Scribd
Upload
300 views5 pages

Virtual Router Redundancy Protocol VRRP Configuration Example

This document provides configuration examples for setting up Virtual Router Redundancy Protocol (VRRP) on Juniper J-Series and SRX devices to provide high availability for a virtual router IP address. It demonstrates how to configure a master node and backup node, specifying parameters like the virtual IP address, priorities, authentication, and interface tracking.

Uploaded by

Son Tran Hong Nam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
300 views5 pages

Virtual Router Redundancy Protocol VRRP Configuration Example

This document provides configuration examples for setting up Virtual Router Redundancy Protocol (VRRP) on Juniper J-Series and SRX devices to provide high availability for a virtual router IP address. It demonstrates how to configure a master node and backup node, specifying parameters like the virtual IP address, priorities, authentication, and interface tracking.

Uploaded by

Son Tran Hong Nam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Virtual Router Redundancy Protocol VRRP Configuration Example

SUMMARY:
How to configure Virtual Router Redundancy Protocol (VRRP) on J-Series/SRX Devices

PROBLEM OR GOAL:
CAUSE:
SOLUTION:
Configuration
Master Node:
------------------ Configure the Virtual IP address which will be same for both Master/Backup devices.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
virtual-address 1.1.1.1

- Then set the priority of the Master Node which should be greater than the priority of the
Backup Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
priority 200

- Then configure the authentication method if you want to have authentication for VRRP.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
authentication-type md5

- Configure the password for authentication on the Master Node.


set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
authentication-key Juniper

- The below accept-data command is used to accept data destined for Virtual IP address.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
accept-data

- The below command is used to subtract from priority when interface is down. For example with
below configuration if fe-0/0/1 goes down then VRRP will failover to Backup Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
track interface fe-0/0/1 priority-cost 200

Backup Node:
------------------- On the backup Node again configure the common Virtual IP Address.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
virtual-address 1.1.1.1

- The priority of the Backup Node should be less than the the priority of the Master.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
priority 100

- The authentication configured on the Backup Node should match with the authentication of
Master Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
authentication-type md5

- The password configure should also be the same.


set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
authentication-key Juniper

- This accept data command is required on Backup Node if you want to accept data for the
Virtual IP on the Backup Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
accept-data

- As mentioned above 'track' is used for interface monitoring and subtracts the priority cost for
priority if the interface goes down. Rememeber even after subtraction the priority cannot go in
-ve.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
track interface fe-0/0/1 priority-cost 100

Verification:
Master Node:
-----------------root@Master> show vrrp brief
Interface
State
Group
fe-0/0/0.0
up
1
root@Master> show vrrp track
Track Int
State
Speed
prio
fe-0/0/1.0 up
100m
200

VR state VR Mode
master
Active

Timer
Type
A 0.724 lcl
vip

VRRP Int

VR State

fe-0/0/0.0

Group
1

Address
1.1.1.2
1.1.1.1
Current

master

root@Master> show vrrp detail


Physical interface: fe-0/0/0, Unit: 0, Address: 1.1.1.2/24
Index: 75, SNMP ifIndex: 502, VRRP-Traps: disabled
Interface state: up, Group: 1, State: master, VRRP Mode: Active
Priority: 200, Advertisement interval: 1, Authentication type: md5
Delay threshold: 100, Computed send rate: 0
Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 1.1.1.1
Advertisement Timer: 0.185s, Master router: 1.1.1.2
Virtual router uptime: 20:56:41, Master router uptime: 20:37:55
Virtual Mac: 00:00:5e:00:01:01
Tracking: enabled
Current priority: 200, Configured priority: 200

