Course Objectives

After completing this course, you will be able to:

• Be familiar with the working principles of VRRP.
• Master the basic configurations of VRRP.
• Understand the typical networking model and configuration method of VRRP.
• Be familiar with common VRRP issues and their solutions.
Contents

Basic Principles of VRRP

Basic Configurations of VRRP

Common VRRP Issues

Background

Network

Single point
of failure
192.168.1.254

192.168.1.1/24 192.168.1.2/24 192.168.1.3/24

Gateway address: Gateway address: Gateway address:
192.168.1.254 192.168.1.254 192.168.1.254
VRRP Benefits

Virtual router
192.168.1.254

R1 R2
Master Backup

GE 0/0/0 GE 0/0/0
VRRP 192.168.1.252/24
192.168.1.253/24

192.168.1.2/24
Gateway address:
192.168.1.254
Upstream Traffic in Normal Cases

Virtual router
192.168.1.254

R1 R2
Master Backup
Up
str
GE 0/0/0 ea GE 0/0/0
m
192.168.1.253/24 t ra 192.168.1.252/24
ffic

192.168.1.2/24
Gateway address:
192.168.1.254
Smooth VRRP Switching

Virtual router
192.168.1.254

R1 R2
Backup ffic Master
t ra
m
t rea GE 0/0/0
GE 0/0/0 s
Up 192.168.1.252/24
192.168.1.253/24

192.168.1.2/24
Gateway address:
192.168.1.254
VRRP Overview

• The Virtual Router Redundancy Protocol (VRRP) enables interfaces on a group of routers i
n the same LAN to work together. Only one interface on one of the routers in this group wor
ks in the Master state and forwards data traffic. Multiple router interfaces in a VRRP backup
group share one virtual IP address, which is used as the default gateway address for all ho
sts in the LAN.
• VRRP determines which router is the master. The master router receives data packets sent
to the user gateway and forwards them. The master router also responds to PCs' ARP requ
ests for the gateway IP address.
• A backup router listens to the master router's status. If the master router fails, the backup ro
uter takes over, ensuring smooth service traffic switching.
VRRP Terms

• VRRP router:
 Router that runs VRRP. A VRRP router (interface) can be added to multiple VRRP back

up groups and serve different roles in each group.

• VRRP backup group:
 A VRRP backup group consists of multiple VRRP routers, which are identified using the

same virtual router ID (VRID). VRRP routers belonging to the same VRRP backup grou
p exchange information. Each VRRP backup group can have only one master router.
• Virtual router:
 Logical router abstracted for each VRRP backup group. A virtual router functions as the

user gateway, and users only need to know the IP address of the virtual router. VRRP a
ssigns responsibilities among routers, such as which takes on the role of virtual router,
which forwards data, and which takes over if the master fails.
VRRP Terms

• Virtual IP address and MAC address:

 A virtual IP address is the IP address of a virtual router, that is, the user gateway addres

s.
 A virtual MAC address is a MAC address that is generated based on a VRID. A virtual rou

ter has a virtual MAC address that is in the format of 00-00-5E-00-01-{VRID}.

• Master and backup routers:
 Master router: router that forwards data packets in a VRRP backup group. Only the mast

er router in each VRRP backup group responds to ARP requests for a virtual IP address.
The master router sends VRRP advertisement packets at an interval to notify a backup r
outer of its status.
 Backup router: router in the listening state. If the master router fails, a backup router take

s over.
 Election rules: The system compares interface VRRP priorities. If interface VRRP prioritie

s are the same, the system compares interface IP addresses.

