3.2.27. vrrp¶
global¶
Note
requires a Product License.
Virtual Router Redundancy Protocol service.
vsr running config# vrf <vrf> vrrp
enabled (pushed)¶
Enable or disable the VRRP service.
vsr running config# vrf <vrf> vrrp
vsr running vrrp# enabled true|false
- Default value
true
router-id¶
String identifying the machine.
vsr running config# vrf <vrf> vrrp
vsr running vrrp# router-id <string>
- Default value
router
traps-enabled¶
Enable or disable SNMP traps.
vsr running config# vrf <vrf> vrrp
vsr running vrrp# traps-enabled true|false
- Default value
false
vrrp-startup-delay¶
Delay in seconds before vrrp instances start up after keepalived starts. Recommended value is 30 when at least one of the vrrp instance runs on top of lag interfaces.
vsr running config# vrf <vrf> vrrp
vsr running vrrp# vrrp-startup-delay <uint16>
- Default value
0
group¶
Group of VRRP instances that change state together.
vsr running config# vrf <vrf> vrrp group <string>
<string> |
VRRP group name. |
instance¶
List of VRRP instances in this group. All instances of a same group share their state.
vsr running config# vrf <vrf> vrrp group <string>
vsr running group <string># instance <leafref>
notify-ha-group¶
Associate the VRRP group to a high-availability group to notify VRRP state.
vsr running config# vrf <vrf> vrrp group <string>
vsr running group <string># notify-ha-group <leafref>
track-group¶
Track a group in another vrf and reduce our priority when the tracked group is in fault state.
vsr running config# vrf <vrf> vrrp group <string>
vsr running group <string># track-group group <string> vrf <vrf> priority-penalty <uint8>
<string> |
The name of the VRRP group to track. |
|
Description |
---|---|
<vrf-name> |
The vrf name. |
all |
All the vrfs where this group is found (except the current one). |
priority-penalty¶
The value that will be deduced from our priority when this group is in fault state. Choose this value so that (master priority - value) < backup priority.
priority-penalty <uint8>
- Default value
253
interface¶
Note
requires a Product License.
The list of VRRP interfaces on the device.
vsr running config# vrf <vrf> interface vrrp <vrrp>
<vrrp> |
An interface name. |
mtu¶
Set the max transmission unit size in octets.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># mtu <uint32>
promiscuous¶
Set promiscuous mode.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># promiscuous true|false
enabled (pushed)¶
The desired (administrative) state of the interface.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># enabled true|false
- Default value
true
description¶
A textual description of the interface.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># description <string>
version¶
VRRP version 2 for IPv4, 3 for IPv4 or IPv6.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># version <uint8>
- Default value
2
link-interface (mandatory)¶
The interface bound by VRRP.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># link-interface LINK-INTERFACE
LINK-INTERFACE |
An interface name. |
garp-delay¶
Delay for the second set of gratuitous ARP after transition to master state.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># garp-delay <uint16>
- Default value
5
use-vmac¶
If true, create and associate the virtual address to a vmac interface for this VRRP instance with a VRRP standard MAC address.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># use-vmac true|false
- Default value
true
vmac-xmit-base¶
If true, send and receive VRRP messages from bound interface instead of VMAC interface. It requires use-vmac to be set to true.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># vmac-xmit-base true|false
- Default value
false
vrid (mandatory)¶
Virtual router identifier, used to differentiate multiple VRRP instances bound to the same interface.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># vrid <uint8>
priority¶
Specifies the sending VRRP interface’s priority for the virtual router. The higher value among interfaces with the same router id will be elected as master.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># priority <uint8>
- Default value
100
init-state¶
Initial VRRP state.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># init-state INIT-STATE
|
Description |
---|---|
master |
Master state: the router functions as the forwarding router (rfc5798#6.4.3). |
backup |
Backup state: monitor the availability and state of the Master Router (rfc5798#6.4.2). |
- Default value
backup
preempt¶
If true, the VRRP instance becomes master when lower priority advertisements are received from the other router. For this to work, the initial state of this entry must be backup.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># preempt true|false
- Default value
true
preempt-delay¶
Additional delay the router waits before preempting the master state after receiving a lower priority advertisements from another node. A value of 0 does not mean immediate switchover, as it is still delayed by Master_Down_Interval.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># preempt-delay <uint16>
- Default value
0
advertisement-interval¶
Interval between successive VRRP advertisements in milliseconds.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># advertisement-interval <uint16>
- Default value
1000
track-link-interface¶
If false, the VRRP instance (and its group if any) does not go to fault state if the link-interface state goes down. Set to false to prevent a broken ha link from causing a fault state on both nodes.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># track-link-interface true|false
- Default value
true
track-interface¶
