VRRP

This chapter provides information about configuring Virtual Router Redundancy Protocol (VRRP) parameters.

Topics in this chapter include:

VRRP Overview

Virtual Router Redundancy Protocol (VRRP) is a method of implementing a redundant IP interface shared between two or more routers on a common LAN segment, allowing a group of routers to function as one virtual router. If the IP interface of the virtual router is specified as a default gateway on hosts directly attached to the LAN, the routers sharing the IP interface by participating in VRRP as part of the virtual router instance will prevent a single point of failure by ensuring access to this gateway address. VRRP can be implemented on IES and VPRN service interfaces. VRRPv3 can also be implemented on IES and VPRN service interfaces, including r-VPLS interfaces for both IES and VPRN.

The 7705 SAR supports VRRPv3 for IPv4 and IPv6 as described in RFC 5798. Within a VRRP router, the virtual routers in each of the IPv4 and IPv6 address families are in separate domains and do not overlap.

Note: RFC 5798 uses the term ‟master” state to denote the virtual router that is currently acting as the active forwarding router for the VRRP instance.

With VRRP, one router is designated as the virtual router in master state (active router) and the other routers in the group act as backups. The active router forwards all packets sent to the virtual IP address. If the router fails, an election process begins and the backup router configured with the highest acceptable priority becomes the active virtual router. The new active router assumes the packet forwarding for the local hosts.

VRRP is supported on Ethernet adapter cards only.

Note: This section describes the configuration parameters of VRRP on IES and VPRN service interfaces as well as configuration parameters of VRRP policies. CLI command descriptions for VRRP policies are in VRRP Command Reference. For CLI command descriptions related to IES and VPRN service interfaces, see the 7705 SAR Services Guide.

VRRP Master/Backup Configuration shows an example of a VRRP configuration.

Figure 1. VRRP Master/Backup Configuration

VRRP Components

Virtual Router

A virtual router is a logical entity managed by VRRP that acts as a default router for hosts on a shared LAN. It consists of a virtual router ID (VRID) and one or more IP addresses across a common LAN. A VRRP router can back up one or more virtual routers.

The purpose of supporting multiple IP addresses within a single virtual router is for multi-netting. This is a common mechanism that allows multiple local subnet attachments on a single routing interface.

Up to four virtual routers are configurable on a single 7705 SAR interface. The virtual routers must be in the same subnet. Each virtual router has its own VRID, state machine, and messaging instance.

IP Address Owner

VRRP can be configured on a router in either owner or non-owner mode. The owner is the VRRP router that has the virtual router's IP addresses as real interface addresses. This is the router that responds to packets addressed to one of the IP addresses for items such as ICMP pings and TCP connections. All other virtual router instances participating in this message domain must have the same VRID configured and cannot be configured as owner.

The 7705 SAR supports passive VRRP, which does not require multiple VRRP instances to achieve default gateway load balancing. Passive VRRP is a VRRP setting in which the transmission and reception of keepalive messages is completely suppressed; therefore, the IES or VPRN interface always behaves as the active router. Passive VRRP is enabled by adding the passive keyword to the VRRP instance at creation. For passive VRRP, the convergence time for link or node failures is not affected by the VRRP convergence because all nodes in the VRRP instance are acting as active routers.

Primary Address

A primary address is an IP address selected from the set of real interface addresses. For IPv4, VRRP advertisements are always sent using the primary IPv4 address as the source of the IPv4 packet. For IPv6, the link-local address of the interface over which the packet is transmitted is used.

A 7705 SAR IP interface must always have a primary IP address assigned for VRRP to be active on the interface. The 7705 SAR supports primary addresses and multi-netting on the IP interface. The virtual router VRID primary IP address is always the same as the primary address on the IP interface.

Virtual Router in Master State

A physical router that is participating in VRRP and which controls the IP addresses associated with the virtual router is considered to be in the master state, is the active router for the VRRP instance, and is responsible for forwarding packets sent to the VRRP IP addresses. This virtual router is the IP address owner as long as the router is available.

An election process provides dynamic failover of the forwarding responsibility to the backup router if the master becomes unavailable. This allows any of the virtual router IP addresses on the LAN to be used as the default first-hop router by end hosts. VRRP enables a higher-availability default path without requiring configuration of dynamic routing or router discovery protocols on every end host.

If the master is unavailable, each virtual router backup with the same VRID compares its configured priority values with the other backup routers to determine the master role. Priority values are set with the priority command. In case of a tie, the virtual router backup with the highest primary IP address becomes the master.

The preempt parameter is supported and can be set to false (disabled) to prevent a backup router that has a higher priority value from becoming master if an existing non-owner virtual router is the current master. Disabling Preemption ensures that the preferred router regains its master status when service restoration occurs and it goes back on line. Preemption can be enabled or disabled.

While operating as the master, a virtual router routes and originates all IP packets into the LAN using the physical MAC address for the IP interface as the Layer 2 source MAC address, not the VRID MAC address. ARP packets also use the parent IP interface MAC address as the Layer 2 source MAC address while inserting the virtual router MAC address in the appropriate hardware address field. VRRP messages are the only packets transmitted using the virtual router MAC address as the Layer 2 source MAC address.

Virtual Router Backup

A new virtual router master is selected from the set of VRRP virtual router backups available to assume forwarding responsibility for a virtual router if the current master fails.

Owner and Non-owner VRRP

Only one virtual router in the domain is configured as owner. The owner has the same real IP address as the virtual router address and is responsible for forwarding packets sent to this IP address. The owner assumes the role of the virtual router master. All virtual router instances participating in this message domain must have the same VRID configured.

VRRP on a 7705 SAR router can be configured to allow non-owners to respond to ICMP echo requests if they become the virtual router in master state for the VRRP instance. Telnet and other connection-oriented protocols can be configured for master. However, the individual application conversations (connections) do not survive a VRRP failover. A non-owner VRRP router operating as a backup does not respond to any packets addressed to any of the virtual router IP addresses.

The most important parameter defined on a non-owner virtual router instance is the priority parameter. The priority defines the order in which a virtual router is selected as master in the master election process. The priority value and the preempt mode determine which virtual router becomes the virtual router master. In case of tied priority levels, the primary IP address determines which router becomes the master. See Priority and Preempt Mode for details on these parameters.

Configurable Parameters

In addition to virtual IP addresses, to facilitate configuration of a virtual router on 7705 SAR routers, the parameters listed in Owner and Non-Owner Virtual Router Parameters can be defined in owner and non-owner configurations.

Table 1. Owner and Non-Owner Virtual Router Parameters

Parameter

Owner Configuration

Non-owner Configuration

VRID

Message Interval and Master Inheritance

VRRP Message Authentication (IPv4 only)

Virtual MAC Address

BFD-Enable

Initial Delay Timer

Priority

IP Addresses

Master Down Interval 1

Skew Time 1

Preempt Mode

VRRP Advertisement Message IP Address List Verification

IPv6 Virtual Router Instance Operationally Up

Policies

Note:

  1. Master down interval and skew time are not configured directly. They are calculated from the configured value of the message interval.

VRID

The VRID must be configured with the same value on each virtual router associated with the virtual IP address or IP addresses. The VRID is placed in all VRRP advertisement messages sent by each virtual router.

Priority

The priority value affects the interaction between all virtual routers with the same VRID participating on the same LAN. The priority value is used during the election process to determine which backup router (or non-owner) assumes the role of master. The priority value can only be configured if the defined IP address on the IP interface is different from the virtual router IP address, meaning that the virtual router is a non-owner.

If the IP address on the IP interface matches the virtual router IP address (owner mode), the priority value is fixed at 255, the highest value possible. This virtual router member is considered the owner of the virtual router IP address. There can only be one owner of the virtual router IP address for all virtual router members.

Priority value 0 is reserved for VRRP advertisement messages. It is used to tell other virtual routers with the same VRID that this virtual router is no longer acting as master, triggering a new election process. If this happens, each virtual router backup sets its master down timer equal to the skew time value. This shortens the time before one of the virtual router backups becomes master. See Master Down Interval and Skew Time for details.

The current virtual router master must transmit a VRRP advertisement message immediately upon receipt of a VRRP message with priority set to 0. This prevents another virtual router backup from becoming master for a short period of time.

Non-owner virtual routers can be configured with a priority of 254 through 1. The default value is 100. It is possible for multiple non-owners to have the same priority value. If a tie is encountered during an election, the router with the highest IP address wins the election.

The priority is also used to determine when to preempt the existing master. If the preempt mode value is true (preempt enabled), VRRP advertisement messages from lower-priority masters are discarded, causing the master down timer to expire and the higher-priority backup router to transition to the master state.

The priority value also dictates the skew time added to the master timeout period. See Skew Time for details.

IP Addresses

Each virtual router with the same VRID is defined with the same set of IP addresses. These are the IP addresses used by hosts on the LAN as gateway addresses. Multi-netting supports eight IP addresses on the IP interface.

Message Interval and Master Inheritance

Each virtual router is configured with a message interval for each VRID within which it participates. This parameter must be set to the same value for every virtual router within a VRID.

Configuring the message interval value can be done in three ways: using only the milliseconds value, using only the seconds value, or using a combination of the two values, as indicated by the CLI command message interval {[seconds] [milliseconds milliseconds]}. Message Interval Configuration Ranges  shows the ranges for each way of configuring the message interval.

Table 2. Message Interval Configuration Ranges 

Configuration

IPv4

IPv6

Using milliseconds value only

100 to 900 ms

10 to 990 ms

Using seconds value only

1 to 255 s

1 to 40 s

Using combination milliseconds and seconds values

1 s 100 ms to 255 s 900 ms

(1.1 s to 255.9 s)

1 s 10 ms to 40s 990 ms

(1.01 s to 40.99 s)

Default setting

1 s

1 s

The message interval field in every received VRRP advertisement message must match the locally configured message interval. If a mismatch occurs, then—depending on the inherit parameter configuration (master-int-inherit command is enabled)—the current message interval setting of the master can be used to operationally override the locally configured message interval setting. If the current master changes, the new master setting is used. If the local virtual router becomes master, the locally configured message interval is enforced.

If a VRRP advertisement message is received with a message interval set to a value different from the local value and the inherit parameter is disabled, the message is discarded without processing.

The virtual router master uses the message interval as a timer, specifying when to send the next VRRP advertisement message. Each virtual router backup uses the message interval (with the configured local priority) to derive the master down timer value.

VRRP advertisement messages that are fragmented or contain IP options (IPv4) or extension headers (IPv6) require a longer configured message interval.

The virtual router instance can inherit the master VRRP router’s message interval timer, which is used by backup routers to calculate the master down timer.

The inheritance is only configurable in the non-owner context. It is used to allow the current virtual router master to dictate the master down timer for all virtual router backups.

Note: A message interval is the same as an advertisement interval.