Virtual MAC Address

• A virtual router implemented using VRRP uses a virtual IP address and virtual MAC address
to communicate with PCs on a network. The last 1-byte VRID in a virtual MAC address
indicates a virtual router ID in hexadecimal format. For example, if the VRID is 1, the virtual
MAC address is 00-00-5E-00-01-01.
Virtual router
192.168.1.254

R1 R2
Master Backup

GE 0/0/0 GE 0/0/0
VRRP 192.168.1.252/24
192.168.1.253/24

Internet Address Physical Address 00-00-5E-00-01-01

192.168.1.252 00-E0-FC-03-AD-5A
192.168.1.253 00-E0-FC-03-C9-82
192.168.1.254 00-00-5E-00-01-01
Master and backup routers:

• Master router:
 Sends VRRP advertisement packets periodically (at an advertisement interval) to notify a backup router of
its status.
 Responds to an ARP request of another device with an ARP reply carrying the virtual MAC address.
 Forwards IP packets sent to the virtual MAC address.
 Receives IP packets sent to virtual IP addresses if it is an IP address owner (the actual IP address of an interface
is a virtual IP address). Discards IP packets sent to virtual IP addresses if it is not an IP address owner.
 Changes from Master to Backup immediately if the VRRP priority in a received VRRP advertisement packet is hi
gher than the local VRRP priority.
 Changes from Master to Backup immediately if the VRRP priority in a received VRRP advertisement packet is eq
ual to the local VRRP priority and the local interface IP address is less than the peer interface IP address.
Master and backup routers:

• Backup router:
 Receives VRRP advertisement packets from the master router and checks whether the master router is working pr
operly based on information in the packets.
 Does not respond to an ARP request carrying a virtual IP address.
 Discards IP packets sent to virtual IP addresses.
 Resets the Master_Down_Interval timer but does not compare IP addresses if it receives a VRRP advertisement p
acket carrying a VRRP priority higher than or equal to the local VRRP priority.
 Sets the timer time to Skew_Time if it receives a VRRP advertisement packet carrying a VRRP priority lower than t
he local VRRP priority and the priority carried in the packet is 0. Discards the packet and becomes the master imm
ediately if the priority carried in the packet is not 0.

Master_Down_Interval timer: If a backup router does not receive VRRP advertisement packets from the
master router after the timer expires, the backup router changes to the Master state. The following
equation applies:
Master_Down_Interval = (3 x Advertisement_Interval) + Skew_Time
where
Skew_Time = (256 – Priority)/256
Transition Process of the VRRP States

• VRRP defines three states: Initialize, Master, and Backup. The initial states of all routers are I
nitialize. Routers change to the Master or Backup state by comparing priorities. If a backup ro
uter does not receive a VRRP advertisement packet from the master router within a specified
time, the backup router changes to the Master state.

Initialize

Sh
wn

ut
td o

St

do
in

a
,w

wn
u

rtu
Sh

tup

p,
lo
ar

ss
St

Receives a VRRP advertisement

packet carrying a higher priority.
Master Backup
Master_Down_Timer
VRRP advertisement Packet

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | Type | Virtual Rtr ID | Priority | Count IP Addrs|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Auth Type | Adver Int | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address (1) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| . |
| . |
| . |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address (n) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication Data (1) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication Data (2) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
VRRP advertisement Packet

• Version: 2
• Type: 1, indicating that the packet is an advertisement packet.
• Virtual Rtr ID (VRID): configured VRRP backup group ID. The value ranges from 1 to 255.
• Priority: The value ranges from 0 to 255 (the values 0 and 255 cannot be configured).
255: If the configured virtual IP address is the same as the actual interface IP address, the priority is 255.
100: default value.
• Count IP Addrs: number of virtual IP addresses configured for a VRRP backup group (multiple virtual IP addresses can
be configured for a VRRP backup group).
• Auth Type: Authentication type. VRRP defines the following authentication types:
0 – No Authentication
1 – Simple Text Password
2 – IP Authentication Header
• Adver Int: interval at which VRRP advertisement packets are sent. The default value is 1s.
• Checksum: The checksum is used to check data integrity.
• IP Address: list of virtual IP addresses configured for a VRRP backup group (multiple virtual IP addresses can be confi
gured for a VRRP backup group).
• Authentication Data: authentication key.
Preemption

R1 R2 (New)

GE 0/0/0 GE 0/0/0
192.168.1.253/24 192.168.1.252/24
VRRP VRID1 priority 110 VRRP VRID1 priority 120

• After R2 joins the network through an interface, the VRRP status of the interface changes to
Backup. R1 sends a VRRP advertisement packet to R2. After receiving the packet, R2
checks that the local VRRP priority is higher than the priority carried in the packet. If
preemption is enabled (enabled by default), R2 immediately preempts the Master state and
starts to send VRRP advertisement packets.
• The preemption delay can be changed. The default preemption delay is 0s.
Contents

Basic Principles of VRRP

Basic Configurations of VRRP

Common VRRP Issues

VRRP Scenario 1

Virtual router
192.168.1.254

R1 R2
Master Backup

GE 0/0/0 GE 0/0/0
VRRP 192.168.1.252/24
192.168.1.253/24

192.168.1.2/24
Gateway address:
192.168.1.254
Configurations for VRRP Scenario 1

R1 configuration:
[R1]interface GigabitEthernet0/0/0
[R1- GigabitEthernet0/0/0]ip address 192.168.1.253 24
[R1- GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 192.168.1.254
[R1- GigabitEthernet0/0/0]vrrp vrid 1 priority 120
[R1- GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode timer delay 20
[R1- GigabitEthernet0/0/0]quit

R2 configuration: Set the preemption delay of R1 to

20s. A preemption delay is a
[R2]interface GigabitEthernet0/0/0 period of time during which a
[R2- GigabitEthernet0/0/0]ip address 192.168.1.252 24 backup device waits to preempt
[R2- GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 192.168.1.254 the Master state.

[R2- GigabitEthernet0/0/0]quit
Scenario 1: Viewing Detailed VRRP Information on R1

[R1] display vrrp

GigabitEthernet0/0/0 | Virtual Router 1 VRID
State : Master The status of the device is Master
Virtual IP : 192.168.1.254 in the VRRP backup group.
Master IP : 192.168.1.253
Priority of the interface in
PriorityRun : 120
the VRRP backup group
PriorityConfig : 120
MasterPriority : 120 Preemption is enabled, and
Preempt : YES Delay Time :20 s the preemption delay is 20s.
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2013-12-29 18:26:48 UTC-05:13
Last change time : 2013-12-29 18:26:52 UTC-05:13
Scenario 1: Viewing Brief VRRP Information on R1

[R1] display vrrp brief

Total:1 Master:1 Backup:0 Non-active:0
VRID State Interface Type Virtual IP
-----------------------------------------------------------------------------
1 Master GE0/0/0 Normal 192.168.1.254
Scenario 1: Viewing Detailed VRRP Information on R2

[R2] display vrrp

GigabitEthernet0/0/0 | Virtual Router 1
The status of the device is Backup
State : Backup
in the VRRP backup group.
Virtual IP : 192.168.1.254
Master IP : 192.168.1.253 Actual IP address of the
PriorityRun : 100 master device
PriorityConfig : 100
Priority of the interface in the
MasterPriority : 120
VRRP backup group
Preempt : YES Delay Time : 0 s
TimerRun : 1 s Preemption is enabled, and
TimerConfig : 1 s the preemption delay is 0s.
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2013-12-29 18:27:17 UTC-05:13
Last change time : 2013-12-29 18:27:17 UTC-05:13
 Scenario 2: Configuring a VRRP Backup Group to Monitor the Status of a VRRP-
disabled Interface

R1 R2
Master Backup

GE 0/0/0 GE 0/0/0
VRRP 192.168.1.252/24
192.168.1.253/24

A VRRP backup group on R1

monitors the status of GE 0/0/1
(VRRP-disabled interface). If the
interface goes Down, the VRRP
priority of R1 is immediately
decreased by 30 so that the priority
of R1 is less than that of R2. R2
then changes to the Master state.

