What is Virtual Routing Redundancy Protocol? In short VRRP is a standards based protocol that provides redundant default gateways when multiple routers/switches are connected to the same Layer 2 network. A virtual IP address is shared between one or more routers/switches providing redundancy against a router/switch failure.
We’ve been using VRRP in conjunction with SMLT to make sure that either core ERS 8600 switch in a cluster could assume the default gateway for any specific VLAN should the other switch fail. While I’m not at liberty to get into specifics I can tell you that we recently ran straight into a wall with our VRRP configuration. We had about 60+ VLANs (port based) on an ERS 8600 switch cluster where the VRRP ID for each VLAN was set to “1”. While Nortel had previously said this configuration was supported, we ran into significant issues testing some new software code for the 8600.
In short Nortel is now advising that you MUST have unique VRRP IDs. Nortel recommends as best practice that you use the VLAN ID but that can be problematic since valid values for the VLAN ID are between 1..4096 and valid values for the VRRP ID are between 1..512. In my case the VLAN IDs were between 1 and 200 so I was able to match them up.
config vlan <VLAN ID> ip vrrp <VRRP ID> address <IP ADDRESS> config vlan <VLAN ID> ip vrrp <VRRP ID> backup-master enable config vlan <VLAN ID> ip vrrp <VRRP ID> enable ERS8600:5# config vlan 1 ip vrrp 1 address 10.10.1.1 ERS8600:5# config vlan 1 ip vrrp 1 backup-master enable ERS8600:5# config vlan 1 ip vrrp 1 enable ERS8600:5# config vlan 2 ip vrrp 2 address 10.10.2.1 ERS8600:5# config vlan 2 ip vrrp 2 backup-master enable ERS8600:5# config vlan 2 ip vrrp 2 enable ERS8600:5# config vlan 9 ip vrrp 9 address 10.10.9.1 ERS8600:5# config vlan 9 ip vrrp 9 backup-master enable ERS8600:5# config vlan 9 ip vrrp 9 enable
I believe Nortel is now recommending RSMLT in place of VRRP which we’ll be using going forward. If you’ve been using a VRRP ID of 1 in every VLAN you might want to consider changing your configuration. I hope to write a post about RSMLT in the near future detailing how to configure it and the advantages using RSMLT over VRRP.
A personal note of Thanks to Richard M. and Roger G. from Nortel for their help and assistance in troubleshooting this problem.
Cheers!
i have been matching the vrrp-id to the vlan-id since the get go, but ran into the same annoyance as you wrt the vrrp vs vlan value ranges.
hopefully migrating to rsmlt soon as well…
I had never thought much of it until Nortel was able to duplicate the problem in their labs. I wrote a quick and dirty little AWK script to take the input from “show ip vrrp info”.
BEGIN { print “Nortel ERS 8600 VRRP ID Script” }
{ print “config vlan “$2″ ip vrrp 1 delete” }
{ print “config vlan “$2” ip vrrp “$2″ address ” $3 }
{ print “config vlan “$2” ip vrrp “$2″ backup-master enable” }
{ print “config vlan “$2” ip vrrp “$2″ enable” }
END { print ” – DONE -” }
You would feed the input from the “show ip vrrp info” command into this AWK script and it would output the commands to delete and then re-create the VRRP instances using the VLAN ID as the VRRP ID. We had about 60+ VLANS to change and only 60 minutes and there was no way we were going to change them all on both switches in 60 minutes (we also wanted to minimize the downtime). So that with the output from that script I cut and pasted sections of the output into both 8600 switches and we were done in about 10 minutes with zero downtime.
Thanks for the comment!
Michael, thanks for your interesting blog!!!
We are running two 8600s connected via IST, and with VRRP, but I noticed in my log files that I receive the following messages :
CPU5 [07/28/09 09:41:15] IP ERROR rcIpVrrpIn: Misconfigured Advertisement type (Fast Advtisement) for Vrid 8 on IfIndex 2054, Local type:regular Advertisement
The VRRP is functioning fine, but I am just concerned about this incessant log entrys.
I have tried to find more info on this, to no luck, do you perhaps have any suggestions ?
Would be appreciated.
Ryan
Hi Ryan,
You have a mis-configuration between the two VRRP routers. You probably have Fast Advertisement enabled on one but disabled on the other. Assuming that your VRIDs match your VLAN IDs you could issue the following command on both your ERS 8600 switches;
ERS-8610:5# config vlan 8 ip vrrp 8 info Sub-Context: clear config dump monitor show test trace wsm asfm sam Current Context: action : none address : IP ADDRESS OF VRRP INTERFACE adver-int : 1 backup-master : enable critical-ip : 0.0.0.0 critical-ip-enable : disable fast-adv-int : 200 fast-adv-enable : disable delete : N/A vrrp enable : enable holddown-timer : 0 priority : 100The settings should be identical on both ERS 8600 switches. It sounds to me like someone has enabled Fast Advertisement on one of the switches but left it disabled on the other switch. Just go ahead and disable Fast Advertisement (fast-adv-enable) and the error should clear.
Good Luck!
Thank you very much for your help.
Ryan
Hopefully that fixed your problem.
Please feel free to post any other questions in the Ethernet Switching forums.
Cheers!
We are using ERS 8600 as core switch.We are planing for a Core switch redundancy..
Couild u please tell me the configurations that i have to do during the activity.?
Hi Thomas,
It can be fairly complicated to add VRRP and/or HSRP. It’s certainly not something that you should undertake without completely understanding what you are doing. Outside of the commands provided in the above article you can post over in the forums if you have additional questions;
http://forums.networkinfrastructure.info/nortel-ethernet-switching/
Good Luck!
how to configur backup master in nortel switch 5530?
Well from with Java Device Manager just look under IP Routing -> VRRP click on the Interfaces tab and then scroll all the way to the right of the screen and you’ll see the options for Backup Master.
I just checked this against a switch running 6.1.3 software.
Cheers!
I’ve got two Passports with their IST’s on slot 3,7 ports 1 and 30, respectively. We are in the process of changing all of our legacy vlans from byipsubnet to byport…fun fun fun.
We are running fast advertisement enabled on both Passports after a vlan is converted:
e.g. config vlan 1241 ip vrrp 241 fast-adv-enable enable
I am getting a lot of continuous log entries showing a vrrp state change, although a state change is not taking place, based on the vrrp uptime indicator. I am going to turn this feature off to stop the messages. From what I’ve been told from our network architects, the reason for the log entry is because my IST VLAN ID number should be 2, whereas, my Passports IST VLAN ID 301 at this time.
Any comments?
Hi Sno,
I’d love to hear the reasoning behind the IST VLAN ID having to be set to 2. There is no requirement that the IST VLAN be any specific number nor that the MLT ID be any specific number. Actually you can use different MLT IDs on each core switch, obviously you need to use the same VLAN ID on both switches though.
In my experiences VRRP is nice but it causes a lot of scaling issues as the number of VRRP instances grow. Depending on which software release you are running I would suggest that you use RSMLT in place of VRRP. I’ve found that RSMLT is much more behaved and uses a lot less resources than VRRP.
In any event (depending on the software release) you are probably running up against a scaling issue where the VRRP hellos are not being processed fast enough. You could keep VRRP, disable the FAST-ADV feature and use the Backup Master feature. This would provide instantaneous fail-over and also help load-balance the traffic between your VRRP peers.
Good Luck with the VLAN conversion!