Master Down Interval

The master down interval is the time that the master router can be operationally down before a backup router takes over. The master down interval is a calculated value used to specify the master down timer. If the master down timer expires, the backup virtual router enters the master state. To calculate the master down interval, the virtual router uses the following formula:

   Master Down Interval = (3 ✕ Operational Message Interval) + Skew Time

The operational message interval is dependent upon the state of the inherit parameter, as follows. See Message Interval and Master Inheritance for details.

  • If the inherit parameter is enabled, the operational message interval is derived from the current master’s message interval field in the VRRP advertisement message.

  • If the inherit parameter is disabled, the operational message interval must be equal to the locally configured message interval.

The master down timer is only operational if the local virtual router is operating in backup mode.

Skew Time

The skew time is used to add a time period to the master down interval. Skew time is not a configurable parameter. It is derived from the current local priority of the virtual router. To calculate the skew time (as per RFC 5798), the virtual router uses the following formula:

   Skew Time = (((256 – priority) ✕ Master_Adver_Interval) / 256) centiseconds

A higher priority value means a smaller skew time. This means that a virtual router with a higher priority transitions to the master router more quickly than a virtual router with a lower priority.

Preempt Mode

Preempt mode is a configured true or false value that controls whether a virtual router backup with a higher priority preempts a lower-priority master. Preempt mode cannot be set to false on the owner virtual router. The IP address owner always becomes master if available. The default value for preempt mode is true.

If the preempt mode is true (enabled), the advertised priority from the incoming VRRP advertisement message from the current master is compared to the local configured priority, with the following results.

  • If the local priority is higher than the received priority, the received VRRP advertisement message is discarded. This results in the eventual expiration of the master down timer, causing the backup router to transition to the master state.

  • If the received priority is equal to the local priority, the message is not discarded and the current master is not replaced. The received primary IP address is not part of the decision to preempt and is not used as a tiebreaker if the received and local priorities are equal.

If the preempt mode is false (disabled), the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.

VRRP Message Authentication (IPv4 only)

VRRP message authentication uses a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.

If the authentication-key command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.

VRRP message authentication is applicable to IPv4 VRRP only.

Authentication Failure

Any received VRRP advertisement message that fails authentication is silently discarded with an invalid authentication counter incremented for the ingress virtual router instance.

Virtual MAC Address

The MAC address can be used instead of an IP address in ARP responses if the virtual router instance is master. The MAC address configuration must be the same for all virtual routers with the same VRID; otherwise, the result is indeterminate connectivity by the attached IP hosts. All VRRP advertisement messages are transmitted with the IEEE address as the source MAC address.

BFD-Enable

A BFD session can be used to provide a heartbeat mechanism for a VRRP instance. Only one BFD session can be assigned to a VRRP instance, but multiple VRRP instances can use the same BFD session.

BFD controls the state of the associated interface. By enabling BFD on a protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node.

Initial Delay Timer

A VRRP initialization delay timer can be configured in the range of 1 to 65535 seconds.

VRRP Advertisement Message IP Address List Verification

VRRP messages contain an IP address count field that indicates the number of IP addresses listed in the sequential IP address fields at the end of the message. The 7705 SAR implementation always logs mismatching events. The decision on where and whether to forward the generated messages depends on the configuration of the event manager. The log message is generated by network management and is not the same as the VRRP message.

Each virtual router instance maintains a record of the mismatch states associated with each source IP address in the VRRP master table. If the state changes, a mismatch log message is generated indicating the source IP address within the message, the mismatch or match event, and the time of the event.

If secondary IP addresses are used, the message contains multiple IP addresses, which must match the IP addresses on the virtual router instance. Owner and non-owner virtual router instances have the supported IP addresses explicitly defined, making mismatched supported IP addresses within the interconnected virtual router instances a configuring issue.

IPv6 Virtual Router Instance Operationally Up

When the IPv6 virtual router is properly configured with a minimum of one link-local backup address, the parent interface’s router advertisement must be configured to use the virtual MAC address in order for the virtual router to be considered operationally up.

Policies

Policies can be configured to control VRRP priority with the virtual router instance. A policy can be associated with more than one virtual router instance. Policies can only be configured in the non-owner VRRP context. See VRRP Priority Control Policies for details.

VRRP Priority Control Policies

VRRP supports control policies to manipulate virtual router participation in the VRRP master election process and the state of the master. The local priority value for the virtual router instance is used to control the election process and master state.

This section contains information about the following topics:

VRRP Policy Constraints

Priority control policies can only be applied to non-owner VRRP virtual router instances. Owner VRRP virtual routers cannot be controlled by a priority control policy because they must have a priority value of 255 that cannot be lowered. Only one VRRP priority control policy can be applied to a non-owner virtual router instance.

Multiple VRRP virtual router instances can be associated with the same IP interface, allowing multiple priority control policies to be associated with the IP interface.

An applied VRRP priority control policy only affects the in-use priority on the virtual router instance if the preempt mode has been enabled. A virtual router instance with preempt mode disabled always uses the base priority as the in-use priority, ignoring any configured priority control policy.

VRRP Base Priority

The base priority is the starting priority for the VRRP instance and is set using the service interface priority command. The actual in-use priority for the VRRP instance is derived from the base priority and an optional VRRP priority control policy that modifies the base priority.

VRRP priority control policies are used to either override or adjust the base priority value depending on events or conditions within the chassis.

Non-owner virtual router instances must have a base priority value between 1 and 254. The value 0 is reserved to indicate master termination in VRRP advertisement messages. The value 255 is reserved for the VRRP owner. The default base priority for non-owner virtual router instances is 100.

VRRP Priority Control Policy In-use Priority

A VRRP priority control policy enforces an overall minimum value that the policy can impose upon the VRRP virtual router instance base priority. This value provides a lower limit to the delta priority event manipulation of the base priority.

A delta priority event is a conditional event defined in the priority control policy that subtracts a given amount from the current base priority for all VRRP virtual router instances to which the policy is applied. Multiple delta priority events can apply simultaneously, creating a dynamic priority value. The base priority for the instance, minus the sum of the delta values, sets the actual priority in-use value.

An explicit priority event is a conditional event defined in the priority control policy that explicitly defines the in-use priority for the virtual router instance. The explicitly defined values are not affected by the delta in-use priority limit. If multiple explicit priority events happen simultaneously, the lowest value is used for the in-use priority. The configured base priority is not a factor in explicit priority overrides of the in-use priority.

The allowed range of the delta in-use priority limit is 1 to 254. The default is 1, which prevents the delta priority events from operationally disabling the virtual router instance.

VRRP Priority Control Policy Priority Events

This section contains information on the following topics:

The main function of a VRRP priority control policy is to define conditions or events that impact the ability of the system to communicate with outside hosts or portions of the network. If one or more of these events are true, the base priority on the virtual router instance is either overwritten with an explicit value, or a sum of delta priorities is subtracted from the base priority. The result is the in-use priority for the virtual router instance. Any priority event can be configured as an explicit event or a delta event.

Outside hosts are the network entities that generate the IP user traffic. VRRP communication occurs between the routers on the subnet that are using VRRP. The availability of routes and/or hosts can influence the priority of a VRRP router, making the priority variable. If a backup router loses the ability to route to some destinations, its VRRP priority is reduced, making it less desirable as a backup router in case the master fails.

Explicit events override all delta events. If multiple explicit events occur, the event with the lowest priority value is assigned to the in-use priority. As events clear, the in-use priority is re-evaluated accordingly and adjusted dynamically.

Delta priority events also have priority values. If no explicit events have occurred within the policy, the sum of the occurring delta events priorities is subtracted from the base priority of each virtual router instance. If the result is lower than the delta in-use priority limit, the delta in-use priority limit is used as the in-use priority for the virtual router instance. Otherwise, the in-use priority is set to the base priority less the sum of the delta events.

Each event generates a VRRP priority event message indicating the policy ID, the event type, the priority type (delta or explicit) and the event priority value. Another log message is generated if the event is no longer true, indicating that the event has been cleared.

Priority Event Hold-set Timers

Hold-set timers are used to dampen the effect of a flapping event. A flapping event occurs when an event continually transitions between clear and set. The hold-set timer prevents a set event from transitioning to the cleared state until it expires.

Each time an event transitions between cleared and set, the timer begins to count down to 0. If the timer reaches 0, the event is allowed to enter the cleared state once more. Entering the cleared state is always dependent on the object controlling the event conforming to the requirements defined in the event itself. It is possible, on some event types, to have another set action reset the hold-set timer. This extends the amount of time that must expire before entering the cleared state.

Port Down Priority Event

The port down priority event is associated with a physical port. The port operational state is evaluated to determine a port down priority event or event clear.

If the port operational state is up, the port down priority event is considered false (or cleared). If the port operational state is down, the port down priority event is considered true (or set).

LAG Port Down Priority Event

The LAG port down priority event is associated with a LAG. The event monitors the operational state of each port in the specified LAG.

When one or more of the ports enter the operationally down state, the event is considered to be set. When all the ports enter the operationally up state, the event is considered to be clear. As ports enter the operational up state, any previous set threshold that represents more down ports is considered cleared, while the event is considered to be set.

Host Unreachable Priority Event

The host unreachable priority event creates a continuous ping task that is used to test connectivity to a remote host. For the ping to be successful, the path to the remote host, and the remote host itself, must be capable and configured to accept ICMP echo requests and replies.

The ping task is controlled by interval and size parameters that define how often the ICMP request messages are transmitted and the size of each message. A historical missing reply parameter defines if the ping destination is considered unreachable.

If the host is unreachable, the host unreachable priority event is considered true (or set). If the host is reachable, the host unreachable priority event is considered false (or cleared).

Route Unknown Priority Event

The route unknown priority event defines a task that monitors the existence of a given route prefix in the routing table of the system.

The route monitoring task can be constrained by a condition that allows a prefix that is less specific than the defined prefix to be considered as a match. The source protocol can be defined to indicate the protocol the installed route must be populated from. To further define match criteria when multiple instances of the route prefix exist, an optional next-hop parameter can be defined.

If a route prefix exists within the active route table that matches the defined match criteria, the route unknown priority event is considered false (or cleared). If a route prefix does not exist within the active route table that matches the defined criteria, the route unknown priority event is considered true (or set).

VRRP Non-owner Accessibility

Although only VRRP owners can respond to ping and other management-oriented protocols directed to the VRID IP addresses, the 7705 SAR allows an override of this restraint on a per-VRRP virtual router instance basis.

This section contains information about the following topics:

Non-owner Access Ping Reply

If non-owner access ping reply is enabled on a virtual router instance, ICMP echo request messages destined for the non-owner virtual router instance IP addresses are not discarded at the IP interface if the virtual router is operating in master mode. ICMP echo request messages are always discarded in backup mode.

If non-owner access ping reply is disabled on a virtual router instance, ICMP echo request messages destined for the non-owner virtual router instance IP addresses are silently discarded in both the master and backup modes.

