High Availability using Okapi Introduction The Virtual Router Redundancy Protocol (VRRP) allows a group of routers to act as one virtual router and eliminating the single point of failure present in the static default routed environment. VRRP, as specified by RFC 2338 and RFC 3678, is designed to provide router failover services in the event of an interface failure. In a VRRP setup, one router is elected as the virtual router master, with the other routers acting as backups in case the virtual router master fails. On the Okapi system, VRRP can be run on a standard Ethernet interface. Advantages of VRRPRedundancy VRRP enables you to configure multiple routers as the default gateway router, which minimizes the possibility of a single point of failure in a network. Load Distribution You can configure VRRP in such a way that traffic to and from LAN clients can be balanced on multiple routers, thereby sharing the traffic load more equitably among available routers. Preemption The redundancy scheme of VRRP enables you to preempt a virtual router backup that has taken over for a failing virtual router master with a higher priority virtual router backup that has become available. Authentication VRRP communicates using password authentication to protect against VRRP-spoofing software. Advertisement Protocol VRRP uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address (224.0.0.18) for VRRP advertisements. This addressing scheme minimizes the number of routers that must service the multicasts and allows test equipment to accurately identify VRRP packets on a segment. The IANA assigned VRRP the IP protocol number 112. VRRP Synchronization Groups This feature syncs interfaces in a group such that if one of the interfaces from the router goes down, then all of the other interfaces in the group will move to the backup interface group. Configure VRRPThis section will explain how to configure the Virtual Router Redundancy Protocol (VRRP) on the Okapi system. Basic Topology
In this example, we have a LAN topology in which VRRP will be configured based on the metrics shown below. Router 1 (192.168.100.1) and Router 2 (192.168.100.2) will be owning different IP addresses on their interfaces but will be configured to become one virtual router with the virtual IP address 192.168.100.5. The priority and state assigned to the routers will determine the master and backup router in the topology. In our topology, we assign Router 1 as the master, that will hold the virtual IP address 192.168.100.5. The virtual router will be configured as the default gateway for the clients. Thus, in normal state Router 1 will be responsible for forwarding packets sent to the virtual IP address. Router 2 will function as backup router. In case the master router fails, the backup router will take over the virtual IP address to become the master and provide uninterrupted service for the clients. Once the master (Router 1) comes alive, the backup router will detect the higher priority router and return the virtual IP address to the master.  Figure 1: Basic Topology
Configuring Router1Virtual IP address: 192.168.100.5 Virtual Router ID: 20 Priority: 150 State: Master SMTP alerts are Enabled Advertisement Intervals: 1 sec Authentication: helloworld
Summarized Steps: - enable
- configure terminal
- interface type_interface_number
- vrrp enter_router_ID ip enter_ip_address
- vrrp enter_router_ID enable
- vrrp enter_router_ID priority enter_number
- vrrp enter_router_ID state enter_state
- vrrp enter_router_ID authentication enter_password
- vrrp enter_router_ID timer enter_time_seconds
- quit
- service vrrp
- notify smtp source-email enter_source_email_address
- notify smtp destination-email enter_destination_email_address
- notify smtp ip enter_smtp_server_ip_address_A.B.C.D
- notify smtp timeout enter_time_seconds
- show vrrp interface type_interface_type type_interface_number
Detailed Steps: STEP
| COMMAND | | Enter configuration mode for an Ethernet interface and Assign virtual IP address 192.168.100.5 (FastEthernet 0) | Okapi(config-if-eth)# vrrp 20 ip 192.168.100.5 | | Enable the virtual router on the interface | Okapi(config-if-eth)# vrrp 20 enable | | Assign priority (Default is 100) | Okapi(config-if-eth)# vrrp 20 priority 150 | | Assign Master State | Okapi(config-if-eth)# vrrp 20 state master | Set authentication (PASSWORD)
| Okapi(config-if-eth)# vrrp 20 authentication helloworld | | Set Advertisements (seconds) | Okapi(config-if-eth)# vrrp 20 timer 1 | Enable VRRP Services and SMTP notifications on router. Note: These commands will be configured in Global configuration mode. | | | Start VRRP services | Okapi(config)# service vrrp | | Set Source email account for state transition notifications. | Okapi(config)# notify smtp source-email
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
| | Set destination email account(s) for state transitions notifications | Okapi(config)# notify smtp destination-email
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
| Set SMTP server IP
| Okapi(config)# notify smtp ip A.B.C.D | | Set SMTP server timeout (seconds) | Okapi(config)# notify smtp timeout 30 |
Configuring Router 2Virtual IP address: 192.168.100.5 Virtual Router ID: 20 Priority: 80 State: Backup SMTP alerts are Enabled Advertisement Intervals: 1 sec Authentication: helloworld
Summarized Steps: - enable
- configure terminal
- interface type_interface_number
- vrrp enter_router_ID ip enter_ip_address
- vrrp enter_router_ID enable
- vrrp enter_router_ID priority enter_number
- vrrp enter_router_ID state enter_state
- vrrp enter_router_ID authentication enter_password
- vrrp enter_router_ID timer enter_time_seconds
- quit
- service vrrp
- notify smtp source-email enter_source_email_address
- notify smtp destination-email enter_destination_email_address
- notify smtp ip enter_smtp_server_ip_address_A.B.C.D
- notify smtp timeout enter_time_seconds
- show vrrp interface type_interface_type type_interface_number
Detailed Steps: STEP
| COMMAND | | Enter configuration mode for an Ethernet interface and Assign virtual IP address 192.168.100.5 (FastEthernet 0) | Okapi(config-if-eth)# vrrp 20 ip 192.168.100.5 | | Enable the virtual router on the interface | Okapi(config-if-eth)# vrrp 20 enable | | Assign priority (Default is 100) | Okapi(config-if-eth)# vrrp 20 priority 80 | | Assign Master State | Okapi(config-if-eth)# vrrp 20 state backup | Set authentication (PASSWORD)
| Okapi(config-if-eth)# vrrp 20 authentication helloworld | | Set Advertisements (seconds) | Okapi(config-if-eth)# vrrp 20 timer 1 | Enable VRRP Services and SMTP notifications on router. Note: These commands will be configured in Global configuration mode.
| | | Start VRRP services | Okapi(config)# service vrrp
| | Set Source email account for state transition notifications. | Okapi(config)# notify smtp source-email
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
| | Set destination email account(s) for state transitions notifications | Okapi(config)# notify smtp destination-email
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
| Set SMTP server IP
| Okapi(config)# notify smtp ip A.B.C.D | | Set SMTP server timeout (seconds) | Okapi(config)# notify smtp timeout 30 |
Disable VRRP In global configuration mode, we can simply disable the VRRP services. Summarized Steps: - enable
- configure terminal
- no service vrrp
- quit
In case we want to disable a particular interface on the router, we can disable VRRP services in the interface configuration mode. Summarized Steps: - enable
- configure terminal
- interface type_interface_number
- no vrrp enter_router_ID enable
- quit
- do show vrrp
|
