https://www.juniper.net/documentation/us/en/software/junos/high-availability/topics/example/VRRP-qfx-series-load-sharing.html

Example: Configuring VRRP for Load Sharing

date_range17-Feb-21

Product and Release Support

arrow_backward arrow_forward

If you do not want to dedicate a switch to be a VRRP backup (and therefore leave it idle unless the primary fails), you can create a load-sharing configuration in which each participating switch simultaneously acts as a primary and a backup.

One reason to use a load-sharing (active-active) configuration is that you are more likely to actively monitor and maintain both switches and notice if a problem occurs on either of them. If you use a configuration in which one switch is only a backup (an active-backup configuration), you might be less likely to pay attention to the backup switch while it is idle. In the worst case, this could lead to the backup switch developing an undetected problem and not being able to perform adequately when a failover occurs.

Requirements

This example uses the following hardware and software components:

• Two switches
• Junos OS Release 11.3 or later
• Static routing or a dynamic routing protocol enabled on both switches.

Overview and Topology

This example uses two VRRP groups, each of which has its own virtual IP address. Devices on the LAN use one of these virtual IP addresses as their default gateway. If one of the switches fails, the other switch takes over for it. In the topology shown in Figure 1, for example, Switch A is the primary for VRRP group 100. If Switch A fails, Switch B takes over and forwards traffic that the end devices send to the default gateway address 10.1.1.1.

Figure 1: VRRP Load-Sharing Configuration

This example shows a simple configuration to illustrate the basic steps for configuring two switches running VRRP to back each other up.Table 1 lists VRRP settings for each switch.

Topology

Table 1: Settings for VRRP Load-Sharing ExampleSwitch ASwitch B

In addition to configuring the two switches as shown, you must configure your end devices so that some of them use one of the virtual IP addresses as their default gateway and the remaining end devices use the other virtual IP address as their default gateway.

Note that if a failover occurs, the remaining switch might be unable to handle all of the traffic, depending on the demand.

Configuring VRRP on Both Switches

Procedure

• CLI Quick Configuration
• Step-by-Step Procedure
• Step-by-Step Procedure
• Results

CLI Quick Configuration

Enter the following on Switch A:

content_copy zoom_out_map

[edit] set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 virtual-address 10.1.1.1 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 250 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 200 virtual-address 10.1.1.2 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 200 priority 200

Enter the following on Switch B:

content_copy zoom_out_map

[edit] set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 virtual-address 10.1.1.1 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 priority 200 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 200 virtual-address 10.1.1.2 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 200 priority 250

Step-by-Step Procedure

Configure the VRRP groups and priorities on Switch A:

1. Create VRRP group 100 on Switch A and configure the virtual IP address for the group:
2. content_copy zoom_out_map
3. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 virtual-address 10.1.1.1
4. Assign the VRRP priority for this interface in this group:
5. content_copy zoom_out_map
6. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 250
7. Create VRRP group 200 on Switch A and configure the virtual IP address for the group:
8. content_copy zoom_out_map
9. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 200 virtual-address 10.1.1.2
10. Assign the VRRP priority for this interface in this group:
11. content_copy zoom_out_map
12. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 200

Step-by-Step Procedure

Configure the VRRP groups and priorities on Switch B:

1. Create VRRP group 100 on Switch B and configure the virtual IP address for the group:
2. content_copy zoom_out_map
3. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 virtual-address 10.1.1.1
4. Assign the VRRP priority for this interface in this group:Switch A remains the primary for group 100 because it has the highest priority for this group.
5. content_copy zoom_out_map
6. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 priority 200
7. Create VRRP group 200 on Switch A and configure the virtual IP address for the group:
8. content_copy zoom_out_map
9. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 200 virtual-address 10.1.1.2
10. Assign the VRRP priority for this interface in this group:Switch B becomes the primary for group 200 because it has the highest priority for this group.
11. content_copy zoom_out_map
12. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 250

Results

Display the results of the configuration on Switch A:

content_copy zoom_out_map

user@switch> show configuration interfaces { xe-0/0/0 { unit 0 { family inet { address 10.1.1.251 { vrrp-group 100 { virtual address 10.1.1.1 priority 250 } vrrp-group 200 { virtual address 10.1.1.2 priority 200 } } } } } }

Display the results of the configuration on Switch B:

content_copy zoom_out_map

user@switch> show configuration interfaces { xe-0/0/0 { unit 0 { family inet { address 10.1.1.252 { vrrp-group 100 { virtual address 10.1.1.1 priority 200 } vrrp-group 200 { virtual address 10.1.1.2 priority 250 } } } } } }

Verification

• Verifying that VRRP Is Working on Switch A
• Verifying that VRRP Is Working on Switch B

Verifying that VRRP Is Working on Switch A

• Purpose
• Action
• Meaning

Purpose

Verify that VRRP is active on Switch A and that the primary and backup roles are correct.

