ON THIS PAGE
Example: Configuring VRRP for IPv4
This example shows how to configure VRRP properties for IPv4.
Requirements
This example uses the following hardware and software components:
-
Three routers
-
Junos OS Release 11.3 or later
- This example has been recently updated and revalidated on Junos OS Release 21.1R1.
- For details on VRRP support for specific platform and Junos OS release combinations, see Feature Explorer.
Overview
This example uses a VRRP group, which has a virtual address for IPv4. Devices on the LAN use this virtual address as their default gateway. If the primary router fails, the backup router takes over for it.
Configuring VRRP
Configuring Router A
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them
into a text file, remove any line breaks, change any details necessary to
match your network configuration, and then copy and paste the commands into
the CLI at the [edit] hierarchy level.
set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24 vrrp-group 1 virtual-address 10.1.1.254 set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24 vrrp-group 1 priority 110 set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24 vrrp-group 1 accept-data set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24 vrrp-group 1 track interface ge-0/0/2 priority-cost 20 set interfaces ge-0/0/2 unit 0 family inet address 10.1.3.1/24 set routing-options static route 0.0.0.0/0 next-hop 10.1.3.2
Step-by-Step Procedure
To configure this example:
-
Configure the interfaces.
[edit] user@routerA# set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24 user@routerA# set interfaces ge-0/0/2 unit 0 family inet address 10.1.3.1/24
-
Configure the IPv4 VRRP group identifier and the virtual IP address.
[edit interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24] user@routerA# set vrrp-group 1 virtual-address 10.1.1.254
-
Configure the priority for RouterA higher than RouterB to become the primary virtual router. RouterB is using the default priority of 100.
[edit interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24] user@routerA# set vrrp-group 1 priority 110
-
Configure
track interfaceto track whether the interface connected to the Internet is up, down, or not present to change the priority of the VRRP group.[edit interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24] user@routerA# set vrrp-group 1 track interface ge-0/0/2 priority-cost 20
-
Configure
accept-datato enable the primary router to accept all packets destined for the virtual IP address.[edit interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24] user@routerA# set vrrp-group 1 accept-data
-
Configure a static route for traffic to the Internet.
[edit] user@routerA# set routing-options static route 0.0.0.0/0 next-hop 10.1.3.2
Results
From configuration mode, confirm your configuration by entering the
show interfaces
and
show routing-options commands. If the output does not
display the intended configuration, repeat the instructions in this example
to correct the configuration.
[edit]
user@routerA# show interfaces
ge-0/0/1 {
unit 0 {
family inet {
address 10.1.1.1/24 {
vrrp-group 1 {
virtual-address 10.1.1.254;
priority 110;
accept-data;
track {
interface ge-0/0/2 {
priority-cost 20;
}
}
}
}
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 10.1.3.1/24;
}
}
}
[edit]
user@routerA# show routing-options
static {
route 0.0.0.0/0 next-hop 10.1.3.2;
}
If you are done configuring the device, enter commit from
configuration mode.
Configuring Router B
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them
into a text file, remove any line breaks, change any details necessary to
match your network configuration, and then copy and paste the commands into
the CLI at the [edit] hierarchy level.
set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.2/24 vrrp-group 1 virtual-address 10.1.1.254 set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.2/24 vrrp-group 1 accept-data set interfaces ge-0/0/2 unit 0 family inet address 10.1.4.1/24 set routing-options static route 0.0.0.0/0 next-hop 10.1.4.2
Step-by-Step Procedure
To configure this example:
-
Configure the interfaces.
[edit] user@routerB# set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.2/24 user@routerB# set interfaces ge-0/0/2 unit 0 family inet address 10.1.4.1/24
-
Configure the IPv4 VRRP group identifier and the virtual IP address.
[edit interfaces ge-0/0/1 unit 0 family inet address 10.1.1.2/24] user@routerB# set vrrp-group 1 virtual-address 10.1.1.254
-
Configure
accept-datato enable the backup router to accept all packets destined for the virtual IP address in the event the backup router becomes primary.[edit interfaces ge-0/0/1 unit 0 family inet address 10.1.1.2/24] user@routerB# set vrrp-group 1 accept-data
-
Configure a static route for traffic to the Internet.
[edit] user@routerB# set routing-options static route 0.0.0.0/0 next-hop 10.1.4.2
Results
From configuration mode, confirm your configuration by entering the
show interfaces and show
routing-options commands. If the output does not display the
intended configuration, repeat the instructions in this example to correct
the configuration.
[edit]
user@routerB# show interfaces
ge-0/0/1 {
unit 0 {
family inet {
address 10.1.1.2/24 {
vrrp-group 1 {
virtual-address 10.1.1.254;
accept-data;
}
}
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 10.1.4.1/24;
}
}
}
[edit]
user@routerB# show routing-options
static {
route 0.0.0.0/0 next-hop 10.1.4.2;
}
If you are done configuring the device, enter commit from
configuration mode.
