I tried building VRRP with YAMAHA RTX830

Hello.
My favorite number
is 4096 Kawa from the System Solution Department🐹

Spring is almost here.
The other day, I had to verify VRRP with YAMAHA's girlfriend's RTX830, so I thought I'd share it with the world as a memorandum.

What is VRRP?

*If you know, please skip this.

■ YAMAHA official document ⇩
http://www.rtpro.yamaha.co.jp/RT/docs/vrrp/vrrp.html

Let's explain!
VRRP (Virtual Router Redundancy Protocol) is makes routers redundant and makes it appear as if two routers are one from the local side

It's a type of so-called HA (High Availability). VRRP does not use TCP or UDP; it uses
protocol number 112 allows even if one side goes down in the event of a failure can continue on the other side. It's convenient.

Verification environment

I used two YAMAHA RTX830 routers

■ Simple configuration diagram

On the local PC (the girl in the image above), only the VIP (virtual IP address) "192.168.100.1" is visible (actually, the physical IPs "Master: 192.168.100.2" and "Backup: 192.168. 100.3” can also be connected directly).

■ Points to note

- The IP assigned to the WAN side interface must be static!
- L2 switches etc. are required on the top and bottom!

config

That's all for the basic settings around VRRP! ⇩

■ Main side (RTX1)

ip lan1 vrrp 1 192.168.100.1 priority=200 #Virtual IP settings. The higher the priority, the higher the priority ip lan1 vrrp shutdown trigger 1 lan2 #Specify the interface for down judgment (lan2 is WAN) ip lan1 address 192.168.100.2/24 #Real address on the chassis side

■ Backup side

ip lan1 vrrp 1 192.168.100.1 priority=100 ip lan1 vrrp shutdown trigger 1 lan2 ip lan1 address 192.168.100.3/24

■ WAN side For monitoring life and death

ip keepalive 10 icmp-echo 1 3 1.1.1.1 #IP is temporary

Verification record

simply sent a ping
(192.168.10.1)

Verification 1) Continue pinging to VIP:192.168.100.1, Internet side IP:192.168.10.1, and if the power on the master side is turned off during transmission.

Response from 192.168.10.1: Bytes =32 Time =1ms TTL=63 Response from 192.168.10.1: Bytes =32 Time =1ms TTL=63 Response from 192.168.10.1: Bytes =32 Time =1ms TTL= 63 Response from 192.168.10.1: Bytes =32 Time =1ms TTL=63 Response from 192.168.10.1: Bytes =32 Time =1ms TTL=63 Response from 192.168.10.1: Bytes =32 Time =1ms TTL =63 Request timed out. Response from 192.168.10.1: Bytes =32 Time =1ms TTL=63 Response from 192.168.10.1: Bytes =32 Time =1ms TTL=63 Response from 192.168.10.1: Bytes =32 Time =1ms TTL= 63 Ping statistics for 192.168.10.1: Packets: Sent = 42, Received = 41, Loss = 1 (2% loss), Estimated round trip time (ms): Min = 1ms, Max = 4ms, Average = 1ms Response from 192.168.100.1: Bytes =32 Time =1ms TTL=255 Response from 192.168.100.1: Bytes =32 Time =1ms TTL=255 Response from 192.168.100.1: Bytes =32 Time =1ms TTL= 255 Request timed out. Response from 192.168.100.1: Bytes =32 Time =1ms TTL=255 Response from 192.168.100.1: Bytes =32 Time =1ms TTL=255 Ping stats for 192.168.100.1: Packets: Sent = 78, Received = 77, Loss = 1 (1% loss), Approximate round trip time (ms): Min = 0ms, Max = 3ms, Average = 0ms

⇧Ping times out on line 7. After about 7 seconds, communication to 192.168.10.1 was restored.

At the same time, on line 20, the default gateway virtual IP "192.168.100.1" switches to the backup machine side, and the ping response is restored.

Loss was also kept to a fairly low level.

Verification 2) When the Internet is disconnected (physically disconnecting the master side WAN)

Response from 192.168.10.1: Bytes=32 Time=1ms TTL=63 Request timed out. Response from 192.168.10.1: Bytes=32 Time=1ms TTL=63　

→ Confirmed that recovery was possible with almost instantaneous interruptions
→ Switching from master to backup was done immediately. Yay Netae-chan!

It feels good.
I feel like it would work just fine in an emergency.

Command for checking status

During verification, we used this area to check the switching status.

■ VRRP

show status vrrp # Output example show status vrrp LAN1 ID:1 Virtual IP address: 192.168.100.1 Current master: 192.168.100.2 Priority: 200 Own status: Master / Priority: 200 Preempt Authentication: NONE Timer: 1

⇧The main side is operating as the master.

■Checking the interface and keepalive

show status lan2 show status ip keepalive 

～Complete～