192.168.1.2/24
Gateway address:
192.168.1.254
Configurations for VRRP Scenario 2

R1 configuration:
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.253 24
[R1-GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 192.168.1.254
[R1-GigabitEthernet0/0/0]vrrp vrid 1 priority 120
[R1-GigabitEthernet0/0/0]vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 30
[R1-GigabitEthernet0/0/0]quit

R2 configuration:
[R2]interface GigabitEthernet0/0/0
[R2- GigabitEthernet0/0/0]ip address 192.168.1.252 24
[R2- GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 192.168.1.254
[R2- GigabitEthernet0/0/0]quit
Scenario 3: Configuring VRRP Association with BFD

A BFD session is configured on R1

and R2 to rapidly detect interface
faults on both ends. If an interface
fault occurs, a VRRP switchover is
R1 immediately triggered. R2
Master Backup

GE 0/0/0 GE 0/0/0
VRRP 192.168.1.252/24
192.168.1.253/24

192.168.1.2/24
Gateway address:
192.168.1.254
Configurations for VRRP Scenario 3

R1 configuration:
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.253 24
[R1-GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 192.168.1.254
[R1-GigabitEthernet0/0/0]vrrp vrid 1 priority 120
[R1-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode timer delay 20
[R1-GigabitEthernet0/0/0]quit
[R1] bfd                    # Activate BFD.
[R1-bfd] quit
[R1] bfd mytrack bind peer-ip 192.168.1.252 interface GigabitEthernet0/0/0
[R1-bfd-session-atob] discriminator local 1
[R1-bfd-session-atob] discriminator remote 2
[R1-bfd-session-atob] min-rx-interval 50
[R1-bfd-session-atob] min-tx-interval 50 
[R1-bfd-session-atob] commit
[R1-bfd-session-atob] quit
Configurations for VRRP Scenario 3

R2 configuration:
[R2] interface GigabitEthernet0/0/0
[R2-GigabitEthernet0/0/0] ip address 192.168.1.252 24
[R2-GigabitEthernet0/0/0] vrrp vrid 1 virtual-ip 192.168.1.254
[R2-GigabitEthernet0/0/0] vrrp vrid 1 track bfd-session 2 increased 50
[R2-GigabitEthernet0/0/0] quit
[R2] bfd
[R2-bfd] quit
[R2] bfd mytrack bind peer-ip 192.168.1.253 interface GigabitEthernet0/0/0
[R2-bfd-session-atob] discriminator local 2
[R2-bfd-session-atob] discriminator remote 1
[R2-bfd-session-atob] min-rx-interval 50
[R2-bfd-session-atob] min-tx-interval 50 
[R2-bfd-session-atob] commit
[R2-bfd-session-atob] quit
Scenario 4: Configuring Multiple VRRP Backup Groups to Implement Load Balancing

GE 0/0/0.10
R1 R2 GE 0/0/0.10
192.168.1.253/24 192.168.1.252/24
dot 1q termination vid 10 dot 1q termination vid 10
vrrp vrid 10 Master vrrp vrid 10 Backup
GE 0/0/0.20 GE 0/0/0.20
192.168.2.252/24 192.168.2.253/24
Tru k
dot1q termination vid 20 nk un dot1q termination vid 20
vrrp vrid 20 Backup Tr vrrp vrid 20 Master

VLAN 10 VLAN 20
192.168.1.1/24 192.168.2.1/24
Gateway address: Gateway address:
192.168.1.254 192.168.2.254

The internal network has two VLANs: VLAN 10 and VLAN 20. When the network is normal,
VLAN 10's traffic is transmitted through the left link, and VLAN 20's traffic is transmitted
through the right link. If the left/right link or R1/R2 fails, traffic is automatically switched.
Configurations for VRRP Scenario 4

