Virtual Router Redundancy Protocol (VRRP) for IPv4 and IPv6

« 2022 Oct 7 »

Table of Contents

Jump to section:

• What is VRRP?
• What is the difference between VRRP and HSRP?
• Does VRRP use TCP or UDP?
• How to configure VRRP?
• VRRP with object tracking configuration
• VRRP with VRF configuration
• VRRP and Gratuitous ARP (GARP)
• VRRPv3 configuration for IPv6 networks
• Download section

What is VRRP? ‹
What is the difference between VRRP and HSRP? ‹
Does VRRP use TCP or UDP? ‹
How to configure VRRP? ‹
VRRP with object tracking configuration ‹
VRRP with VRF configuration ‹
VRRP and Gratuitous ARP (GARP) ‹
VRRPv3 configuration for IPv6 networks ‹
Download section ‹

What is VRRP?

Virtual Router Redundancy Protocol (VRRP) enables a pair of redundant routers to choose a common virtual IP address which will be used as the default gateway for connected hosts. In other words, there can be two internet gateway routers that act as a single virtual router for hosts in a local area network. As a result, hosts can use a single default route to point traffic to the virtual IP address advertised by VRRP.

VRRP enables the use a single virtual IP address by two gateway routers

The purpose of VRRP is to switch over traffic to the Backup router in case of a primary path failure, and while doing so the hosts can continue to send traffic to the single VRRP virtual IP address. When the primary path is again reachable, VRRP preemption automatically reverts to the originally configured Master and Backup router roles. VRRP is a First Hop Redundancy Protocol (FHRP).

What is the difference between VRRP and HSRP?

Unlike with HSRP, VRRP allows the virtual IP address (vIP) and the interface IP to match. However, if the vIP and interface IP match, VRRP does not allow tracking on that interface, as shown below.

Router(config-if)#standby 10 ip 10.0.0.1
% address cannot equal interface IP address


###############################################################################################################################
##                                                                                                                           ##
##                                                                                                                           ##
##   Above, HSRP is shown, it does not allow the virtual IP (vIP) address to match with the interface IP address.            ##
##   This is not the case with VRRP, where the vIP address can be the same as the interface IP.                              ##
##                                                                                                                           ##
##   Below, VRRP is shown, if the vIP address is the same as the interface IP, then object tracking cannot be configured.    ##
##                                                                                                                           ##
##                                                                                                                           ##
###############################################################################################################################



Router(config-if)#vrrp 10 track 10
% tracking not supported on IP address owner

The following list identifies several differences between VRRP and HSRP. The virtual MAC address for both protocols contains the group number in hexadecimal format, this is indicated by the # sign.

VRRP and HSRP compared
	VRRP version 2	HSRP version 1	HSRP version 2 (IPv4)
Type	Open standard	Cisco proprietary	Cisco proprietary
Multicast IP address	224.0.0.18	224.0.0.2	224.0.0.102
Virtual MAC address	0000-5E00-01##	0000-0C07-AC##	0000-0C9F-F###

VRRP version 3 and HSRP version 2 support the IPv6 address-family. VRRP version 3 uses the virtual MAC address 0000-5E00-02## and the multicast IPv6 destination address FF02::12. In contrast, HSRP version 2 for IPv6 uses the MAC address 0005.73A0.0### together with the multicast address FF02::66.

Does VRRP use TCP or UDP?

VRRP is a network layer protocol and does not use TCP or UDP. VRRP uses the IP Protocol number 112, as shown in the following packet capture.

How to configure VRRP?

VRRP is configured on an interface or subinterface/virtual interface. The following example configuration instructs the router to send VRRP advertisements every 750 milliseconds for the VRRP Group 10 with a virtual IP of 10.0.0.4 and authentication string of P4SSW0RD. Note that the default VRRP priority value is 100 if not configured otherwise.

