Understanding VRRP: Virtual Router Redundancy Protocol

Virtual Router Redundancy Protocol (VRRP) is an open standard fault-tolerant protocol that provides redundancy and improves network reliability. It can also be used to create a virtual gateway.

 

There are two versions of VRRP:

  1. VRRPv2 – supports IPv4
  2. VRRPv3 – supports IPv4 and IPv6

 

HSRVP vs. VRRP

VRRP functions like HSRP but the following differences should be remembered:

HSRPVRRP
ProprietaryOpen Standard
RFC 2281RFC 3768

Cannot set physical IP as Virtual IP address (VIP)

Can use physical IP as Virtual IP (VIP) if needed
One Active Router, one Standby Router, all others are listeningOne Master router, all other routers are Backup routers
Can track an interface for failoverCan track an interface for failover. It can also track the reachability of an IP address depending on the operating system and version.
Uses multicast IP address 224.0.0.2 for version 1 and 224.0.0.102 for version 2.Uses multicast IP address 224.0.0.18

VIP gateway uses virtual MAC address 0000.0c07.acXX where XX is the group ID.

VIP gateway uses 0000.5e00.01xx, where XX is the group ID

 

Legacy Configuration

Now, let’s discuss the virtual routers’ configurations. We have two ways of configuring VRRP routers, the legacy configuration, and the hierarchical configuration. We’ll do the legacy first and use the topology below.

VRRP

 

In configuring VRRPv2, we only need to define instance ID and VIP or virtual IP.

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface GigabitEthernet 0/1
R1(config-if)#ip address 10.10.10.3 255.255.255.0
R1(config-if)#vrrp 10 ip 10.10.10.1
R1(config-if)#
*Mar 2 16:45:46.586: %VRRP-6-STATECHANGE: Gi0/1 Grp 10 state Init -> Backup
*Mar 2 16:45:50.195: %VRRP-6-STATECHANGE: Gi0/1 Grp 10 state Backup -> Master

 

R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface GigabitEthernet 0/0
R2(config-if)#
R2(config-if)#ip address 10.10.10.2 255.255.255.0
R2(config-if)#vrrp 10 ip 10.10.10.1
R2(config-if)#
*Mar 2 16:47:55.877: %VRRP-6-STATECHANGE: Gi0/0 Grp 10 state Init -> Backup
*Mar 2 16:47:55.882: %VRRP-6-STATECHANGE: Gi0/0 Grp 10 state Init -> Backup

 

For our verification, we can use the following show commands.
Master router:

R1#sh vrrp
GigabitEthernet0/1 - Group 10 
  State is Master  
  Virtual IP address is 10.10.10.1
  Virtual MAC address is 0000.5e00.010a
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100 
  Master Router is 10.10.10.3 (local), priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec

R1#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/1              10  100 3609       Y  Master  10.10.10.3      10.10.10.1

 

Backup router:

R2#sh vrrp
GigabitEthernet0/0 - Group 10 
  State is Backup  
  Virtual IP address is 10.10.10.1
  Virtual MAC address is 0000.5e00.010a
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100 
  Master Router is 10.10.10.3, priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec (expires in 3.331 sec)

R2#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0              10  100 3609       Y  Backup  10.10.10.3      10.10.10.1

 

There are optional configurations as well, such as:

  • VRRP Priority – Router with a higher priority is elected to become the master router.
R1(config-if)#vrrp 10 priority ?
<1-254> Priority level

 

  • Object Tracking – Priority can be decremented whenever tracked object is down. We can track different objects like application, interface, IP SLA, IP route, etc.
R1(config-if)#vrrp 10 track ?
<1-1000> Tracked object

R1(config-if)#vrrp 10 track 1 decrement ?
<1-255> Decrement value

 

  • VRRP Authentication – VRRP router can ignore unauthenticated VRRP protocol messages.
R1(config-if)#vrrp 10 authentication ?
WORD Plain text authentication string
md5 Use MD5 authentication
text Plain text authentication

 

Hierarchical Configuration

Newer IOS versions support a multi-address format that is hierarchical. Using the same topology above, here’s a sample configuration:

R1(config)#fhrp version vrrp v3
R1(config)#int gi0/1
R1(config-if)#vrrp 10 address-family ipv4 
R1(config-if-vrrp)#address 10.10.10.1
R1(config-if-vrrp)#
*Mar  2 17:28:34.770: %VRRP-6-STATE: GigabitEthernet0/1 IPv4 group 10 state INIT -> BACKUP
*Mar  2 17:28:38.380: %VRRP-6-STATE: GigabitEthernet0/1 IPv4 group 10 state BACKUP -> MASTER

 

We can verify using the same show commands:

R1#sh vrrp
GigabitEthernet0/1 - Group 10 - Address-Family IPv4
  State is MASTER
  State duration 45.539 secs
  Virtual IP address is 10.10.10.1
  Virtual MAC address is 0000.5E00.010A
  Advertisement interval is 1000 msec
  Preemption enabled
  Priority is 100
  Master Router is 10.10.10.3 (local), priority is 100
  Master Advertisement interval is 1000 msec (expires in 128 msec)
  Master Down interval is unknown

R1#sh vrrp brief
  Interface          Grp  A-F Pri  Time Own Pre State   Master addr/Group addr
  Gi0/1               10 IPv4 100     0  N   Y  MASTER  10.10.10.3(local) 10.10.10.1

 

For the optional configurations, we also have:

  • Version – VRRPv2 and VRRPv3 are not compatible.
R1(config)#fhrp version vrrp ?
  v2  Legacy VRRP - VRRPv2 for IPv4
  v3  Unified VRRP - VRRPv3 for IPv4 and IPv6
  • VRRP Priority
  • Object Tracking

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: