1.1.0/VRRP

From VyOS Wiki
Jump to: navigation, search

The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. more information in Wikipedia VRRP. Example Link

Deprecation warning

This article describes the old syntax used by VyOS 1.1.x and older. VyOS 1.2.0+ uses a different syntax that you can read about in the VRRP page.


Configuration commands

interfaces ethernet eth0 vrrp 
   vrrp-group <1-255> #VRRP group number
      advertise-interval <1-255> #Advertise interval (default 1)
      authentication
      description  #Description
      disable  #VRRP group disabled
      hello-source-address <x.x.x.x> #Source address for vrrp hello packets (optional)
      preempt <boolean> #Preempt mode
      preempt-delay <0-1000> #Preempt Delay in seconds
      priority <1-255> #Priority
      rfc3768-compatibility
      run-transition-scripts  #Scripts for VRRP state-transitions
      sync-group <text> #Add this vrrp group to a sync group
      virtual-address <x.x.x.x> #Virtual IP address (up to 20 per group)

Example

The next example, is a simple configuration of VRRP. A higher priority number designates the master.

VRRP example

Router 10.0.0.11

set interfaces ethernet eth0 vrrp vrrp‐group 10
set interfaces ethernet eth0 vrrp vrrp‐group 10 virtual‐address 10.0.0.10/24
set interfaces ethernet eth0 vrrp vrrp‐group 10 preempt true
set interfaces ethernet eth0 vrrp vrrp‐group 10 priority 150
commit
save
#
show interfaces ethernet eth0 vrrp 
vrrp‐group 10 {
  preempt true
  priority 150
  virtual‐address 10.0.0.10/24
}

Router 10.0.0.12

set interfaces ethernet eth0 vrrp vrrp‐group 10
set interfaces ethernet eth0 vrrp vrrp‐group 10 virtual‐address 10.0.0.10/24
set interfaces ethernet eth0 vrrp vrrp‐group 10 priority 100
commit
save
#
show interfaces ethernet eth0 vrrp 
vrrp‐group 10 {
  priority 100
  virtual‐address 10.0.0.10/24
}

N.B. In order to make dynamic routing protocols (like iBGP,OSPF or RIP) work correctly with VRRP-enabled subnets, it's a good idea to assign some not related technical ip addresses to physical interfaces, e.g.

Router 10.0.0.11

  set interfaces ethernet eth0 address 192.168.10.11/24

Router 10.0.0.12

  set interfaces ethernet eth0 address 192.168.10.12/24

VRRP will correctly work over this addresses, but only MASTER will be responsible for 10.0.0.0/24 subnet


Firewall Rules

Make sure you allow vrrp protocol packets to be sent and received by the interfaces being used. WAN interfaces will need to have these explicitly allowed in most cases.

rule 10 {
    action accept
    description 'Allow VRRP from peer firewall 1.1.1.1'
    protocol vrrp
    source {
        address 1.1.1.1
    }
}