R1>
R1>enable
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#
R1(config)#interface GigabitEthernet0/0
R1(config-if)#vrrp 10 ip 10.0.0.4
R1(config-if)#vrrp 10 timers advertise msec 750
R1(config-if)#vrrp 10 authentication P4SSW0RD
R1(config-if)#
R1(config-if)#exit
R1(config)#exit
R1#

VRRP with object tracking configuration

In this example, VRRP Group 10 is configured between R1 and R2 using VRRP authentication. R1 is the Master and R2 is the Backup router. The VRRP virtual IP (vIP) address is 10.0.0.4, and accordingly R3 is configured with a single default route pointing to 10.0.0.4. The VRRP timer is set to send advertisements every 750 milliseconds to the multicast address 224.0.0.18.

The command vrrp 10 track 1 decrement 20 configured on R1 instructs VRRP to track object 1. Object 1 monitors the state of the IP SLA, which sends a ping every second from R1 to R4. As a result, if the connection between R1 - R4 is down, the track object goes down, and the VRRP priority on R1 is decreased by 20.

This leads to a VRRP failover, thus R2 becomes the Master router if the primary path between R1 - R4 fails.

Configuration:

R1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to Site 1 **
 ip address 10.0.0.1 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 vrrp 10 description ** VRRP Group 10 **
 vrrp 10 ip 10.0.0.4
 vrrp 10 timers advertise msec 750
 vrrp 10 priority 150
 vrrp 10 authentication p4ssw0rd
 vrrp 10 track 1 decrement 20

R1#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to Site 2 **
 ip address 192.168.1.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45

R1#show run | sec ^track
track 1 ip sla 10

R1#show run | sec ^ip sla
ip sla 10
 icmp-echo 192.168.1.2
 threshold 1000
 timeout 1000
 frequency 1
ip sla schedule 10 life forever start-time now

R1#show run | sec ip route
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.1.2

R2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to Site 1 **
 ip address 10.0.0.2 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 vrrp 10 description ** VRRP Group 10 **
 vrrp 10 ip 10.0.0.4
 vrrp 10 timers advertise msec 750
 vrrp 10 priority 140
 vrrp 10 authentication p4ssw0rd

R2#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to Site 2 **
 ip address 192.168.2.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45

R2#show run | sec ip route
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.2.2

R3#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R1 and R2 **
 ip address 10.0.0.3 255.255.255.0
 duplex auto
 speed auto
 media-type rj45

R3#show run | sec ip route
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 10.0.0.4

R4#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R1 **
 ip address 192.168.1.2 255.255.255.0
 duplex auto
 speed auto
 media-type rj45

R4#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to R2 **
 ip address 192.168.2.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 
R4#show run int Lo10 | sec int
interface Loopback10
 ip address 192.168.3.1 255.255.255.255

R4#show run | sec ip route
ip route 10.0.0.0 255.255.255.0 GigabitEthernet0/0 192.168.1.1 track 1
ip route 10.0.0.0 255.255.255.0 GigabitEthernet0/1 192.168.2.1 2

R4#show run | sec ^track
track 1 ip sla 10

R4#show run | sec ^ip sla
ip sla 10
 icmp-echo 192.168.1.1
 threshold 1000
 timeout 1000
 frequency 1
ip sla schedule 10 life forever start-time now

R1#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0              10  150 2664       Y  Master  10.0.0.1        10.0.0.4           « R1 is the VRRP Master




R1#show vrrp all
GigabitEthernet0/0 - Group 10 
** VRRP Group 10 **
  State is Master  
  Virtual IP address is 10.0.0.4                 « The vIP address is 10.0.0.4
  Virtual MAC address is 0000.5e00.010a
  Advertisement interval is 0.750 sec
  Preemption enabled
  Priority is 150 
    Track object 1 state Up decrement 20         « Object tracking is configured
  Authentication text, string "p4ssw0rd"
  Master Router is 10.0.0.1 (local), priority is 150 
  Master Advertisement interval is 0.750 sec
  Master Down interval is 2.664 sec
  
  
  


R2#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0              10  140 2703       Y  Backup  10.0.0.1        10.0.0.4            « R2 is the Backup router

In the following outputs a failover scenario is simulated. The primary link between R1 and R4 goes down, and this causes some packet loss for ongoing traffic, before R2 takes over as the VRRP Master router.

R3#trace 192.168.3.1 probe 1
Type escape sequence to abort.
Tracing the route to 192.168.3.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.0.1 2 msec                    « R1 is the VRRP Master before primary link failure
  2 192.168.1.2 104 msec
  
  
  
  

R3#ping 192.168.3.1 re 100  
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!            « Link failure causes some packet loss
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 96 percent (96/100), round-trip min/avg/max = 103/104/117 ms





R3#trace 192.168.3.1 probe 1
Type escape sequence to abort.
Tracing the route to 192.168.3.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.0.2 2 msec                 « R2 is the new VRRP Master router after link failure
  2 192.168.2.2 104 msec
  




R1#show log | beg Log Buffer
Log Buffer (8192 bytes):

%SYS-5-CONFIG_I: Configured from console by console
%TRACK-6-STATE: 1 ip sla 10 state Up -> Down
%VRRP-6-STATECHANGE: Gi0/0 Grp 10 state Master -> Backup            « Logs from R1 show failover





R2#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0              10  140 2703       Y  Master  10.0.0.2        10.0.0.4          « R2 is the new VRRP Master

VRRP with VRF configuration

In this example, VRRP is configured with VRF Lite using two VRFs: Finance and Sales. This means, the two routing tables associated with the VRFs are completely separated end-to-end between R3 and R4. Two VRRP Groups are created on R1 and R2. VRRP Group 10 for VRF Finance has the vIP 10.1.0.4. VRRP Group 20 for VRF Sales has the vIP 10.2.0.4.

R3 has two default static routes configured in each VRF pointing to the VRRP vIP addresses. This is accomplished with the following commands on R3.

ip route vrf Finance 0.0.0.0 0.0.0.0 GigabitEthernet0/0.10 10.1.0.4
ip route vrf Sales 0.0.0.0 0.0.0.0 GigabitEthernet0/0.20 10.2.0.4

On R1, object tracking is configured with VRF aware IP SLA. When the primary path fails, traffic in both VRFs gets routed through R2, and uses the secondary path. The VRFs use VLAN 10 (Finance) and VLAN 20 (Sales) end-to-end. SW1 is configured with trunk ports enabled to forward traffic for VLAN 10 and 20.

Configuration:

R1#show run | sec ^vrf           
vrf definition Finance
 rd 1:1
 !
 address-family ipv4
 exit-address-family
vrf definition Sales
 rd 2:2
 !
 address-family ipv4
 exit-address-family
 
R1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to Site 1 **
 no ip address
 duplex auto
 speed auto
 media-type rj45

R1#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
 description ** VRF Finance - to R3 **
 encapsulation dot1Q 10
 vrf forwarding Finance
 ip address 10.1.0.1 255.255.255.0
 vrrp 10 description ** VRRP Group 10 - VRF Finance **
 vrrp 10 ip 10.1.0.4
 vrrp 10 timers advertise msec 750
 vrrp 10 priority 150
 vrrp 10 authentication p4ssw0rd
 vrrp 10 track 1 decrement 20

R1#show run int Gi0/0.20 | sec int 
interface GigabitEthernet0/0.20
 description ** VRF Sales - to R3 **
 encapsulation dot1Q 20
 vrf forwarding Sales
 ip address 10.2.0.1 255.255.255.0
 vrrp 20 description ** VRRP Group 20 - VRF Sales **
 vrrp 20 ip 10.2.0.4
 vrrp 20 timers advertise msec 750
 vrrp 20 priority 150
 vrrp 20 authentication p4ssw0rd
 vrrp 20 track 2 decrement 20

R1#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to Site 2 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 
R1#show run int Gi0/1.10 | sec int
interface GigabitEthernet0/1.10
 description ** VRF Finance - to R4 **
 encapsulation dot1Q 10
 vrf forwarding Finance
 ip address 192.168.10.1 255.255.255.252
 
R1#show run int Gi0/1.20 | sec int
interface GigabitEthernet0/1.20
 description ** VRF Sales - to R4 **
 encapsulation dot1Q 20
 vrf forwarding Sales
 ip address 192.168.20.1 255.255.255.252
 
R1#show run | sec ^track 
track 1 ip sla 10
track 2 ip sla 20

R1#show run | sec ^ip sla
ip sla 10
 icmp-echo 192.168.10.2 source-interface GigabitEthernet0/1.10
 vrf Finance
 threshold 1000
 timeout 1000
 frequency 1
ip sla schedule 10 life forever start-time now
ip sla 20
 icmp-echo 192.168.20.2 source-interface GigabitEthernet0/1.20
 vrf Sales
 threshold 1000
 timeout 1000
 frequency 1
ip sla schedule 20 life forever start-time now

