Configuring VRRP

This chapter contains the following sections:

• About VRRP, on page 1
• Information About VRRPv3 and VRRS, on page 6
• High Availability, on page 7
• Virtualization Support, on page 7
• Guidelines and Limitations for VRRP, on page 7
• Guidelines and Limitations for VRRPv3, on page 7
• Default Settings for VRRP Parameters, on page 8
• Default Settings for VRRPv3 Parameters, on page 8
• Configuring VRRP, on page 9
• Configuring VRRPv3, on page 17
• Verifying the VRRP Configuration, on page 23
• Verifying the VRRPv3 Configuration, on page 23
• Monitoring and Clearing VRRP Statistics, on page 23
• Monitoring and Clearing VRRPv3 Statistics, on page 24
• Configuration Examples for VRRP, on page 24
• Configuration Examples for VRRPv3, on page 25
• Additional References, on page 26

About VRRP
VRRP allows for a transparent failover at the first-hop IP router by configuring a group of routers to share a
virtual IP address. VRRP selects an allowed router in that group to handle all packets for the virtual IP address.
The remaining routers are in standby and take over if the allowed router fails.

VRRP Operation
A LAN client can determine which router should be the first hop to a particular remote destination by using
a dynamic process or static configuration. Examples of dynamic router discovery are as follows:
Proxy ARP—The client uses Address Resolution Protocol (ARP) to get the destination it wants to reach, and
a router responds to the ARP request with its own MAC address.

Configuring VRRP
1
 Configuring VRRP
VRRP Operation

Routing protocol—The client listens to dynamic routing protocol updates (for example, from Routing
Information Protocol [RIP]) and forms its own routing table.
ICMP Router Discovery Protocol (IRDP) client—The client runs an Internet Control Message Protocol (ICMP)
router discovery client.
The disadvantage to dynamic discovery protocols is that they incur some configuration and processing overhead
on the LAN client. Also, if a router fails, the process of switching to another router can be slow.
An alternative to dynamic discovery protocols is to statically configure a default router on the client. Although
this approach simplifies client configuration and processing, it creates a single point of failure. If the default
gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut
off from the rest of the network.
VRRP can solve the static configuration problem by enabling a group of routers (a VRRP group) to share a
single virtual IP address. You can then configure the LAN clients with the virtual IP address as their default
gateway.
The following figure shows a basic VLAN topology. In this example, Routers A, B, and C form a VRRP
group. The IP address of the group is the same address that was configured for the Ethernet interface of Router
A (10.0.0.1).
Figure 1: Basic VRRP Topology

Because the virtual IP address uses the IP address of the physical Ethernet interface of Router A, Router A is
the primary (also known as the IP address owner). As the primary, Router A owns the virtual IP address of
the VRRP group and forwards packets sent to this IP address. Clients 1 through 3 are configured with the
default gateway IP address of 10.0.0.1.
Routers B and C function as backups. If the primary fails, the backup router with the highest priority becomes
the primary and takes over the virtual IP address to provide uninterrupted service for the LAN hosts. When
Router A recovers, it becomes the primary again.

Note Packets received on a routed port destined for the VRRP virtual IP address terminate on the local router,
regardless of whether that router is the primary VRRP router or a backup VRRP router. These packets include
ping and Telnet traffic. Packets received on a Layer 2 (VLAN) interface destined for the VRRP virtual IP
address terminate on the primary router.

Configuring VRRP
2
 Configuring VRRP
VRRP Benefits

VRRP Benefits
The benefits of VRRP are as follows:
• Redundancy—Enables you to configure multiple routers as the default gateway router, which reduces
the possibility of a single point of failure in a network.
• Load sharing—Allows traffic to and from LAN clients to be shared by multiple routers. The traffic load
is shared more equitably among available routers.
• Multiple VRRP groups—Supports multiple VRRP groups on a router physical interface if the platform
supports multiple MAC addresses. Multiple VRRP groups enable you to implement redundancy and load
sharing in your LAN topology.
• Multiple IP addresses—Allows you to manage multiple IP addresses, including secondary IP addresses.
If you have multiple subnets that are configured on an Ethernet interface, you can configure VRRP on
each subnet.
• Preemption—Enables you to preempt a backup router that has taken over for a failing primary with a
higher priority backup router that has become available.
• Advertisement protocol—Uses a dedicated Internet Assigned Numbers Authority (IANA) standard
multicast address (224.0.0.18) for VRRP advertisements. This addressing scheme minimizes the number
of routers that must service the multicasts and allows test equipment to accurately identify VRRP packets
on a segment. IANA has assigned the IP protocol number 112 to VRRP.
• VRRP tracking—Ensures that the best VRRP router is the primary for the group by altering VRRP
priorities based on interface states.

Multiple VRRP Groups

You can configure multiple VRRP groups on a physical interface. For the number of supported VRRP groups,
see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide.
The number of VRRP groups that a router interface can support depends on the following factors:
• Router processing capability
• Router memory capability

In a topology where multiple VRRP groups are configured on a router interface, the interface can act as a
primary for one VRRP group and as a backup for one or more other VRRP groups.
The following image shows a LAN topology in which VRRP is configured so that Routers A and B share the
traffic to and from clients 1 through 4. Routers A and B act as backups to each other if either router fails.

Configuring VRRP
3
 Configuring VRRP
VRRP Router Priority and Preemption

Figure 2: Load Sharing and Redundancy VRRP Topology

This topology contains two virtual IP addresses for two VRRP groups that overlap. For VRRP group 1, Router
A is the owner of IP address 10.0.0.1 and is the primary. Router B is the backup to Router A. Clients 1 and
2 are configured with the default gateway IP address of 10.0.0.1.
For VRRP group 2, Router B is the owner of IP address 10.0.0.2 and is the primary. Router A is the backup
to router B. Clients 3 and 4 are configured with the default gateway IP address of 10.0.0.2.

VRRP Router Priority and Preemption

An important aspect of the VRRP redundancy scheme is the VRRP router priority because the priority
determines the role that each VRRP router plays and what happens if the primary router fails.
If a VRRP router owns the virtual IP address and the IP address of the physical interface, this router functions
as the primary. The priority of the primary is 255.
The priority also determines if a VRRP router functions as a backup router and the order of ascendancy to
becoming a primary if the primary fails.
For example, if Router A, the primary in a LAN topology, fails, VRRP must determine if backups B or C
should take over. If you configure Router B with priority 101 and Router C with the default priority of 100,
VRRP selects Router B to become the primary because it has the higher priority. If you configure Routers B
and C with the default priority of 100, VRRP selects the backup with the higher IP address to become the
primary.
VRRP uses preemption to determine what happens after a VRRP backup router becomes the primary. With
preemption enabled by default, VRRP switches to a backup if that backup comes online with a priority higher
than the new primary. For example, if Router A is the primary and fails, VRRP selects Router B (next in order
of priority). If Router C comes online with a higher priority than Router B, VRRP selects Router C as the new
primary, even though Router B has not failed.
If you disable preemption, VRRP switches only if the original primary recovers or the new primary fails.

Configuring VRRP
4
 Configuring VRRP
vPCs and VRRP

vPCs and VRRP

VRRP interoperates with virtual port channels (vPCs). vPCs allow links that are physically connected to two
different Cisco Nexus 9000 Series switches to appear as a single port channel by a third device. See the Cisco
Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide for more information on vPCs.
vPCs forward traffic through both the primary VRRP router and the backup VRRP router. See the Configuring
VRRP Priority section.

Note You should configure VRRP on the primary vPC peer device as active and VRRP on the vPC secondary
device as standby.

VRRP Advertisements
The VRRP primary sends VRRP advertisements to other VRRP routers in the same group. The advertisements
communicate the priority and state of the primary. Cisco NX-OS encapsulates the VRRP advertisements in
IP packets and sends them to the IP multicast address assigned to the VRRP group. Cisco NX-OS sends the
advertisements once every second by default, but you can configure a different advertisement interval.

VRRP Authentication
VRRP supports the following authentication functions:
• No authentication
• Plain text authentication

VRRP rejects packets in any of the following cases:

• The authentication schemes differ on the router and in the incoming packet.
• Text authentication strings differ on the router and in the incoming packet.

VRRP Tracking
VRRP supports the following options for tracking:
• Native interface tracking—Tracks the state of an interface and uses that state to determine the priority
of the VRRP router in a VRRP group. The tracked state is down if the interface is down or if the interface
does not have a primary IP address.
• Object tracking—Tracks the state of a configured object and uses that state to determine the priority of
the VRRP router in a VRRP group. See Configuring Object Tracking for more information on object
tracking.

If the tracked state (interface or object) goes down, VRRP updates the priority based on what you configure
the new priority to be for the tracked state. When the tracked state comes up, VRRP restores the original
priority for the virtual router group.

Configuring VRRP
5
 Configuring VRRP
BFD for VRRP

For example, you might want to lower the priority of a VRRP group member if its uplink to the network goes
down so another group member can take over as primary for the VRRP group. See the Configuring VRRP
Interface State Tracking section for more information.

Note VRRP does not support Layer 2 interface tracking.

BFD for VRRP

This feature supports bidirectional forwarding detection (BFD). BFD is a detection protocol that provides
fast-forwarding and path-failure detection times. BFD provides subsecond failure detection between two
adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load
can be distributed onto the data plane on supported modules. See the Cisco Nexus 9000 Series NX-OS
Interfaces Configuration Guide for more information.