Action

Use the following command to verify that VRRP is active on Switch A and that the switch is primary for group 100 and backup for group 200.

content_copy zoom_out_map

user@switch> show vrrp Interface State Group VR state Timer Type Address xe-0/0/0.0 up 100 master A .0327 lcl 10.1.1.251 vip 10.1.1.1 xe-0/0/0.0 up 200 backup A .0327 lcl 10.1.1.251 vip 10.1.1.2

Meaning

The show vrrp command displays fundamental information about the VRRP configuration. This output shows that both VRRP groups are active and that this switch has assumed the correct primary and backup roles. The lcl address is the physical address of the interface and the vip address is the virtual address shared by both switches. The Timer value (A .0327) indicates the remaining time (in seconds) in which this switch expects to receive a VRRP advertisement from the other switch. If an advertisement for group 200 does not arrive before the timer expires, Switch A asserts itself as the primary for this group.

Verifying that VRRP Is Working on Switch B

• Purpose
• Action
• Meaning

Purpose

Verify that VRRP is active on Switch B and that the primary and backup roles are correct.

Action

Use the following command to verify that VRRP is active on Switch B and that the switch is backup for group 100 and primary for group 200.

content_copy zoom_out_map

user@switch> show vrrp Interface State Group VR state Timer Type Address xe-0/0/0.0 up 100 backup A .0327 lcl 10.1.1.252 vip 10.1.1.1 xe-0/0/0.0 up 200 master A .0327 lcl 10.1.1.252 vip 10.1.1.2

Meaning

The show vrrp command displays fundamental information about the VRRP configuration. This output shows that both VRRP groups are active and that this switch has assumed the correct primary and backup roles. The lcl address is the physical address of the interface and the vip address is the virtual address shared by both switches. The Timer value (A .0327) indicates the remaining time (in seconds) in which this switch expects to receive a VRRP advertisement from the other switch. If an advertisement for group 100 does not arrive before the timer expires, Switch B asserts itself as the primary for this group.

L4#1 configuration

>> Main# /c/dump
script start "Alteon 180e" 4  /**** DO NOT EDIT THIS LINE!
/* Configuration dump taken 17:41:11 Tue Jan  3, 2012
/* Version 10.0.28,  Base MAC address 00:60:cf:42:d4:10
/c/port 1
        pvid 192
/c/port 2
        pvid 20
/c/port 3
        pvid 10
/c/port 5
        pvid 10
/c/port 8
        tag ena
        pvid 100
/c/vlan 1
        def 4 6 7 9
/c/vlan 10
        ena
        name "VLAN 10"
        def 3 5 8
/c/vlan 20
        ena
        name "VLAN 20"
        def 2 8
/c/vlan 100
        ena
        name "VLAN 100"
        def 8
/c/vlan 192
        ena
        name "VLAN 192"
        def 1 8
/c/stp 1/off
/c/stp 1/clear
/c/stp 1/add 1 10 20 100 192
/c/trunk 1
        ena
        add 8
/c/ip/if 1
        ena
        addr 192.168.1.52
        vlan 192
/c/ip/if 2
        ena
        addr 20.20.20.2
        mask 255.255.255.0
        broad 20.20.20.255
        vlan 20
/c/ip/if 3
        ena
        addr 10.10.10.2
        mask 255.255.255.0
        broad 10.10.10.255
        vlan 10
/c/ip/if 8
        ena
        addr 1.1.1.2
        mask 255.255.255.0
        broad 1.1.1.255
        vlan 100
/c/ip/gw 1
        ena
        addr 192.168.1.60
/c/vrrp/on
/c/vrrp/hotstan enabled
/c/vrrp/vr 10
        ena
        vrid 10
        if 3
        addr 10.10.10.1
        adver 2
        share dis
        track
                ports e
/c/vrrp/vr 20
        ena
        vrid 20
        if 2
        addr 20.20.20.1
        adver 2
        share dis
        track
                ports e
/c/vrrp/vr 100
        ena
        vrid 100
        if 8
        addr 1.1.1.1
        adver 2
        share dis
/c/vrrp/vr 192
        ena
        vrid 192
        if 1
        addr 192.168.1.51
        adver 2
        share dis
        track
                ports e
/c/vrrp/group
        ena
        vrid 1
        if 1
        prio 101
        share dis
        track
                vrs dis
                ifs dis
                ports ena
                l4pts dis
                reals dis
                hsrp dis
                hsrv dis
/c/slb
        on
/c/slb/adv
        direct ena
/c/slb/sync
        state e
/c/slb/real 1
        ena
        rip 10.10.10.12
/c/slb/real 2
        ena
        rip 10.10.10.13
/c/slb/group 1
        metric hash
        health http
        add 1
        add 2
/c/slb/group 2
        add 1
        add 2
/c/slb/port 1
        client ena
        hotstan ena
/c/slb/port 2
        client ena
        hotstan ena
/c/slb/port 3
        client ena
        server ena
        hotstan ena
/c/slb/port 5
        server ena
        hotstan ena
/c/slb/port 8
        client ena
        intersw ena
/c/slb/virt 1
        ena
        vip 10.10.10.10
/c/slb/virt 1/service http
        group 1
/c/slb/virt 2
        ena
        vip 10.10.10.11
/c/slb/virt 2/service ftp
        group 2
        ftpp ena
/c/slb/virt 2/service ftp-data
        group 2
/
script end  /**** DO NOT EDIT THIS LINE!



