPRN service must include the following:
VRID
virtual backup IP addresses
The following example displays a configuration of IES service owner and non-owner VRRP configurations.
config>service>ies# info
----------------------------------------------
interface "tuesday" create
address 10.10.36.2/8
sap 7/1/1:100 create
vrrp 19 owner
backup 10.10.36.7
authentication-key "testabc"
exit
exit
interface "testing" create
address 10.10.10.16/8
sap 1/1/55:0 create
vrrp 12
backup 10.10.10.15
policy 1
authentication-key "testabc"
exit
exit
no shutdown
----------------------------------------------
config>service>ies#
Configuring IES or VPRN VRRP for IPv6
The following output shows an IES VRRP for IPV6 configuration example.
config>service>ies# info
----------------------------------------------
description "VLAN 921 for DSC-101 Application"
interface "DSC-101-Application" create
address 10.152.2.220/8
vrrp 217
backup 10.152.2.222
priority 254
ping-reply
exit
ipv6
address 2001:db8:a::123/64
link-local-address 2001:db8:a::222 preferred
vrrp 219
backup 2001:db8:a::122
priority 254
ping-reply
exit
exit
sap 1/1/4 create
description "sap-10-192.168.0.1"
exit
exit
no shutdown
----------------------------------------------
Common Configuration Tasks
This section provides a brief overview of the tasks that must be performed to configure VRRP and lists the CLI commands.
VRRP parameters are defined under a service interface context. An IP address must be assigned to each IP interface. Only one primary IP address can be associated with an IP interface but several secondary IP addresses can be associated.
Owner and non-owner configurations must include the following parameters:
all participating routers in a VRRP instance must be configured with the same VRID
all participating non-owner routers can specify up to eight backup IP addresses (that is, the IP addresses that the master is representing). The owner configuration must include at least one backup IP address.
for IPv6, one of the backup addresses configured must be the link-local address of the owner VRRP instance
Owner and non-owner configurations can also include the following optional commands:
authentication-key (IPv4 only)
MAC
message-interval
In addition to the common parameters, the following non-owner commands can be configured:
master-int-inherit
priority
bfd-enable
initial delay
policy
ping-reply
preempt
telnet-reply
ssh-reply (IPv4 only)
shutdown
Configuring IES or VPRN VRRP Parameters
VRRP parameters can be configured on a service interface to provide virtual default router support that allows traffic to be routed without relying on a single router in case of failure. VRRP can be configured in the following ways:
Configuring VRRP on Subnets
If you have multiple subnets configured on an IES or VPRN service interface, you can configure VRRP on each subnet.
The following displays an IES interface configuration example:
config>service>ies# info
#------------------------------------------
...
interface "test-A" create
address 192.168.0.0/16
exit
interface "testB"
address 192.168.0.1/16
secondary 192.168.0.2/16
secondary 192.168.0.3/16
secondary 192.168.0.4/16
exit
no shutdown
...
#------------------------------------------
Owner VRRP
The following displays an owner VRRP configuration example for an IPv4 service interface:
config>service>ies# info
#----------------------------------------------
...
interface ‟test2” create
address 192.168.0.0/16
vrrp 1 owner
backup 192.168.0.2
authentication-key ‟testabc”
exit
exit
...
#----------------------------------------------
config>service>ies#
If a VRRP instance is created as owner, it cannot be changed to the non-owner state. The VRID must be deleted and then recreated without the owner keyword to remove IP address ownership.
Non-owner VRRP
The following displays a basic non-owner VRRP configuration example for an IPv4 service interface:
config>service>ies# info
#----------------------------------------------
...
interface "test2" create
address 192.168.0.0/16
sap 1/1/55:0 create
vrrp 12
backup 192.168.0.1
policy 1
authentication-key ‟testabc”
exit
exit
no shutdown
...
#----------------------------------------------
config>service>ies#
If a VRRP instance is created as non-owner, it cannot be changed to the owner state. The VRID must be deleted and then recreated with the owner keyword to invoke IP address ownership.
VRRP Management Tasks
This section discusses the following VRRP management tasks:
Deleting a VRRP Policy
Policies are only applied to non-owner VRRP instances. A VRRP policy cannot be deleted if it is applied to an IES or VPRN service. Each instance in which the policy is applied must be deleted. The following example displays a policy deletion.
- Example:
config>vrrp
config>vrrp# no policy 1
The” Applied” column in the following example displays whether the VRRP policies are applied to an entity. The services using the VRRP policy can be viewed using the specific policy ID in the CLI command (for example, show>vrrp>policy 1).
#show>vrrp# policy
======================================================
VRRP Policies
======================================================
Policy Current Current Current Delta Applied Svc
Id Priority & Effect Explicit Delta Sum Limit Context
-------------------------------------------------------------------------------
1 70 Delta None 70 1 Yes None
100 None None None 1 No None
255 None None None 1 No None
-------------------------------------------------------------------------------
#show>vrrp# policy 1
===============================================================================
VRRP Policy 1
===============================================================================
Description :
Current Priority: 100 Delta Applied : Yes
Current Explicit: None Current Delta Sum : 100
Delta Limit : 1 Svc Context : None
-------------------------------------------------------------------------------
Rtr Id/ Applied To VR Opr Base In-use Master Is
Svc Id Interface Name Id Pri Pri Pri Master
-------------------------------------------------------------------------------
800 tuesday 6 Down 100 1 0 No
-------------------------------------------------------------------------------
Rtr Id/ Applied To IPv6 Opr Base In-use Master Is
Svc Id Interface Name VR-Id Pri Pri Pri Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
SRRP Applied To Interface Name Oper Base In-use Master
Id Rtr Id/Svc Id State Pri Pri Pri
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Priority Control Events
-------------------------------------------------------------------------------
Event Type & ID Event Oper State Hold Set Priority In
Remaining &Effect Use
-------------------------------------------------------------------------------
Port Down 1/2/1 Set-down Expired 100 Del Yes
===============================================================================
#show>vrrp#
Deleting VRRP on a Service
The VRID does not need to be shut down to remove the virtual router instance from a service.
The following example displays the commands to delete a VRRP instance in non-owner mode from an IES service:
- Example:
config>service# ies 10
config>service>ies# interface test
config>service>ies>if# no vrrp 1
config>service>ies>if# exit all
VRRP Command Reference
Command Hierarchies
VRRP Priority Control Event Policy Commands
config
- vrrp
- policy policy-id [context service-id]
- no policy policy-id
- delta-in-use-limit limit
- no delta-in-use-limit
- description description-string
- no description
- [no] priority-event
- [no] host-unreachable ip-address
- [no] host-unreachable ipv6-address
- drop-count count
- no drop-count
- hold-clear seconds
- no hold-clear
- hold-set seconds
- no hold-set
- interval seconds
- no interval
- priority priority-level [delta | explicit]
- no priority
- timeout seconds
- no timeout
- lag-port-down port-id
- no lag-port-down
- hold-clear seconds
- no hold-clear
- hold-set seconds
- no hold-set
- number-down number-of-lag-ports-down
- no number-down
- priority priority-level [delta | explicit]
- no priority
- port-down port-id
- no port-down
- hold-clear seconds
- no hold-clear
- hold-set seconds
- no hold-set
- priority priority-level [delta | explicit]
- no priority
- [no] route-unknown ip-prefix/mask
- [no] route-unknown ipv6-address/prefix-length
- hold-clear seconds
- no hold-clear
- hold-set seconds
- no hold-set
- less-specific [allow-default]
- no less-specific
- [no] next-hop ip-address
- priority priority-level [delta | explicit]
- no priority
- protocol protocol
- no protocol
VRRP Show Commands
show
- vrrp
- policy [policy-id [event event-type specific-qualifier]]
- router
- vrrp
- instance
- instance interface interface-name [vrid virtual-router-id]
- instance interface interface-name vrid virtual-router-id ipv6
- statistics
VRRP Monitor Commands
VRRP Clear Commands
clear
- router
- vrrp
- interface interface-name [vrid virtual-router-id]
- interface interface-name vrid virtual-router-id ipv6
- statistics
- statistics interface interface-name [vrid virtual-router-id]
- statistics interface interface-name vrid virtual-router-id ipv6
VRRP Debug Commands
debug
- router
- vrrp
- [no] events
- [no] events interface ip-int-name [vrid virtual-router-id]
- [no] events interface ip-int-name vrid virtual-router-id ipv6
- [no] packets
- [no] packets interface ip-int-name [vrid virtual-router-id]
- [no] packets interface ip-int-name vrid virtual-router-id ipv6
Command Descriptions
Configuration Commands
VRRP Priority Control Event Policy Commands
policy
Syntax
policy policy-id [context service-id]
no policy policy-id
Context
config>vrrp
Description
This command enables the context to configure a VRRP priority control policy that is used to control the VRRP in-use priority based on priority control events. The VRRP priority control policy commands define policy parameters and priority event conditions.
The virtual router instance priority command defines the initial or base value to be used by non-owner virtual routers. This value can be modified by assigning a VRRP priority control policy to the virtual router instance. The VRRP priority control policy can override the base priority setting to establish the actual in-use priority of the virtual router instance.
The policy command must be created first, before it can be associated with a virtual router instance.
If the policy is associated with a VPRN VRRP interface, the service-id for the VPRN service to which the policy applies must be specified; otherwise, when the user attempts to associate the policy with the VPRN VRRP interface, an error message indicating that the policy ID does not exist is returned.
Because VRRP priority control policies define conditions and events that must be maintained, they can be resource-intensive. The number of policies is limited to 10 000.
The policy IDs do not have to be consecutive integers. The range of available policy identifiers is from 1 to 9999.
The no form of the command deletes the specific policy ID from the system.
The policy ID must be removed first from all virtual router instances before the no policy command can be issued. If the policy ID is associated with a virtual router instance, the command fails.
Default
n/a
Parameters
- policy-id
specifies the VRRP priority control ID that uniquely identifies this policy from any other VRRP priority control policy defined on the system. Up to 10 000 policies can be defined.
- service-id
specifies the service ID to which the policy applies
delta-in-use-limit
Syntax
delta-in-use-limit limit
no delta-in-use-limit
Context
config>vrrp>policy
Description
This command sets a lower limit on the virtual router in-use priority that can be derived from the delta priority control events.
Each VRRP priority ID places limits on the delta priority control events to define the in-use priority of the virtual router instance. Setting this limit prevents the sum of the delta priority events from lowering the in-use priority value of the associated virtual router instances below the configured value.
The limit has no effect on explicit priority control events. Explicit priority control events are controlled by setting the in-use priority to any value between 1 and 254.
Only non-owner virtual router instances can be associated with VRRP priority control policies and their priority control events.
Once the total sum of all delta events is calculated and subtracted from the base priority of the virtual router instance, the result is compared to the delta-in-use-limit value. If the result is less than the limit, the delta-in-use-limit value is used as the virtual router in-use priority value. If an explicit priority control event overrides the delta priority control events, the delta-in-use-limit has no effect.
Setting the limit to a higher value than the default of 1 limits the effect of the delta priority control events on the virtual router instance base priority value. This allows for multiple priority control events while minimizing the overall effect on the in-use priority
Setting the limit to a value equal to or larger than the virtual router instance base priority prevents the delta priority control events from having any effect on the virtual router instance in-use priority value.
Changing the in-use priority limit causes an immediate re-evaluation of the in-use priority values for all virtual router instances associated with this VRRP policy ID based on the current sum of all active delta control policy events.
The no form of the command reverts to the default value.
Default
1
Parameters
- limit
specifies the lower limit of the in-use priority, as modified by priority control policies. The limit has the same range as the non-owner virtual router instance base-priority parameter. If the result of the total delta priority control events minus the virtual router instance base priority is less than the limit, the limit value is used as the virtual router instance in-use priority value.
description
Syntax
description description-string
no description
Context
config>vrrp>policy
Description
This command associates a text string with a configuration context to help identify the content in the configuration file.
The no form of the command removes the string from the configuration.
Default
n/a
Parameters
- description-string
specifies the description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
VRRP Priority Event Commands
priority-event
Syntax
[no] priority-event
Context
config>vrrp>policy
Description
This command enables the context to configure VRRP priority control events used to define criteria to modify the VRRP in-use priority.
A priority control event specifies an object to monitor and the effect on the in-use priority level for an associated virtual router instance.
Up to 32 priority control events can be configured.
The no form of this command clears any configured priority events.
host-unreachable
Syntax
[no] host-unreachable ip-address
[no] host-unreachable ipv6-address
Context
config>vrrp>policy>priority-event
Description
This command enables the context to configure a host unreachable priority control event to monitor the ability to receive ICMP echo reply packets from an IP host address.
A host unreachable priority event creates a continuous ICMP echo request (ping) probe to the specified IP address. If a ping fails, the event is considered to be set. If a ping is successful, the event is considered to be cleared.
Up to 32 unique (different IP addresses) host unreachable events can be configured.
The host-unreachable command can reference any valid local or remote IP address. The ability to use ARP to find a local IP address or find a remote IP address within a route prefix in the route table is considered part of the monitoring procedure. The host unreachable priority event operational state tracks ARP or route table entries dynamically appearing and disappearing from the system. The operational state of the host unreachable event can be one of the following:
Host Unreachable Operational State |
Description |
---|---|
Set – no ARP |
No ARP address found for IP address for drop-count consecutive attempts. Only applies when IP address is considered local. |
Set – no route |
No route exists for IP address for drop-count consecutive attempts. Only applies when IP address is considered remote. |
Set – host unreachable |
ICMP host unreachable message received for drop-count consecutive attempts |
Set – no reply |
ICMP echo request timed out for drop-count consecutive attempts |
Set – reply received |
Last ICMP echo request attempt received an echo reply but historically not able to clear the event |
Cleared – no ARP |
No ARP address found for IP address – not enough failed attempts to set the event |
Cleared – no route |
No route exists for IP address – not enough failed attempts to set the event |
Cleared – host unreachable |
ICMP host unreachable message received – not enough failed attempts to set the event |
Cleared – no reply |
ICMP echo request timed out – not enough failed attempts to set the event |
Cleared – reply received |
Event is cleared – last ICMP echo request received an echo reply |
Unlike other priority event types, the host unreachable priority event monitors a repetitive task. A historical evaluation is performed on the success rate of receiving ICMP echo reply messages. The operational state takes the cleared and set orientation from the historical success rate. The informational portion of the operational state is derived from the result of the last attempt. It is possible for the previous attempt to fail while the operational state is still cleared due to an insufficient number of failures to cause it to become set. It is also possible for the state to be set while the previous attempt was successful.
When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instance in-use priority value. As the event transitions from clear to set, a hold-set timer is started with the value configured by the event’s hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.
The hold-set timer must expire and the historical success rate must be met prior to the event operational state becoming cleared.
The no form of the command deletes the specific IP host monitoring event. The event can be deleted at any time. When the event is deleted, the in-use priority of all associated virtual router instances must be re-evaluated. The event hold-set timer has no effect on the removal procedure.
Default
no host-unreachable
Parameters
- ip-address
specifies the IP address of the host for which the specific event monitors connectivity. The IP address can only be monitored by a single event in this policy. The IP address can be monitored by multiple VRRP priority control policies. The IP address can be used in one or more ping requests. Each VRRP priority control host unreachable and ping destined for the same IP address is uniquely identified on a per-message basis. Each session originates a unique identifier value for the ICMP echo request messages it generates. This allows received ICMP echo reply messages to be directed to the appropriate sending application.
lag-port-down
Syntax
[no] lag-port-down lag-id
Context
config>vrrp>policy>priority-event
Description
This command enables the context to configure Link Aggregation Group (LAG) priority control events that monitor the operational state of the links in the LAG.
The lag-port-down command configures a priority control event. The event monitors the operational state of each port in the specified LAG. When one or more of the ports enter the operationally down state, the event is considered to be set. When all the ports enter the operationally up state, the event is considered to be clear. As ports enter the operational up state, any previous set threshold that represents more down ports is considered cleared, while the event is considered to be set.
Multiple unique lag-port-down event nodes can be configured within the priority-event node up to the maximum of 32 events.
The lag-port-down command can reference any LAG. The lag-id must exist within the system. The operational state of the lag-port-down event indicates:
Set – non-existent
Set – one port down
Set – two ports down
Set – three ports down
Set – four ports down
Set – five ports down
Set – six ports down
Set – seven ports down
Set – eight ports down
Cleared – all ports up
When the lag-id is created, or a port in the lag-id becomes operationally up or down, the event operational state is updated appropriately.
When one or more of the LAG composite ports enters the operationally down state or the lag-id is deleted or does not exist, the event is considered to be set. When an event transitions from clear to set, the set is processed immediately and is reflected in the associated virtual router instance’s in-use priority value. As the event transitions from clear to set, a hold-set timer is loaded with the value configured by the events hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.
The lag-port-down event is considered to have a tiered event set state. While the priority impact per number of ports down is configurable, as more ports go down, the effect on the associated virtual router instance’s in-use priority value is expected to increase (lowering the priority). When each configured threshold is crossed, any higher thresholds are considered further event sets and are processed immediately with the hold-set timer reset to the configured value of the hold-set command. As the thresholds are crossed in the opposite direction (fewer ports down than previously), the priority effect of the event is not processed until the hold-set timer expires. If the number-down threshold again increases before the hold-set timer expires, the timer is only reset to the hold-set value if the number of ports down is equal to or greater than the threshold that set the timer.
The event contains number-down nodes that define the priority delta or explicit value to be used based on the number of LAG composite ports that are in the operationally down state. These nodes represent the event set thresholds. Not all port down thresholds must be configured. As the number of down ports increases, the number-down ports-down node that expresses a value equal to or less than the number of down ports determines the delta or explicit priority value to be applied.
The no form of the command deletes the specific LAG monitoring event. The event can be removed at any time. When the event is removed, the in-use priority of all associated virtual router instances must be re-evaluated. The event’s hold-set timer has no effect on the removal procedure.
Default
no lag-port-down (no LAG priority control events are created)
Parameters
- lag-id
specifies the LAG ID that the specific event is to monitor, expressed as a decimal integer. The lag-id can only be monitored by a single event in this policy. The LAG may be monitored by multiple VRRP priority control policies. A port within the LAG and the LAG ID itself are considered to be separate entities. A composite port may be monitored with the port-down event while the lag-id the port is in is monitored by a lag-port-down event in the same policy.
port-down
Syntax
port-down port-id
no port-down
Context
config>vrrp>policy>priority-event
Description
This command configures a port down priority control event that monitors the operational state of a port. When the port enters the operationally down state, the event is considered set. When the port enters the operationally up state, the event is considered cleared.
Up to 32 unique port-down events can be defined in any combination of types.
The port-down command can be use on ports even if the ports are not preprovisioned or populated. The operational state of the port-down event can be one of the following states:
set – non-provisioned
set – not-populated
set – down
cleared – up
When the port is provisioned, populated, or enters the operationally up or down state, the event operational state is updated appropriately.
When the event enters the operationally down, non-provisioned, or non-populated state, the event is considered to be set. When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instance in-use priority value. As the event transitions from cleared to set, the hold-set timer is started. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.
When the event enters the operationally up state, the event is considered to be cleared. When the event hold-set expires, the effects of the event priority value are immediately removed from the in-use priority of all associated virtual router instances.
The actual effect on the virtual router instance in-use priority value depends on the defined event priority and its delta or explicit nature.
The no form of the command deletes the specific port monitoring event. The event can be removed at any time. If the event is removed, the in-use priority of all associated virtual router instances is re-evaluated. The event’s hold-set timer has no effect on the removal procedure.
Default
no port-down
Parameters
- port-id
specifies the port ID of the port monitored by the VRRP priority control event. VRRP is supported on Ethernet adapter cards only.
The port ID can only be monitored by a single event in this policy. The port can be monitored by multiple VRRP priority control policies.
If the port is provisioned, but the port has not been populated, the appropriate event operational state is set – not populated.
If the port is not provisioned, the event operational state is set – non-provisioned.
route-unknown
Syntax
[no] route-unknown ip-prefix/mask
[no] route-unknown ipv6-address/prefix-length
Context
config>vrrp>policy>priority-event
Description
This command enables the context to configure a route unknown priority control event that monitors the existence of a specific active IP route prefix within the routing table.
The route-unknown command configures a priority control event that defines a link between the VRRP priority control policy and the RTM. The RTM registers the specified route prefix as monitored by the policy. If any change (add, delete, new next hop) occurs relative to the prefix, the policy is notified and takes proper action according to the priority event definition. If the route prefix exists and is active in the routing table according to the conditions defined, the event is in the cleared state. If the route prefix is removed, becomes inactive, or fails to meet the event criteria, the event is in the set state.
Up to 32 route-unknown events can be configured.
The route-unknown command can reference any valid IP address mask-length pair. The IP address and associated mask length define a unique IP router prefix. The dynamic monitoring of the route prefix results in one of the following event operational states:
Route Unknown Operational State |
Description |
---|---|
Set – non-existent |
The route does not exist in the route table |
Set – inactive |
The route exists in the route table but is not being used |
Set – wrong next hop |
The route exists in the route table but does not meet the next-hop requirements |
Set – wrong protocol |
The route exists in the route table but does not meet the protocol requirements |
Set – less specific found |
The route exists in the route table but is not an exact match and does not meet any less-specific requirements |
Set – default best match |
The route exists in the route table as the default route but the default route is not allowed for route matching |
Cleared – less specific found |
A less-specific route exists in the route table and meets all criteria including the less-specific requirements |
Cleared – found |
The route exists in the route table manager and meets all criteria |
An existing route prefix in the RTM must be active (used by the IP forwarding engine) to clear the event operational state. It can be less specific (the defined prefix can be contained in a larger prefix according to CIDR techniques) if the event has the less-specific statement defined. The less-specific route that incorporates the router prefix can be the default route (0.0.0.0). If the less-specific allow-default statement is defined. The matching prefix can be required to have a specific next-hop IP address if defined by the event next-hop command. Finally, the source of the RTM prefix can be required to be one of the dynamic routing protocols or be statically defined if defined by the event protocol command. If an RTM prefix is not found that matches all the above criteria (if defined in the event control commands), the event is considered to be set. If a matching prefix is found in the RTM, the event is considered to be cleared.
If an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instance in-use priority value. As the event transitions from clear to set, the hold-set timer is started. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.
The no form of the command is used to remove the specific IP prefix mask monitoring event. The event can be removed at any time. When the event is removed, the in-use priority of all associated virtual router instances must be re-evaluated. The event hold-set timer has no effect on the removal procedure.
Default
no route-unknown
Parameters
- ip-prefix
specifies the IPv4 prefix address to be monitored by the route-unknown priority control event, in dotted-decimal notation
- mask
specifies the subnet mask length associated with the IPv4 prefix defining the route prefix to be monitored by the route-unknown priority control event
- ipv6-address
specifies the IPv6 address to be monitored by the route-unknown priority control event
- prefix-length
specifies the prefix length associated with the IPv6 address defining the route prefix to be monitored by the route-unknown priority control event
drop-count
Syntax
drop-count count
no drop-count
Context
config>vrrp>policy>priority-event>host-unreachable
Description
This command configures the number of consecutively sent ICMP echo request messages that must fail before the host unreachable priority control event is set.
The drop-count command is used to define the number of consecutive message send attempts that must fail for the host unreachable priority event to enter the set state. Each unsuccessful attempt increments the event consecutive message drop counter. With each successful attempt, the event consecutive message drop counter resets to 0.
If the event consecutive message drop counter reaches the drop-count value, the host unreachable priority event enters the set state.
The event hold-set value defines how long the event must stay in the set state even when a successful message attempt clears the consecutive drop counter. The event is not cleared until the consecutive drop counter is less than the drop-count value and the hold-set timer has a value of 0 (expired).
The no form of the command reverts to the default value of 3. Three consecutive ICMP echo request failures are required before the host unreachable priority control event is set.
Default
3
Parameters
- count
specifies the number of ICMP echo request message attempts that must fail for the event to enter the set state. The count parameter defines the threshold so that a lower consecutive number of failures can clear the event state.
hold-clear
Syntax
hold-clear seconds
no hold-clear
Context
config>vrrp>policy>priority-event>host-unreachable
config>vrrp>policy>priority-event>lag-port-down
config>vrrp>policy>priority-event>port-down
config>vrrp>policy>priority-event>route-unknown
Description
This command configures the hold-clear time for the event. The hold-clear time is used to prevent blackhole conditions if a virtual router instance advertises itself as a master before other conditions associated with the cleared event have had a chance to enter a forwarding state.
Default
no hold-clear
Parameters
- seconds
specifies the amount of time in seconds by which the effect of a cleared event on the associated virtual router instance is delayed
hold-set
Syntax
hold-set seconds
no hold-set
Context
config>vrrp>policy>priority-event>host-unreachable
config>vrrp>policy>priority-event>lag-port-down
config>vrrp>policy>priority-event>port-down
config>vrrp>policy>priority-event>route-unknown
Description
This command specifies the amount of time that must pass before the set state for a VRRP priority control event can transition to the cleared state to dampen flapping events. A flapping event continually transitions between clear and set.
The hold-set command dampens the effect of a flapping event. The hold-set timer prevents a set event from transitioning to the cleared state until it expires.
Each time an event transitions between cleared and set, the timer begins a countdown to 0. When the timer reaches 0, the event is allowed to enter the cleared state. Entering the cleared state is dependent on the object controlling the event, conforming to the requirements defined in the event itself. It is possible, on some event types, to have another set action reset the hold-set timer. This extends the amount of time that must expire before entering the cleared state.
When the hold-set timer expires and the event meets the cleared state requirements or is set to a lower threshold, the effect of the current set action on the in-use priority of the virtual router instance is removed. For lag-port-down events, this may be a decrease in the set effect if clearing the state lowers the set threshold.
The hold-set command can be executed at any time. If the currently configured hold-set timer value is larger than the new seconds setting, the timer is loaded with the new hold-set value.
The no form of the command reverts to the default value of 0 and the hold-set timer is disabled so that event transitions are processed immediately.
Default
0
Parameters
- seconds
specifies the number of seconds that the hold-set timer waits after an event enters a set state or enters a higher threshold set state, depending on the event type.
The value of 0 disables the hold-set timer, preventing any delay in processing lower set thresholds or cleared events.
interval
Syntax
interval seconds
no interval
Context
config>vrrp>policy>priority-event>host-unreachable
Description
This command configures the number of seconds between host-unreachable priority event ICMP echo request messages directed to the host IP address.
The no form of this command reverts to the default value.
Default
1
Parameters
- seconds
specifies the amount of time between the ICMP echo request messages sent to the host IP address for the host-unreachable priority event
less-specific
Syntax
less-specific [allow-default]
no less-specific
Context
config>vrrp>policy>priority-event>route-unknown
Description
This command allows a CIDR shortest-match hit on a route prefix that contains the IP route prefix associated with the route-unknown priority event.
The less-specific command modifies the search parameters for the IP route prefix specified in the route-unknown priority event.
The less-specific command makes the RTM lookup criteria less restrictive when searching for the IP prefix mask. When the route-unknown priority event sends the prefix to the RTM (as if it was a destination lookup), the matching prefix (if a result is found) is checked to see if it is an exact match or a less-specific match. The less-specific command enables a less-specific route table prefix to match the configured prefix. If less-specific is not specified, a less-specific route table prefix fails to match the configured prefix. The allow-default optional keyword extends the less-specific match to include the default route (0.0.0.0).
The no form of the command prevents RTM lookup results that are less specific than the route prefix from matching.
The default value specifies that the route-unknown priority event requires an exact IP prefix mask match.
Default
no less-specific
Parameters
- allow-default
specifies that an RTM return of 0.0.0.0 matches the IP prefix. If the less-specific command is entered without the allow-default keyword, a return of 0.0.0.0 does not match the IP prefix.
next-hop
Syntax
[no] next-hop ip-address
Context
config>vrrp>policy>priority-event>route-unknown
Description
This command adds an allowed next-hop IP address to match the IP route prefix for a route-unknown priority control event.
If the next-hop IP address does not match one of the defined IP addresses, the match is considered unsuccessful and the route-unknown event transitions to the set state.
The next-hop command is optional. If no next-hop IP address commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next-hop information.
If more than one next-hop IP address is eligible for matching, a next-hop command must be executed for each IP address. Defining the same IP address multiple times has no effect after the first instance.
The no form of the command removes the IP address from the list of acceptable next hops when looking up the route-unknown prefix. If this IP address is the last next hop defined on the route-unknown event, the returned next-hop information is ignored when testing the match criteria. If the IP address does not exist, the no next-hop command returns a warning message, but continues to execute if part of the exec script.
The default value specifies that no next-hop IP address for the route-unknown priority control event is defined.
Default
no next-hop
Parameters
- ip-address
specifies an acceptable next-hop IP address for a returned route prefix from the RTM when looking up the route-unknown route prefix
number-down
Syntax
[no] number-down number-of-lag-ports-down
Context
config>vrrp>policy>priority-event>lag-port-down
Description
This command enables the context to configure an event set threshold within a lag-port-down priority control event.
The number-down command defines a sub-node within the lag-port-down event and is uniquely identified with the number-of-lag-ports-down parameter. Each number-down node within the same lag-port-down event node must have a unique number-of-lag-ports-down value. Each number-down node has its own priority command that takes effect whenever that node represents the current threshold.
The total number of sub-nodes (uniquely identified by the number-of-lag-ports-down parameter) allowed in a single lag-port-down event is equal to the total number of possible physical ports allowed in a LAG.
A number-down node is not required for each possible number of ports that could be down. The active threshold is always the closest lower threshold. When the number of ports down equals a given threshold, that threshold is the active threshold.
The no form of the command deletes the event set threshold. The threshold may be removed at any time. If the removed threshold is the current active threshold, the event set thresholds must be re-evaluated after removal.
Default
no number-down (no threshold for the LAG priority event is created)
Parameters
- number-of-lag-ports-down
specifies the number of LAG ports down to create a set event threshold. This is the active threshold when the number of down ports in the LAG equals or exceeds number-of-lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports-down.
priority
Syntax
priority priority-level [delta | explicit]
no priority
Context
config>vrrp>policy>priority-event>host-unreachable
config>vrrp>policy>priority-event>lag-port-down>number-down
config>vrrp>policy>priority-event>port-down
config>vrrp>policy>priority-event>route-unknown
Description
This command controls the effect that the set event has on the virtual router instance in-use priority.
When the event is set, the priority level is either subtracted from the base priority of each virtual router instance or it defines the explicit in-use priority value of the virtual router instance depending on whether the delta or explicit keyword is specified.
Multiple set events in the same policy have interaction constraints:
if any set events have an explicit priority value, all the delta priority values are ignored
the set event with the lowest explicit priority value defines the in-use priority used by all virtual router instances associated with the policy
if no set events have an explicit priority value, all the set events delta priority values are added and subtracted from the base priority value defined on each virtual router instance associated with the policy
if the sum of the delta priorities exceeds the delta-in-use-limit, then the delta-in-use-limit value is used as the value subtracted from the base priority value defined on each virtual router instance associated with the policy
If the priority command is not configured on the priority event, the priority value defaults to 0 and the qualifier keyword defaults to delta with no impact on the in-use priority.
The no form of this command reverts to the default values.
Default
0
Parameters
- priority-level
specifies the priority level adjustment value
- delta | explicit
configures what effect the priority level has on the base priority value
When delta is specified, the priority level value is subtracted from the base priority of the associated virtual router instance when the event is set and no explicit events are set. The sum of the priority event priority level values on all set delta priority events are subtracted from the virtual router base priority to derive the virtual router instance in-use priority value. If the delta priority event is cleared, the priority level is no longer used in the in-use priority calculation.
When explicit is specified, the priority level value is used to override the base priority of the virtual router instance if the priority event is set and no other explicit priority event is set with a lower priority level. The set explicit priority value with the lowest priority level determines the actual in-use protocol value for all virtual router instances associated with the policy.
protocol
Syntax
protocol protocol
no protocol
Context
config>vrrp>policy>priority-event>route-unknown
Description
This command adds one or more route sources to match the route-unknown IP route prefix for a route-unknown priority control event.
If the route source does not match one of the defined protocols, the match is considered unsuccessful and the route-unknown event transitions to the set state.
The protocol command is optional. If the protocol command is not executed, the comparison between the RTM prefix return and the route-unknown IP route prefix does not include the source of the prefix. The protocol command cannot be executed without at least one associated route source keyword. All keywords are reset each time the command is executed, and only the explicitly defined protocols are allowed to match.
The no form of the command removes protocol route source as a match criteria for returned RTM route prefixes.
To remove specific existing route source match criteria, execute the protocol command and include only the specific route source criteria. Any unspecified route source criteria is removed.
Default
no protocol
Parameters
- protocol
specifies the routing protocol to be used as a match criteria
timeout
Syntax
timeout seconds
no timeout
Context
config>vrrp>policy>priority-event>host-unreachable
Description
This command defines the time, in seconds, that must pass before considering the far-end IP host unresponsive to an outstanding ICMP echo request message.
The timeout value is not directly related to the configured interval parameter. The timeout value can be larger, equal, or smaller, relative to the interval value. If the timeout value is larger than the interval value, multiple ICMP echo request messages can be outstanding. Every ICMP echo request message transmitted to the far-end host is tracked individually according to the message identifier and sequence number.
With each consecutive attempt to send an ICMP echo request message, the timeout timer is started. The timer decrements until:
an internal error occurs preventing message sending (request unsuccessful)
an internal error occurs preventing message reply receiving (request unsuccessful)
a required route table entry does not exist to reach the IP address (request unsuccessful)
a required ARP entry does not exist and ARP request timed out (request unsuccessful)
a valid reply is received (request successful)
If an ICMP echo reply message is not received prior to the timeout period for a given ICMP echo request, that request is considered to be dropped and the consecutive message drop counter is incremented for the priority event.
If an ICMP echo reply message with the same sequence number as an outstanding ICMP echo request message is received prior to that message timing out, the request is considered successful. The consecutive message drop counter is cleared and the request message no longer is outstanding.
If an ICMP echo reply message with a sequence number equal to an ICMP echo request sequence number that had previously timed out is received, that reply is silently discarded while incrementing the priority event reply discard counter.
The no form of the command reverts to the default value.
Default
1
Parameters
- seconds
specifies the amount of time before an ICMP echo request message is timed out. After a message is timed out, a reply with the same identifier and sequence number is discarded.
VRRP Show Commands
policy
Syntax
policy [policy-id [event event-type specific-qualifier]]
Context
show>vrrp
Description
This command displays VRRP priority control policy information.
Parameters
- policy-id
displays statistics for the specified priority control policy ID
- event-type
displays information on the specified VRRP priority control event within the policy ID
- specific-qualifier
displays information about the specific qualifier
Output
The following outputs are examples of VRRP policy summary information:
Policy summary (Output Example (summary))
Policy event port-down summary (Output Example (port-down))
Policy event lag-port-down summary (Output Example (lag-port-down))
Policy event host-unreachable summary (Output Example (host-unreachable))
Policy event route-unknown summary (Output Example (route-unknown))
Summary of policy output fields (VRRP Policy and Policy Event Summary Field Descriptions )
show vrrp policy 1
*A:7705:Dut-A # show vrrp policy 1
===============================================================================
VRRP Policy 1
===============================================================================
Description :
Current Priority: 120 Delta Applied : Yes
Current Explicit: None Current Delta Sum : 120
Delta Limit : 1 Svc Context : None
-------------------------------------------------------------------------------
Rtr Id/ Applied To VR Opr Base In-use Master Is
Svc Id Interface Name Id Pri Pri Pri Master
-------------------------------------------------------------------------------
vrrpMasNode 10 Up 250 130 200 No
-------------------------------------------------------------------------------
Rtr Id/ Applied To IPv6 Opr Base In-use Master Is
Svc Id Interface Name VR-Id Pri Pri Pri Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
SRRP Applied To Interface Name Oper Base In-use Master
Id Rtr Id/Svc State Pri Pri Pri
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Priority Control Events
-------------------------------------------------------------------------------
Event Type & ID Event Oper State Hold Set Priority In
Remaining &Effect Use
-------------------------------------------------------------------------------
Route Unknown 10.20.20.3/32 Set-NonExistant Expired 120 Del Yes
LAG Port Down 1 n/a Expired -- No
2 Number Down 12 Del
===============================================================================
Output Example (port-down)
show vrrp policy 1 event port-down
*A:7705:Dut-A# show vrrp policy 1 event port-down 1/1/8
===============================================================================
VRRP Policy 1, Event Port Down 1/1/8
===============================================================================
Description :
Current Priority: None Applied : Yes
Current Explicit: None Current Delta Sum : None
Delta Limit : 1 Svc Context : None
-------------------------------------------------------------------------------
Rtr Id/ Applied To VR Opr Base In-use Master Is
Svc Id Interface Name Id Pri Pri Pri Master
-------------------------------------------------------------------------------
vrrpMasNode 10 Up 250 250 250 Yes
-------------------------------------------------------------------------------
Rtr Id/ Applied To IPv6 Opr Base In-use Master Is
Svc Id Interface Name VR-Id Pri Pri Pri Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
SRRP Applied To Interface Name Oper Base In-use Master
Id Rtr Id/Svc State Pri Pri Pri
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Priority Control Event Port Down 1/1/8
-------------------------------------------------------------------------------
Priority : 120 Priority Effect : Delta
Hold Set Config : 10 sec Hold Set Remaining: Expired
Hold Clr Config : 0 sec Hold Clr Remaining: Expired
Value In Use : No Current State : Cleared
# trans to Set : 0 Previous State : Cleared
Last Transition : 01/21/2013 16:38:27
===============================================================================
Output Example (lag-port-down)
*A:Sar18 Dut-A# show vrrp policy 12 event lag-port-down 1
===============================================================================
VRRP Policy 12, Event LAG Port Down 1
===============================================================================
Description : test_policy_12
Current Priority: None Applied : No
Current Explicit: None Current Delta Sum : None
Delta Limit : 1 Svc Context : None
-------------------------------------------------------------------------------
Rtr Id/ Applied To VR Opr Base In-use Master Is
Svc Id Interface Name Id Pri Pri Pri Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Rtr Id/ Applied To IPv6 Opr Base In-use Master Is
Svc Id Interface Name VR-Id Pri Pri Pri Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
SRRP Applied To Interface Name Oper Base In-use Master
Id Rtr Id/Svc Id State Pri Pri Pri
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Priority Control Event LAG Port Down 1
-------------------------------------------------------------------------------
Hold Set Config : 0 sec Hold Set Remaining: Expired
Hold Clr Config : 0 sec Hold Clr Remaining: Expired
Value In Use : No Current State : n/a
# trans to Set : 0 Previous State : n/a
Last Transition : 04/25/2017 19:33:37
-------------------------------------------------------------------------------
Number Down Threshold Event Priority Event Type
-------------------------------------------------------------------------------
2 12 Delta
===============================================================================
Output Example (host-unreachable)
show vrrp policy 1 event host-unreachable
*A:7705:Dut-A# show vrrp policy 1 event host-unreachable 10.20.20.3
===============================================================================
VRRP Policy 1, Event Host Unreachable 10.20.20.3
===============================================================================
Description :
Current Priority: None Applied : Yes
Current Explicit: None Current Delta Sum : None
Delta Limit : 1 Svc Context : None
-------------------------------------------------------------------------------
Rtr Id/ Applied To VR Opr Base In-use Master Is
Svc Id Interface Name Id Pri Pri Pri Master
-------------------------------------------------------------------------------
vrrpMasNode 10 Up 250 250 250 Yes
-------------------------------------------------------------------------------
Rtr Id/ Applied To IPv6 Opr Base In-use Master Is
Svc Id Interface Name VR-Id Pri Pri Pri Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
SRRP Applied To Interface Name Oper Base In-use Master
Id Rtr Id/Svc State Pri Pri Pri
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Priority Control Event Host Unreachable 10.20.20.3
-------------------------------------------------------------------------------
Priority : 120 Priority Effect : Delta
Interval : 1 sec Timeout : 1 sec
Drop Count : 3
Hold Set Config : 0 sec Hold Set Remaining: Expired
Hold Clr Config : 0 sec Hold Clr Remaining: Expired
Value In Use : No Current State : Cleared-ReplyReceived
# trans to Set : 0 Previous State : Cleared-ReplyReceived
Last Transition : 01/21/2013 16:38:27
===============================================================================
Output Example (route-unknown)
show vrrp policy 1 event route-unknown
*A:7705:Dut-A#show vrrp policy 1 event route-unknown 10.20.20.3/32
===============================================================================
VRRP Policy 1, Event Route Unknown 10.20.20.3/32
===============================================================================
Description :
Current Priority: 120 Delta Applied : Yes
Current Explicit: None Current Delta Sum : 120
Delta Limit : 1 Svc Context : None
-------------------------------------------------------------------------------
Rtr Id/ Applied To VR Opr Base In-use Master Is
Svc Id Interface Name Id Pri Pri Pri Master
-------------------------------------------------------------------------------
vrrpMasNode 10 Up 250 130 200 No
-------------------------------------------------------------------------------
Rtr Id/ Applied To IPv6 Opr Base In-use Master Is
Svc Id Interface Name VR-Id Pri Pri Pri Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
SRRP Applied To Interface Name Oper Base In-use Master
Id Rtr Id/Svc State Pri Pri Pri
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Priority Control Event Route Unknown 10.20.20.3/32
-------------------------------------------------------------------------------
Priority : 120 Priority Effect : Delta
Less Specific : No Default Allowed : No
Next Hop(s) : None
Protocol(s) : None
Hold Set Config : 0 sec Hold Set Remaining: Expired
Hold Clr Config : 0 sec Hold Clr Remaining: Expired
Value In Use : Yes Current State : Set-NonExistant
# trans to Set : 1 Previous State : Cleared-Found
Last Transition : 01/21/2013 17:14:55
===============================================================================
Label |
Description |
---|---|
Current Priority |
The base router priority for the virtual router instance used in the master election process |
Applied |
The number of virtual router instances to which the policy has been applied. The policy cannot be deleted unless this value is 0 |
Current Explicit |
When multiple explicitly defined events associated with the priority control policy happen simultaneously, the lowest value of all the current explicit priorities will be used as the in-use priority for the virtual router |
Current Delta Sum |
The sum of the priorities of all the delta events when multiple delta events associated with the priority control policy happen simultaneously. This sum is subtracted from the base priority of the virtual router to give the in-use priority. |
Delta Limit |
The delta-in-use-limit for a VRRP policy. Once the total sum of all delta events has been calculated and subtracted from the base-priority of the virtual router, the result is compared to the delta-in-use-limit value. If the result is less than this value, the delta-in-use-limit value is used as the virtual router in-use priority value. If an explicit priority control event overrides the delta priority control events, the delta-in-use-limit has no effect. |
Svc Context |
The service context |
Rtr Id/Svc Id |
The router ID or service ID to which the VRRP policy is applied |
Applied To Interface Name |
The interface name where the VRRP policy is applied |
VR Id |
The virtual router ID for the IPv4 interface |
IPv6 VR Id |
The virtual router ID for the IPv6 interface |
Opr |
The operational state of the virtual router |
Base Pri |
The base priority used by the virtual router instance |
In-use Pri |
The current in-use priority associated with the VRRP virtual router instance |
Master Pri |
The priority of the virtual router instance that is the current master |
Is Master |
Indicates whether the router is configured as the virtual router master |
SRRP ID |
The subscriber routed redundancy protocol (SRRP) ID Not applicable to the 7705 SAR |
Oper State |
The operational state of the SRRP |
Event Type & ID |
The event-type and ID for types such as port-down, lag-port-down, host-unreachable, or route-unknown |
Priority & Effect |
Delta — a conditional event defined in a priority control policy that subtracts a given amount from the base priority to give the current in-use priority for the VRRP virtual router instances to which the policy is applied Explicit— a conditional event defined in a priority control policy that explicitly defines the in-use priority for the VRRP virtual router instances to which the policy is applied. Explicit events override all delta events. When multiple explicit events occur simultaneously, the event with the lowest priority value defines the in-use priority. |
Event Opr State |
The operational state of the priority event |
In Use |
Indicates whether the priority event is in use |
Hold Set Config |
The configured number of seconds that the hold-set timer waits after an event enters a set state or enters a higher threshold set state, depending on the event type |
Hold Set Remaining |
The remaining amount of time that must pass before the set state for a VRRP priority control event can transition to the cleared state to dampen flapping events |
Hold Clr Config |
The configured amount of time that must pass before the clear state for a VRRP priority control event can transition to the set state to dampen flapping events |
Hold Clr Remaining |
The remaining amount of time that must pass before the clear state for a VRRP priority control event can transition to the set state to dampen flapping events |
Value In Use |
Yes — the event is currently affecting the in-use priority of some virtual router No — the event is not affecting the in-use priority of some virtual router |
Current State |
The current state of the priority event |
# trans to Set |
The number of times the event has transitioned to one of the set states |
Previous State |
The previous state of the priority event |
Last Transition |
The date and time of the last state transition for the priority event |
Number Down Threshold |
The number of LAG ports down to create a set event threshold |
Event Priority |
The priority value that is either subtracted from the base priority of each virtual router instance (delta) or defined as the explicit in-use priority value of the virtual router instance |
Event Type |
The event type: Delta or Explicit |
Priority |
The priority value configured on the event |
Priority Effect |
The effect that the set event has on the virtual router instance in-use priority When the event is set, the priority level is either subtracted from the base priority of each virtual router instance or it defines the explicit in-use priority value of the virtual router instance depending on whether the delta or explicit keyword is specified |
Interval |
The number of seconds between host-unreachable priority event ICMP echo request messages directed to the host IP address |
Timeout |
The time, in seconds, that must pass before considering the far-end IP host-unresponsive to an outstanding ICMP echo request message |
Drop Count |
The number of consecutively sent ICMP echo request messages that must fail before the host unreachable priority control event is set |
Less Specific |
Modifies the search parameters for the IP route prefix specified in the route-unknown priority event. Using this command allows a CIDR shortest-match hit on a route prefix that contains the IP route prefix |
Default Allowed |
Indicates whether the less-specific match includes the default route (0.0.0.0) |
Next Hop(s) |
The next-hop IP address to match the IP route prefix for a route-unknown priority control event. |
Protocol(s) |
The protocol included with other match criteria to determine the transition state |
vrrp
Syntax
vrrp
Context
show>router>vrrp
Description
This command displays information for the VRRP instance.
instance
Syntax
instance [interface interface-name [vrid virtual-router-id]
instance [interface interface-name vrid virtual-router-id ipv6
Context
show>router>vrrp
Description
This command displays information for the VRRP instance.
Parameters
- interface-name
displays status and statistics for the specified interface
- virtual-router-id
displays statistics for the specified virtual router ID
- ipv6
specifies the IPv6 instance
Output
The following output is an example of a router VRRP instance summary information, and Router VRRP Instance Summary Field Descriptions describes the fields.
Output Exampleshow router vrrp instance interface n2 vrid 1
*A:7705:Dut-A# show router 10 vrrp instance interface vrrpMasNode vrid 10
===============================================================================
VRRP Instance 10 for interface "vrrpMasNode"
===============================================================================
Owner : Yes VRRP State : Master
Primary IP of Master: 192.168.0.1 (Self)
Primary IP : 192.168.0.1 Standby-Forwarding: Disabled
VRRP Backup Addr : 192.168.0.1
Admin State : Up Oper State : Up
Up Time : 01/21/2013 18:29:17 Virt MAC Addr : 00:00:5e:00:01:0a
Auth Type : None
Config Mesg Intvl : 1 In-Use Mesg Intvl : 1
Base Priority : 255 In-Use Priority : 255
Init Delay : 0 Init Timer Expires: 0.000 sec
Creation State : Active
-------------------------------------------------------------------------------
Master Information
-------------------------------------------------------------------------------
Primary IP of Master: 192.168.0.1 (Self)
Addr List Mismatch : No Master Priority : 255
Master Since : 01/21/2013 18:29:17
-------------------------------------------------------------------------------
Masters Seen (Last 32)
-------------------------------------------------------------------------------
Primary IP of Master Last Seen Addr List Mismatch Msg Count
-------------------------------------------------------------------------------
192.168.0.1 01/21/2013 18:29:17 No 0
192.168.0.3 01/21/2013 18:28:41 No 1
-------------------------------------------------------------------------------
Statistics
-------------------------------------------------------------------------------
Become Master : 3 Master Changes : 3
Adv Sent : 139 Adv Received : 1
Pri Zero Pkts Sent : 2 Pri Zero Pkts Rcvd: 0
Preempt Events : 0 Preempted Events : 0
Mesg Intvl Discards : 0 Mesg Intvl Errors : 0
Addr List Discards : 0 Addr List Errors : 0
Auth Type Mismatch : 0 Auth Failures : 0
Invalid Auth Type : 0 Invalid Pkt Type : 0
IP TTL Errors : 0 Pkt Length Errors : 0
Total Discards : 0
Label |
Description |
---|---|
Owner |
Yes — Specifies that the virtual router instance as owning the virtual router IP addresses |
No — Indicates that the virtual router instance is operating as a non-owner |
|
VRRP State |
Specifies whether the VRRP instance is operating in a master or backup state |
Primary IP of Master |
The IP address of the VRRP master |
Primary IP |
The IP address of the VRRP owner |
Standby-Forwarding |
Specifies whether this VRRP instance allows forwarding packets to a standby router |
Virt MAC Addr |
The virtual MAC address used in ARP responses when the VRRP virtual router instance is operating as a master |
Config Mesg Intvl |
The administrative advertisement message timer used by the master to send VRRP messages and to derive the master down timer as backup |
Base Priority |
The base-priority value used to derive the in-use priority of the virtual router instance as modified by any optional VRRP priority control policy |
In-Use Priority |
The current in-use priority associated with the VRRP virtual router instance |
Master Since |
The date and time when operational state of the virtual router changed to master. For a backup outer, this value specifies the date and time when it received the first VRRP message from the virtual router which is the current master. |
statistics
Syntax
statistics
Context
show>router>vrrp
Description
This command displays statistics for the VRRP instance.
Output
The following output is an example of VRRP statistics information.
Output Example*A:7705custDoc:Sar18>show>router>vrrp# statistics
===============================================================================
VRRP Global Statistics
===============================================================================
VR Id Errors : 0 Version Errors : 0
Checksum Errors : 0
===============================================================================
*A:7705custDoc:Sar18>show>router>vrrp#
VRRP Monitor Commands
instance
Syntax
instance interface interface-name vr-id virtual-router-id [ipv6] [interval seconds] [repeat repeat] [absolute | rate]
Context
monitor>router>vrrp
Description
This command enables monitoring for VRRP instances.
Parameters
- interface-name
specifies the name of the existing IES or VPRN interface on which VRRP is configured
- virtual-router-id
specifies the virtual router ID for the existing IES or VPRN interface, expressed as a decimal integer
- ipv6
specifies monitoring the IPv6 instance
- seconds
specifies the interval for each display in seconds
- repeat
specifies the number of times the command is repeated
- absolute
specifies that raw statistics are displayed, without processing. No calculations are performed on the delta or rate statistics.
- rate
specifies the rate per second for each statistic instead of the delta
Output
The following output is an example of a router VRRP instance summary information.
Output Examplemonitor router vrrp instance interface n2 vrid 1
*A:7705:DutA# monitor router vrrp instance interface vrrpMasNode vr-id 10 absolute
===============================================================================
Monitor statistics for VRRP Instance 10 on interface "vrrpMasNode"
===============================================================================
-------------------------------------------------------------------------------
At time t = 0 sec (Base Statistics)
-------------------------------------------------------------------------------
Become Master : 0 Master Changes : 0
Adv Sent : 2 Adv Received : 0
Pri Zero Pkts Sent : 0 Pri Zero Pkts Rcvd: 0
Preempt Events : 0 Preempted Events : 0
Mesg Intvl Discards : 0 Mesg Intvl Errors : 0
Addr List Discards : 0 Addr List Errors : 0
Auth Type Mismatch : 0 Auth Failures : 0
Invalid Auth Type : 0 Invalid Pkt Type : 0
IP TTL Errors : 0 Pkt Length Errors : 0
Total Discards : 0
-------------------------------------------------------------------------------
At time t = 10 sec (Mode: Absolute)
-------------------------------------------------------------------------------
Become Master : 0 Master Changes : 0
Adv Sent : 12 Adv Received : 0
Pri Zero Pkts Sent : 0 Pri Zero Pkts Rcvd: 0
Preempt Events : 0 Preempted Events : 0
Mesg Intvl Discards : 0 Mesg Intvl Errors : 0
Addr List Discards : 0 Addr List Errors : 0
Auth Type Mismatch : 0 Auth Failures : 0
Invalid Auth Type : 0 Invalid Pkt Type : 0
IP TTL Errors : 0 Pkt Length Errors : 0
Total Discards : 0
-------------------------------------------------------------------------------
At time t = 20 sec (Mode: Absolute)
-------------------------------------------------------------------------------
Become Master : 0 Master Changes : 0
Adv Sent : 22 Adv Received : 0
Pri Zero Pkts Sent : 0 Pri Zero Pkts Rcvd: 0
Preempt Events : 0 Preempted Events : 0
Mesg Intvl Discards : 0 Mesg Intvl Errors : 0
Addr List Discards : 0 Addr List Errors : 0
Auth Type Mismatch : 0 Auth Failures : 0
Invalid Auth Type : 0 Invalid Pkt Type : 0
IP TTL Errors : 0 Pkt Length Errors : 0
Total Discards : 0
VRRP Clear Commands
interface
Syntax
[interface interface-name [vrid virtual-router-id]
[interface interface-name vrid virtual-router-id ipv6
Context
clear>router>vrrp
Description
This command resets VRRP protocol instances on an IES or VPRN interface.
Parameters
- interface-name
specifies an existing interface name up to 32 characters in length
- virtual-router-id
specifies the virtual router identifier
- ipv6
clears IPv6 information for the specified interface
statistics
Syntax
statistics
statistics interface interface-name [vrid virtual-router-id]
statistics interface interface-name vrid virtual-router-id ipv6
Context
clear>router>vrrp
Description
This command clears statistics for VRRP instances on an IES or VPRN interface or VRRP priority control policies.
Parameters
- interface-name
clears the VRRP statistics for all VRRP instances on the specified IES or VPRN interface
- virtual-router-id
specifies the virtual router identifier
- ipv6
clears IPv6 statistics for the specified IPv6 interface
VRRP Debug Commands
events
Syntax
[no] events
[no] events interface ip-int-name [vrid virtual-router-id]
[no] events interface ip-int-name vrid virtual-router-id ipv6
Context
debug>router>vrrp
Description
This command enables or disables debugging for VRRP events.
Parameters
- ip-int-name
specifies the interface name
- virtual-router-id
specifies the virtual router identifier
- ipv6
debugs the specified IPv6 IES interface
packets
Syntax
[no] packets
[no] packets interface ip-int-name [vrid virtual-router-id]
[no] packets interface ip-int-name vrid virtual-router-id ipv6
Context
debug>router>vrrp
Description
This command enables or disables debugging for VRRP packets.
Parameters
- interface-name
specifies the interface name
- virtual-router-id
specifies the virtual router identifier
- ipv6
debugs the specified IPv6 IES packets