Information About VRRPv3 and VRRS

VRRP version 3 (VRRPv3) enables a group of switches to form a single virtual switch in order to provide
redundancy and reduce the possibility of a single point of failure in a network. The LAN clients can then be
configured with the virtual switch as their default gateway. The virtual switch, representing a group of switches,
is also known as a VRRPv3 group.
Virtual Router Redundancy Service (VRRS) improves the scalability of VRRPv3 by providing a stateless
redundancy service to VRRS pathways and VRRS clients by monitoring VRRPv3. VRRPv3 acts as a VRRS
server that pushes VRRPv3 status information (such as current and previous redundancy states, active and
inactive Layer 2 and Layer 3 addresses, and so on) to VRRS pathways and all registered VRRS clients.
VRRS clients are other Cisco processes or applications that use VRRPv3 to provide or withhold a service or
resource dependent upon the state of the group. VRRS pathways are special VRRS clients that use the VRRS
database information to provide scaled first-hop gateway redundancy across scaled interface environments.
VRRS by itself is limited to maintaining its own state. Linking a VRRS client to a VRRPv3 group provides
a mechanism that allows VRRS to provide a service to client applications so that they can implement stateless
or Stateful Failovers. A Stateful Failover requires communication with a nominated backup before the failure
so that operational data is not lost when the failover occurs.
VRRS pathways operate in a similar way to clients but are integrated with the VRRS architecture. They
provide a means to scale first-hop gateway redundancy by allowing you to configure a virtual address across
hundreds of interfaces. The virtual gateway state of a VRRS pathway follows the state of a First-Hop
Redundancy Protocol (FHRP) VRRS server.
VRRPv3 notifies VRRS of its current state (primary, backup, or nonoperational initial state [INIT]) and passes
that information to pathways or clients. The VRRPv3 group name activates VRRS and associates the VRRPv3
group with any clients or pathways that are configured as part of VRRS with the same name.
Pathways and clients act on the VRRPv3 server state. When a VRRPv3 group changes states, VRRS pathways
and clients alter their behavior (performing tasks such as shutting down interfaces or appending accounting
logs) depending on the state that is received from VRRS.

Configuring VRRP
6
 Configuring VRRP
VRRPv3 Benefits

VRRPv3 Benefits
The benefits of VRRPv3 are as follows:
• Interoperability in multi-vendor environments
• Support for the IPv4 and IPv6 address families
• Improved scalability through the use of VRRS pathways

High Availability
VRRP supports high availability through stateful restarts and stateful switchovers. A stateful restart occurs
when the VRRP process fails and is restarted. A stateful switchover occurs when the active supervisor switches
to the standby supervisor. Cisco NX-OS applies the run-time configuration after the switchover.
VRRPv3 does not support stateful switchovers.

Virtualization Support
VRRP supports virtual routing and forwarding (VRF) instances.

Guidelines and Limitations for VRRP

VRRP has the following configuration guidelines and limitations:
• You cannot configure VRRP on the management interface.
• When VRRP is enabled, you should replicate the VRRP configuration across devices in your network.
• We recommend that you do not configure more than one first-hop redundancy protocol on the same
interface.
• You must configure an IP address for the interface on which you configure VRRP and enable that interface
before VRRP becomes active.
• Cisco NX-OS removes all Layer 3 configurations on an interface when you change the interface VRF
membership or the port channel membership or when you change the port mode to Layer 2.
• When you configure VRRP to track a Layer 2 interface, you must shut down the Layer 2 interface and
reenable the interface to update the VRRP priority to reflect the state of the Layer 2 interface.
BFD for VRRP can only be configured between two routers.

Guidelines and Limitations for VRRPv3

VRRPv3 has the following configuration guidelines and limitations:

Configuring VRRP
7
 Configuring VRRP
Default Settings for VRRP Parameters

• VRRPv3 is not intended as a replacement for existing dynamic protocols. VRRPv3 is designed for use
over multi-access, multicast, or broadcast-capable Ethernet LANs.
• VRRPv3 is supported only on Ethernet and Fast Ethernet interfaces, bridge group virtual interfaces
(BVIs), Gigabit Ethernet interfaces, and VLANs.
• When VRRPv3 is in use, VRRPv2 is unavailable. To configure VRRPv3, you must disable any VRRPv2
configuration.
• VRRS is currently available only for use with VRRPv3.
• Use VRRPv3 millisecond timers only where absolutely necessary and with careful consideration and
testing. Millisecond values work only under favorable circumstances. The millisecond timer values are
compatible with third-party vendors as long as they also support VRRPv3.
• Full network redundancy can be achieved only if VRRPv3 operates over the same network path as the
VRRS pathway redundant interfaces. For full redundancy, the following restrictions apply:
• VRRS pathways should use the same physical interface as the parent VRRPv3 group or be configured
on a subinterface with the same physical interface as the parent VRRPv3 group.
• VRRS pathways can be configured on switch virtual interfaces (SVIs) only if the associated VLAN
shares the same trunk as the VLAN on which the parent VRRPv3 group is configured.

• Unlike VRRPv2, VRRPv3 does not support bidirectional forwarding for faster failure detection.
• Unlike VRRPv2, VRRPv3 does not support native interface tracking.

Default Settings for VRRP Parameters

The following table lists the default settings for VRRP parameters.

Table 1: Default VRRP Parameters

Parameters Default
VRRP Disabled

Advertisement interval 1 second

Authentication No authentication

Preemption Enabled

Priority 100

Default Settings for VRRPv3 Parameters

The following table lists the default settings for VRRPv3 parameters.

Configuring VRRP
8
 Configuring VRRP
Configuring VRRP

Table 2: Default VRRPv3 Parameters

Parameters Default
VRRPv3 Disabled

VRRS Disabled

VRRPv3 secondary address matching Enabled

Priority of a VRRPv3 group 100

VRRPv3 advertisement timer 1000 milliseconds

Configuring VRRP

Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might
differ from the Cisco IOS commands that you would use.