Non-owner Access Telnet

If non-owner access Telnet is enabled on a virtual router instance, authorized Telnet sessions can be established that are destined for the virtual router instance IP addresses if the virtual router is operating in master mode. Telnet sessions are always discarded at the IP interface if destined for a virtual router IP address on a virtual router operating in backup mode. Enabling non-owner access Telnet does not guarantee Telnet access; proper management and security features must be enabled to allow Telnet on this interface and possibly from the given source IP address.

If non-owner access Telnet is disabled on a virtual router instance, Telnet sessions destined for the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes.

Non-owner Access SSH

If non-owner access SSH is enabled on a virtual router instance, authorized SSH sessions can be established that are destined for the virtual router instance IP addresses if the virtual router is operating in master mode. SSH sessions are always discarded at the IP interface when destined for a virtual router IP address on a virtual router operating in backup mode. Enabling non-owner access SSH does not guarantee SSH access; proper management and security features must be enabled to allow SSH on this interface and possibly from the given source IP address. SSH is applicable to IPv4 VRRP only.

If non-owner access SSH is disabled on a virtual router instance, SSH sessions destined for the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes.

VRRP Configuration Process Overview

VRRP Configuration displays the process to provision VRRP parameters.

Figure 2. VRRP Configuration

Configuration Notes

The following are VRRP configuration guidelines and restrictions:

  • creating and applying VRRP policies are optional

  • backup command:

    • the virtual backup IP addresses must be on the same subnet. The backup addresses explicitly define which IP addresses are in the VRRP message IP address list.

    • in owner mode, the backup IP address must be identical to one of the interface IP addresses

    • for IPv6, one of the backup addresses configured must be the link-local address of the owner VRRP instance

VRRP Configuration Overview

Configuring VRRP policies and instances on service interfaces is optional. The basic owner and non-owner VRRP configurations on an IES or VPRN service interface must specify the backup ip-address parameter.

VRRP helps eliminate the single point of failure in a routed environment by using virtual router IP addresses shared between two or more routers connecting the common domain. VRRP provides dynamic failover of the forwarding responsibility to the backup router if the master becomes unavailable.

The VRRP implementation allows one master per IP subnet. All other VRRP instances in the same domain must be in backup mode.

Preconfiguration Requirements

VRRP policies:

  • VRRP policies must be configured before they can be applied to an IES or VPRN VRRP instance. VRRP policies are configured in the config>vrrp context.

  • If the policy is associated with a VPRN VRRP interface, the VRRP policy configuration must include the VPRN service ID to which the policy applies; otherwise, when the user attempts to associate the policy with the VPRN VRRP interface, an error message indicating that the policy ID does not exist is returned.

Configuring VRRP on an IES or VPRN service interface:

  • the service customer account must be created prior to configuring an IES or VPRN VRRP instance

  • the interface address must be specified in both the owner and non-owner IES or VPRN instances

Basic VRRP Configurations

VRRP parameters are configured in the following contexts:

VRRP Policy

Configuring and applying VRRP policies is optional. There are no default VRRP policies. Each policy must be explicitly defined. A VRRP configuration must include the following:

  • policy ID

  • service ID (mandatory for VPRN service only)

  • at least one of the following priority events:

    • port down

    • LAG port down

    • host unreachable

    • route unknown

Policies can only be applied to non-owner VRRP virtual router instances.

The following example displays a configuration of an IES VRRP policy.

config>vrrp>policy# info 
---------------------------------------------- 
    delta-in-use-limit 50 
    priority-event 
        port-down 4/1/2 
            hold-set 43200 
            priority 100 delta 
        exit 
        port-down 4/1/3 
            priority 200 explicit 
        exit 
        lag-port-down 1 
            number-down 3 
                priority 50 explicit 
            exit 
        exit 
        host-unreachable 10.10.24.4 
            drop-count 25 
        exit 
        route-unknown 10.10.0.0/32 
            priority 50 delta 
            protocol bgp 
        exit
    exit 
----------------------------------------------

The following example displays a configuration of a VPRN VRRP policy, with service ID 10 specified.

config>vrrp>policy 1 context 10# info 
---------------------------------------------- 
.... 
        priority event port-down 1/1/1
            priority 200 explicit 
        exit 
        lag-port-down 1 
            number-down 3 
                priority 50 explicit 
            exit 
        exit 
      exit
    exit 
----------------------------------------------

VRRP IES or VPRN Service Parameters

VRRP parameters are configured within an IES or VPRN service with one of two contexts, owner or non-owner. The status is specified when the VRRP configuration is created. When configured as owner, the virtual router instance has the same real IP addresses as the virtual backup IP addresses. All other virtual router instances participating in this message domain must have the same VRID configured and cannot be configured as owner.

Note: VRRP service parameter configuration is the same for both VPRN and IES services.

For IPv4 and IPv6, up to two VRRP instances (VRIDs) can be configured on an IES or VPRN service interface. IPv4 can back up a maximum of eight addresses per VRRP instance (one primary and seven secondary). IPv6 can back up a maximum of four addresses (one primary and three secondary).

VRRP parameters configured within an IES or VPRN service must include the following:

  • VRID

  • virtual backup IP addresses

The following example displays a configuration of IES service owner and non-owner VRRP configurations.

config>service>ies# info
----------------------------------------------
interface "tuesday" create
   address 10.10.36.2/8
   sap 7/1/1:100 create
   vrrp 19 owner
      backup 10.10.36.7
      authentication-key "testabc"
   exit
exit
interface "testing" create
   address 10.10.10.16/8
   sap 1/1/55:0 create
   vrrp 12
      backup 10.10.10.15
      policy 1
      authentication-key "testabc"
   exit
exit
   no shutdown
----------------------------------------------
config>service>ies#

Configuring IES or VPRN VRRP for IPv6

The following output shows an IES VRRP for IPV6 configuration example.

config>service>ies# info
----------------------------------------------
    description "VLAN 921 for DSC-101 Application"
    interface "DSC-101-Application" create
        address 10.152.2.220/8
        vrrp 217
            backup 10.152.2.222
            priority 254
            ping-reply
        exit
        ipv6
            address 2001:db8:a::123/64
            link-local-address 2001:db8:a::222 preferred
            vrrp 219
                backup 2001:db8:a::122
                priority 254
                ping-reply
            exit
        exit
        sap 1/1/4 create
            description "sap-10-192.168.0.1"
        exit
    exit
    no shutdown
----------------------------------------------

Common Configuration Tasks

This section provides a brief overview of the tasks that must be performed to configure VRRP and lists the CLI commands.

VRRP parameters are defined under a service interface context. An IP address must be assigned to each IP interface. Only one primary IP address can be associated with an IP interface but several secondary IP addresses can be associated.

Owner and non-owner configurations must include the following parameters:

  • all participating routers in a VRRP instance must be configured with the same VRID

  • all participating non-owner routers can specify up to eight backup IP addresses (that is, the IP addresses that the master is representing). The owner configuration must include at least one backup IP address.

  • for IPv6, one of the backup addresses configured must be the link-local address of the owner VRRP instance

Owner and non-owner configurations can also include the following optional commands:

  • authentication-key (IPv4 only)

  • MAC

  • message-interval

In addition to the common parameters, the following non-owner commands can be configured:

  • master-int-inherit

  • priority

  • bfd-enable

  • initial delay

  • policy

  • ping-reply

  • preempt

  • telnet-reply

  • ssh-reply (IPv4 only)

  • shutdown

Configuring IES or VPRN VRRP Parameters

VRRP parameters can be configured on a service interface to provide virtual default router support that allows traffic to be routed without relying on a single router in case of failure. VRRP can be configured in the following ways:

Configuring VRRP on Subnets

If you have multiple subnets configured on an IES or VPRN service interface, you can configure VRRP on each subnet.

The following displays an IES interface configuration example:

config>service>ies# info 
#------------------------------------------ 
...
    interface "test-A" create
       address 192.168.0.0/16
    exit
    interface "testB"
       address 192.168.0.1/16
       secondary 192.168.0.2/16
       secondary 192.168.0.3/16
       secondary 192.168.0.4/16
    exit
    no shutdown
...
#------------------------------------------ 

Owner VRRP

The following displays an owner VRRP configuration example for an IPv4 service interface:

config>service>ies# info 
#----------------------------------------------
...
    interface ‟test2” create
        address 192.168.0.0/16
        vrrp 1 owner
            backup 192.168.0.2
            authentication-key ‟testabc”
        exit
    exit
...
#----------------------------------------------
config>service>ies#

If a VRRP instance is created as owner, it cannot be changed to the non-owner state. The VRID must be deleted and then recreated without the owner keyword to remove IP address ownership.

Non-owner VRRP

The following displays a basic non-owner VRRP configuration example for an IPv4 service interface:

config>service>ies# info
#----------------------------------------------
...
    interface "test2" create
        address 192.168.0.0/16
        sap 1/1/55:0 create
        vrrp 12
            backup 192.168.0.1
            policy 1
            authentication-key ‟testabc”
            exit
    exit
    no shutdown
...
#----------------------------------------------
config>service>ies#

If a VRRP instance is created as non-owner, it cannot be changed to the owner state. The VRID must be deleted and then recreated with the owner keyword to invoke IP address ownership.

VRRP Management Tasks

This section discusses the following VRRP management tasks:

Deleting a VRRP Policy

Policies are only applied to non-owner VRRP instances. A VRRP policy cannot be deleted if it is applied to an IES or VPRN service. Each instance in which the policy is applied must be deleted. The following example displays a policy deletion.

Example:
config>vrrp
config>vrrp# no policy 1

The” Applied” column in the following example displays whether the VRRP policies are applied to an entity. The services using the VRRP policy can be viewed using the specific policy ID in the CLI command (for example, show>vrrp>policy 1).

#show>vrrp# policy
======================================================
VRRP Policies
======================================================
Policy    Current             Current      Current      Delta Applied Svc
Id        Priority & Effect   Explicit     Delta Sum    Limit         Context
-------------------------------------------------------------------------------
1         70   Delta          None         70           1     Yes     None
100       None                None         None         1     No      None
255       None                None         None         1     No      None
-------------------------------------------------------------------------------
#show>vrrp# policy 1
===============================================================================
VRRP Policy 1
===============================================================================
Description     :
Current Priority: 100 Delta            Applied           : Yes
Current Explicit: None                 Current Delta Sum : 100
Delta Limit     : 1                    Svc Context       : None
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       VR   Opr  Base In-use Master Is
Svc Id     Interface Name                   Id        Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
800        tuesday                          6    Down 100  1      0      No
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       IPv6 Opr  Base In-use Master Is
Svc Id     Interface Name                   VR-Id     Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
SRRP        Applied To Interface Name        Oper           Base  In-use Master
Id          Rtr Id/Svc Id                    State          Pri   Pri    Pri
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Priority Control Events
-------------------------------------------------------------------------------
Event Type & ID                  Event Oper State        Hold Set  Priority In
                                                         Remaining &Effect  Use
-------------------------------------------------------------------------------
Port Down 1/2/1                  Set-down                Expired   100 Del  Yes
===============================================================================
#show>vrrp#

Deleting VRRP on a Service

The VRID does not need to be shut down to remove the virtual router instance from a service.