R1 configuration:
[R1] interface GigabitEthernet0/0/0.10
[R1-GigabitEthernet0/0/0.10] dot1q termination vid 10
[R1-GigabitEthernet0/0/0.10] arp broadcast enable
[R1-GigabitEthernet0/0/0.10] ip address 192.168.1.253 24
[R1-GigabitEthernet0/0/0.10] vrrp vrid 10 virtual-ip 192.168.1.254
[R1-GigabitEthernet0/0/0.10] vrrp vrid 10 priority 120
[R1-GigabitEthernet0/0/0.10] vrrp vrid 10 preempt-mode timer delay 20
[R1-GigabitEthernet0/0/0.10] quit
[R1] interface GigabitEthernet0/0/0.20
[R1-GigabitEthernet0/0/0.20] dot1q termination vid 20
[R1-GigabitEthernet0/0/0.20] arp broadcast enable
[R1-GigabitEthernet0/0/0.20] ip address 192.168.2.252 24
[R1-GigabitEthernet0/0/0.20] vrrp vrid 20 virtual-ip 192.168.2.254
[R1-GigabitEthernet0/0/0.20] quit
Configurations for VRRP Scenario 4

R2 configuration:
[R2] interface GigabitEthernet0/0/0.10
[R2-GigabitEthernet0/0/0.10] dot1q termination vid 10
[R2-GigabitEthernet0/0/0.10] arp broadcast enable
[R2-GigabitEthernet0/0/0.10] ip address 192.168.1.252 24
[R2-GigabitEthernet0/0/0.10] vrrp vrid 10 virtual-ip 192.168.1.254
[R2-GigabitEthernet0/0/0.10] quit
[R2] interface GigabitEthernet0/0/0.20
[R2-GigabitEthernet0/0/0.20] dot1q termination vid 20
[R2-GigabitEthernet0/0/0.20] arp broadcast enable
[R2-GigabitEthernet0/0/0.20] ip address 192.168.2.253 24
[R2-GigabitEthernet0/0/0.20] vrrp vrid 20 virtual-ip 192.168.2.254
[R2-GigabitEthernet0/0/0.20] vrrp vrid 20 priority 120
[R2-GigabitEthernet0/0/0.20] vrrp vrid 20 preempt-mode timer delay 20
[R2-GigabitEthernet0/0/0.20] quit
Scenario 5: Configuring VRRP on a Layer 3 Switch

SW1 SW2
Interface vlanif 10 Interface vlanif 10
192.168.10.253/24 192.168.10.252/24
vrrp vrid Master vrrp vrid 1 Backup
GE
0 VRRP /23
/0/
2 2 Tru k G0
/ 0
nk un
GE
0 /0 Tr
/22 / 23
0/ 0
GE
SW3
GE 0/0/1

192.168.10.1/24
Gateway address:
192.168.10.254
Configurations for VRRP Scenario 5

SW1 configuration:
[SW1] vlan 10
[SW1-vlan10] quit
[SW1] interface GigabitEthernet0/0/22
[SW1-GigabitEthernet0/0/22] port link-type trunk
[SW1-GigabitEthernet0/0/22] port trunk allow-pass vlan 10
[SW1-GigabitEthernet0/0/22] quit
[SW1] interface vlanif 10
[SW1-vlanif10] ip address 192.168.10.253 24
[SW1-vlanif10] vrrp vrid 1 virtual-ip 192.168.10.254
[SW1-vlanif10] vrrp vrid 1 priority 120
[SW1-vlanif10] vrrp vrid 1 preempt-mode timer delay 20
Configurations for VRRP Scenario 5

SW2 configuration:
[SW2] vlan 10
[SW2-vlan10] quit
[SW2] interface GigabitEthernet0/0/23
[SW2-GigabitEthernet0/0/23] port link-type trunk
[SW2-GigabitEthernet0/0/23] port trunk allow-pass vlan 10
[SW2-GigabitEthernet0/0/23] quit
[SW2] interface vlanif 10
[SW2-vlanif10] ip address 192.168.10.252 24
[SW2-vlanif10] vrrp vrid 1 virtual-ip 192.168.10.254
Scenario 6: Configuring Typical VRRP and MSTP Networking

Vrid 1 for Instance 1 Master Vrid 1 for Instance 1 Backup

Vrid 2 for Instance 2 Backup Vrid 2 for Instance 2 Master

SW1 SW2
GE 0/0/24 GE 0/0/24

G
E 23
0/ 0/
0/ Tr 0/
22 un G
E
k unk
Tr
G
E 3
0/
0/ 0 /2
22 0/
E
G

SW3
Instance1 vlan 10 20 Primary Instance1 vlan 10 20 Secondary
Instance2 vlan 30 40 Secondary Instance2 vlan 30 40 Primary
Configurations for VRRP Scenario 6