Enabling VRRP
You must globally enable VRRP before you configure and enable any VRRP groups.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Step 2 [no] feature vrrp Enables VRRP. Use the no form of this
command to disable VRRP.
Example:
switch(config)# feature vrrp

Step 3 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config)# copy running-config
startup-config

Configuring VRRP Groups

You can create a VRRP group, assign the virtual IP address, and enable the group.

Configuring VRRP
9
 Configuring VRRP
Configuring VRRP Groups

You can configure one virtual IPv4 address for a VRRP group. By default, the primary VRRP router drops
the packets addressed directly to the virtual IP address because the VRRP primary is intended only as a
next-hop router to forward packets. Some applications require that Cisco NX-OS accept packets that are
addressed to the virtual router IP address. Use the secondary option to the virtual IP address to accept these
packets when the local router is the VRRP primary.
Once you have configured the VRRP group, you must explicitly enable the group before it becomes active.

Before you begin

Ensure that you have configured an IP address on the interface. See Configuring IPv4 Addressing.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Step 2 interface interface-type slot/port Enters interface configuration mode.

Example:
switch(config)# interface ethernet 2/1
switch(config-if)#

Step 3 vrrp number Creates a virtual router group. The range is

1–255.
Example:
switch(config-if)# vrrp 250
switch(config-if-vrrp)#

Step 4 address ip-address [secondary] Configures the virtual IPv4 address for the
specified VRRP group. This address should be
Example:
in the same subnet as the IPv4 address of the
switch(config-if-vrrp)# address 192.0.2.8 interface.
Use the secondary option only if applications
require that VRRP routers accept the packets
sent to the virtual router's IP address and deliver
to applications.

Step 5 no shutdown Enables the VRRP group, which is disabled by

default.
Example:
switch(config-if-vrrp)# no shutdown

Step 6 (Optional) show vrrp Displays a summary of VRRP information.

Example:
switch(config-if-vrrp)# show vrrp

Step 7 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:

Configuring VRRP
10
 Configuring VRRP
Configuring VRRP Priority

Command or Action Purpose

switch(config-if-vrrp)# copy
running-config startup-config

Configuring VRRP Priority

The valid priority range for a virtual router is from 1 to 254 (1 is the lowest priority and 254 is the highest).
The default priority value for backups is 100. For devices whose interface IP address is the same as the primary
virtual IP address (the primary), the default value is 255.
If you configure VRRP on a vPC-enabled interface, you can optionally configure the upper and lower threshold
values to control when to fail over to the vPC trunk. If the backup router priority falls below the lower threshold,
VRRP sends all backup router traffic across the vPC trunk to forward through the primary VRRP router.
VRRP maintains this scenario until the backup VRRP router priority increases above the upper threshold.

Before you begin

Ensure that you have configured an IP address on the interface. See Configuring IPv4 Addressing.
Ensure that you have enabled VRRP. (see the Configuring VRRP section).

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Step 2 interface interface-type slot/port Enters interface configuration mode.

Example:
switch(config)# interface ethernet 2/1
switch(config-if)#

Step 3 vrrp number Creates a virtual router group.

Example:
switch(config-if)# vrrp 250
switch(config-if-vrrp)#

Step 4 shutdown Disables the VRRP group.

Example:
switch(config-if-vrrp)# shutdown

Step 5 priority level [forwarding-threshold lower Sets the priority level used to select the active
lower-value upper upper-value] router in a VRRP group. The level range is
1–254. The default is 100 for backups and 255
Example:
for a primary that has an interface IP address
switch(config-if-vrrp)# priority 60 equal to the virtual IP address.
forwarding-threshold lower 40 upper 50

Configuring VRRP
11
 Configuring VRRP
Configuring VRRP Authentication

Command or Action Purpose

Optionally, sets the upper and lower threshold
values that are used by vPC to determine when
to fail over to the vPC trunk. The lower-value
range is 1–255. The default is 1. The
upper-value range is 1–255. The default is 255.

Step 6 no shutdown Enables the VRRP group.

Example:
switch(config-if-vrrp)# no shutdown

Step 7 (Optional) show vrrp Displays a summary of VRRP information.

Example:
switch(config-if-vrrp)# show vrrp

Step 8 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config-if-vrrp)# copy
running-config startup-config

Configuring VRRP Authentication

You can configure simple text authentication for a VRRP group.

Before you begin

Ensure that you have configured an IP address on the interface (see Configuring IPv4 Addressing).
Ensure that you have enabled VRRP (see the Configuring VRRP section).
Ensure that the authentication configuration is identical for all VRRP devices in the network.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Step 2 interface interface-type slot/port Enters interface configuration mode.

Example:
switch(config)# interface ethernet 2/1
switch(config-if)#

Step 3 vrrp number Creates a virtual router group.

Example:

Configuring VRRP
12
 Configuring VRRP
Configuring Time Intervals for Advertisement Packets

Command or Action Purpose

switch(config-if)# vrrp 250
switch(config-if-vrrp)#

Step 4 shutdown Disables the VRRP group.

Example:
switch(config-if-vrrp)# shutdown

Step 5 authentication text password Assigns the simple text authentication option
and specifies the keyname password. The
Example:
keyname range is from 1 to 255 characters. We
switch(config-if-vrrp)# authentication recommend that you use at least 16 characters.
text aPassword
The text password is up to eight alphanumeric
characters.
Step 6 no shutdown Enables the VRRP group, which is disabled by
default.
Example:
switch(config-if-vrrp)# no shutdown

Step 7 (Optional) show vrrp Displays a summary of VRRP information.

Example:
switch(config-if-vrrp)# show vrrp

Step 8 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config-if-vrrp)# copy
running-config startup-config

Configuring Time Intervals for Advertisement Packets

You can configure the time intervals for advertisement packets.

Before you begin

Ensure that you have configured an IP address on the interface (see Configuring IPv4 Addressing).
Ensure that you have enabled VRRP (see the Configuring VRRP section).

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Step 2 interface interface-type slot/port Enters interface configuration mode.

Example:

Configuring VRRP
13
 Configuring VRRP
Disabling Preemption

Command or Action Purpose

switch(config)# interface ethernet 2/1
switch(config-if)#

Step 3 vrrp number Creates a virtual router group.

Example:
switch(config-if)# vrrp 250
switch(config-if-vrrp)#

Step 4 shutdown Disables the VRRP group.

Example:
switch(config-if-vrrp)# shutdown

Step 5 advertisement interval seconds Sets the interval time in seconds between
sending advertisement frames. The range is
Example:
from 1 to 255. The default is 1 second.
switch(config-if-vrrp)#
advertisement-interval 15

Step 6 no shutdown Enables the VRRP group.

Example:
switch(config-if-vrrp)# no shutdown

Step 7 (Optional) show vrrp Displays a summary of VRRP information.

Example:
switch(config-if-vrrp)# show vrrp

Step 8 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config-if-vrrp)# copy
running-config startup-config

Disabling Preemption
You can disable preemption for a VRRP group member. If you disable preemption, a higher-priority backup
router does not take over for a lower-priority primary router. Preemption is enabled by default.

Before you begin

Ensure that you have configured an IP address on the interface. See Configuring IPv4 Addressing.
Ensure that you have enabled VRRP. See the Configuring VRRP section.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:

Configuring VRRP
14
 Configuring VRRP
Configuring VRRP Interface State Tracking

Command or Action Purpose

switch# configure terminal
switch(config)#

Step 2 interface interface-type slot/port Enters interface configuration mode.

Example:
switch(config)# interface ethernet 2/1
switch(config-if)#

Step 3 vrrp number Creates a virtual router group.

Example:
switch(config-if)# vrrp 250
switch(config-if-vrrp)#

Step 4 shutdown Disables the VRRP group.

Example:
switch(config-if-vrrp)# shutdown

Step 5 no preempt Disables the preempt option and allows the

primary to remain when a higher-priority
Example:
backup appears.
switch(config-if-vrrp)# no preempt

Step 6 no shutdown Enables the VRRP group.

Example:
switch(config-if-vrrp)# no shutdown

Step 7 (Optional) show vrrp Displays a summary of VRRP information.

Example:
switch(config-if-vrrp)# show vrrp

Step 8 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config-if-vrrp)# copy
running-config startup-config

Configuring VRRP Interface State Tracking

Interface state tracking changes the priority of the virtual router based on the state of another interface in the
device. When the tracked interface goes down or the IP address is removed, Cisco NX-OS assigns the tracking
priority value to the virtual router. When the tracked interface comes up and an IP address is configured on
this interface, Cisco NX-OS restores the configured priority to the virtual router (see the Configuring VRRP
Priority section).

Note VRRP does not support Layer 2 interface tracking.

Configuring VRRP
15
 Configuring VRRP
Configuring VRRP Interface State Tracking

Before you begin

Ensure that you have configured an IP address on the interface (see Configuring IPv4 Addressing).
Ensure that you have enabled VRRP (see the Configuring VRRP section).
Ensure that you have enabled the virtual router (see the Configuring VRRP Groups section).
Ensure that you have enabled preemption on the interface.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Step 2 interface interface-type slot/port Enters interface configuration mode.

Example:
switch(config)# interface ethernet 2/1
switch(config-if)#

Step 3 vrrp number Creates a virtual router group.

Example:
switch(config-if)# vrrp 250
switch(config-if-vrrp)#

Step 4 shutdown Disables the VRRP group.

Example:
switch(config-if-vrrp)# shutdown

Step 5 track interface type slot/port priority value Enables interface priority tracking for a VRRP
group. The priority range is from 1 to 254.
Example:
switch(config-if-vrrp)# track interface
ethernet 2/10 priority 254

Step 6 no shutdown Enables the VRRP group.

Example:
switch(config-if-vrrp)# no shutdown

Step 7 (Optional) show vrrp Displays a summary of VRRP information.

Example:
switch(config-if-vrrp)# show vrrp

Step 8 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config-if-vrrp)# copy
running-config startup-config

Configuring VRRP
16
 Configuring VRRP
Configuring VRRPv3

Configuring VRRPv3
Enabling VRRPv3 and VRRS
You must globally enable VRRPv3 before you can configure and enable any VRRPv3 groups.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Step 2 [no] feature vrrpv3 Enables VRRP version 3 and Virtual Router
Redundancy Service (VRRS). The no form of
Example:
this command disables VRRPv3 and VRRS.
switch(config)# feature vrrpv3
If VRRPv2 is currently configured, use the no
feature vrrp command in global configuration
mode to remove the VRRPv2 configuration and
then use the feature vrrpv3 command to enable
VRRPv3.