R1#show run | sec ip route
ip route vrf Finance 0.0.0.0 0.0.0.0 GigabitEthernet0/1.10 192.168.10.2
ip route vrf Sales 0.0.0.0 0.0.0.0 GigabitEthernet0/1.20 192.168.20.2

R2#show run | sec ^vrf
vrf definition Finance
 rd 1:1
 !
 address-family ipv4
 exit-address-family
vrf definition Sales
 rd 2:2
 !
 address-family ipv4
 exit-address-family
 
R2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to Site 1 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 
R2#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
 description ** VRF Finance - to R3 **
 encapsulation dot1Q 10
 vrf forwarding Finance
 ip address 10.1.0.2 255.255.255.0
 vrrp 10 description ** VRRP Group 10 - VRF Finance **
 vrrp 10 ip 10.1.0.4
 vrrp 10 timers advertise msec 750
 vrrp 10 priority 140
 vrrp 10 authentication p4ssw0rd

R2#show run int Gi0/0.20 | sec int
interface GigabitEthernet0/0.20
 description ** VRF Sales - to R3 **
 encapsulation dot1Q 20
 vrf forwarding Sales
 ip address 10.2.0.2 255.255.255.0
 vrrp 20 description ** VRRP Group 20 - VRF Sales **
 vrrp 20 ip 10.2.0.4
 vrrp 20 timers advertise msec 750
 vrrp 20 priority 140
 vrrp 20 authentication p4ssw0rd

R2#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to Site 2 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 
R2#show run int G0/1.10 | sec int
interface GigabitEthernet0/1.10
 description ** VRF Finance - to R4 **
 encapsulation dot1Q 10
 vrf forwarding Finance
 ip address 192.168.10.5 255.255.255.252

R2#show run int G0/1.20 | sec int
interface GigabitEthernet0/1.20
 description ** VRF Sales - to R4 **
 encapsulation dot1Q 20
 vrf forwarding Sales
 ip address 192.168.20.5 255.255.255.252

R2#show run | sec ip route
ip route vrf Finance 0.0.0.0 0.0.0.0 GigabitEthernet0/1.10 192.168.10.6
ip route vrf Sales 0.0.0.0 0.0.0.0 GigabitEthernet0/1.20 192.168.20.6

R3#show run | sec ^vrf
vrf definition Finance
 rd 1:1
 !
 address-family ipv4
 exit-address-family
vrf definition Sales
 rd 2:2
 !
 address-family ipv4
 exit-address-family
 
R3#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R1 and R2 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 
R3#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
 description ** VRF Finance **
 encapsulation dot1Q 10
 vrf forwarding Finance
 ip address 10.1.0.3 255.255.255.0

R3#show run int Gi0/0.20 | sec int
interface GigabitEthernet0/0.20
 description ** VRF Sales **
 encapsulation dot1Q 20
 vrf forwarding Sales
 ip address 10.2.0.3 255.255.255.0

R3#show run | sec ip route
ip route vrf Finance 0.0.0.0 0.0.0.0 GigabitEthernet0/0.10 10.1.0.4
ip route vrf Sales 0.0.0.0 0.0.0.0 GigabitEthernet0/0.20 10.2.0.4

R4#show run | sec ^vrf
vrf definition Finance
 rd 1:1
 !
 address-family ipv4
 exit-address-family
vrf definition Sales
 rd 2:2
 !
 address-family ipv4
 exit-address-family
 
R4#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R1 **
 no ip address
 duplex auto
 speed auto
 media-type rj45

R4#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
 description ** VRF Finance - to R1 **
 encapsulation dot1Q 10
 vrf forwarding Finance
 ip address 192.168.10.2 255.255.255.252
 
R4#show run int Gi0/0.20 | sec int
interface GigabitEthernet0/0.20
 description ** VRF Sales - to R1 **
 encapsulation dot1Q 20
 vrf forwarding Sales
 ip address 192.168.20.2 255.255.255.252

