Scribd Logo
Upload

Welcome to Scribd!

  • Dell Ftos 07 VRRP

    Uploaded by

    Bambang Adi
    180 views8 pages
    07

    Original Title

    Dell Ftos 07 Vrrp

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    07

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    180 views8 pages

    Dell Ftos 07 VRRP

    Uploaded by

    Bambang Adi
    07

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Dell Force10

    VRRP Implementation,
    Configuration and
    Troubleshooting
    Module 7

    Objectives

    7-2

    VRRP Overview
    VRRP Scalability
    Configure VRRP
    VRRP Debugging
    VRRP Troubleshooting

    What is the Virtual Router Redundancy


    Protocol (VRRP)?
    INTERNET

    R1

    R2
    .111.2

    .111.1

    R3

    R4
    .111.3

    .111.4

    Virtual IP = 10.10.111.254
    VRRP GROUP 10

    10.10.111.0 /24

    C:\WINDOWS>ipconfig
    Windows IP Configuration

    .111.50

    Ethernet adapter Local Area Connection:


    Connection-specific
    IP Address. . . . .
    Subnet Mask . . . .
    Default Gateway . .

    DNS
    . .
    . .
    . .

    Suffix
    . . . .
    . . . .
    . . . .

    .
    .
    .
    .

    :
    :
    :
    :

    force10.com
    10.10.111.9
    255.255.255.0
    10.10.111.254

    .111.9

    7-3

    VRRP Overview
    Eliminates the single point of failure in any network
    A virtual ip-address is assigned to the edge router(s), with hosts on
    that network treating it as default gateway

    Election mechanism dynamically elects a Master and one or more


    Backup Virtual routers, based on the VRRP groups priorities
    Master VRRP router assumes the task of forwarding data packets
    from the local network to the outside world
    In the event of Masters death, a backup router with highest priority is
    elected new Master
    Priority of a VRRP group is a factor of the configured value and the
    state of tracked interfaces

    7-4

    VRRP Platform Support


    E-Series supports an unlimited number of VRRP groups, and up to
    255 VRRP groups on a single interface
    C-Series supports 128 VRRP groups and up to 12 VRRP groups per
    interface
    S-Series supports 120 VRRP groups
    Like, C-Series up to 12 virtual IP addresses are supported within a single
    VRRP group

    7-5

    VRRP Scalability Limits


    Though FTOS supports unlimited VRRP groups, certain inherent factors affect the
    maximum number of groups that can be configured and expected to work properly.
    The main factor affecting the number of VRRP groups is the throttling of VRRP
    advertisement packets reaching the RP2 processor on the E-Series, the CP on the C
    Series, or on the FP on the S Series. To avoid the throttling VRRP advertisement
    packets, Force10 recommends you increase the VRRP advertisement interval to a
    value higher that the default value of 1 second.
    The recommendations are as follows:
    Groups / Interface

    Recommended Advertise Interval


    Total VRRP
    groups

    E-Series

    C-Series

    S-Series

    E-Series

    C-Series

    S-Series

    <250

    1 second

    1 second

    1 second

    255

    12

    12

    250-449

    2 seconds

    2-3 seconds

    2-3 seconds

    255

    24

    24

    450-599

    3 seconds

    4 seconds

    3-4 seconds

    255

    36

    36

    600- 799

    4 seconds

    5 seconds

    4 seconds

    255

    48

    48

    800-999

    5 seconds

    5 seconds

    5 seconds

    255

    84

    84

    1000-1199

    7 seconds

    7 seconds

    7 seconds

    255

    100

    100

    1200-1499

    8 seconds

    8 seconds

    8 seconds

    255

    120

    120

    7-6

    VRRP Implementation in FTOS


    Groups (vrid) can be numbered from 1 to 255

    Multiple groups with same vrid can exist on multiple interfaces

    Virtual addresses must belong to either primary or secondary address


    subnet
    Support for tracking up to 12 interfaces that are not part of a VRRP
    group.
    Concept of owner router, where the virtual ip address is same as the
    interfaces address, saving precious address pool
    hold-down time (the time a backup router must wait before
    transforming into master router) gives better control over election
    process.
    Priority for a VRRP group can be assigned anywhere from 1 to 255
    simple authentication type supported
    Option of preempting / not preempting supported

    7-7

    Steps to Configure VRRP


    1.

    Enable VRRP process from interface configuration mode


    Force10(conf-if-x/y)# vrrp-group vrid <1-255>

    2.

    Assign virtual address(es) from vrrp configuration mode


    Force10(conf-if-x/y-vrid-10)# virtual-address ip-address1
    [ .. ip-address12]

    3.