Configuring Router C
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a
text file, remove any line breaks, change any details necessary to match your
network configuration, and then copy and paste the commands into the CLI at the
[edit] hierarchy level.
set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.3/24 set routing-options static route 0.0.0.0/0 next-hop 10.1.1.254
Verification
- Verifying That VRRP Is Working on Router A
- Verifying That VRRP Is Working on Router B
- Verifying Router C Reaches the Internet Transiting Router A
- Verifying Router B Becomes Primary for VRRP
Verifying That VRRP Is Working on Router A
Purpose
Verify that VRRP is active on Router A and that its role in the VRRP group is correct.
Action
Use the following commands to verify that VRRP is active on Router A, that the router is primary for group 1 and the interface connected to the Internet is being tracked.
user@routerA> show vrrp
Interface State Group VR state VR Mode Timer Type Address
ge-0/0/1.0 up 1 master Active A 0.779 lcl 10.1.1.1
vip 10.1.1.254
user@routerA> show vrrp track Track Int State Speed VRRP Int Group VR State Current prio ge-0/0/2.0 up 1g ge-0/0/1.0 1 master 110
Meaning
The show vrrp command displays fundamental information about
the VRRP configuration. This output shows that the VRRP group is active and
that this router has assumed the primary role. The lcl
address is the physical address of the interface and the
vip address is the virtual address shared by both
routers. The Timer value (A 0.779)
indicates the remaining time (in seconds) in which this router expects to
receive a VRRP advertisement from the other router.
Verifying That VRRP Is Working on Router B
Purpose
Verify that VRRP is active on Router B and that its role in the VRRP group is correct.
Action
Use the following command to verify that VRRP is active on Router B and that the router is backup for group 1.
user@routerB> show vrrp
Interface State Group VR state VR Mode Timer Type Address
ge-0/0/1.0 up 1 backup Active D 2.854 lcl 10.1.1.2
vip 10.1.1.254
mas 10.1.1.1
Meaning
The show vrrp command displays fundamental information about
the VRRP configuration. This output shows that the VRRP group is active and
that this router has assumed the backup role. The lcl
address is the physical address of the interface and the
vip address is the virtual address shared by both
routers. The Timer value (D 2.854)
indicates the remaining time (in seconds) in which this router expects to
receive a VRRP advertisement from the other router.
Verifying Router C Reaches the Internet Transiting Router A
Purpose
Verify connectivity to the Internet from Router C.
Action
Use the following commands to verify that Router C can reach the Internet.
user@routerC> ping 172.16.255.1 count 2 PING 172.16.255.1 (172.16.255.1): 56 data bytes 64 bytes from 172.16.255.1: icmp_seq=0 ttl=63 time=9.394 ms 64 bytes from 172.16.255.1: icmp_seq=1 ttl=63 time=30.536 ms --- 172.16.255.1 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 9.394/19.965/30.536/10.571 ms
user@routerC> traceroute 172.16.255.1 traceroute to 172.16.255.1 (172.16.255.1), 30 hops max, 52 byte packets 1 10.1.1.1 3.781 ms 37.650 ms 3.877 ms 2 172.16.255.1 31.581 ms 31.337 ms 27.170 ms
Meaning
The ping command shows
reachability
to the Internet and the traceroute command shows that
Router A is being transited.
Verifying Router B Becomes Primary for VRRP
Purpose
Verify that Router B becomes primary for VRRP when the interface between Router A and the Internet goes down.
Action
Use the following commands to verify that Router B is primary and that Router C can reach the Internet transiting Router B.
user@routerA> show vrrp track detail
Tracked interface: ge-0/0/2.0
State: down, Speed: 1g
Incurred priority cost: 20
Tracking VRRP interface: ge-0/0/1.0, Group: 1
VR State: backup
Current priority: 90, Configured priority: 110
Priority hold-time: disabled
user@routerB> show vrrp
Interface State Group VR state VR Mode Timer Type Address
ge-0/0/1.0 up 1 master Active A 0.079 lcl 10.1.1.2
vip 10.1.1.254
user@routerC> traceroute 172.16.255.1 traceroute to 172.16.255.1 (172.16.255.1), 30 hops max, 52 byte packets 1 10.1.1.2 6.532 ms 3.800 ms 2.958 ms 2 172.16.255.1 44.359 ms 16.268 ms 22.823 ms
Meaning
The show vrrp track detail command shows the tracked
interface is down on Router A, that the priority has dropped to 90, and that
Router A is now the backup. The show vrrp command shows
that Router B is now the primary for VRRP and the
traceroute command shows that Router B is now being
transited.