R4#show run int Gi0/1 | sec int   
interface GigabitEthernet0/1
 description ** to R2 **
 no ip address
 duplex auto
 speed auto
 media-type rj45

R4#show run int Gi0/1.10 | sec int
interface GigabitEthernet0/1.10
 description ** VRF Finance - to R2 **
 encapsulation dot1Q 10
 vrf forwarding Finance
 ip address 192.168.10.6 255.255.255.252

R4#show run int Gi0/1.20 | sec int
interface GigabitEthernet0/1.20
 description ** VRF Sales - to R2 **
 encapsulation dot1Q 20
 vrf forwarding Sales
 ip address 192.168.20.6 255.255.255.252

R4#show run int Lo10 | sec int
interface Loopback10
 vrf forwarding Finance
 ip address 192.168.3.1 255.255.255.255

R4#show run int Lo20 | sec int
interface Loopback20
 vrf forwarding Sales
 ip address 192.168.3.2 255.255.255.255

R4#show run | sec ^track  
track 1 ip sla 10
track 2 ip sla 20

R4#show run | sec ^ip sla
ip sla 10
 icmp-echo 192.168.10.1 source-interface GigabitEthernet0/0.10
 vrf Finance
 threshold 1000
 timeout 1000
 frequency 1
ip sla schedule 10 life forever start-time now
ip sla 20
 icmp-echo 192.168.20.1 source-interface GigabitEthernet0/0.20
 vrf Sales
 threshold 1000
 timeout 1000
 frequency 1
ip sla schedule 20 life forever start-time now

R4#show run | sec ip route
ip route vrf Finance 0.0.0.0 0.0.0.0 GigabitEthernet0/0.10 192.168.10.1 track 1
ip route vrf Sales 0.0.0.0 0.0.0.0 GigabitEthernet0/0.20 192.168.20.1 track 2
ip route vrf Finance 0.0.0.0 0.0.0.0 GigabitEthernet0/1.10 192.168.10.5 2
ip route vrf Sales 0.0.0.0 0.0.0.0 GigabitEthernet0/1.20 192.168.20.5 2

R1#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0.10           10  150 2664       Y  Master  10.1.0.1        10.1.0.4       
Gi0/0.20           20  150 2664       Y  Master  10.2.0.1        10.2.0.4




R1#show vrrp all
GigabitEthernet0/0.10 - Group 10 
** VRRP Group 10 - VRF Finance **
  State is Master  
  Virtual IP address is 10.1.0.4
  Virtual MAC address is 0000.5e00.010a
  Advertisement interval is 0.750 sec
  Preemption enabled
  Priority is 150 
    Track object 1 state Up decrement 20
  Authentication text, string "p4ssw0rd"
  Master Router is 10.1.0.1 (local), priority is 150 
  Master Advertisement interval is 0.750 sec
  Master Down interval is 2.664 sec

GigabitEthernet0/0.20 - Group 20 
** VRRP Group 20 - VRF Sales **
  State is Master  
  Virtual IP address is 10.2.0.4
  Virtual MAC address is 0000.5e00.0114
  Advertisement interval is 0.750 sec
  Preemption enabled
  Priority is 150 
    Track object 2 state Up decrement 20
  Authentication text, string "p4ssw0rd"
  Master Router is 10.2.0.1 (local), priority is 150 
  Master Advertisement interval is 0.750 sec
  Master Down interval is 2.664 sec




R2#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0.10           10  140 2703       Y  Backup  10.1.0.1        10.1.0.4       
Gi0/0.20           20  140 2703       Y  Backup  10.2.0.1        10.2.0.4

In the following outputs, failure of the primary path between R1 - R4 is simulated, and the VRRP failover mechanism is shown to affect both VRFs simultaneously.

