VRRP configuration

[Spack]

Hi all,

I wonder about how to efficiently configure VRRP on two OmniSwitches 6850. Its' about how to link two switches in a VRRP configuration.

On Internet, when I look for VRRP, this is the type of configuration I can see.

Code: Select all

                       VRRP Master
                 -----------------------
                |                       |
                |  1                 2  |
                 -----------------------       Server
                   |                 |        -------
  ~~~~~~~~~  ______|                 |_______|       |
(           )                                |-------|
(  Network  )                                |-------|
(           )______                   _______|       |
  ~~~~~~~~~        |                 |       |   O   |
                   |                 |        -------
                 -----------------------
                |  1                 2  |
                |                       |
                 -----------------------
                       VRRP Backup

Port 1 is in VLAN 10 and port 2 in VLAN 20. But during my different tests, it seems that in this configuration both switches can't see the other one and so, VRRP doesn't initialize.
Plus, if I encounter a configuration like that

Code: Select all

                       VRRP Master
                 -----------------------
                |                       |
                |  1                 2  |
                 -----------------------      Server
                   |                 |        -------
  ~~~~~~~~~  ______|                 |__ X __|       |
(           )                                |-------|
(  Network  )                                |-------|
(           )______                   _______|       |
  ~~~~~~~~~        X                 |       |   O   |
                   |                 |        -------
                 -----------------------
                |  1                 2  |
                |                       |
                 -----------------------
                       VRRP Backup

The link is down from the server to the master switch so the backup switch take the relay. But it's link from outside is down whereas the master's one is up. In this case, there is no liaison between both switches and the server can't which outside.

So, in order to let VRRP messages reach both switches and add a liaison between them, I add an another port to each VLAN in VRRP.

Code: Select all

                       VRRP Master
                 -----------------------
                |                       |
                |  1    4      3    2  |
                 -----------------------      Server
                   |    |       |    |        -------
  ~~~~~~~~~  ______|    |       |    |_______|       |
(           )           |       |            |-------|
(  Network  )           |       |            |-------|
(           )______     |       |     _______|       |
  ~~~~~~~~~        |    |       |    |       |   O   |
                   |    |       |    |        -------
                 -----------------------
                |  1    4       3    2  |
                |                       |
                 -----------------------
                       VRRP Backup

Ports 1 and 4 are in VLAN 10 and ports 2 and 3 are in VLAN 20. To both switches can see them and there is another way when one link is down. But this configuration implies to have one link for each VLAN, what consume ports which can serve for other things...

Here is my way to configure VRRP...

For the master switch

Code: Select all

vlan 10 enable
vlan 10 port default 1/1 1/4
vlan 20 enable
vlan 20 port default 1/2 1/3
ip interface "VLAN 10" address 192.168.1.254
ip interface "VLAN 20" address 192.168.2.254
VRRP 10 10 DISABLE
VRRP 10 10 PRIORITY 255
VRRP 10 10 IP 192.168.1.254
VRRP 10 10 ENABLE
VRRP 20 20 DISABLE
VRRP 20 20 PRIORITY 255
VRRP 20 20 IP 192.168.2.254
VRRP 20 20 ENABLE

For the backup switch

Code: Select all

vlan 10 enable
vlan 10 port default 1/1 1/4
vlan 20 enable
vlan 20 port default 1/2 1/3
ip interface "VLAN 10" address 192.168.1.253
ip interface "VLAN 20" address 192.168.2.253
VRRP 10 10 DISABLE
VRRP 10 10 IP 192.168.1.254
VRRP 10 10 ENABLE
VRRP 20 20 DISABLE
VRRP 20 20 IP 192.168.2.254
VRRP 20 20 ENABLE

But I wonder if to put a link for each VLAN between both switches is a good way to follow?

[benny]

VRRP nodes which should back-up each other need to see themselves in the same L2 segment. The master periodically sends VRRP advertisements every second (depends on the config but per second is standard) and the secondaries/standbys listen for the advertisements. If they don't receive the advertisement for 3 times + 1 hello they'll take over according to the priorities given.

Review RFC 3768 for more information on VRRP.

-benny

[Spack]

Right !

But in my case, the server as two network board and switch form one to another when the link is down... Also, in this case the server is directly connected to the OmniShwitches so with only a connexion to the server they can't receive VRRP messages because the server won't let them pass...

That's why I'm using another link in the same VLAN to directly connect both switches between them... So do you think that's correct?

[cedric1]

hello guys


It is correct.

Between SWITCHMaster and SWITCBackup you need to connect them with a cable and pass you vlans via 802.1Q.

You can for High availabilty confiure a Linkagg between switch.

So if link primary for server is failling, traffic will go to backup link on your server, cross interconnect cable between switch and routing process is alsways done by master switch.

Regards

Cedric

[Spack]

OK thanks all!