Step 3 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config)# copy running-config
startup-config

Creating VRRPv3 Groups

You can create a VRRPv3 group, assign the virtual IP address, and enable the group.

Before you begin

Make sure that VRRPv3 is enabled.
Make sure that you have configured an IP address on the interface.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Configuring VRRP
17
 Configuring VRRP
Creating VRRPv3 Groups

Command or Action Purpose

Step 2 interface ethernet slot/port Enters interface configuration mode.
Example:
switch(config)# interface ethernet 2/1
switch(config-if)#

Step 3 vrrpv3 number address-family [ipv4 | ipv6] Creates a VRRPv3 group and enters VRRPv3
group configuration mode. The range is 1–255.
Example:
switch(config-if)# vrrpv3 5
address-family ipv4
switch(config-if-vrrpv3-group)#

Step 4 (Optional) address ip-address [primary | Specifies a primary or secondary IPv4 or IPv6
secondary] address for the VRRPv3 group.
Example: To utilize secondary IP addresses in a VRRPv3
switch(config-if-vrrpv3-group)# address group, you must first configure a primary IP
100.0.1.10 primary address on the same group.

Step 5 (Optional) description description Specifies a description for the VRRPv3 group.
You can enter up to 80 alphanumeric
Example:
characters.
switch(config-if-vrrpv3-group)#
description group3

Step 6 (Optional) match-address Matches the secondary address in the

advertisement packet against the configured
Example:
address.
switch(config-if-vrrpv3-group)#
match-address

Step 7 (Optional) preempt [delay minimum seconds] Enables preemption of a lower priority primary
switch with an optional delay. The range is
Example:
0–3600.
switch(config-if-vrrpv3-group)# preempt
delay minimum 30

Step 8 (Optional) priority level Specifies the priority of the VRRPv3 group.
The range is 1–254.
Example:
switch(config-if-vrrpv3-group)# priority
3

Step 9 (Optional) timers advertise interval Sets the advertisement timer in milliseconds.
The range is 100–40950.
Example:
switch(config-if-vrrpv3-group)# timers Cisco recommends that you set this timer to a
advertise 1000 value greater than or equal to 1 second.

Step 10 (Optional) vrrp2 Enables support for VRRPv2 simultaneously

to ensure interoperability with devices that
Example:
support only VRRPv2.
switch(config-if-vrrpv3-group)# vrrp2
VRRPv2 compatibility mode is provided to
allow an upgrade from VRRPv2 to VRRPv3.

Configuring VRRP
18
 Configuring VRRP
Configuring VRRPv3 Control Groups

Command or Action Purpose

This is not a full VRRPv2 implementation and
should be used only to perform an upgrade.

Step 11 (Optional) vrrs leader vrrs-leader-name Specifies a leader's name to be registered with
VRRS.
Example:
switch(config-if-vrrpv3-group)# vrrs
leader leader1

Step 12 (Optional) shutdown Disables the VRRP configuration for the

VRRPv3 group.
Example:
switch(config-if-vrrpv3-group)# shutdown

Step 13 (Optional) show fhrp [interface-type Displays First Hop Redundancy Protocol
interface-number] [verbose] (FHRP) information. Use the verbose keyword
to view detailed information.
Example:
switch(config-if-vrrpv3-group)# show
fhrp ethernet 2/1 verbose

Step 14 (Optional) show vrrpv3 interface-type Displays the VRRPv3 configuration

interface-number information for the specified interface.
Example:
switch(config-if-vrrpv3-group)# show
vrrpv3 ethernet 2/1

Step 15 (Optional) copy running-config Copies the running configuration to the startup
startup-config configuration.
Example:
switch(config-if-vrrpv3-group)# copy
running-config startup-config

Configuring VRRPv3 Control Groups

You can configure VRRPv3 control groups.

Before you begin

Make sure that VRRPv3 is enabled.
Make sure that you have configured an IP address on the interface.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Configuring VRRP
19
 Configuring VRRP
Configuring VRRPv3 Object Tracking

Command or Action Purpose

Step 2 interface ethernet slot/port Enters interface configuration mode.
Example:
switch(config)# interface ethernet 2/1
switch(config-if)#

Step 3 ip address ip-address mask [secondary] Configures the IP address on the interface.
Example: You can use the secondary keyword to
switch(config-if)# ip address configure additional IP addresses on the
209.165.200.230 255.255.255.224 interface.