Priority hold time: disabled


Interface tracking: enabled, Interface count: 1
Interface
Int state
Int speed
Incurred priority cost
fe-0/0/1.0
up
100m
0
Route tracking: disabled
root@Master> show vrrp extensive
Interface: fe-0/0/0.0, Interface index :75, Groups: 1, Active :1
Interface VRRP PDU statistics
Advertisement sent
:84472
Advertisement received
:743
Packets received
:743
No group match received
:0
Interface VRRP PDU error statistics
Invalid IPAH next type received
:0
Invalid VRRP TTL value received
:0
Invalid VRRP version received
:0
Invalid VRRP PDU type received
:0
Invalid VRRP authentication type received:0
Invalid VRRP IP count received
:0
Invalid VRRP checksum received
:0
Physical interface: fe-0/0/0, Unit: 0, Address: 1.1.1.2/24
Index: 75, SNMP ifIndex: 502, VRRP-Traps: disabled
Interface state: up, Group: 1, State: master, VRRP Mode: Active
Priority: 200, Advertisement interval: 1, Authentication type: md5
Delay threshold: 100, Computed send rate: 0
Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 1.1.1.1
Advertisement Timer: 0.665s, Master router: 1.1.1.2
Virtual router uptime: 20:56:56, Master router uptime: 20:38:10
Virtual Mac: 00:00:5e:00:01:01
Tracking: enabled
Current priority: 200, Configured priority: 200
Priority hold time: disabled
Interface tracking: enabled, Interface count: 1
Tracked interface: fe-0/0/1.0
Interface state: up Speed: 100m
Incurred priority cost: 0
Threshold
Priority cost
Active
down
200
Route tracking: disabled
Group VRRP PDU statistics
Advertisement sent
:84472
Advertisement received
:743
Group VRRP PDU error statistics
Bad authentication Type received
:0
Bad password received
:0
Bad MD5 digest received
:0
Bad advertisement timer received
:0
Bad VIP count received
:0
Bad VIPADDR received
:0
Group state transition statistics
Idle to master transitions
:0
Idle to backup transitions
:1
Backup to master transitions
:2
Master to backup transitions
:1

Backup Node:
------------------root@Backup> show vrrp brief
Interface
State
Group
fe-0/0/0.0
up
1

root@Backup> show vrrp track


Track Int
State
Speed
prio
fe-0/0/1.0 up
100m
100

VR state VR Mode
backup
Active

Timer
Type
D 3.507 lcl
vip
mas

VRRP Int

VR State

fe-0/0/0.0

Group
1

Address
1.1.1.3
1.1.1.1
1.1.1.2
Current

backup

root@Backup> show vrrp detail


Physical interface: fe-0/0/0, Unit: 0, Address: 1.1.1.3/24
Index: 72, SNMP ifIndex: 527, VRRP-Traps: disabled
Interface state: up, Group: 1, State: backup, VRRP Mode: Active
Priority: 100, Advertisement interval: 1, Authentication type: md5
Delay threshold: 100, Computed send rate: 0
Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 1.1.1.1
Dead timer: 2.651s, Master priority: 200, Master router: 1.1.1.2
Virtual router uptime: 02:11:02
Tracking: enabled
Current priority: 100, Configured priority: 100
Priority hold time: disabled
Interface tracking: enabled, Interface count: 1
Interface
Int state
Int speed
Incurred priority cost
fe-0/0/1.0
up
100m
0
Route tracking: disabled
root@Backup> show vrrp extensive
Interface: fe-0/0/0.0, Interface index :72, Groups: 1, Active :1
Interface VRRP PDU statistics
Advertisement sent
:0
Advertisement received
:8890
Packets received
:8890
No group match received
:0
Interface VRRP PDU error statistics
Invalid IPAH next type received
:0
Invalid VRRP TTL value received
:0
Invalid VRRP version received
:0
Invalid VRRP PDU type received
:0
Invalid VRRP authentication type received:0
Invalid VRRP IP count received
:0
Invalid VRRP checksum received
:0
Physical interface: fe-0/0/0, Unit: 0, Address: 1.1.1.3/24
Index: 72, SNMP ifIndex: 527, VRRP-Traps: disabled
Interface state: up, Group: 1, State: backup, VRRP Mode: Active
Priority: 100, Advertisement interval: 1, Authentication type: md5
Delay threshold: 100, Computed send rate: 0
Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 1.1.1.1
Dead timer: 3.339s, Master priority: 200, Master router: 1.1.1.2
Virtual router uptime: 02:11:08

Tracking: enabled
Current priority: 100, Configured priority: 100
Priority hold time: disabled
Interface tracking: enabled, Interface count: 1
Tracked interface: fe-0/0/0.0
Interface state: up Speed: 100m
Incurred priority cost: 0
Threshold
Priority cost
Active
down
100
Route tracking: disabled
Group VRRP PDU statistics
Advertisement sent
:0
Advertisement received
:8890
Group VRRP PDU error statistics
Bad authentication Type received
:0
Bad password received
:0
Bad MD5 digest received
:0
Bad advertisement timer received
:0
Bad VIP count received
:0
Bad VIPADDR received
:0
Group state transition statistics
Idle to master transitions
:0
Idle to backup transitions
:1
Backup to master transitions
:0
Master to backup transitions
:0
Remember VRRP is a Stateless High Availability Protocol for SRX Devices. In
order to have a Stateful High Availability please goto KB21905.

PURPOSE:

You might also like