The following example displays the commands to delete a VRRP instance in non-owner mode from an IES service:

Example:
config>service# ies 10
config>service>ies# interface test
config>service>ies>if# no vrrp 1
config>service>ies>if# exit all

VRRP Command Reference

Command Hierarchies

VRRP Priority Control Event Policy Commands

config
    - vrrp 
        - policy policy-id [context service-id] 
        - no policy policy-id
            - delta-in-use-limit limit
            - no delta-in-use-limit
            - description description-string
            - no description
            - [no] priority-event
                - [no] host-unreachable ip-address
                - [no] host-unreachable ipv6-address
                    - drop-count count
                    - no drop-count
                    - hold-clear seconds
                    - no hold-clear
                    - hold-set seconds
                    - no hold-set
                    - interval seconds
                    - no interval
                    - priority priority-level [delta | explicit]
                    - no priority
                    - timeout seconds
                    - no timeout
                - lag-port-down port-id
                - no lag-port-down
                    - hold-clear seconds
                    - no hold-clear
                    - hold-set seconds
                    - no hold-set
                    - number-down number-of-lag-ports-down
                    - no number-down 
                        - priority priority-level [delta | explicit]
                        - no priority
                - port-down port-id
                - no port-down
                    - hold-clear seconds
                    - no hold-clear
                    - hold-set seconds
                    - no hold-set
                    - priority priority-level [delta | explicit]
                    - no priority
                - [no] route-unknown ip-prefix/mask
                - [no] route-unknown ipv6-address/prefix-length
                    - hold-clear seconds
                    - no hold-clear
                    - hold-set seconds
                    - no hold-set
                    - less-specific [allow-default]
                    - no less-specific
                    - [no] next-hop ip-address
                    - priority priority-level [delta | explicit]
                    - no priority
                    - protocol protocol
                    - no protocol

VRRP Show Commands

show 
    - vrrp 
        - policy [policy-id [event event-type specific-qualifier]] 
    - router
        - vrrp
            - instance 
            - instance interface interface-name [vrid virtual-router-id] 
            - instance interface interface-name vrid virtual-router-id ipv6
            - statistics

VRRP Monitor Commands

monitor
    - router
        - vrrp
            - instance interface interface-name vrid virtual-router-id [ipv6] [interval seconds] [repeat repeat] [absolute | rate]

VRRP Clear Commands

clear
    - router
        - vrrp
            - interface interface-name [vrid virtual-router-id] 
            - interface interface-name vrid virtual-router-id ipv6 
            - statistics 
            - statistics interface interface-name [vrid virtual-router-id]
            - statistics interface interface-name vrid virtual-router-id ipv6 

VRRP Debug Commands

debug
    - router
        - vrrp
            - [no] events 
            - [no] events interface ip-int-name [vrid virtual-router-id] 
            - [no] events interface ip-int-name vrid virtual-router-id ipv6
            - [no] packets 
            - [no] packets interface ip-int-name [vrid virtual-router-id] 
            - [no] packets interface ip-int-name vrid virtual-router-id ipv6

Command Descriptions

Configuration Commands

VRRP Priority Control Event Policy Commands
policy
Syntax

policy policy-id [context service-id]

no policy policy-id

Context

config>vrrp

Description

This command enables the context to configure a VRRP priority control policy that is used to control the VRRP in-use priority based on priority control events. The VRRP priority control policy commands define policy parameters and priority event conditions.

The virtual router instance priority command defines the initial or base value to be used by non-owner virtual routers. This value can be modified by assigning a VRRP priority control policy to the virtual router instance. The VRRP priority control policy can override the base priority setting to establish the actual in-use priority of the virtual router instance.

The policy command must be created first, before it can be associated with a virtual router instance.

If the policy is associated with a VPRN VRRP interface, the service-id for the VPRN service to which the policy applies must be specified; otherwise, when the user attempts to associate the policy with the VPRN VRRP interface, an error message indicating that the policy ID does not exist is returned.

Because VRRP priority control policies define conditions and events that must be maintained, they can be resource-intensive. The number of policies is limited to 10 000.

The policy IDs do not have to be consecutive integers. The range of available policy identifiers is from 1 to 9999.

The no form of the command deletes the specific policy ID from the system.

The policy ID must be removed first from all virtual router instances before the no policy command can be issued. If the policy ID is associated with a virtual router instance, the command fails.

Default

n/a

Parameters
policy-id

specifies the VRRP priority control ID that uniquely identifies this policy from any other VRRP priority control policy defined on the system. Up to 10 000 policies can be defined.

Values

1 to 9999

service-id

specifies the service ID to which the policy applies

Values

1 to 2147483690 or service-name

delta-in-use-limit
Syntax

delta-in-use-limit limit

no delta-in-use-limit

Context

config>vrrp>policy

Description

This command sets a lower limit on the virtual router in-use priority that can be derived from the delta priority control events.

Each VRRP priority ID places limits on the delta priority control events to define the in-use priority of the virtual router instance. Setting this limit prevents the sum of the delta priority events from lowering the in-use priority value of the associated virtual router instances below the configured value.

The limit has no effect on explicit priority control events. Explicit priority control events are controlled by setting the in-use priority to any value between 1 and 254.

Only non-owner virtual router instances can be associated with VRRP priority control policies and their priority control events.

Once the total sum of all delta events is calculated and subtracted from the base priority of the virtual router instance, the result is compared to the delta-in-use-limit value. If the result is less than the limit, the delta-in-use-limit value is used as the virtual router in-use priority value. If an explicit priority control event overrides the delta priority control events, the delta-in-use-limit has no effect.

Setting the limit to a higher value than the default of 1 limits the effect of the delta priority control events on the virtual router instance base priority value. This allows for multiple priority control events while minimizing the overall effect on the in-use priority

Setting the limit to a value equal to or larger than the virtual router instance base priority prevents the delta priority control events from having any effect on the virtual router instance in-use priority value.

Changing the in-use priority limit causes an immediate re-evaluation of the in-use priority values for all virtual router instances associated with this VRRP policy ID based on the current sum of all active delta control policy events.

The no form of the command reverts to the default value.

Default

1

Parameters
limit

specifies the lower limit of the in-use priority, as modified by priority control policies. The limit has the same range as the non-owner virtual router instance base-priority parameter. If the result of the total delta priority control events minus the virtual router instance base priority is less than the limit, the limit value is used as the virtual router instance in-use priority value.

Values

1 to 254

description
Syntax

description description-string

no description

Context

config>vrrp>policy

Description

This command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of the command removes the string from the configuration.

Default

n/a

Parameters
description-string

specifies the description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

VRRP Priority Event Commands
priority-event
Syntax

[no] priority-event

Context

config>vrrp>policy

Description

This command enables the context to configure VRRP priority control events used to define criteria to modify the VRRP in-use priority.

A priority control event specifies an object to monitor and the effect on the in-use priority level for an associated virtual router instance.

Up to 32 priority control events can be configured.

The no form of this command clears any configured priority events.

host-unreachable
Syntax

[no] host-unreachable ip-address

[no] host-unreachable ipv6-address

Context

config>vrrp>policy>priority-event

Description

This command enables the context to configure a host unreachable priority control event to monitor the ability to receive ICMP echo reply packets from an IP host address.

A host unreachable priority event creates a continuous ICMP echo request (ping) probe to the specified IP address. If a ping fails, the event is considered to be set. If a ping is successful, the event is considered to be cleared.

Up to 32 unique (different IP addresses) host unreachable events can be configured.

The host-unreachable command can reference any valid local or remote IP address. The ability to use ARP to find a local IP address or find a remote IP address within a route prefix in the route table is considered part of the monitoring procedure. The host unreachable priority event operational state tracks ARP or route table entries dynamically appearing and disappearing from the system. The operational state of the host unreachable event can be one of the following:

Table 3. Operational States – Host Unreachable Event

Host Unreachable Operational State

Description

Set – no ARP

No ARP address found for IP address for drop-count consecutive attempts. Only applies when IP address is considered local.

Set – no route

No route exists for IP address for drop-count consecutive attempts. Only applies when IP address is considered remote.

Set – host unreachable

ICMP host unreachable message received for drop-count consecutive attempts

Set – no reply

ICMP echo request timed out for drop-count consecutive attempts

Set – reply received

Last ICMP echo request attempt received an echo reply but historically not able to clear the event

Cleared – no ARP

No ARP address found for IP address – not enough failed attempts to set the event

Cleared – no route

No route exists for IP address – not enough failed attempts to set the event

Cleared – host unreachable

ICMP host unreachable message received – not enough failed attempts to set the event

Cleared – no reply

ICMP echo request timed out – not enough failed attempts to set the event

Cleared – reply received

Event is cleared – last ICMP echo request received an echo reply

Unlike other priority event types, the host unreachable priority event monitors a repetitive task. A historical evaluation is performed on the success rate of receiving ICMP echo reply messages. The operational state takes the cleared and set orientation from the historical success rate. The informational portion of the operational state is derived from the result of the last attempt. It is possible for the previous attempt to fail while the operational state is still cleared due to an insufficient number of failures to cause it to become set. It is also possible for the state to be set while the previous attempt was successful.

When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instance in-use priority value. As the event transitions from clear to set, a hold-set timer is started with the value configured by the event’s hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.

The hold-set timer must expire and the historical success rate must be met prior to the event operational state becoming cleared.

The no form of the command deletes the specific IP host monitoring event. The event can be deleted at any time. When the event is deleted, the in-use priority of all associated virtual router instances must be re-evaluated. The event hold-set timer has no effect on the removal procedure.

Default

no host-unreachable

Parameters
ip-address

specifies the IP address of the host for which the specific event monitors connectivity. The IP address can only be monitored by a single event in this policy. The IP address can be monitored by multiple VRRP priority control policies. The IP address can be used in one or more ping requests. Each VRRP priority control host unreachable and ping destined for the same IP address is uniquely identified on a per-message basis. Each session originates a unique identifier value for the ICMP echo request messages it generates. This allows received ICMP echo reply messages to be directed to the appropriate sending application.

Values

ipv4-address:             a.b.c.d

ipv6-address:             x:x:x:x:x:x:x:x[-interface]

                                      x: [0 to FFFF]H

                                      interface: 32 chars maximum, mandatory for link-local addresses

Note: The link-local IPv6 address must have an interface name specified. The global IPv6 address must not have an interface name specified.
lag-port-down
Syntax

[no] lag-port-down lag-id

Context

config>vrrp>policy>priority-event

Description

This command enables the context to configure Link Aggregation Group (LAG) priority control events that monitor the operational state of the links in the LAG.

The lag-port-down command configures a priority control event. The event monitors the operational state of each port in the specified LAG. When one or more of the ports enter the operationally down state, the event is considered to be set. When all the ports enter the operationally up state, the event is considered to be clear. As ports enter the operational up state, any previous set threshold that represents more down ports is considered cleared, while the event is considered to be set.

Multiple unique lag-port-down event nodes can be configured within the priority-event node up to the maximum of 32 events.

The lag-port-down command can reference any LAG. The lag-id must exist within the system. The operational state of the lag-port-down event indicates:

  • Set – non-existent

  • Set – one port down

  • Set – two ports down

  • Set – three ports down

  • Set – four ports down

  • Set – five ports down

  • Set – six ports down

  • Set – seven ports down

  • Set – eight ports down

  • Cleared – all ports up

When the lag-id is created, or a port in the lag-id becomes operationally up or down, the event operational state is updated appropriately.

When one or more of the LAG composite ports enters the operationally down state or the lag-id is deleted or does not exist, the event is considered to be set. When an event transitions from clear to set, the set is processed immediately and is reflected in the associated virtual router instance’s in-use priority value. As the event transitions from clear to set, a hold-set timer is loaded with the value configured by the events hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.

The lag-port-down event is considered to have a tiered event set state. While the priority impact per number of ports down is configurable, as more ports go down, the effect on the associated virtual router instance’s in-use priority value is expected to increase (lowering the priority). When each configured threshold is crossed, any higher thresholds are considered further event sets and are processed immediately with the hold-set timer reset to the configured value of the hold-set command. As the thresholds are crossed in the opposite direction (fewer ports down than previously), the priority effect of the event is not processed until the hold-set timer expires. If the number-down threshold again increases before the hold-set timer expires, the timer is only reset to the hold-set value if the number of ports down is equal to or greater than the threshold that set the timer.

The event contains number-down nodes that define the priority delta or explicit value to be used based on the number of LAG composite ports that are in the operationally down state. These nodes represent the event set thresholds. Not all port down thresholds must be configured. As the number of down ports increases, the number-down ports-down node that expresses a value equal to or less than the number of down ports determines the delta or explicit priority value to be applied.

The no form of the command deletes the specific LAG monitoring event. The event can be removed at any time. When the event is removed, the in-use priority of all associated virtual router instances must be re-evaluated. The event’s hold-set timer has no effect on the removal procedure.

Default

no lag-port-down (no LAG priority control events are created)

Parameters
lag-id

specifies the LAG ID that the specific event is to monitor, expressed as a decimal integer. The lag-id can only be monitored by a single event in this policy. The LAG may be monitored by multiple VRRP priority control policies. A port within the LAG and the LAG ID itself are considered to be separate entities. A composite port may be monitored with the port-down event while the lag-id the port is in is monitored by a lag-port-down event in the same policy.

Values

1 to 32

port-down
Syntax

port-down port-id

no port-down

Context

config>vrrp>policy>priority-event

Description

This command configures a port down priority control event that monitors the operational state of a port. When the port enters the operationally down state, the event is considered set. When the port enters the operationally up state, the event is considered cleared.

Up to 32 unique port-down events can be defined in any combination of types.

The port-down command can be use on ports even if the ports are not preprovisioned or populated. The operational state of the port-down event can be one of the following states:

  • set – non-provisioned

  • set – not-populated

  • set – down

  • cleared – up

When the port is provisioned, populated, or enters the operationally up or down state, the event operational state is updated appropriately.

When the event enters the operationally down, non-provisioned, or non-populated state, the event is considered to be set. When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instance in-use priority value. As the event transitions from cleared to set, the hold-set timer is started. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.

When the event enters the operationally up state, the event is considered to be cleared. When the event hold-set expires, the effects of the event priority value are immediately removed from the in-use priority of all associated virtual router instances.

The actual effect on the virtual router instance in-use priority value depends on the defined event priority and its delta or explicit nature.

The no form of the command deletes the specific port monitoring event. The event can be removed at any time. If the event is removed, the in-use priority of all associated virtual router instances is re-evaluated. The event’s hold-set timer has no effect on the removal procedure.

Default

no port-down

Parameters
port-id

specifies the port ID of the port monitored by the VRRP priority control event. VRRP is supported on Ethernet adapter cards only.

The port ID can only be monitored by a single event in this policy. The port can be monitored by multiple VRRP priority control policies.

If the port is provisioned, but the port has not been populated, the appropriate event operational state is set – not populated.

If the port is not provisioned, the event operational state is set – non-provisioned.

Values

port-id

slot/mda/port

bundle-id

bundle-type-slot/mda.bundle-num

   type 

ima, ppp

   bundle-num  

1 to 128

route-unknown
Syntax

[no] route-unknown ip-prefix/mask

[no] route-unknown ipv6-address/prefix-length

Context

config>vrrp>policy>priority-event

Description

This command enables the context to configure a route unknown priority control event that monitors the existence of a specific active IP route prefix within the routing table.

The route-unknown command configures a priority control event that defines a link between the VRRP priority control policy and the RTM. The RTM registers the specified route prefix as monitored by the policy. If any change (add, delete, new next hop) occurs relative to the prefix, the policy is notified and takes proper action according to the priority event definition. If the route prefix exists and is active in the routing table according to the conditions defined, the event is in the cleared state. If the route prefix is removed, becomes inactive, or fails to meet the event criteria, the event is in the set state.

Up to 32 route-unknown events can be configured.

The route-unknown command can reference any valid IP address mask-length pair. The IP address and associated mask length define a unique IP router prefix. The dynamic monitoring of the route prefix results in one of the following event operational states:

Table 4. Operational States – Route Unknown Event

Route Unknown Operational State

Description

Set – non-existent

The route does not exist in the route table

Set – inactive

The route exists in the route table but is not being used

Set – wrong next hop

The route exists in the route table but does not meet the next-hop requirements

Set – wrong protocol

The route exists in the route table but does not meet the protocol requirements

Set – less specific found

The route exists in the route table but is not an exact match and does not meet any less-specific requirements

Set – default best match

The route exists in the route table as the default route but the default route is not allowed for route matching

Cleared – less specific found

A less-specific route exists in the route table and meets all criteria including the less-specific requirements

Cleared – found

The route exists in the route table manager and meets all criteria

An existing route prefix in the RTM must be active (used by the IP forwarding engine) to clear the event operational state. It can be less specific (the defined prefix can be contained in a larger prefix according to CIDR techniques) if the event has the less-specific statement defined. The less-specific route that incorporates the router prefix can be the default route (0.0.0.0). If the less-specific allow-default statement is defined. The matching prefix can be required to have a specific next-hop IP address if defined by the event next-hop command. Finally, the source of the RTM prefix can be required to be one of the dynamic routing protocols or be statically defined if defined by the event protocol command. If an RTM prefix is not found that matches all the above criteria (if defined in the event control commands), the event is considered to be set. If a matching prefix is found in the RTM, the event is considered to be cleared.

If an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instance in-use priority value. As the event transitions from clear to set, the hold-set timer is started. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.

The no form of the command is used to remove the specific IP prefix mask monitoring event. The event can be removed at any time. When the event is removed, the in-use priority of all associated virtual router instances must be re-evaluated. The event hold-set timer has no effect on the removal procedure.

Default

no route-unknown

Parameters
ip-prefix

specifies the IPv4 prefix address to be monitored by the route-unknown priority control event, in dotted-decimal notation

Values

a.b.c.d (host bits must be 0)

mask

specifies the subnet mask length associated with the IPv4 prefix defining the route prefix to be monitored by the route-unknown priority control event

Values

0 to 32

ipv6-address

specifies the IPv6 address to be monitored by the route-unknown priority control event

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

  x [0 to FFFF]H

prefix-length

specifies the prefix length associated with the IPv6 address defining the route prefix to be monitored by the route-unknown priority control event

Values

1 to 128

drop-count
Syntax

drop-count count

no drop-count

Context

config>vrrp>policy>priority-event>host-unreachable

Description

This command configures the number of consecutively sent ICMP echo request messages that must fail before the host unreachable priority control event is set.

The drop-count command is used to define the number of consecutive message send attempts that must fail for the host unreachable priority event to enter the set state. Each unsuccessful attempt increments the event consecutive message drop counter. With each successful attempt, the event consecutive message drop counter resets to 0.

If the event consecutive message drop counter reaches the drop-count value, the host unreachable priority event enters the set state.

The event hold-set value defines how long the event must stay in the set state even when a successful message attempt clears the consecutive drop counter. The event is not cleared until the consecutive drop counter is less than the drop-count value and the hold-set timer has a value of 0 (expired).

The no form of the command reverts to the default value of 3. Three consecutive ICMP echo request failures are required before the host unreachable priority control event is set.

Default

3

Parameters
count

specifies the number of ICMP echo request message attempts that must fail for the event to enter the set state. The count parameter defines the threshold so that a lower consecutive number of failures can clear the event state.

Values

1 to 60

hold-clear
Syntax

hold-clear seconds

no hold-clear

Context

config>vrrp>policy>priority-event>host-unreachable

config>vrrp>policy>priority-event>lag-port-down

config>vrrp>policy>priority-event>port-down

config>vrrp>policy>priority-event>route-unknown

Description

This command configures the hold-clear time for the event. The hold-clear time is used to prevent blackhole conditions if a virtual router instance advertises itself as a master before other conditions associated with the cleared event have had a chance to enter a forwarding state.

Default

no hold-clear

Parameters
seconds

specifies the amount of time in seconds by which the effect of a cleared event on the associated virtual router instance is delayed

Values

0 to 86400

hold-set
Syntax

hold-set seconds

no hold-set

Context

config>vrrp>policy>priority-event>host-unreachable

config>vrrp>policy>priority-event>lag-port-down

config>vrrp>policy>priority-event>port-down

config>vrrp>policy>priority-event>route-unknown

Description

This command specifies the amount of time that must pass before the set state for a VRRP priority control event can transition to the cleared state to dampen flapping events. A flapping event continually transitions between clear and set.

The hold-set command dampens the effect of a flapping event. The hold-set timer prevents a set event from transitioning to the cleared state until it expires.

Each time an event transitions between cleared and set, the timer begins a countdown to 0. When the timer reaches 0, the event is allowed to enter the cleared state. Entering the cleared state is dependent on the object controlling the event, conforming to the requirements defined in the event itself. It is possible, on some event types, to have another set action reset the hold-set timer. This extends the amount of time that must expire before entering the cleared state.

When the hold-set timer expires and the event meets the cleared state requirements or is set to a lower threshold, the effect of the current set action on the in-use priority of the virtual router instance is removed. For lag-port-down events, this may be a decrease in the set effect if clearing the state lowers the set threshold.

The hold-set command can be executed at any time. If the currently configured hold-set timer value is larger than the new seconds setting, the timer is loaded with the new hold-set value.

The no form of the command reverts to the default value of 0 and the hold-set timer is disabled so that event transitions are processed immediately.

Default

0

Parameters
seconds

specifies the number of seconds that the hold-set timer waits after an event enters a set state or enters a higher threshold set state, depending on the event type.

The value of 0 disables the hold-set timer, preventing any delay in processing lower set thresholds or cleared events.

Values

0 to 86400

interval
Syntax

interval seconds

no interval

Context

config>vrrp>policy>priority-event>host-unreachable

Description

This command configures the number of seconds between host-unreachable priority event ICMP echo request messages directed to the host IP address.

The no form of this command reverts to the default value.

Default

1

Parameters
seconds

specifies the amount of time between the ICMP echo request messages sent to the host IP address for the host-unreachable priority event

Values

1 to 60

less-specific
Syntax

less-specific [allow-default]

no less-specific

Context

config>vrrp>policy>priority-event>route-unknown

Description

This command allows a CIDR shortest-match hit on a route prefix that contains the IP route prefix associated with the route-unknown priority event.

The less-specific command modifies the search parameters for the IP route prefix specified in the route-unknown priority event.

The less-specific command makes the RTM lookup criteria less restrictive when searching for the IP prefix mask. When the route-unknown priority event sends the prefix to the RTM (as if it was a destination lookup), the matching prefix (if a result is found) is checked to see if it is an exact match or a less-specific match. The less-specific command enables a less-specific route table prefix to match the configured prefix. If less-specific is not specified, a less-specific route table prefix fails to match the configured prefix. The allow-default optional keyword extends the less-specific match to include the default route (0.0.0.0).

The no form of the command prevents RTM lookup results that are less specific than the route prefix from matching.

The default value specifies that the route-unknown priority event requires an exact IP prefix mask match.

Default

no less-specific

Parameters
allow-default

specifies that an RTM return of 0.0.0.0 matches the IP prefix. If the less-specific command is entered without the allow-default keyword, a return of 0.0.0.0 does not match the IP prefix.

next-hop
Syntax

[no] next-hop ip-address

Context

config>vrrp>policy>priority-event>route-unknown

Description

This command adds an allowed next-hop IP address to match the IP route prefix for a route-unknown priority control event.

If the next-hop IP address does not match one of the defined IP addresses, the match is considered unsuccessful and the route-unknown event transitions to the set state.

The next-hop command is optional. If no next-hop IP address commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next-hop information.

If more than one next-hop IP address is eligible for matching, a next-hop command must be executed for each IP address. Defining the same IP address multiple times has no effect after the first instance.

The no form of the command removes the IP address from the list of acceptable next hops when looking up the route-unknown prefix. If this IP address is the last next hop defined on the route-unknown event, the returned next-hop information is ignored when testing the match criteria. If the IP address does not exist, the no next-hop command returns a warning message, but continues to execute if part of the exec script.

The default value specifies that no next-hop IP address for the route-unknown priority control event is defined.

Default

no next-hop

Parameters
ip-address

specifies an acceptable next-hop IP address for a returned route prefix from the RTM when looking up the route-unknown route prefix

Values

ipv4-address:             a.b.c.d

ipv6-address:              x:x:x:x:x:x:x:x[-interface]

                                    x: [0 to FFFF]H

                                     interface: 32 chars maximum, mandatory for link-local addresses

Note: The link-local IPv6 address must have an interface name specified. The global IPv6 address must not have an interface name specified.
number-down
Syntax

[no] number-down number-of-lag-ports-down

Context

config>vrrp>policy>priority-event>lag-port-down

Description

This command enables the context to configure an event set threshold within a lag-port-down priority control event.

The number-down command defines a sub-node within the lag-port-down event and is uniquely identified with the number-of-lag-ports-down parameter. Each number-down node within the same lag-port-down event node must have a unique number-of-lag-ports-down value. Each number-down node has its own priority command that takes effect whenever that node represents the current threshold.

The total number of sub-nodes (uniquely identified by the number-of-lag-ports-down parameter) allowed in a single lag-port-down event is equal to the total number of possible physical ports allowed in a LAG.

A number-down node is not required for each possible number of ports that could be down. The active threshold is always the closest lower threshold. When the number of ports down equals a given threshold, that threshold is the active threshold.

The no form of the command deletes the event set threshold. The threshold may be removed at any time. If the removed threshold is the current active threshold, the event set thresholds must be re-evaluated after removal.

Default

no number-down (no threshold for the LAG priority event is created)

Parameters
number-of-lag-ports-down

specifies the number of LAG ports down to create a set event threshold. This is the active threshold when the number of down ports in the LAG equals or exceeds number-of-lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports-down.

Values

1 to 64 (applies to 64-link LAG) 1 to 32 (applies to other LAGs)

priority
Syntax

priority priority-level [delta | explicit]

no priority

Context

config>vrrp>policy>priority-event>host-unreachable

config>vrrp>policy>priority-event>lag-port-down>number-down

config>vrrp>policy>priority-event>port-down

config>vrrp>policy>priority-event>route-unknown

Description

This command controls the effect that the set event has on the virtual router instance in-use priority.

When the event is set, the priority level is either subtracted from the base priority of each virtual router instance or it defines the explicit in-use priority value of the virtual router instance depending on whether the delta or explicit keyword is specified.

Multiple set events in the same policy have interaction constraints:

  • if any set events have an explicit priority value, all the delta priority values are ignored

  • the set event with the lowest explicit priority value defines the in-use priority used by all virtual router instances associated with the policy

  • if no set events have an explicit priority value, all the set events delta priority values are added and subtracted from the base priority value defined on each virtual router instance associated with the policy

  • if the sum of the delta priorities exceeds the delta-in-use-limit, then the delta-in-use-limit value is used as the value subtracted from the base priority value defined on each virtual router instance associated with the policy

If the priority command is not configured on the priority event, the priority value defaults to 0 and the qualifier keyword defaults to delta with no impact on the in-use priority.

The no form of this command reverts to the default values.

Default

0

Parameters
priority-level

specifies the priority level adjustment value

Values

0 to 254

delta | explicit

configures what effect the priority level has on the base priority value

When delta is specified, the priority level value is subtracted from the base priority of the associated virtual router instance when the event is set and no explicit events are set. The sum of the priority event priority level values on all set delta priority events are subtracted from the virtual router base priority to derive the virtual router instance in-use priority value. If the delta priority event is cleared, the priority level is no longer used in the in-use priority calculation.

When explicit is specified, the priority level value is used to override the base priority of the virtual router instance if the priority event is set and no other explicit priority event is set with a lower priority level. The set explicit priority value with the lowest priority level determines the actual in-use protocol value for all virtual router instances associated with the policy.

Default

delta

protocol
Syntax

protocol protocol

no protocol

Context

config>vrrp>policy>priority-event>route-unknown

Description

This command adds one or more route sources to match the route-unknown IP route prefix for a route-unknown priority control event.

If the route source does not match one of the defined protocols, the match is considered unsuccessful and the route-unknown event transitions to the set state.

The protocol command is optional. If the protocol command is not executed, the comparison between the RTM prefix return and the route-unknown IP route prefix does not include the source of the prefix. The protocol command cannot be executed without at least one associated route source keyword. All keywords are reset each time the command is executed, and only the explicitly defined protocols are allowed to match.

The no form of the command removes protocol route source as a match criteria for returned RTM route prefixes.

To remove specific existing route source match criteria, execute the protocol command and include only the specific route source criteria. Any unspecified route source criteria is removed.

Default

no protocol

Parameters
protocol

specifies the routing protocol to be used as a match criteria

Values

bgp, bgp-vpn, ospf, isis, rip, static

bgp

defines BGP as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The bgp keyword is not exclusive from the other available protocol keywords. If the protocol command is executed without the bgp keyword, a returned route prefix with a source of BGP is not considered a match and causes the event to enter the set state.

bgp-vpn

defines BGP-VPN as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The bgp-vpn keyword is not exclusive from the other available protocol keywords. If the protocol command is executed without the bgp-vpn keyword, a returned route prefix with a source of BGP-VPN is not considered a match and causes the event to enter the set state.

isis

defines IS-IS as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The isis keyword is not exclusive from the other available protocol keywords. If the protocol command is executed without the isis keyword, a returned route prefix with a source of IS-IS is not considered a match and causes the event to enter the set state.

ospf

defines OSPF as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The ospf keyword is not exclusive from the other available protocol keywords. If the protocol command is executed without the ospf keyword, a returned route prefix with a source of OSPF is not considered a match and causes the event to enter the set state.

rip

defines RIP as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The rip keyword is not exclusive from the other available protocol keywords. If the protocol command is executed without the rip keyword, a returned route prefix with a source of RIP is not considered a match and causes the event to enter the set state.

static

defines a static route as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The static keyword is not exclusive from the other available protocol keywords. If the protocol command is executed without the static keyword, a returned route prefix with a source of static route is not considered a match and causes the event to enter the set state.

timeout
Syntax

timeout seconds

no timeout

Context

config>vrrp>policy>priority-event>host-unreachable

Description

This command defines the time, in seconds, that must pass before considering the far-end IP host unresponsive to an outstanding ICMP echo request message.

The timeout value is not directly related to the configured interval parameter. The timeout value can be larger, equal, or smaller, relative to the interval value. If the timeout value is larger than the interval value, multiple ICMP echo request messages can be outstanding. Every ICMP echo request message transmitted to the far-end host is tracked individually according to the message identifier and sequence number.

With each consecutive attempt to send an ICMP echo request message, the timeout timer is started. The timer decrements until:

  • an internal error occurs preventing message sending (request unsuccessful)

  • an internal error occurs preventing message reply receiving (request unsuccessful)

  • a required route table entry does not exist to reach the IP address (request unsuccessful)

  • a required ARP entry does not exist and ARP request timed out (request unsuccessful)

  • a valid reply is received (request successful)

Note: A required ARP request can succeed or time out after the message timeout timer expires. In this case, the message request is unsuccessful.

If an ICMP echo reply message is not received prior to the timeout period for a given ICMP echo request, that request is considered to be dropped and the consecutive message drop counter is incremented for the priority event.

If an ICMP echo reply message with the same sequence number as an outstanding ICMP echo request message is received prior to that message timing out, the request is considered successful. The consecutive message drop counter is cleared and the request message no longer is outstanding.

If an ICMP echo reply message with a sequence number equal to an ICMP echo request sequence number that had previously timed out is received, that reply is silently discarded while incrementing the priority event reply discard counter.

The no form of the command reverts to the default value.

Default

1

Parameters
seconds

specifies the amount of time before an ICMP echo request message is timed out. After a message is timed out, a reply with the same identifier and sequence number is discarded.

Values

1 to 60

VRRP Show Commands

Note: The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration.
policy
Syntax

policy [policy-id [event event-type specific-qualifier]]

Context

show>vrrp

Description

This command displays VRRP priority control policy information.

Parameters
policy-id

displays statistics for the specified priority control policy ID

Values

1 to 9999

Default

all VRRP policy IDs

event-type

displays information on the specified VRRP priority control event within the policy ID

Values

port-down port-id

lag-port-down lag-id

host-unreachable host-ip-addr

route-unknown route-prefix/mask

Default

all event types and qualifiers

specific-qualifier

displays information about the specific qualifier

Values

port-id, lag-id, host-ip-addr, route-prefix/mask

Output

The following outputs are examples of VRRP policy summary information:

Output Example (summary)
show vrrp policy 1 
*A:7705:Dut-A # show vrrp policy 1 
===============================================================================
VRRP Policy 1
===============================================================================
Description    : 
Current Priority: 120 Delta            Applied           : Yes
Current Explicit: None                 Current Delta Sum : 120
Delta Limit     : 1                    Svc Context       : None
 
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       VR   Opr  Base In-use Master Is
Svc Id     Interface Name                   Id        Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
           vrrpMasNode                      10   Up   250  130    200    No     
 
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       IPv6 Opr  Base In-use Master Is
Svc Id     Interface Name                   VR-Id     Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
None
 
-------------------------------------------------------------------------------
SRRP       Applied To Interface Name        Oper      Base     In-use    Master
Id         Rtr Id/Svc                       State     Pri      Pri       Pri
-------------------------------------------------------------------------------
None
 
-------------------------------------------------------------------------------
Priority Control Events
-------------------------------------------------------------------------------
Event Type & ID                  Event Oper State        Hold Set  Priority In
                                                         Remaining &Effect  Use
-------------------------------------------------------------------------------
Route Unknown 10.20.20.3/32      Set-NonExistant         Expired   120 Del  Yes
LAG Port Down 1                  n/a                     Expired       --   No
    2 Number Down                                                   12 Del
===============================================================================
Output Example (port-down)
show vrrp policy 1 event port-down 
*A:7705:Dut-A# show vrrp policy 1 event port-down 1/1/8 
===============================================================================
VRRP Policy 1, Event Port Down 1/1/8
===============================================================================
Description     : 
Current Priority: None                 Applied           : Yes
Current Explicit: None                 Current Delta Sum : None
Delta Limit     : 1                    Svc Context       : None
 
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       VR   Opr  Base In-use Master Is
Svc Id     Interface Name                   Id        Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
           vrrpMasNode                      10   Up   250  250    250    Yes    
 
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       IPv6 Opr  Base In-use Master Is
Svc Id     Interface Name                   VR-Id     Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
None
 
-------------------------------------------------------------------------------
SRRP       Applied To Interface Name        Oper      Base     In-use    Master
Id         Rtr Id/Svc                       State     Pri      Pri       Pri
-------------------------------------------------------------------------------
None
 
-------------------------------------------------------------------------------
Priority Control Event Port Down 1/1/8
-------------------------------------------------------------------------------
Priority        : 120                  Priority Effect   : Delta
Hold Set Config : 10 sec               Hold Set Remaining: Expired
Hold Clr Config : 0 sec                Hold Clr Remaining: Expired
Value In Use    : No                   Current State     : Cleared
# trans to Set  : 0                    Previous State    : Cleared
Last Transition : 01/21/2013 16:38:27  
===============================================================================
Output Example (lag-port-down)
*A:Sar18 Dut-A# show vrrp policy 12 event lag-port-down 1
===============================================================================
VRRP Policy 12, Event LAG Port Down 1
===============================================================================
Description     : test_policy_12
Current Priority: None                 Applied           : No
Current Explicit: None                 Current Delta Sum : None
Delta Limit     : 1                    Svc Context       : None
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       VR   Opr  Base In-use Master Is
Svc Id     Interface Name                   Id        Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       IPv6 Opr  Base In-use Master Is
Svc Id     Interface Name                   VR-Id     Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
SRRP        Applied To Interface Name        Oper           Base  In-use Master
Id          Rtr Id/Svc Id                    State          Pri   Pri    Pri
-------------------------------------------------------------------------------
None
-------------------------------------------------------------------------------
Priority Control Event LAG Port Down 1
-------------------------------------------------------------------------------
Hold Set Config : 0 sec                Hold Set Remaining: Expired
Hold Clr Config : 0 sec                Hold Clr Remaining: Expired
Value In Use    : No                   Current State     : n/a
# trans to Set  : 0                    Previous State    : n/a
Last Transition : 04/25/2017 19:33:37
-------------------------------------------------------------------------------
Number Down Threshold    Event Priority      Event Type
-------------------------------------------------------------------------------
2                        12                  Delta
===============================================================================
Output Example (host-unreachable)
show vrrp policy 1 event host-unreachable 
*A:7705:Dut-A# show vrrp policy 1 event host-unreachable 10.20.20.3 
===============================================================================
VRRP Policy 1, Event Host Unreachable 10.20.20.3
===============================================================================
Description     : 
Current Priority: None                 Applied           : Yes
Current Explicit: None                 Current Delta Sum : None
Delta Limit     : 1                    Svc Context       : None
 
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       VR   Opr  Base In-use Master Is
Svc Id     Interface Name                   Id        Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
           vrrpMasNode                      10   Up   250  250    250    Yes    
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       IPv6 Opr  Base In-use Master Is
Svc Id     Interface Name                   VR-Id     Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
None
 
-------------------------------------------------------------------------------
SRRP       Applied To Interface Name        Oper      Base     In-use    Master
Id         Rtr Id/Svc                       State     Pri      Pri       Pri
-------------------------------------------------------------------------------
None
 
-------------------------------------------------------------------------------
Priority Control Event Host Unreachable 10.20.20.3
-------------------------------------------------------------------------------
Priority        : 120                  Priority Effect   : Delta
Interval        : 1 sec                Timeout           : 1 sec
Drop Count      : 3                    
Hold Set Config : 0 sec                Hold Set Remaining: Expired
Hold Clr Config : 0 sec                Hold Clr Remaining: Expired
Value In Use    : No                   Current State     : Cleared-ReplyReceived
# trans to Set  : 0                    Previous State    : Cleared-ReplyReceived
Last Transition : 01/21/2013 16:38:27  
===============================================================================
Output Example (route-unknown)
show vrrp policy 1 event route-unknown 
 *A:7705:Dut-A#show vrrp policy 1 event route-unknown 10.20.20.3/32 
===============================================================================
VRRP Policy 1, Event Route Unknown 10.20.20.3/32
===============================================================================
Description     : 
Current Priority: 120 Delta            Applied           : Yes
Current Explicit: None                 Current Delta Sum : 120
Delta Limit     : 1                    Svc Context       : None
 
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       VR   Opr  Base In-use Master Is
Svc Id     Interface Name                   Id        Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
           vrrpMasNode                      10   Up   250  130    200    No     
-------------------------------------------------------------------------------
Rtr Id/    Applied To                       IPv6 Opr  Base In-use Master Is
Svc Id     Interface Name                   VR-Id     Pri  Pri    Pri    Master
-------------------------------------------------------------------------------
None
 
-------------------------------------------------------------------------------
SRRP       Applied To Interface Name        Oper      Base     In-use    Master
Id         Rtr Id/Svc                       State     Pri      Pri       Pri
-------------------------------------------------------------------------------
None
 
-------------------------------------------------------------------------------
Priority Control Event Route Unknown 10.20.20.3/32
-------------------------------------------------------------------------------
Priority        : 120                  Priority Effect   : Delta
Less Specific   : No                   Default Allowed   : No
Next Hop(s)     : None
Protocol(s)     : None
Hold Set Config : 0 sec                Hold Set Remaining: Expired
Hold Clr Config : 0 sec                Hold Clr Remaining: Expired
Value In Use    : Yes                  Current State     : Set-NonExistant
# trans to Set  : 1                    Previous State    : Cleared-Found
Last Transition : 01/21/2013 17:14:55  
===============================================================================
Table 5. VRRP Policy and Policy Event Summary Field Descriptions

Label

Description

Current Priority

The base router priority for the virtual router instance used in the master election process

Applied

The number of virtual router instances to which the policy has been applied. The policy cannot be deleted unless this value is 0

Current Explicit

When multiple explicitly defined events associated with the priority control policy happen simultaneously, the lowest value of all the current explicit priorities will be used as the in-use priority for the virtual router

Current Delta Sum

The sum of the priorities of all the delta events when multiple delta events associated with the priority control policy happen simultaneously. This sum is subtracted from the base priority of the virtual router to give the in-use priority.

Delta Limit

The delta-in-use-limit for a VRRP policy. Once the total sum of all delta events has been calculated and subtracted from the base-priority of the virtual router, the result is compared to the delta-in-use-limit value. If the result is less than this value, the delta-in-use-limit value is used as the virtual router in-use priority value. If an explicit priority control event overrides the delta priority control events, the delta-in-use-limit has no effect.

Svc Context

The service context

Rtr Id/Svc Id

The router ID or service ID to which the VRRP policy is applied

Applied To Interface Name

The interface name where the VRRP policy is applied

VR Id

The virtual router ID for the IPv4 interface

IPv6 VR Id

The virtual router ID for the IPv6 interface

Opr

The operational state of the virtual router

Base Pri

The base priority used by the virtual router instance

In-use Pri

The current in-use priority associated with the VRRP virtual router instance

Master Pri

The priority of the virtual router instance that is the current master

Is Master

Indicates whether the router is configured as the virtual router master

SRRP ID

The subscriber routed redundancy protocol (SRRP) ID

Not applicable to the 7705 SAR

Oper State

The operational state of the SRRP

Event Type & ID

The event-type and ID for types such as port-down, lag-port-down, host-unreachable, or route-unknown

Priority & Effect

Delta — a conditional event defined in a priority control policy that subtracts a given amount from the base priority to give the current in-use priority for the VRRP virtual router instances to which the policy is applied

Explicit— a conditional event defined in a priority control policy that explicitly defines the in-use priority for the VRRP virtual router instances to which the policy is applied. Explicit events override all delta events. When multiple explicit events occur simultaneously, the event with the lowest priority value defines the in-use priority.

