Configure Service-Side VRRP on Cisco IOS XE Catalyst SD-WAN Edges
Available Languages
Introduction
This document describes how to Configure Service-Side VRRP on Cisco IOS® XE Catalyst SD-WAN Edges via Feature Templates, Configuration Groups and CLI.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Cisco Catalyst Software-Defined Wide Area Network (SD-WAN)
- Virtual Router Redundancy Protocol (VRRP) basic operation
- Manager Graphic User Interface (GUI)
- Configuration Groups
Components Used
- Cisco IOS® XE Catalyst SD-WAN Edges 17.9.4a
- Cisco Catalyst SD-WAN Manager 20.12.4
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
The Virtual Router Redundancy Protocol (VRRP) is a LAN-side protocol that provides redundant gateway service for switches and other IP end stations. In the Cisco SD-WAN software, you configure VRRP on an interface, and typically on a subinterface, within a Virtual Private Network (VPN).
VRRP is only supported with service-side VPNs (VPN 0 and 512 do not support VRRP).
Configure
Network Diagram
Network Diagram
Configurations
This can be achieved in three ways:
1 - Via Device Feature Templates:
In SD-WAN Manager, navigate to Configuration > Templates > Feature templates.
If there is already a feature template created for the service-side interface, search the template name and click Edit.
If no feature template was created for the service-side interface, click Add template, search for the device model, and select Cisco VPN Interface Ethernet.
Click VRRP tab and New VRRP.
VRRP Tab
Configure the VRRP parameters:
Group ID: Range 1 through 255.
Priority: Range: 1 through 254 . Priority level of the router. The router with the highest priority is elected as the primary VRRP router. If two routers have the same priority, the one with the higher IP address is elected as the primary VRRP router.
Timer (milliseconds): Range 100 through 40950 milliseconds. Specify how often the primary VRRP router sends VRRP advertisement messages. If subordinate routers miss three consecutive VRRP advertisements, they elect a new primary VRRP routers. It is recommended to use 1000ms as default value.
Track OMP (optional)
Track Prefix List (optional)
IP Address: Virtual IP Address that must be different that both router interfaces, but in the same subnet (local and peer).
VRRP Configuration Example Primary Device
Click Add and then Save.
Proceed with the same process for the VRRP peer/standby (except for the VRRP priority, all the values must match).
VRRP Configuration Example Standby Device
Add the VPN Interface Ethernet feature template to the device template under desired Service VPN, and click Save.
Screen to push changes to the device appears to complete the process.
CLI equivalent
Primary:
interface GigabitEthernet0/0/1
<snipped>
vrf forwarding 10
ip address 192.168.23.2 255.255.255.0
no ip redirects
ip mtu 1496
vrrp 1 address-family ipv4
timers advertise 1000
priority 200
vrrpv2
address 192.168.23.1 primary
exit-vrrp
arp timeout 1200
end
Standby:
interface GigabitEthernet0/0/1
<snipped>
vrf forwarding 10
ip address 192.168.23.3 255.255.255.0
no ip redirects
ip mtu 1496
vrrp 1 address-family ipv4
timers advertise 1000
priority 150
vrrpv2
address 192.168.23.1 primary
exit-vrrp
arp timeout 1200
end
2 - Via Configuration Groups:
Navigate to Configuration > Configuration Groups.
Navigate to the exist Configuration Group, and select Edit.
Navigate to Service Profile section, and look for the feature LAN interface.
Service Profile Section
Click Edit Feature.
Edit Feature Section
In the new tab, click VRRP section, and then Add VRRP IPv4.
VRRP Section Configuration Groups
Configure the VRRP parameters:
Group ID: Range 1 through 255.
Priority: Range: 1 through 254 . Priority level of the router. The router with the highest priority is elected as the primary VRRP router. If two routers have the same priority, the one with the higher IP address is elected as the primary VRRP router.
Timer (milliseconds): Range 100 through 40950 milliseconds. Specify how often the primary VRRP router sends VRRP advertisement messages. If subordinate routers miss three consecutive VRRP advertisements, they elect a new primary VRRP routers. It is recommended to use 1000ms as default value.
Track OMP (optional)
Track Prefix List (optional)
IP Address: Virtual IP Address that must be different that both router interfaces, but in the same subnet (local and peer).
VRRP Configuration Example Primary
Then, click Add button.
Validate that configuration is added, and click Save.
Save VRRP Configuration
After that, deploy the changes in the Primary device.
Proceed with the same process for the VRRP peer/standby (except for the VRRP priority, all the values must match).
VRRP Configuration Example Standby
3 - Via CLI:
CLI Example configuration.
Primary
Device# config-transaction
Device (config)# interface GigabitEthernet0/0/1
Device (config-if)# vrrp 1 address-family ipv4
Device (config-if-vrrp)# timers advertise 1000
Device (config-if-vrrp)# priority 200
Device (config-if-vrrp)# vrrpv2
Device (config-if-vrrp)# address 192.168.23.1 primary
Device (config-if-vrrp)# commit
Standby:
Device# config-transaction
Device (config)# interface GigabitEthernet0/0/1
Device (config-if)# vrrp 1 address-family ipv4
Device (config-if-vrrp)# timers advertise 1000
Device (config-if-vrrp)# priority 150
Device (config-if-vrrp)# vrrpv2
Device (config-if-vrrp)# address 192.168.23.1 primary
Device (config-if-vrrp)# commit
Verify
Device# show vrrp all
Vlan10 - Group 1 - Address-Family IPv4
State is MASTER
State duration 2 hours 0 mins 49 secs
Virtual IP address is 192.168.23.1
Virtual MAC address is 0000.5E00.0164
Advertisement interval is 1000 msec
Preemption enabled
Priority is 200
Master Router is 192.168.23.2 (local), priority is 200
Master Advertisement interval is 1000 msec (expires in 256 msec)
Master Down interval is unknown
FLAGS: 1/1
Device# show vrrp detail
Vlan10 - Group 1 - Address-Family IPv4
State is MASTER
State duration 2 hours 0 mins 55 secs
Virtual IP address is 192.168.23.1
Virtual MAC address is 0000.5E00.0164
Advertisement interval is 1000 msec
Preemption enabled
Priority is 200
Master Router is 192.168.23.2 (local), priority is 200
Master Advertisement interval is 1000 msec (expires in 717 msec)
Master Down interval is unknown
FLAGS: 1/1
VRRPv3 Advertisements: sent 27392 (errors 0) - rcvd 1220
VRRPv2 Advertisements: sent 27392 (errors 0) - rcvd 4
Group Discarded Packets: 0
VRRPv2 incompatibility: 0
IP Address Owner conflicts: 0
Invalid address count: 0
IP address configuration mismatch : 0
Invalid Advert Interval: 0
Adverts received in Init state: 0
Invalid group other reason: 0
Group State transition:
Init to master: 1 (Last change Mon Nov 27 11:04:00.406)
Init to backup: 3 (Last change Mon Nov 27 15:29:29.265)
Backup to master: 5 (Last change Mon Nov 27 15:29:32.914)
Master to backup: 3 (Last change Mon Nov 27 10:38:15.722)
Master to init: 2 (Last change Mon Nov 27 15:25:12.248)
Backup to init: 1 (Last change Mon Nov 27 10:35:32.215)
Device# show vrrp internal
GroupId:100 AF:IPv4 Interface:Vlan10
ref_cnt:3 flags:0 vrrs_hdl:1
mac_programmed:1 vrrp_mcast_join_v4:1
if_ctx_:0x7F43DE017178
if_oper_state:1
system_ctx_:0x7F43DE029FA0
primary address: 192.168.23.1
operational:1 is_active:1 match_addr:1 compatv2:1
shutdown:0 cfg_shutdown:0 priority:200 cfg_priority:200
state_ctx_:0x7F43DE02A040
hybernation:0 preempt:enabled state_time:2 hours 0 mins 59 secs
preempt_delay:0 secs master_priority:0
ready_to_preempt:90 master_reason:0
timer_ctx_:0x7F43DE02A0B8
master_down_timer:0 msec use_learned_timer:0
master_adv_interval:1000 cfg_adv_interval:1000 master_down_interval:0
comms_ctx_:0x7F43DE02A0F8
v2rtr_valid:1 listen:1
track_ctx_:0x7F43DE02A178
track_count:0 decrement:0 force_shutdown:0
Device# show vrrp statistics
VRRP Global Statistics:
Dropped Packets : 0
VRRP Statistics for Vlan10
Header Discarded Packets: 0
Invalid TTL/Hop Limit: 0
Invalid Checksum: 0
Invalid Version: 0
Invalid Msg Type: 0
Invalid length/Incomplete packet: 0
Invalid group no: 0
Invalid packet other reason: 0
VRRP Statistics for Vlan10 - Group 1 - Address-Family IPv4
State is MASTER
State duration 2 hours 1 mins 3 secs
VRRPv3 Advertisements: sent 27401 (errors 0) - rcvd 1220
VRRPv2 Advertisements: sent 27401 (errors 0) - rcvd 4
Group Discarded Packets: 0
VRRPv2 incompatibility: 0
IP Address Owner conflicts: 0
Invalid address count: 0
IP address configuration mismatch : 0
Invalid Advert Interval: 0
Adverts received in Init state: 0
Invalid group other reason: 0
Group State transition:
Init to master: 1 (Last change Mon Nov 27 11:04:00.406)
Init to backup: 3 (Last change Mon Nov 27 15:29:29.265)
Backup to master: 5 (Last change Mon Nov 27 15:29:32.914)
Master to backup: 3 (Last change Mon Nov 27 10:38:15.722)
Master to init: 2 (Last change Mon Nov 27 15:25:12.248)
Backup to init: 1 (Last change Mon Nov 27 10:35:32.215)
Useful debugs:
debug vrrp all detail
debug vrrp error
debug vrrp packet
debug vrrp process
debug vrrp state
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
16-Jan-2025 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)