Configuration Notes of VRRP
When configuring VRRP on a device, pay attention to the following points:
- Enable IP routing function before using this feature, for details please refer to Configuring IP Routing.
- VRRPv3 supports IPv4 and IPv6 address families while VRRPv2 only supports IPv4 addresses.
- As VRRPv2 and VRRPv3 interoperation is not supported, VRRP version must be the same on both devices in a VRRP group. If the VRRP versions on the switches in the same VRRP group are different, it may cause VRRP communication to fail.
- When upgrading, we recommend that PICOS versions of the VRRP group devices be upgraded to PICOS 2.11.10 or later versions at the same time, as PICOS supports VRRPv3 from PICOS 2.11.10.
- VRRP supports VRF function by binding the Layer 3 interface to a specified VRF.
- The following configurations must be identical on both devices in the same VRRP group,
- VRRP version.
- Interval of sending VRRP advertisement packets.
- Virtual IPvX lists.
- Active-Active VRRP mode. You should either enable or disable Active-Active VRRP mode on both VRRP devices.
- Authentication mode and authentication key.
- Active-Active VRRP mode supports only one Master and one Backup switch in a VRRP group. Standard VRRP mode supports one Master and several Backup switches in a VRRP group.
- One chassis switch supports a maximum of 128 VRRP groups. Please set the number of VRRP group based on device performance.
- One VRRP group supports a maximum of 254 virtual IPv4 addresses, and 64 virtual IPv6 addresses.
- Follow the rules below when configuring the virtual IPv4 / IPv6 address:
- For IPv4, the virtual IPv4 of the VRRP group and the IPv4 address of the interface should be configured in the same network segment to ensure that the VRRP group can work normally.
- The IP address of the virtual router can be either an unassigned IP address in the network segment where the VRRP group resides or the IP address of an interface on a router in the VRRP group. A router whose interface IP address is the same as the virtual IP address is called an "IP address owner".
- The virtual IPv4 address of the VRRP group cannot be all zeros, broadcast address (255.255.255.255), network address or network broadcast address of the segment where the virtual IP address resides, loopback address, non-A / B / C address or any other illegal IP Address (e.g., 0.0.0.1).
- For IPv6, the global virtual IPv6 address of the VRRPv3 group and the global IPv6 address of the interface should be configured in the same network segment to ensure that the VRRPv3 group can work normally.
- In one VRRP group, IPv4 and IPv6 networks cannot be mixed. That is, the configured virtual IP addresses in the same VRRP group could either be IPv4 addresses or IPv6 addresses.
- For IPv6, configure at least one link-local IPv6 address in a VRRPv3 group which will be used as the gateway address for the hosts, the format is FE80::/10.
- Virtual IP address list on both devices of VRRP group must be the same.
- Configure one or more global virtual IPv6 addresses, for the purpose of configuring global addresses via stateless address autoconfiguration of the downstream host (refer to RFC2462 IPv6 Stateless Address Autoconfiguration).
- The gateway address of the downstream host should be configured as the virtual IPvX address of the VRRP virtual router device. For IPv6, the gateway address should be the virtual link-local address.
- IPv4 address of Layer 3 interfaces in a VRRP group should be configured within the same network segment.
- Two devices in a VRRP group must be configured with the same VRID.
- It is recommended that VRRP groups on different L3 interfaces of a device should be configured with a different VRIDs.
- VRRPv3 protocol and the function of sending Router Advertisement message cannot be configured at the same time, as VRRPv3 master device could send Router Advertisements for the link-local addresses in virtual IP address list. Before you enable VRRPv3, disable sending RA message by using the command set l3-interface vlan-interface <interface-name> ipv6-nd suppress-ra true or set l3-interface routed-interface <interface-name> ipv6-nd suppress-ra true.routed-interfacerouted-interface
- When Accept Mode is disabled, PICOS can still accept and process IPv6 Neighbor Solicitations / Neighbor Advertisements packets and ARP Request / ARP Reply packets.
Copyright © 2024 Pica8 Inc. All Rights Reserved.