Event Opr State

The operational state of the priority event

In Use

Indicates whether the priority event is in use

Hold Set Config

The configured number of seconds that the hold-set timer waits after an event enters a set state or enters a higher threshold set state, depending on the event type

Hold Set Remaining

The remaining amount of time that must pass before the set state for a VRRP priority control event can transition to the cleared state to dampen flapping events

Hold Clr Config

The configured amount of time that must pass before the clear state for a VRRP priority control event can transition to the set state to dampen flapping events

Hold Clr Remaining

The remaining amount of time that must pass before the clear state for a VRRP priority control event can transition to the set state to dampen flapping events

Value In Use

Yes — the event is currently affecting the in-use priority of some virtual router

No — the event is not affecting the in-use priority of some virtual router

Current State

The current state of the priority event

# trans to Set

The number of times the event has transitioned to one of the set states

Previous State

The previous state of the priority event

Last Transition

The date and time of the last state transition for the priority event

Number Down Threshold

The number of LAG ports down to create a set event threshold

Event Priority

The priority value that is either subtracted from the base priority of each virtual router instance (delta) or defined as the explicit in-use priority value of the virtual router instance

Event Type

The event type: Delta or Explicit

Priority

The priority value configured on the event

Priority Effect

The effect that the set event has on the virtual router instance in-use priority

When the event is set, the priority level is either subtracted from the base priority of each virtual router instance or it defines the explicit in-use priority value of the virtual router instance depending on whether the delta or explicit keyword is specified

Interval

The number of seconds between host-unreachable priority event ICMP echo request messages directed to the host IP address

Timeout

The time, in seconds, that must pass before considering the far-end IP host-unresponsive to an outstanding ICMP echo request message

Drop Count

The number of consecutively sent ICMP echo request messages that must fail before the host unreachable priority control event is set

Less Specific

Modifies the search parameters for the IP route prefix specified in the route-unknown priority event. Using this command allows a CIDR shortest-match hit on a route prefix that contains the IP route prefix

Default Allowed

Indicates whether the less-specific match includes the default route (0.0.0.0)

Next Hop(s)

The next-hop IP address to match the IP route prefix for a route-unknown priority control event.

Protocol(s)

The protocol included with other match criteria to determine the transition state

vrrp
Syntax

vrrp

Context

show>router>vrrp

Description

This command displays information for the VRRP instance.

instance
Syntax

instance [interface interface-name [vrid virtual-router-id]

instance [interface interface-name vrid virtual-router-id ipv6

Context

show>router>vrrp

Description

This command displays information for the VRRP instance.

Parameters
interface-name

displays status and statistics for the specified interface

virtual-router-id

displays statistics for the specified virtual router ID

Values

1 to 255

ipv6

specifies the IPv6 instance

Output

The following output is an example of a router VRRP instance summary information, and Router VRRP Instance Summary Field Descriptions describes the fields.

Output Example
show router vrrp instance interface n2 vrid 1 
 *A:7705:Dut-A# show router 10 vrrp instance interface vrrpMasNode vrid 10 
===============================================================================
VRRP Instance 10 for interface "vrrpMasNode"
===============================================================================
Owner               : Yes                 VRRP State        : Master
Primary IP of Master: 192.168.0.1 (Self)
Primary IP          : 192.168.0.1         Standby-Forwarding: Disabled
VRRP Backup Addr    : 192.168.0.1         
Admin State         : Up                  Oper State        : Up
Up Time             : 01/21/2013 18:29:17 Virt MAC Addr     : 00:00:5e:00:01:0a
Auth Type           : None                
Config Mesg Intvl   : 1                   In-Use Mesg Intvl : 1
Base Priority       : 255                 In-Use Priority   : 255
Init Delay          : 0                   Init Timer Expires: 0.000 sec
Creation State      : Active              
 
-------------------------------------------------------------------------------
Master Information
-------------------------------------------------------------------------------
Primary IP of Master: 192.168.0.1 (Self)
Addr List Mismatch  : No                  Master Priority   : 255
Master Since        : 01/21/2013 18:29:17 
 
-------------------------------------------------------------------------------
Masters Seen (Last 32)
-------------------------------------------------------------------------------
Primary IP of Master   Last Seen             Addr List Mismatch     Msg Count  
-------------------------------------------------------------------------------
192.168.0.1            01/21/2013 18:29:17   No                             0  
192.168.0.3            01/21/2013 18:28:41   No                             1  
 
-------------------------------------------------------------------------------
Statistics
-------------------------------------------------------------------------------
Become Master       : 3                   Master Changes    : 3
Adv Sent            : 139                 Adv Received      : 1
Pri Zero Pkts Sent  : 2                   Pri Zero Pkts Rcvd: 0
Preempt Events      : 0                   Preempted Events  : 0
Mesg Intvl Discards : 0                   Mesg Intvl Errors : 0
Addr List Discards  : 0                   Addr List Errors  : 0
Auth Type Mismatch  : 0                   Auth Failures     : 0
Invalid Auth Type   : 0                   Invalid Pkt Type  : 0
IP TTL Errors       : 0                   Pkt Length Errors : 0
Total Discards      : 0                   
Table 6. Router VRRP Instance Summary Field Descriptions

Label

Description

Owner

Yes — Specifies that the virtual router instance as owning the virtual router IP addresses

No — Indicates that the virtual router instance is operating as a non-owner

VRRP State

Specifies whether the VRRP instance is operating in a master or backup state

Primary IP of Master

The IP address of the VRRP master

Primary IP

The IP address of the VRRP owner

Standby-Forwarding

Specifies whether this VRRP instance allows forwarding packets to a standby router

Virt MAC Addr

The virtual MAC address used in ARP responses when the VRRP virtual router instance is operating as a master

Config Mesg Intvl

The administrative advertisement message timer used by the master to send VRRP messages and to derive the master down timer as backup

Base Priority

The base-priority value used to derive the in-use priority of the virtual router instance as modified by any optional VRRP priority control policy

In-Use Priority

The current in-use priority associated with the VRRP virtual router instance

Master Since

The date and time when operational state of the virtual router changed to master. For a backup outer, this value specifies the date and time when it received the first VRRP message from the virtual router which is the current master.

statistics
Syntax

statistics

Context

show>router>vrrp

Description

This command displays statistics for the VRRP instance.

Output

The following output is an example of VRRP statistics information.

Output Example
*A:7705custDoc:Sar18>show>router>vrrp# statistics
===============================================================================
VRRP Global Statistics
===============================================================================
VR Id Errors       : 0                  Version Errors     : 0
Checksum Errors    : 0
===============================================================================
*A:7705custDoc:Sar18>show>router>vrrp#

VRRP Monitor Commands

instance
Syntax

instance interface interface-name vr-id virtual-router-id [ipv6] [interval seconds] [repeat repeat] [absolute | rate]

Context

monitor>router>vrrp

Description

This command enables monitoring for VRRP instances.

Parameters
interface-name

specifies the name of the existing IES or VPRN interface on which VRRP is configured

virtual-router-id

specifies the virtual router ID for the existing IES or VPRN interface, expressed as a decimal integer

Values

1 to 255

ipv6

specifies monitoring the IPv6 instance

seconds

specifies the interval for each display in seconds

Values

3 to 60

Default

10

repeat

specifies the number of times the command is repeated

Values

1 to 999

Default

10

absolute

specifies that raw statistics are displayed, without processing. No calculations are performed on the delta or rate statistics.

rate

specifies the rate per second for each statistic instead of the delta

Default

delta

Output

The following output is an example of a router VRRP instance summary information.

Output Example
monitor router vrrp instance interface n2 vrid 1 
 
*A:7705:DutA#  monitor router vrrp instance interface vrrpMasNode vr-id 10 absolute
===============================================================================
Monitor statistics for VRRP Instance 10 on interface "vrrpMasNode"
===============================================================================
-------------------------------------------------------------------------------
At time t = 0 sec (Base Statistics)
-------------------------------------------------------------------------------
Become Master       : 0                   Master Changes    : 0
Adv Sent            : 2                   Adv Received      : 0
Pri Zero Pkts Sent  : 0                   Pri Zero Pkts Rcvd: 0
Preempt Events      : 0                   Preempted Events  : 0
Mesg Intvl Discards : 0                   Mesg Intvl Errors : 0
Addr List Discards  : 0                   Addr List Errors  : 0
Auth Type Mismatch  : 0                   Auth Failures     : 0
Invalid Auth Type   : 0                   Invalid Pkt Type  : 0
IP TTL Errors       : 0                   Pkt Length Errors : 0
Total Discards      : 0                   
-------------------------------------------------------------------------------
At time t = 10 sec (Mode: Absolute)
-------------------------------------------------------------------------------
Become Master       : 0                   Master Changes    : 0
Adv Sent            : 12                  Adv Received      : 0
Pri Zero Pkts Sent  : 0                   Pri Zero Pkts Rcvd: 0
Preempt Events      : 0                   Preempted Events  : 0
Mesg Intvl Discards : 0                   Mesg Intvl Errors : 0
Addr List Discards  : 0                   Addr List Errors  : 0
Auth Type Mismatch  : 0                   Auth Failures     : 0
Invalid Auth Type   : 0                   Invalid Pkt Type  : 0
IP TTL Errors       : 0                   Pkt Length Errors : 0
Total Discards      : 0                   
-------------------------------------------------------------------------------
At time t = 20 sec (Mode: Absolute)
-------------------------------------------------------------------------------
Become Master       : 0                   Master Changes    : 0
Adv Sent            : 22                  Adv Received      : 0
Pri Zero Pkts Sent  : 0                   Pri Zero Pkts Rcvd: 0
Preempt Events      : 0                   Preempted Events  : 0
Mesg Intvl Discards : 0                   Mesg Intvl Errors : 0
Addr List Discards  : 0                   Addr List Errors  : 0
Auth Type Mismatch  : 0                   Auth Failures     : 0
Invalid Auth Type   : 0                   Invalid Pkt Type  : 0
IP TTL Errors       : 0                   Pkt Length Errors : 0
Total Discards      : 0 

VRRP Clear Commands

interface
Syntax

[interface interface-name [vrid virtual-router-id]

[interface interface-name vrid virtual-router-id ipv6

Context

clear>router>vrrp

Description

This command resets VRRP protocol instances on an IES or VPRN interface.

Parameters
interface-name

specifies an existing interface name up to 32 characters in length

virtual-router-id

specifies the virtual router identifier

Values

1 to 255

ipv6

clears IPv6 information for the specified interface

statistics
Syntax

statistics

statistics interface interface-name [vrid virtual-router-id]

statistics interface interface-name vrid virtual-router-id ipv6

Context

clear>router>vrrp

Description

This command clears statistics for VRRP instances on an IES or VPRN interface or VRRP priority control policies.

Parameters
interface-name

clears the VRRP statistics for all VRRP instances on the specified IES or VPRN interface

virtual-router-id

specifies the virtual router identifier

Values

1 to 255

ipv6

clears IPv6 statistics for the specified IPv6 interface

VRRP Debug Commands

events
Syntax

[no] events

[no] events interface ip-int-name [vrid virtual-router-id]

[no] events interface ip-int-name vrid virtual-router-id ipv6

Context

debug>router>vrrp

Description

This command enables or disables debugging for VRRP events.

Parameters
ip-int-name

specifies the interface name

virtual-router-id

specifies the virtual router identifier

Values

1 to 255

ipv6

debugs the specified IPv6 IES interface

packets
Syntax

[no] packets

[no] packets interface ip-int-name [vrid virtual-router-id]

[no] packets interface ip-int-name vrid virtual-router-id ipv6

Context

debug>router>vrrp

Description

This command enables or disables debugging for VRRP packets.

Parameters
interface-name

specifies the interface name

virtual-router-id

specifies the virtual router identifier

Values

1 to 255

ipv6

debugs the specified IPv6 IES packets