R3#trace vrf Finance 192.168.3.1 probe 1
Type escape sequence to abort.
Tracing the route to 192.168.3.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.1.0.1 5 msec                     « Before primary path failure R1 is VRRP Master router
  2 192.168.10.2 105 msec
  
  
  
  
R3#ping vrf Finance 192.168.3.1 re 100  
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!           « Path failure causes some packet loss
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 97 percent (97/100), round-trip min/avg/max = 102/103/106 ms




R1#show log | beg Log Buffer
Log Buffer (8192 bytes):

%TRACK-6-STATE: 1 ip sla 10 state Up -> Down
%TRACK-6-STATE: 2 ip sla 20 state Up -> Down
%VRRP-6-STATECHANGE: Gi0/0.10 Grp 10 state Master -> Backup              « VRRP failover happens
%VRRP-6-STATECHANGE: Gi0/0.20 Grp 20 state Master -> Backup



R3#trace vrf Finance 192.168.3.1 probe 1
Type escape sequence to abort.
Tracing the route to 192.168.3.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.1.0.2 2 msec               « R2 is the new VRRP Master router
  2 192.168.10.6 103 msec
 



R3#trace vrf Sales 192.168.3.2 probe 1
Type escape sequence to abort.
Tracing the route to 192.168.3.2
VRF info: (vrf in name/id, vrf out name/id)
  1 10.2.0.2 2 msec
  2 192.168.20.6 104 msec
 
 
 
R2#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0.10           10  140 2703       Y  Master  10.1.0.2        10.1.0.4       
Gi0/0.20           20  140 2703       Y  Master  10.2.0.2        10.2.0.4

VRRP and Gratuitous ARP (GARP)

During a VRRP traffic failover between R1 and R2, GARP messages are broadcast by the VRRP routers to inform SW1 about the status change. As a result, SW1 can update its mac address-table and send traffic to the correct VRRP Master.

The following outputs show the difference in the mac address-table of SW1 before and after a VRRP status change. Essentially, SW1 keeps track of the VRRP virtual router MAC address for each VRRP Group.

SW1#show mac address-table 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    5254.0009.95f7    DYNAMIC     Gi0/1
   1    5254.000a.699c    DYNAMIC     Gi0/0
   1    5254.0013.a921    DYNAMIC     Gi0/2
  10    0000.5e00.010a    DYNAMIC     Gi0/0           « Before link failure
  20    0000.5e00.0114    DYNAMIC     Gi0/0
Total Mac Addresses for this criterion: 5



SW1#show mac address-table 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    5254.0009.95f7    DYNAMIC     Gi0/1
   1    5254.000a.699c    DYNAMIC     Gi0/0
   1    5254.0013.a921    DYNAMIC     Gi0/2
  10    0000.5e00.010a    DYNAMIC     Gi0/1           « After link failure, and VRRP status change
  20    0000.5e00.0114    DYNAMIC     Gi0/1
Total Mac Addresses for this criterion: 5

VRRPv3 configuration for IPv6 networks

In the following example topology VRRPv3 is configured to advertise a virtual IPv6 gateway address in Site 1. R1 is the VRRP Master (primary), and R2 is the Backup router. The following list provides details about how VRRPv3 works.

VRRPv3 supports IPv6 and also IPv4. The example command vrrp 10 address-family ipv6 is issued under an interface to add VRRP support for IPv6, and the command vrrp 10 address-family ipv4 can be used for IPv4. Thus, VRRPv3 supports dual stack IPv4-IPv6 networks.
VRRPv3 does not support authentication.
VRRPv3 uses the IPv6 multicast address FF02::12 to exchange control plane messages.
VRRPv3 does not use Gratuitous ARP (IPv6 does not use ARP). Instead, VRRPv3 uses ICMPv6 Neighbor Advertisement (NA) messages to inform connected network devices of a link-layer address change.

Configuration:

R1#show run | sec ^ipv6 unicast
ipv6 unicast-routing

R1#show run | sec ^fhrp
fhrp version vrrp v3

R1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to Site 1 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 ipv6 address FE80::1 link-local
 ipv6 address 2001:DB8:1::1/64
 vrrp 10 address-family ipv6
  track 1 decrement 20
  address FE80::10 primary
  address 2001:DB8:1::10/64
  exit-vrrp

R1#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to Site 2 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 ipv6 address FE80::1 link-local
 ipv6 address 2001:DB8:A::1/64

R1#show run | sec ^ip sla
ip sla 10
 icmp-echo 2001:DB8:A::2
 threshold 1000
 timeout 1000
 frequency 1
ip sla schedule 10 life forever start-time now

R1#show run | sec ^track
track 1 ip sla 10 reachability

R1#show run | sec ^ipv6 route
ipv6 route ::/0 2001:DB8:A::2

R2#show run | sec ^ipv6 unicast 
ipv6 unicast-routing

R2#show run | sec ^fhrp
fhrp version vrrp v3

R2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to Site 1 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 ipv6 address FE80::2 link-local
 ipv6 address 2001:DB8:1::2/64
 vrrp 10 address-family ipv6
  priority 90
  address FE80::10 primary
  address 2001:DB8:1::10/64
  exit-vrrp

R2#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to Site 2 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 ipv6 address FE80::1 link-local
 ipv6 address 2001:DB8:B::1/64

R2#show run | sec ^ipv6 route
ipv6 route ::/0 2001:DB8:B::2

R3#show run | sec ^ipv6 unicast
ipv6 unicast-routing

R3#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R1 and R2 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 ipv6 address FE80::3 link-local
 ipv6 address 2001:DB8:1::3/64
 
R3#show run | sec ^ipv6 route
ipv6 route ::/0 2001:DB8:1::10

R4#show run | sec ^ipv6 unicast
ipv6 unicast-routing

R4#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R1 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 ipv6 address FE80::2 link-local
 ipv6 address 2001:DB8:A::2/64

R4#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to R2 **
 no ip address
 duplex auto
 speed auto
 media-type rj45
 ipv6 address FE80::2 link-local
 ipv6 address 2001:DB8:B::2/64

R4#show run int Lo10 | sec int 
interface Loopback10
 no ip address
 ipv6 address 2001:DB8:2::1/128

R4#show run | sec ^ipv6 route
ipv6 route 2001:DB8:1::/64 GigabitEthernet0/1 2001:DB8:B::1 2
ipv6 route 2001:DB8:1::/64 GigabitEthernet0/0 2001:DB8:A::1 track 1

R4#show run | sec ^ip sla 
ip sla 10
 icmp-echo 2001:DB8:A::1 source-interface Loopback10
 threshold 1000
 timeout 1000
 frequency 1
ip sla schedule 10 life forever start-time now

R4#show run | sec ^track
track 1 ip sla 10 reachability

R1#show vrrp brief
  Interface          Grp  A-F Pri  Time Own Pre State   Master addr/Group addr
  Gi0/0               10 IPv6 100     0  N   Y  MASTER  FE80::1(local) FE80::10




R1#show vrrp ipv6 all

GigabitEthernet0/0 - Group 10 - Address-Family IPv6        « VRRPv3 IPv6 is configured
  State is MASTER
  State duration 12.765 secs
  Virtual IP address is FE80::10
  Virtual secondary IP addresses:
    2001:DB8:1::10/64
  Virtual MAC address is 0000.5E00.020A
  Advertisement interval is 1000 msec
  Preemption enabled
  Priority is 100
    Track object 1 state UP decrement 20
  Master Router is FE80::1 (local), priority is 100
  Master Advertisement interval is 1000 msec (expires in 969 msec)
  Master Down interval is unknown




R3#trace 2001:DB8:2::1 
Type escape sequence to abort.
Tracing the route to 2001:DB8:2::1

  1 FE80::1 7 msec 3 msec 3 msec                   « Before primary path failure
  2 2001:DB8:A::2 25 msec 24 msec 24 msec





R3#trace 2001:DB8:2::1 
Type escape sequence to abort.
Tracing the route to 2001:DB8:2::1

  1 2001:DB8:1::2 2 msec 3 msec 3 msec             « After primary path failure and VRRP state change
  2 2001:DB8:B::2 4 msec 3 msec 3 msec





R1#show log | beg Log Buffer
Log Buffer (8192 bytes):

%TRACK-6-STATE: 1 ip sla 10 reachability Up -> Down
%VRRP-6-STATE: GigabitEthernet0/0 IPv6 group 10 state MASTER -> BACKUP                    « VRRP IPv6 state change






R1#show vrrp brief   
  Interface          Grp  A-F Pri  Time Own Pre State   Master addr/Group addr
  Gi0/0               10 IPv6  80  3687  N   Y  BACKUP  FE80::2 FE80::10                  « After VRRP state change