VRRP Help Part Deux

visitor68 · ‎06-20-2009

I created a new thread because the other one has sort of been closed by the fact that I marked some answers as having resolved the issue (red check mark), so i think no one is going to open the thread.

Jon or anyone else, of course:

Here is the final configuration for VRRP that the engineer says he finally got to work.

Now, this makes more sense than the really weird stuff I have been posting from him.

But something is still wrong. Notice the duplicate IP addresses on the actual vlan interfaces and the fact that the vrrp VIPs are different. Also notice the output of the 'sho vrrp br' comand on router 3.

This is all normally straightforward to me. VRRP is almost exactly like HSRP with some minor differences, but the configuration is almost identical in its execution and logic.

I do know that VRRP does allow you to configure one of the routers with the VIP address (router interface and VIP are the same)- and in the event of a failure, the standby takes over that address. Its a feature you can use, but it doesnt apply to what this engineer has configured here anyway.

7609-4#sh run

interface Vlan11

ip address 71.22.16.2 255.255.252.0

vrrp 1 ip 71.23.64.3

vrrp 2 ip 71.22.16.3

!

interface Vlan21

ip address 10.36.144.2 255.255.255.0

vrrp 3 ip 10.36.144.3

!

interface Vlan22

ip address 10.36.145.2 255.255.255.0

vrrp 4 ip 10.36.145.3

!

interface Vlan23

ip address 10.36.146.2 255.255.255.0

shutdown

vrrp 5 ip 10.36.146.3

7609-3#sh run

interface Vlan11

ip address 71.22.16.2 255.255.252.0

vrrp 1 ip 71.23.64.1

vrrp 1 priority 200

vrrp 2 ip 71.22.16.1

vrrp 2 priority 200

!

interface Vlan21

ip address 10.36.144.2 255.255.255.0

vrrp 3 ip 10.36.144.1

vrrp 3 priority 200

!

interface Vlan22

ip address 10.36.145.2 255.255.255.0

vrrp 4 ip 10.36.145.1

vrrp 4 priority 200

!

interface Vlan23

ip address 10.36.146.2 255.255.255.0

vrrp 5 ip 10.36.146.1

vrrp 5 priority 200

!

NC-CLT1-7609-3#sh vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr

Vl11 1 200 3218 Y Init 0.0.0.0 71.23.64.1

Vl11 2 200 3218 Y Init 0.0.0.0 71.22.16.1

Vl21 3 200 3218 Y Init 0.0.0.0 10.36.144.1

Vl22 4 200 3218 Y Init 0.0.0.0 10.36.145.1

Vl23 5 200 3218 Y Init 0.0.0.0 10.36.146.1

=============================

Thotsaphon Lueangwattanaphong · ‎06-20-2009

Joe,

I'm a bit confused on your configuration. You assigned the same ip address on the physical interface on both devices. I want to know when using a "show vrrp" command what router says about Master router's ip address . And you configured VIP with different IP address on the same group. D'oh!!![Pretending to be Simpson](grin)

What about this kind of configuration?

7609-4#sh run

interface Vlan11

ip address 71.22.16.1 255.255.252.0

ip address 71.23.64.1 255.255.255.0 secondary

vrrp 1 ip 71.22.16.3

vrrp 2 ip 71.23.64.3

!

#########################

7609-3#sh run

interface Vlan11

ip address 71.22.16.2 255.255.252.0

ip address 71.23.64.2 255.255.255.0 secondary

vrrp 1 ip 71.22.16.3

vrrp 1 priority 200

vrrp 2 ip 71.23.64.3

vrrp 2 priority 200

!

Please check out this link: http://www.cisco.com/en/US/docs/ios/12_0st/12_0st18/feature/guide/st_vrrpx.html#wp1036615

HTH,

Toshi

Giuseppe Larosa · ‎06-20-2009

Hello Joe,

there is something still not working.

Here it is the link to sh vrrp in command reference

http://www.cisco.com/en/US/docs/ios/ipapp/command/reference/iap_s2.html#wp1077496

we see that master address is 0.0.0.0 and state is stucked to Init.

This happens also for the VRRP groups where the VIP address belongs to the IP subnet on the interface.

I'm afraid that VRRP is designed to have the VIP address identical to the interface ip address of one of the routers.

Probably all routers are waiting for the master device to start to send advertisements so they are stucked in init state.

see

http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054602

We should look at VRRP RFC to be sure of this

http://www.faqs.org/rfcs/rfc3768.html

It says:

The only exception is that a VRRP router will

always become Master of any virtual router associated with addresses

it owns.

Hope to help

Giuseppe

visitor68 · ‎06-20-2009

Hi, Toshi

I dont think you understand. I did not create these configurations. One of my engineers did and I am questioning its correctness, which is precisely why I posted here. The comments you make are also the ones I make in the introductory paragraph of this thread.

Thotsaphon Lueangwattanaphong · ‎06-20-2009

Joe,

Sorry I missed reading you didn't configure that. Configuration should not be like that. Time to fix it.

Toshi

visitor68 · ‎06-20-2009

Giuseppe:

I am in total agreement with what you and Toshi are saying. I know this configuration is wrong nd I know whats wrong with it.

So why did I post it here? I just wanted other opinions before I approach my engineer so as to avoid any embarrassing situation for him. I just wanted to be 100% sure, since I usually do not configure VRRP, but normally use HSRP.

Thanks