    Configure VRRP parameters (optional)


    Force10(conf-if-x/y-vrid-10)# priority <1-255>
    Force10(conf-if-x/y-vrid-10)# advertise-interval <1-255>
    Force10(conf-if-x/y-vrid-10)# track <interface> prioritycost <1-254>
    Force10(conf-if-x/y-vrid-10)# authentication-type simple
    <password>
    Force10(conf-if-x/y-vrid-10)# hold-time <0-65535>
    Force10(conf-if-x/y-vrid-10)# preempt

    4.

    To disable VRRP (optional)


    Force10(conf-if-x/y-vrid-10)# disable

    7-8

    VRRP Show Commands


    Displays brief information of all the vrrp groups configured on the
    chassis: Force10# show vrrp brief
    Force10#show vrrp brief
    Interface Grp Pri Pre State Master addr
    Virtual addr(s)
    --------------------------------------------------------------Gi 0/6
    10
    201 Y
    Master 1.1.1.1
    1.1.1.100
    Interface Grp Pri Pre State Master addr
    Virtual addr(s)
    --------------------------------------------------------------Gi 0/6
    10
    125
    Y
    Backup 1.1.1.1
    1.1.1.100

    Displays detailed information of all the vrrp groups configured on


    the chassis: Force10# show vrrp
    Force10#show vrrp
    -----------------GigabitEthernet 0/6, VRID: 10, Net: 1.1.1.1
    State: Master, Priority: 201, Master: 1.1.1.1 (local)
    Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec
    Adv rcvd: 1378, Bad pkts rcvd: 0, Adv sent: 23132, Gratuitous ARP sent:
    6
    Virtual MAC address:
    00:00:5e:00:01:0a
    Virtual IP address:
    1.1.1.100
    Authentication:
    type: simple

    7-9

    VRRP Show Commands (cont)


    Displays detailed information of the specified vrrp groups
    Force10# show vrrp <1-255>
    Force10#show vrrp 10
    -----------------GigabitEthernet 0/6, VRID: 10, Net: 1.1.1.1
    State: Master, Priority: 201, Master: 1.1.1.1 (local)
    Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec
    Adv rcvd: 1379, Bad pkts rcvd: 0, Adv sent: 23700, Gratuitous ARP sent: 6
    Virtual MAC address:
    00:00:5e:00:01:0a
    Virtual IP address:
    1.1.1.100
    Authentication:
    type: simple

    Displays detailed information of all the vrrp groups configured on


    the specified interface
    Force10# show vrrp <interface> < slot/port>
    Force10#show vrrp gig 0/6
    -----------------GigabitEthernet 0/6, VRID: 10, Net: 1.1.1.1
    State: Master, Priority: 201, Master: 1.1.1.1 (local)
    Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec
    Adv rcvd: 1379, Bad pkts rcvd: 0, Adv sent: 23922, Gratuitous ARP sent: 6
    Virtual MAC address:
    00:00:5e:00:01:0a
    Virtual IP address:
    1.1.1.100
    Authentication:
    type: simple

    7-10

    VRRP Show Commands (cont)


    Details of the vrrp group configured on the interface
    Force10# show vrrp <vrid> <interface> <slot/port>
    Force10#show vrrp 10 gig 0/6
    GigabitEthernet 0/6, VRID: 10, Net: 1.1.1.1
    State: Master, Priority: 201, Master: 1.1.1.1 (local)
    Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec
    Adv rcvd: 1379, Bad pkts rcvd: 0, Adv sent: 24021, Gratuitous ARP sent: 6
    Virtual MAC address:
    00:00:5e:00:01:0a
    Virtual IP address:
    1.1.1.100
    Authentication:
    type: simple

    Brief vrrp group information configured on the interface


    Force10# show vrrp <vrid> <interface> < slot/port> brief
    Force10#show vrrp 10 gig 0/6 brief
    Interface Grp Pri Pre State Master addr
    Virtual addr(s)
    ----------------------------------------------------------------Gi 0/6
    10
    201 Y
    Master 1.1.1.1
    1.1.1.100
    Interface Grp Pri Pre State Master addr
    Virtual addr(s)
    ----------------------------------------------------------------Gi 0/6
    10
    125
    Y
    Backup 1.1.1.1
    1.1.1.100

    7-11

    Sample VRRP Debug Outputs


    Force10# debug vrrp [vrrp-id] {all | interface | packets
    | state }
    Force10#debug vrrp packets
    VRRP (all groups all interfaces) packets debugging is ON
    Force10#07:14:37 : VRRP- Gi 10/2 sent pkt(lenz:20), ver:2, type:1, VRID:10, prio:70,
    advint:3
    07:14:37 : ipcnt:1, ip:1.1.1.100
    07:14:37 : authtype: simple, authdata: 66 6f 72 63 65 00 00 00

    Force10#debug vrrp 10 packets


    VRRP (group 10; all interfaces) packets debugging is ON
    Force10#07:15:16 : VRRP- Gi 10/2 sent pkt(lenz:20), ver:2, type:1, VRID:10, prio:70,
    advint:3
    07:15:16 : ipcnt:1, ip:1.1.1.100
    07:15:16 : authtype: simple, authdata: 66 6f 72 63 65 00 00 00

