3.2.24. vrrp

global

Note

requires a Turbo Router Network License.

Virtual Router Redundancy Protocol service.

vrouter running config# vrf <vrf> vrrp

enabled

Enable or disable the VRRP service.

vrouter running config# vrf <vrf> vrrp
vrouter running vrrp# enabled true|false
Default value
true

router-id

String identifying the machine.

vrouter running config# vrf <vrf> vrrp
vrouter running vrrp# router-id <string>
Default value
router

traps-enabled

Enable or disable SNMP traps.

vrouter running config# vrf <vrf> vrrp
vrouter running vrrp# traps-enabled true|false
Default value
false

vrrp-startup-delay

Delay in seconds before vrrp instances start up after keepalived starts. Recommended value is 30 when at least one of the vrrp instance runs on top of lag interfaces.

vrouter running config# vrf <vrf> vrrp
vrouter running vrrp# vrrp-startup-delay <uint16>
Default value
0

group

Group of VRRP instances that change state together.

vrouter running config# vrf <vrf> vrrp group <string>

<string>

VRRP group name.

instance

List of VRRP instances in this group. All instances of a same group share their state.

vrouter running config# vrf <vrf> vrrp group <string>
vrouter running group <string># instance <leafref>

notify-ha-group

Associate the VRRP group to a high-availability group to notify VRRP state.

vrouter running config# vrf <vrf> vrrp group <string>
vrouter running group <string># notify-ha-group <leafref>

state (state only)

VRRP group state.

vrouter> show state vrf <vrf> vrrp group <string> state

interface

Note

requires a Turbo Router Network License.

The list of VRRP interfaces on the device.

vrouter running config# vrf <vrf> interface vrrp <vrrp>

<vrrp>

An interface name.

mtu

Set the max transmission unit size in octets.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># mtu <uint32>

promiscuous

Set promiscuous mode.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># promiscuous true|false

description

A textual description of the interface.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># description <string>

enabled

The desired (administrative) state of the interface.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># enabled true|false
Default value
true

version

VRRP version 2 for IPv4, 3 for IPv4 or IPv6.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># version <uint8>
Default value
2

garp-delay

Delay for gratuitous ARP after transition to master state.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># garp-delay <uint16>
Default value
5

use-vmac

If true, create and associate the virtual address to a vmac interface for this VRRP instance with a VRRP standard MAC address.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># use-vmac true|false
Default value
true

vmac-xmit-base

If true, send and receive VRRP messages from bound interface instead of VMAC interface. It requires use-vmac to be set to true.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># vmac-xmit-base true|false
Default value
false

vrid (mandatory)

Virtual router identifier, used to differentiate multiple VRRP instances bound to the same interface.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># vrid <uint8>

priority

Specifies the sending VRRP interface’s priority for the virtual router. The higher value among interfaces with the same router id will be elected as master.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># priority <uint8>
Default value
100

init-state

Initial VRRP state.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># init-state INIT-STATE

INIT-STATE values

Description

master

Master state: the router functions as the forwarding router (rfc5798#6.4.3).

backup

Backup state: monitor the availability and state of the Master Router (rfc5798#6.4.2).

Default value
backup

preempt

If true, preempt an already running VRRP instance when coming online with a higher priority. For this to work, the initial state of this entry must be backup.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># preempt true|false
Default value
true

preempt-delay

Delay the higher priority router waits before preempting.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># preempt-delay <uint16>
Default value
0

track-interface

List of tracked interfaces. The VRRP instance loses its master state if one of the tracked interfaces go down.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># track-interface TRACK-INTERFACE

TRACK-INTERFACE

An interface name.

track

A tracker name. The VRRP instance loses its master state if the tracked address is unreachable.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># track TRACK

TRACK

An tracker name.

track-fast-path

Prevent the VRRP instance to be master when fast path state does not match the configuration.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># track-fast-path true|false
Default value
false

notify-ha-group

Associate the VRRP instance to a high-availability group to notify VRRP state.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># notify-ha-group <leafref>

ifindex (state only)

System assigned number for each interface. Corresponds to ifIndex object in SNMP Interface MIB.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ifindex

admin-status (state only)

The desired state of the interface. In RFC 7223 this leaf has the same read semantics as ifAdminStatus. Here, it reflects the administrative state as set by enabling or disabling the interface.

vrouter> show state vrf <vrf> interface vrrp <vrrp> admin-status

oper-status (state only)

The current operational state of the interface. This leaf has the same semantics as ifOperStatus.

vrouter> show state vrf <vrf> interface vrrp <vrrp> oper-status

last-change (state only)

This timestamp indicates the time of the last state change of the interface (e.g., up-to-down transition). This corresponds to the ifLastChange object in the standard interface MIB. The value is the timestamp in nanoseconds relative to the Unix Epoch (Jan 1, 1970 00:00:00 UTC).

vrouter> show state vrf <vrf> interface vrrp <vrrp> last-change

state (state only)

Current VRRP state.

vrouter> show state vrf <vrf> interface vrrp <vrrp> state

network-stack

Network stack parameters for this interface.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack

ipv4

IPv4 parameters.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
send-redirects

Send ICMP redirect if host is on the same network than gateway.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vrouter running ipv4# send-redirects true|false
accept-redirects

Accept redirect when acting as a host. It is always disabled when acting as a router. Must be activated at vrf or system level too to be activated.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vrouter running ipv4# accept-redirects true|false
accept-source-route

Accept packets with source route option. Must be activated at vrf or system level too to be activated.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vrouter running ipv4# accept-source-route true|false
arp-announce

Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface. Increasing the restriction level gives more chance for receiving answer from the resolved target while decreasing the level announces more valid sender’s information.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vrouter running ipv4# arp-announce ARP-ANNOUNCE

ARP-ANNOUNCE values

Description

any

Use any local address, configured on any interface.

avoid-not-in-subnet

Try to avoid local addresses that are not in the target’s subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2, ‘best-local’.

best-local

Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce.

arp-filter

Allows to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP’d IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vrouter running ipv4# arp-filter true|false
arp-ignore

Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vrouter running ipv4# arp-ignore ARP-IGNORE

ARP-IGNORE values

Description

any

Reply for any local target IP address, configured on any interface.

check-interface

Reply only if the target IP address is local address configured on the incoming interface.

check-interface-and-subnet

Reply only if the target IP address is local address configured on the incoming interface and both with the sender’s IP address are part from same subnet on this interface.

ignore-scope

Do not reply for local addresses configured with scope host, only resolutions for global and link addresses are replied.

ignore-all

Do not reply for all local addresses.

log-invalid-addresses

Log packets with impossible addresses.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vrouter running ipv4# log-invalid-addresses true|false

ipv6

IPv6 parameters.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
autoconfiguration

Autoconfigure addresses using Prefix Information in Router Advertisements.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vrouter running ipv6# autoconfiguration true|false
accept-router-advert

Accept Router Advertisements.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vrouter running ipv6# accept-router-advert ACCEPT-ROUTER-ADVERT

ACCEPT-ROUTER-ADVERT values

Description

never

Do not accept Router Advertisements.

norouter-mode

Accept Router Advertisements if forwarding is disabled.

always

Accept Router Advertisements even if forwarding is enabled.

accept-redirects

Accept redirect when acting as a host. It is always disabled when acting as a router.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vrouter running ipv6# accept-redirects true|false
accept-source-route

Accept packets with source route option.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vrouter running ipv6# accept-source-route true|false
router-solicitations

Number of Router Solicitations to send until assuming no routers are present.

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vrouter running ipv6# router-solicitations <int16>
use-temporary-addresses

Preference for Privacy Extensions (RFC4941). Not applied to point-to- point and loopback devices (always 0).

vrouter running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vrouter running ipv6# use-temporary-addresses USE-TEMPORARY-ADDRESSES

USE-TEMPORARY-ADDRESSES values

Description

never

Disable Privacy Extensions, i.e. use the public address, subnet prefix/interface id, where interface id is always the same.

prefer-public-addresses

Enable Privacy Extensions, but prefer public addresses over temporary addresses.

always

Enable Privacy Extensions and prefer temporary addresses over public addresses.

authentication

Authentication parameters.

vrouter running config# vrf <vrf> interface vrrp <vrrp> authentication

auth-type

Authentication type: password or IPsec. Authentication is disabled if unset.

vrouter running config# vrf <vrf> interface vrrp <vrrp> authentication
vrouter running authentication# auth-type AUTH-TYPE

AUTH-TYPE values

Description

pass

Password.

ah

AH.

auth-pass

VRRP password. It should be the same on all VRRP instances.

vrouter running config# vrf <vrf> interface vrrp <vrrp> authentication
vrouter running authentication# auth-pass <string>

unicast-peer

IP addresses of unicast peers. If the list is not empty, do not send VRRP advertisements over a VRRP multicast group but to this list of peers.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># unicast-peer <unicast-peer>

<unicast-peer> values

Description

<A.B.C.D>

An IPv4 address.

<X:X::X:X>

An IPv6 address.

virtual-address

IP addresses added on master switch and deleted on backup switch.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># virtual-address <virtual-address>

<virtual-address> values

Description

<A.B.C.D/M>

A masked IPv4 address: address and prefix of that subnet.

<X:X::X:X/M>

A masked IPv6 address: address and prefix of that subnet.

virtual-route

Routes added on master switch and deleted on backup switch.

vrouter running config# vrf <vrf> interface vrrp <vrrp>
vrouter running vrrp <vrrp># virtual-route <virtual-route> interface <string> \
... gw GW

<virtual-route> values

Description

<A.B.C.D/M>

An IPv4 prefix: address and CIDR mask.

<X:X::X:X/M>

An IPv6 prefix: address and CIDR mask.

interface

Out device.

interface <string>

gw

Gateway IP.

gw GW

GW values

Description

<A.B.C.D>

An IPv4 address.

<X:X::X:X>

An IPv6 address.

counters (state only)

A collection of interface-related statistics objects.

in-octets (state only)

The total number of octets received on the interface, including framing characters. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

vrouter> show state vrf <vrf> interface vrrp <vrrp> counters in-octets

in-unicast-pkts (state only)

The number of packets, delivered by this sub-layer to a higher (sub-)layer, that were not addressed to a multicast or broadcast address at this sub-layer. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

vrouter> show state vrf <vrf> interface vrrp <vrrp> counters in-unicast-pkts

in-discards (state only)

The number of inbound packets that were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

vrouter> show state vrf <vrf> interface vrrp <vrrp> counters in-discards

in-errors (state only)

For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher- layer protocol. For character- oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re- initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

vrouter> show state vrf <vrf> interface vrrp <vrrp> counters in-errors

out-octets (state only)

The total number of octets transmitted out of the interface, including framing characters. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

vrouter> show state vrf <vrf> interface vrrp <vrrp> counters out-octets

out-unicast-pkts (state only)

The total number of packets that higher-level protocols requested be transmitted, and that were not addressed to a multicast or broadcast address at this sub-layer, including those that were discarded or not sent. Discontinuities in the value of this counter can occur at re- initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

vrouter> show state vrf <vrf> interface vrrp <vrrp> counters out-unicast-pkts

out-discards (state only)

The number of outbound packets that were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

vrouter> show state vrf <vrf> interface vrrp <vrrp> counters out-discards

out-errors (state only)

For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

vrouter> show state vrf <vrf> interface vrrp <vrrp> counters out-errors

ipv4 (state only)

Parameters for the IPv4 address family.

enabled (state only)

Controls whether IPv4 is enabled or disabled on this interface. When IPv4 is enabled, this interface is connected to an IPv4 stack, and the interface can send and receive IPv4 packets.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 enabled

address (state only)

The list of configured IPv4 addresses on the interface.

peer (state only)

The IPv4 address of the remote endpoint for point to point interfaces.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 address <address> peer
origin (state only)

The origin of this address, e.g., statically configured, assigned by DHCP, etc..

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 address <address> origin

neighbor (state only)

A list of mappings from IPv4 addresses to link-layer addresses. Entries in this list are used as static entries in the ARP Cache.

state (state only)

The state of this neighbor entry.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 neighbor <neighbor> state

dhcp (state only)

DHCP client configuration.

enabled (state only)

Enable or disable DHCP.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp enabled
timeout (state only)

Time before deciding that it’s not going to be able to contact a server.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp timeout
retry (state only)

Time before trying again to contact a DHCP server.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp retry
select-timeout (state only)

Time at which the client stops waiting for other offers from servers.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp select-timeout
reboot (state only)

Time after trying to reacquire its old address before trying to discover a new address.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp reboot
initial-interval (state only)

Time between the first attempt to reach a server and the second attempt to reach a server.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp initial-interval
dhcp-lease-time (state only)

Requested lease time.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp dhcp-lease-time
dhcp-client-identifier-ascii (state only)

DHCP client identifier (ASCII).

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp dhcp-client-identifier-ascii
dhcp-client-identifier-hexa (state only)

DHCP client identifier (hexadecimal).

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp dhcp-client-identifier-hexa
host-name (state only)

DHCP client name.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp host-name
request (state only)

DHCP requests.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp request
current-lease (state only)

Current lease.

fixed-address (state only)

The IPv4 address on the interface.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp current-lease fixed-address
renew (state only)

Time at which the client should begin trying to contact its server to renew its lease.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp current-lease renew
rebind (state only)

Time at which the client should begin to try to contact any dhcp server to renew its lease.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp current-lease rebind
expire (state only)

Time at which the client must stop using a lease if it has not been able to renew it.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp current-lease expire

ipv6 (state only)

Parameters for the IPv6 address family.

enabled (state only)

Controls whether IPv6 is enabled or disabled on this interface. When IPv6 is enabled, this interface is connected to an IPv6 stack, and the interface can send and receive IPv6 packets.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv6 enabled

address (state only)

The list of configured IPv6 addresses on the interface.

peer (state only)

The IPv6 address of the remote endpoint for point to point interfaces.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv6 address <address> peer
origin (state only)

The origin of this address, e.g., static, dhcp, etc.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv6 address <address> origin
status (state only)

The status of an address. Most of the states correspond to states from the IPv6 Stateless Address Autoconfiguration protocol.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv6 address <address> status

neighbor (state only)

List of IPv6 neighbors.

router (state only)

Indicates that the neighbor node acts as a router.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv6 neighbor <neighbor> router
state (state only)

The state of this neighbor entry.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ipv6 neighbor <neighbor> state

ethernet (state only)

Top-level container for Ethernet state.

mac-address (state only)

MAC address assigned to the Ethernet interface.

vrouter> show state vrf <vrf> interface vrrp <vrrp> ethernet mac-address