List of tracked interfaces. The VRRP instance (and its group if any) goes to fault state if one of the tracked interfaces goes down.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># track-interface TRACK-INTERFACE
TRACK-INTERFACE |
An interface name. |
track¶
A tracker name. The VRRP instance (and its group if any) goes to fault state if the tracker is down.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># track TRACK
TRACK |
An tracker name. |
track-fast-path¶
If true, the VRRP instance (and its group if any) goes to fault state if fast path state does not match the configuration.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># track-fast-path true|false
- Default value
false
notify-ha-group¶
Associate the VRRP instance to a high-availability group to notify VRRP state.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># notify-ha-group <leafref>
ifindex (state only)¶
System assigned number for each interface. Corresponds to ifIndex object in SNMP Interface MIB.
vsr> show state vrf <vrf> interface vrrp <vrrp> ifindex
admin-status (state only)¶
The desired state of the interface. In RFC 7223 this leaf has the same read semantics as ifAdminStatus. Here, it reflects the administrative state as set by enabling or disabling the interface.
vsr> show state vrf <vrf> interface vrrp <vrrp> admin-status
oper-status (state only)¶
The current operational state of the interface. This leaf has the same semantics as ifOperStatus.
vsr> show state vrf <vrf> interface vrrp <vrrp> oper-status
last-change (state only)¶
This timestamp indicates the time of the last state change of the interface (e.g., up-to-down transition). This corresponds to the ifLastChange object in the standard interface MIB. The value is the timestamp in nanoseconds relative to the Unix Epoch (Jan 1, 1970 00:00:00 UTC).
vsr> show state vrf <vrf> interface vrrp <vrrp> last-change
network-stack¶
Network stack parameters for this interface.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack
ipv4¶
IPv4 parameters.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
send-redirects¶
Send ICMP redirect if host is on the same network than gateway.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vsr running ipv4# send-redirects true|false
accept-redirects¶
Accept redirect when acting as a host. It is always disabled when acting as a router. Must be activated at vrf or system level too to be activated.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vsr running ipv4# accept-redirects true|false
accept-source-route¶
Accept packets with source route option. Must be activated at vrf or system level too to be activated.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vsr running ipv4# accept-source-route true|false
arp-announce¶
Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface. Increasing the restriction level gives more chance for receiving answer from the resolved target while decreasing the level announces more valid sender’s information.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vsr running ipv4# arp-announce ARP-ANNOUNCE
|
Description |
---|---|
any |
Use any local address, configured on any interface. |
avoid-not-in-subnet |
Try to avoid local addresses that are not in the target’s subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2, ‘best-local’. |
best-local |
Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce. |
arp-filter¶
Allows to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP’d IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vsr running ipv4# arp-filter true|false
arp-ignore¶
Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vsr running ipv4# arp-ignore ARP-IGNORE
|
Description |
---|---|
any |
Reply for any local target IP address, configured on any interface. |
check-interface |
Reply only if the target IP address is local address configured on the incoming interface. |
check-interface-and-subnet |
Reply only if the target IP address is local address configured on the incoming interface and both with the sender’s IP address are part from same subnet on this interface. |
ignore-scope |
Do not reply for local addresses configured with scope host, only resolutions for global and link addresses are replied. |
ignore-all |
Do not reply for all local addresses. |
arp-proxy¶
Enable ARP proxy.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vsr running ipv4# arp-proxy true|false
log-invalid-addresses¶
Log packets with impossible addresses.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv4
vsr running ipv4# log-invalid-addresses true|false
ipv6¶
IPv6 parameters.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
autoconfiguration¶
Autoconfigure addresses using Prefix Information in Router Advertisements.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vsr running ipv6# autoconfiguration true|false
accept-router-advert¶
Accept Router Advertisements.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vsr running ipv6# accept-router-advert ACCEPT-ROUTER-ADVERT
|
Description |
---|---|
never |
Do not accept Router Advertisements. |
norouter-mode |
Accept Router Advertisements if forwarding is disabled. |
always |
Accept Router Advertisements even if forwarding is enabled. |
accept-redirects¶
Accept redirect when acting as a host. It is always disabled when acting as a router.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vsr running ipv6# accept-redirects true|false
accept-source-route¶
Accept packets with source route option.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vsr running ipv6# accept-source-route true|false
router-solicitations¶
Number of Router Solicitations to send until assuming no routers are present.
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vsr running ipv6# router-solicitations <int16>
use-temporary-addresses¶
Preference for Privacy Extensions (RFC4941). Not applied to point-to- point and loopback devices (always 0).
vsr running config# vrf <vrf> interface vrrp <vrrp> network-stack ipv6
vsr running ipv6# use-temporary-addresses USE-TEMPORARY-ADDRESSES
|
Description |
---|---|
never |
Disable Privacy Extensions, i.e. use the public address, subnet prefix/interface id, where interface id is always the same. |
prefer-public-addresses |
Enable Privacy Extensions, but prefer public addresses over temporary addresses. |
always |
Enable Privacy Extensions and prefer temporary addresses over public addresses. |
authentication¶
Authentication parameters.
vsr running config# vrf <vrf> interface vrrp <vrrp> authentication
auth-type¶
Authentication type: password or IPsec. Authentication is disabled if unset.
vsr running config# vrf <vrf> interface vrrp <vrrp> authentication
vsr running authentication# auth-type AUTH-TYPE
|
Description |
---|---|
pass |
Password. |
ah |
AH. |
auth-pass¶
VRRP password. It should be the same on all VRRP instances.
vsr running config# vrf <vrf> interface vrrp <vrrp> authentication
vsr running authentication# auth-pass <string>
unicast-peer¶
IP addresses of unicast peers. If the list is not empty, do not send VRRP advertisements over a VRRP multicast group but to this list of peers.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># unicast-peer <unicast-peer>
<unicast-peer> |
An IPv4 or IPv6 address. |
virtual-address¶
IP addresses added on master switch and deleted on backup switch.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># virtual-address <virtual-address>
<virtual-address> |
A masked IPv4 or IPv6 address: address and prefix of that subnet. |
virtual-route¶
Routes added on master switch and deleted on backup switch.
vsr running config# vrf <vrf> interface vrrp <vrrp>
vsr running vrrp <vrrp># virtual-route <virtual-route> interface <string> \
... gw GW
<virtual-route> |
An IPv4 or IPv6 prefix: address and CIDR mask. |
counters (state only)¶
A collection of interface-related statistics objects.
in-octets (state only)¶
The total number of octets received on the interface, including framing characters. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.
vsr> show state vrf <vrf> interface vrrp <vrrp> counters in-octets
in-unicast-pkts (state only)¶
The number of packets, delivered by this sub-layer to a higher (sub-)layer, that were not addressed to a multicast or broadcast address at this sub-layer. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.
vsr> show state vrf <vrf> interface vrrp <vrrp> counters in-unicast-pkts
in-discards (state only)¶
The number of inbound packets that were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.
vsr> show state vrf <vrf> interface vrrp <vrrp> counters in-discards
in-errors (state only)¶
For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher- layer protocol. For character- oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re- initialization of the management system, and at other times as indicated by the value of ‘last-clear’.
vsr> show state vrf <vrf> interface vrrp <vrrp> counters in-errors
out-octets (state only)¶
The total number of octets transmitted out of the interface, including framing characters. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.
vsr> show state vrf <vrf> interface vrrp <vrrp> counters out-octets
out-unicast-pkts (state only)¶
The total number of packets that higher-level protocols requested be transmitted, and that were not addressed to a multicast or broadcast address at this sub-layer, including those that were discarded or not sent. Discontinuities in the value of this counter can occur at re- initialization of the management system, and at other times as indicated by the value of ‘last-clear’.