SW3 configuration:
[SW3] vlan batch 10 20 30 40
[SW3] interface GigabitEthernet0/0/22
[SW3-GigabitEthernet0/0/22] port link-type trunk
[SW3-GigabitEthernet0/0/22] port trunk allow-pass vlan 10 20 30 40
[SW3] interface GigabitEthernet0/0/23
[SW3-GigabitEthernet0/0/23] port link-type trunk
[SW3-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20 30 40
[SW3] stp mode mstp
[SW3] stp region-configuration
[SW3-mst-region] region-name huawei
[SW3-mst-region] instance 1 vlan 10 20
[SW3-mst-region] instance 2 vlan 30 40
[SW3-mst-region] active region-configuration
[SW3-mst-region] quit
[SW3] stp instance 1 priority 32768
[SW3] stp instance 2 priority 32768
[SW3] stp enable
Configurations for VRRP Scenario 6

SW1 configuration:
[SW1] vlan batch 10 20 30 40
[SW1] interface GigabitEthernet0/0/24
[SW1-GigabitEthernet0/0/24] port link-type trunk
[SW1-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 30 40
[SW1] interface GigabitEthernet0/0/22
[SW1-GigabitEthernet0/0/22] port link-type trunk
[SW1-GigabitEthernet0/0/22] port trunk allow-pass vlan 10 20 30 40
[SW1] stp mode mstp
[SW1] stp region-configuration
[SW1-mst-region] region-name huawei
[SW1-mst-region] instance 1 vlan 10 20
[SW1-mst-region] instance 2 vlan 30 40
[SW1-mst-region] active region-configuration
[SW1-mst-region] quit
[SW1] stp instance 1 root primary
[SW1] stp instance 2 root secondary
[SW1] stp enable
Configurations for VRRP Scenario 6

SW1 configuration (continued):

[SW1] interface Vlanif10
[SW1-vlanif10] ip address 192.168.10.253 255.255.255.0
[SW1-vlanif10] vrrp vrid 1 virtual-ip 192.168.10.254
[SW1-vlanif10] vrrp vrid 1 priority 120
[SW1-vlanif10] vrrp vrid 1 preempt-mode timer delay 20
[SW1] interface Vlanif20
[SW1-vlanif20] ip address 192.168.20.253 255.255.255.0
[SW1-vlanif20] vrrp vrid 2 virtual-ip 192.168.20.254
[SW1-vlanif20] vrrp vrid 2 priority 120
[SW1-vlanif20] vrrp vrid 2 preempt-mode timer delay 20
[SW1] interface Vlanif30
[SW1-vlanif30] ip address 192.168.30.252 255.255.255.0
[SW1-vlanif30] vrrp vrid 3 virtual-ip 192.168.30.254
[SW1] interface Vlanif40
[SW1-vlanif40] ip address 192.168.40.252 255.255.255.0
[SW1-vlanif40] vrrp vrid 4 virtual-ip 192.168.40.254
Configurations for VRRP Scenario 6

SW2 configuration:
[SW2] vlan batch 10 20 30 40
[SW2] interface GigabitEthernet0/0/24
[SW2-GigabitEthernet0/0/24] port link-type trunk
[SW2-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 30 40
[SW2] interface GigabitEthernet0/0/23
[SW2-GigabitEthernet0/0/23] port link-type trunk
[SW2-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20 30 40
[SW2] stp mode mstp
[SW2] stp region-configuration
[SW2-mst-region] region-name huawei
[SW2-mst-region] instance 1 vlan 10 20
[SW2-mst-region] instance 2 vlan 30 40
[SW2-mst-region] active region-configuration
[SW2-mst-region] quit
[SW2] stp instance 1 root secondary
[SW2] stp instance 2 root primary
[SW2] stp enable
Configurations for VRRP Scenario 6