    Force10#debug vrrp gigabitethernet 10/2 packets


    VRRP (all groups GigabitEthernet 10/2) packets debugging is ON
    Force10#07:15:52 : VRRP- Gi 10/2 sent pkt(lenz:20), ver:2, type:1, VRID:10, prio:70,
    advint:3
    07:15:52 : ipcnt:1, ip:1.1.1.100
    07:15:52 : authtype: simple, authdata: 66 6f 72 63 65 00 00 00

    7-12

    More VRRP Debug Outputs


    Force10# debug vrrp 10 gigabitethernet 10/2 all
    Force10#debug vrrp 10 gigabitethernet 10/2 all
    VRRP (group 10; GigabitEthernet 10/2) all debugging is ON
    Force10#07:16:13 : VRRP_TIMER: vrrp(grp:10; Gi 10/2) MASTER adv
    timeout in MASTER state
    07:16:13 : VRRP_STATE: vrrp(grp:10; Gi 10/2) sending advertisement.
    07:16:13 : VRRP- Gi 10/2 sent pkt(lenz:20), ver:2, type:1, VRID:10, prio:70, advint:3
    07:16:13 : ipcnt:1, ip:1.1.1.100
    07:16:13 : authtype: simple, authdata: 66 6f 72 63 65 00 00 00

    Force10# debug vrrp gigabitethernet 10/2 state


    Force10#debug vrrp gigabitethernet 10/2 state
    VRRP (all groups GigabitEthernet 10/2) state debugging is ON
    Force10#07:16:58 : VRRP_STATE: vrrp(grp:10; Gi 10/2) sending
    advertisement.
    07:17:01 : VRRP_STATE: vrrp(grp:10; Gi 10/2) sending advertisement.

    7-13

    VRRP Troubleshooting:
    Configurations not matching

    If the advertising intervals are not the same in the vrrp group then the
    following message is logged

    Jan 8 15:26:22: %RPM0-P:RP2 %VRRP-3-VRRP_BAD_ADVINTVL: vrid-100 on Te 3/1 rcvd pkt with


    advertise interval mismatched mine=2 rcvd=1.
    Jan 8 15:26:23: %RPM0-P:RP2 %VRRP-3-VRRP_BAD_ADVINTVL: vrid-100 on Te 3/1 rcvd pkt with
    advertise interval mismatched mine=2 rcvd=1.
    Jan 8 15:26:24: %RPM0-P:RP2 %VRRP-3-VRRP_BAD_ADVINTVL: vrid-100 on Te 3/1 rcvd pkt with
    advertise interval mismatched mine=2 rcvd=1.

    If the virtual addresses are not the same between the groups then the
    following message is logged.
    Jan 8 15:36:29: %RPM0-P:RP2 %VRRP-3-VRRP_BAD_CONF: vrid-100 on Te 3/1 rcvd pkt with
    mismatched virtual addresses.
    Jan 8 15:36:40: %RPM0-P:RP2 %VRRP-3-VRRP_BAD_CONF: vrid-100 on Te 3/1 rcvd pkt with
    mismatched virtual addresses. - repeated 11 times

    7-14

    VRRP Troubleshooting:
    Authentication Issues
    If simple authentication is configured on one side and no authentication
    is configured on the other side (between the VRRP groups) then the
    following message is logged
    Jan 8 15:38:25: %RPM0-P:RP2 %VRRP-3-VRRP_BAD_AUTH: vrid-100 on Te 3/1 rcvd pkt with
    authentication type mismatch
    Jan 8 15:38:26: %RPM0-P:RP2 %VRRP-3-VRRP_BAD_AUTH: vrid-100 on Te 3/1 rcvd pkt with
    authentication type mismatch
    Jan 8 15:38:27: %RPM0-P:RP2 %VRRP-3-VRRP_BAD_AUTH: vrid-100 on Te 3/1 rcvd pkt with
    authentication type mismatch

    Authentication type is same but the authentication-keys (password)


    are different:
    Jan 8 18:05:04: %RPM1-P:RP2 %VRRP-3-VRRP_BAD_AUTH: vrid-100 on Te 4/1 rcvd pkt with
    authentication failure
    Jan 8 18:05:05: %RPM1-P:RP2 %VRRP-3-VRRP_BAD_AUTH: vrid-100 on Te 4/1 rcvd pkt with
    authentication failure
    Jan 8 18:05:06: %RPM1-P:RP2 %VRRP-3-VRRP_BAD_AUTH: vrid-100 on Te 4/1 rcvd pkt with
    authentication failure

    7-15

    Summary

    7-16

    In this module we learned:


    VRRP Overview
    VRRP Scalability
    Configure VRRP
    VRRP Debugging
    VRRP Troubleshooting

    You might also like