Step 4 vrrpv3 number address-family [ipv4 | ipv6] Creates a VRRPv3 group and enters VRRPv3
group configuration mode. The range is from 1
Example:
to 255.
switch(config-if)# vrrpv3 5
address-family ipv4
switch(config-if-vrrpv3-group)#

Step 5 (Optional) address ip-address [primary | Specifies a primary or secondary IPv4 or IPv6
secondary] address for the VRRPv3 group.
Example:
switch(config-if-vrrpv3-group)# address
209.165.200.227 primary

Step 6 (Optional) shutdown Disables the VRRP configuration for the

VRRPv3 group.
Example:
switch(config-if-vrrpv3-group)# shutdown

Step 7 (Optional) show fhrp [interface-type Displays First Hop Redundancy Protocol
interface-number] [verbose] (FHRP) information. Use the verbose keyword
to view detailed information.
Example:
switch(config-if-vrrpv3-group)# show fhrp
ethernet 2/1 verbose

Step 8 (Optional) show vrrpv3 interface-type Displays the VRRPv3 configuration information
interface-number for the specified interface.
Example:
switch(config-if-vrrpv3-group)# show
vrrpv3 ethernet 2/1

Step 9 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config-if-vrrpv3-group)# copy
running-config startup-config

Configuring VRRPv3 Object Tracking

You can track an IPv4 or IPv4 object using VRRPv3.

Configuring VRRP
20
 Configuring VRRP
Configuring VRRS Pathways

Before you begin

Make sure that VRRPv3 is enabled.
Configure object tracking using the commands in Configuring Object Tracking section.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Step 2 interface type number Specifies an interface and enters interface

configuration mode.
Example:
switch(config)#
switch(config-if)# interface ethernet
2/1
switch(config-if)#

Step 3 vrrpv3 number address-family [ipv4 | ipv6] Creates a VRRPv3 group for IPv4 or IPv6 and
enters VRRPv3 group configuration mode. The
Example:
range is from 1 to 255.
switch(config-if)# vrrpv3 5
address-family ipv6
switch(config-if-vrrpv3-group)#

Step 4 track object-number decrement number Configures the process to track the state of the
IPv4 or IPv6 object using the VRRPv3 group.
Example:
VRRPv3 on the interface registers with the
switch(config-if-vrrpv3-group)# tracking process to be informed of any changes
object-track 1
decrement 2 to the object in the VRRPv3 group. If the object
state on the interface goes down, the priority of
the VRRPv3 group is reduced by the decrement
number specified.

Step 5 (Optional) show running-config vrrpv3 Displays the running configuration for VRRPv3.
Example:
switch(config-if-vrrp-group)# show
running-config vrrp

Step 6 (Optional) copy running-config startup-config Saves this configuration change.

Example:
switch(config-if-vrrp-group)# copy
running-config startup-config

Configuring VRRS Pathways

You can configure a Virtual Router Redundancy Service (VRRS) pathway. In scaled environments, VRRS
pathways should be used in combination with VRRPv3 control groups.

Configuring VRRP
21
 Configuring VRRP
Configuring VRRS Pathways

Before you begin

Make sure that VRRPv3 is enabled.
Make sure that you have configured an IP address on the interface.

Procedure

Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
switch# configure terminal
switch(config)#

Step 2 interface ethernet slot/port Enters interface configuration mode.

Example:
switch(config)# interface ethernet 2/1
switch(config-if)#

Step 3 ip address ip-address mask [secondary] Configures the IP address on the interface.
Example: You can use the secondary keyword to
switch(config-if)# ip address configure additional IP addresses on the
209.165.200.230 255.255.255.224 interface.

Step 4 vrrs pathway vrrs-tag Defines the VRRS pathway for a VRRS group
and enters VRRS pathway configuration mode.
Example:
switch(config-if)# vrrs pathway path1 The vrrs-tag argument specifies the name of
switch(config-if-vrrs-pw)# the VRRS tag that is being associated with the
pathway.

Step 5 mac address {mac-address | inherit} Specifies a MAC address for the pathway.
Example: The inherit keyword causes the pathway to
switch(config-if-vrrs-pw)# mac address inherit the virtual MAC address of the VRRPv3
fe24.fe24.fe24 group with which the pathway is associated.

Step 6 address ip-address Defines the virtual IPv4 or IPv6 address for a
pathway.
Example:
switch(config-if-vrrs-pw)# address A VRRPv3 group is capable of controlling more
209.165.201.10 than one pathway.

Step 7 (Optional) show vrrs pathway interface-type Displays the VRRS pathway information for
interface-number different pathway states, such as active, inactive,
and not ready.
Example:
switch(config-if-vrrs-pw)# show vrrs
pathway ethernet 1/2

Step 8 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:

Configuring VRRP
22
 Configuring VRRP
Verifying the VRRP Configuration

Command or Action Purpose

switch(config-if-vrrs-pw)# copy
running-config startup-config

Verifying the VRRP Configuration

To display VRRP configuration information, perform one of the following tasks:

Command Purpose

show interface interface-type Displays the virtual router configuration for an

interface.

show fhrp interface-type interface-number Displays First Hop Redundancy Protocol (FHRP)
information.

show vrrp [group-number] Displays the VRRP status for all groups or for a
specific VRRP group.

Verifying the VRRPv3 Configuration

To display VRRPv3 configuration information, perform one of the following tasks:

Command Purpose

show vrrpv3 [all | brief | detail] Displays the VRRPv3 configuration information.

show vrrpv3 interface-type interface-number Displays the VRRPv3 configuration information for
a specific interface.

show vrrs client [client-name] Displays the VRRS client information.

show vrrs pathway [interface-type interface-number] Displays the VRRS pathway information for different
pathway states, such as active, inactive, and not ready.

show vrrs server Displays the VRRS server information.

show vrrs tag [tag-name] Displays the VRRS tag information.