vsr> show state vrf <vrf> interface vrrp <vrrp> counters out-unicast-pkts
out-discards (state only)¶
The number of outbound packets that were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.
vsr> show state vrf <vrf> interface vrrp <vrrp> counters out-discards
out-errors (state only)¶
For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.
vsr> show state vrf <vrf> interface vrrp <vrrp> counters out-errors
ipv4 (state only)¶
Parameters for the IPv4 address family.
enabled (state only)¶
Controls whether IPv4 is enabled or disabled on this interface. When IPv4 is enabled, this interface is connected to an IPv4 stack, and the interface can send and receive IPv4 packets.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 enabled
address (state only)¶
The list of configured IPv4 addresses on the interface.
peer (state only)¶
The IPv4 address of the remote endpoint for point to point interfaces.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 address <address> peer
origin (state only)¶
The origin of this address, e.g., statically configured, assigned by DHCP, etc..
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 address <address> origin
neighbor (state only)¶
A list of mappings from IPv4 addresses to link-layer addresses. Entries in this list are used as static entries in the ARP Cache.
link-layer-address (state only)¶
The link-layer address of the neighbor node.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 neighbor <neighbor> link-layer-address
state (state only)¶
The state of this neighbor entry.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 neighbor <neighbor> state
dhcp (state only)¶
DHCP client configuration.
enabled (state only)¶
Enable or disable DHCP.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp enabled
timeout (state only)¶
Time before deciding that it’s not going to be able to contact a server.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp timeout
retry (state only)¶
Time before trying again to contact a DHCP server.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp retry
select-timeout (state only)¶
Time at which the client stops waiting for other offers from servers.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp select-timeout
reboot (state only)¶
Time after trying to reacquire its old address before trying to discover a new address.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp reboot
initial-interval (state only)¶
Time between the first attempt to reach a server and the second attempt to reach a server.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp initial-interval
dhcp-lease-time (state only)¶
Requested lease time.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp dhcp-lease-time
dhcp-client-identifier-ascii (state only)¶
DHCP client identifier (ASCII).
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp dhcp-client-identifier-ascii
dhcp-client-identifier-hexa (state only)¶
DHCP client identifier (hexadecimal).
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp dhcp-client-identifier-hexa
host-name (state only)¶
DHCP client name.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp host-name
request (state only)¶
DHCP requests.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp request
current-lease (state only)¶
Current lease.
fixed-address (state only)¶
The IPv4 address on the interface.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp current-lease fixed-address
renew (state only)¶
Time at which the client should begin trying to contact its server to renew its lease.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp current-lease renew
rebind (state only)¶
Time at which the client should begin to try to contact any dhcp server to renew its lease.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp current-lease rebind
expire (state only)¶
Time at which the client must stop using a lease if it has not been able to renew it.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv4 dhcp current-lease expire
ipv6 (state only)¶
Parameters for the IPv6 address family.
enabled (state only)¶
Controls whether IPv6 is enabled or disabled on this interface. When IPv6 is enabled, this interface is connected to an IPv6 stack, and the interface can send and receive IPv6 packets.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv6 enabled
address (state only)¶
The list of configured IPv6 addresses on the interface.
peer (state only)¶
The IPv6 address of the remote endpoint for point to point interfaces.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv6 address <address> peer
origin (state only)¶
The origin of this address, e.g., static, dhcp, etc.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv6 address <address> origin
status (state only)¶
The status of an address. Most of the states correspond to states from the IPv6 Stateless Address Autoconfiguration protocol.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv6 address <address> status
neighbor (state only)¶
List of IPv6 neighbors.
link-layer-address (state only)¶
The link-layer address of the neighbor node.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv6 neighbor <neighbor> link-layer-address
router (state only)¶
Indicates that the neighbor node acts as a router.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv6 neighbor <neighbor> router
state (state only)¶
The state of this neighbor entry.
vsr> show state vrf <vrf> interface vrrp <vrrp> ipv6 neighbor <neighbor> state