SW2 configuration (continued):

[SW2] interface Vlanif10
[SW2-vlanif10] ip address 192.168.10.252 255.255.255.0
[SW2-vlanif10] vrrp vrid 1 virtual-ip 192.168.10.254
[SW2] interface Vlanif20
[SW2-vlanif20] ip address 192.168.20.252 255.255.255.0
[SW2-vlanif20] vrrp vrid 2 virtual-ip 192.168.20.254
[SW2] interface Vlanif30
[SW2-vlanif30] ip address 192.168.30.252 255.255.255.0
[SW2-vlanif30] vrrp vrid 3 virtual-ip 192.168.30.254
[SW2-vlanif30] vrrp vrid 3 priority 120
[SW2] interface Vlanif40
[SW2-vlanif40] ip address 192.168.40.252 255.255.255.0
[SW2-vlanif40] vrrp vrid 4 virtual-ip 192.168.40.254
[SW2-vlanif40] vrrp vrid 4 priority 120
Contents

Basic Principles of VRRP

Basic Configurations of VRRP

Common VRRP Issues

Issue 1: VRRP Dual-Master Fault

R1 R2

GE 0/0/0 GE 0/0/0
VRRP

• VRRP advertisement packets are transmitted in multicast mode, which requires that VRRP member
interfaces must be in the same LAN or broadcast domain. If they are not in the same LAN or broadcast
domain, VRRP advertisement packets cannot be normally sent or received. In this case, a dual-master
fault occurs.
• On the network shown in the preceding figure, the Layer 2 switch constitutes a Layer 2 multicast
environment. The GE 0/0/0 interfaces on R1 and R2 are in a broadcast domain, and VRRP
advertisement packets can be normally sent or received. If the Layer 2 switch's interfaces connected to
R1 and R2 are in two different VLANs, a dual-master fault occurs.
Issue 2: VRRP Differences Between Switches and Routers

Figure A Figure B

• In Figure A, VRRP is enabled on two routers' interfaces connected to two switches. The switches are used for Layer 2
transparent transmission. If the link shown in the figure is interrupted, the VRRP status of the master router changes
to Initialize, and the VRRP status of the backup router changes to Master.
• In Figure B, VRRP is enabled on the VLANIF interfaces of the VLANs to which the upper two switches' interfaces
connected to the lower two switches belong. The lower two switches are used for Layer 2 transparent transmission.
The master and backup switches allow the corresponding VLAN. If the link shown in the figure is interrupted, the
status of the master switch's interface goes Down but the status of the VLANIF interface of the VLAN to which the
interface belongs is still Up. This is because the link between the master and backup switches allows the VLAN. The
status of the VLANIF interface does not change only if any interface on the switch belongs to the VLAN. VRRP
advertisement packets can still be transmitted through the link between switches. Therefore, the VRRP status on the
VLANIF interface does not change.
Issue 3: Services Interrupted When the Faulty Master Device Recovers and Restarts

• In some scenarios, when the master device recovers from a failure and restarts, the original
normal services are interrupted. This problem usually occurs on modular switches such as
S93, S65, and S85.
• Cause analysis: When a modular switch restarts, the system first loads the master and slave
main control boards before loading the service boards. After a service board is successfully
loaded, the VRRP status on the VLANIF interface is normal but other service boards have not
completed loading. If VRRP preemption is enabled and no preemption delay is set, the switch
that has not completed the restart also changes the VRRP status to Master. In this case,
services are interrupted.
• Solution: Run the following command to set a preemption delay to 180s:
 vrrp vrid 1 preempt-mode timer delay 180
Issue 4: VRID Conflict Within the Same Broadcast Domain

vrrp vrid 1

vrrp vrid 1

• As shown in the figure, VRRP is configured on the routers and switches, but the same
VRID is set. VRRP uses VRIDs to distinguish between different VRRP backup groups.
Therefore, if such a conflict as shown in the figure occurs, VRRP calculation is incorrect.
The VRIDs in the same broadcast domain must be different.