Monitoring and Clearing VRRP Statistics

To display VRRP statistics, use the following commands:

Command Purpose

show vrrp statistics Displays the VRRP statistics.

Use the clear vrrp statistics command to clear the VRRP statistics for all interfaces on the device.

Configuring VRRP
23
 Configuring VRRP
Monitoring and Clearing VRRPv3 Statistics

Monitoring and Clearing VRRPv3 Statistics

To display VRRPv3 statistics, use the following commands:

Command Purpose

show vrrpv3 statistics Displays the VRRPv3 statistics.

Use the clear vrrpv3 statistics command to clear the VRRPv3 statistics for all interfaces on the device.

Configuration Examples for VRRP

In this example, Router A and Router B each belong to three VRRP groups. In the configuration, each group
has the following properties:
• Group 1:
• Virtual IP address is 10.1.0.10.
• Router A becomes the primary for this group with priority 120.
• Advertising interval is 3 seconds.
• Pre-emption is enabled.

• Group 5:
• Router B becomes the primary for this group with priority 200.
• Advertising interval is 30 seconds.
• Pre-emption is enabled.

• Group 100:
• Router A becomes the primary for this group first because it has a higher IP address (10.1.0.2).
• Advertising interval is the default of 1 second.
• Pre-emption is disabled.

Router A
switch (config)# interface ethernet 1/1
switch (config-if)# ip address 10.1.0.1/16
switch (config-if)# no shutdown
switch (config-if)# vrrp 1
switch (config-if-vrrp)# priority 120
switch (config-if-vrrp)# authentication text cisco
switch (config-if-vrrp)# advertisement-interval 3
switch (config-if-vrrp)# address 10.1.0.10
switch (config-if-vrrp)# no shutdown
switch (config-if-vrrp)# exit
switch (config-if)# vrrp 5
switch (config-if-vrrp)# priority 100

Configuring VRRP
24
 Configuring VRRP
Configuration Examples for VRRPv3

switch (config-if-vrrp)# advertisement-interval 30

switch (config-if-vrrp)# address 10.1.0.50
switch (config-if-vrrp)# no shutdown
switch (config-if-vrrp)# exit
switch (config-if)# vrrp 100
switch (config-if-vrrp)# no preempt
switch (config-if-vrrp)# address 10.1.0.100
switch (config-if-vrrp)# no shutdown

Router B
switch (config)# interface ethernet 1/1
switch (config-if)# ip address 10.1.0.2/16
switch (config-if)# no shutdown
switch (config-if)# vrrp 1
switch (config-if-vrrp)# priority 100
switch (config-if-vrrp)# authentication text cisco
switch (config-if-vrrp)# advertisement-interval 3
switch (config-if-vrrp)# address 10.1.0.10
switch (config-if-vrrp)# no shutdown
switch (config-if-vrrp)# exit
switch (config-if)# vrrp 5
switch (config-if-vrrp)# priority 200
switch (config-if-vrrp)# advertisement-interval 30
switch (config-if-vrrp)# address 10.2.0.50
switch (config-if-vrrp)# no shutdown
switch (config-if-vrrp)# exit
switch (config-if)# vrrp 100
switch (config-if-vrrp)# no preempt
switch (config-if-vrrp)# address 10.2.0.100
switch (config-if-vrrp)# no shutdown

Configuration Examples for VRRPv3

This example shows how to enable VRRPv3 and create and customize a VRRPv3 group:
switch# configure terminal
switch(config)# feature vrrpv3
switch(config)# interface ethernet 4/6
switch(config-if)# vrrpv3 5 address-family ipv4
switch(config-if-vrrp3-group)# address 209.165.200.225 primary
switch(config-if-vrrp3-group)# description group3
switch(config-if-vrrp3-group)# match-address
switch(config-if-vrrp3-group)# preempt delay minimum 30
switch(config-if-vrrpv3-group)# show fhrp ethernet 4/6 verbose
switch(config-if-vrrpv3-group)# show vrrpv3 ethernet 4/6

This example shows how to configure a VRRPv3 control group:

switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# ip address 209.165.200.230 255.255.255.224
switch(config-if)# vrrpv3 5 address-family ipv4
switch(config-if-vrrpv3-group)# address 209.165.200.227 primary
switch(config-if-vrrpv3-group)# vrrs leader leader1
switch(config-if-vrrpv3-group)# shutdown
switch(config-if-vrrpv3-group)# show fhrp ethernet 1/2 verbose
switch(config-if-vrrpv3-group)# show vrrpv3 ethernet 1/2

Configuring VRRP
25
 Configuring VRRP
Additional References

This example shows how to configure VRRS pathways:

switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# ip address 209.165.200.230 255.255.255.224
switch(config-if)# vrrs pathway path1
switch(config-if-vrrs-pw)# mac address inherit
switch(config-if-vrrs-pw)# address 209.165.201.10
switch(config-if-vrrs-pw)# show vrrs pathway ethernet 1/2

Additional References
Related Documents for VRRP
Related Topic Document Title

Configuring the Hot Standby Routing Configuring HSRP

Protocol (HSRP)

Configuring high availability Cisco Nexus 9000 Series NX-OS High Availability and Redundancy
Guide

Configuring VRRP
26