L4#2 configuration
>> Configuration# /c/dump
script start "Alteon AD3" 4  /**** DO NOT EDIT THIS LINE!
/* Configuration dump taken 17:46:01 Tue Jan  3, 2012
/* Version 10.0.28,  Base MAC address 00:60:cf:49:ea:d0
/c/sys
        tnet ena
/c/port 1
        pvid 192
/c/port 2
        pvid 20
/c/port 3
        pvid 10
/c/port 5
        pvid 10
/c/port 8
        tag ena
        pvid 100
/c/vlan 1
        def 4 6 7 9
/c/vlan 10
        ena
        name "VLAN 10"
        def 3 5 8
/c/vlan 20
        ena
        name "VLAN 20"
        def 2 8
/c/vlan 100
        ena
        name "VLAN 100"
        def 8
/c/vlan 192
        ena
        name "VLAN 192"
        def 1 8
/c/stp 1/off
/c/stp 1/clear
/c/stp 1/add 1 10 20 100 192
/c/trunk 1
        ena
        add 8
/c/ip/if 1
        ena
        addr 192.168.1.53
        vlan 192
/c/ip/if 2
        ena
        addr 20.20.20.3
        mask 255.255.255.0
        broad 20.20.20.255
        vlan 20
/c/ip/if 3
        ena
        addr 10.10.10.3
        mask 255.255.255.0
        broad 10.10.10.255
        vlan 10
/c/ip/if 8
        ena
        addr 1.1.1.3
        mask 255.255.255.0
        broad 1.1.1.255
        vlan 100
/c/ip/gw 1
        ena
        addr 192.168.1.60
/c/vrrp/on
/c/vrrp/hotstan enabled
/c/vrrp/vr 10
        ena
        vrid 10
        if 3
        prio 99
        addr 10.10.10.1
        adver 2
        share dis
        track
                ports e
/c/vrrp/vr 20
        ena
        vrid 20
        if 2
        prio 99
        addr 20.20.20.1
        adver 2
        share dis
        track
                ports e
/c/vrrp/vr 100
        ena
        vrid 100
        if 8
        prio 99
        addr 1.1.1.1
        adver 2
        share dis
/c/vrrp/vr 192
        ena
        vrid 192
        if 1
        prio 99
        addr 192.168.1.51
        adver 2
        share dis
        track
                ports e
/c/vrrp/group
        ena
        vrid 1
        if 1
        share dis
        track
                vrs dis
                ifs dis
                ports ena
                l4pts dis
                reals dis
                hsrp dis
                hsrv dis
/c/slb
        on
/c/slb/adv
        direct ena
/c/slb/sync
        state e
/c/slb/real 1
        ena
        rip 10.10.10.12
/c/slb/real 2
        ena
        rip 10.10.10.13
/c/slb/group 1
        metric hash
        health http
        add 1
        add 2
/c/slb/group 2
        metric hash
        health ftp
        add 1
        add 2
/c/slb/port 1
        client ena
        hotstan ena
/c/slb/port 2
        client ena
        hotstan ena
/c/slb/port 3
        server ena
        rts ena
        hotstan ena
/c/slb/port 4
        rts ena
/c/slb/port 5
        server ena
        hotstan ena
/c/slb/port 8
        client ena
        intersw ena
/c/slb/virt 1
        ena
        vip 10.10.10.10
/c/slb/virt 1/service http
        group 1
/c/slb/virt 2
        ena
        vip 10.10.10.11
/c/slb/virt 2/service ftp
        group 2
        ftpp ena
/c/slb/virt 2/service ftp-data
        group 2
/
script end  /**** DO NOT EDIT THIS LINE!

L4스위치 A Config

L4스위치 B Config

[ALTEON] VRRP Hot-Standby 설정예제 (구글검색)

Alteon 1: