I tried setting up VRRP with YAMAHA RTX830

Hello.
My favorite number is 4096.
I'm Kawa from the System Solutions Department.

Spring is almost here.
I recently had the opportunity to test VRRP with Yamaha's RTX830, so I thought I'd share my findings with the world as a memo.

What is VRRP?

※If you already know, skip this

■ YAMAHA official documentation⇩
http://www.rtpro.yamaha.co.jp/RT/docs/vrrp/vrrp.html

Let me explain!
VRRP (Virtual Router Redundancy Protocol) that makes routers redundant and makes two routers appear as if they are one router from the local side .

This is a type of HA (High Availability). VRRP does not use TCP or UDP, but protocol
number 112. This means that if a failure occurs and one side goes down, communication can continue on the other side . It's very convenient.

Verification environment

Two YAMAHA RTX830 routers

■ Simple configuration diagram

On the local PC (the girl in the image above), only the VIP (virtual IP address) "192.168.100.1" is visible as (in reality, it is also possible to directly connect to the physical IPs "Master: 192.168.100.2" and "Backup: 192.168.100.3").

■ Points to note

- The IP address assigned to the WAN interface must be static!
- L2 switches are required above and below!

config

That's all for the basic settings related to VRRP!

■ Main side (RTX1)

ip lan1 vrrp 1 192.168.100.1 priority=200 #Virtual IP setting. Higher priority takes precedence. ip lan1 vrrp shutdown trigger 1 lan2 #Specify the interface to determine if down (lan2 is WAN). ip lan1 address 192.168.100.2/24 #Actual address on the chassis side

■ Backup side

ip lan1 vrrp 1 192.168.100.1 priority=100 ip lan1 vrrp shutdown trigger 1 lan2 ip lan1 address 192.168.100.3/24

■ For WAN side alive monitoring

ip keepalive 10 icmp-echo 1 3 1.1.1.1 #IP is temporary

Verification Record

To simplify things, I sent a ping
(192.168.10.1)

Verification 1) Ping VIP: 192.168.100.1, Internet side IP: 192.168.10.1, continuously, while sending, turn off the power on the master side

Reply from 192.168.10.1: bytes=32 time=1ms TTL=63 Reply from 192.168.10.1: bytes=32 time=1ms TTL=63 Reply from 192.168.10.1: bytes=32 time=1ms TTL=63 Reply from 192.168.10.1: bytes=32 time=1ms TTL=63 Reply from 192.168.10.1: bytes=32 time=1ms TTL=63 Request timed out. Reply from 192.168.10.1: bytes=32 time=1ms TTL=63 Reply from 192.168.10.1: bytes=32 time=1ms TTL=63 Reply from 192.168.10.1: bytes=32 time=1ms TTL=63 Ping statistics for 192.168.10.1: Packets: sent = 42, received = 41, lost = 1 (2% loss), Approximate round trip time (ms): min = 1ms, max = 4ms, average = 1ms Reply from 192.168.100.1: bytes=32 time=1ms TTL=255 Reply from 192.168.100.1: bytes=32 time=1ms TTL=255 Reply from 192.168.100.1: bytes=32 time=1ms TTL=255 Request timed out. Reply from 192.168.100.1: bytes=32 time=1ms TTL=255 Reply from 192.168.100.1: bytes=32 time=1ms TTL=255 Ping statistics for 192.168.100.1: Packets: sent = 78, received = 77, lost = 1 (1% loss), Approximate round trip time (ms): min = 0ms, max = 3ms, average = 0ms

⇧The ping timed out on line 7. After that, communication to 192.168.10.1 was restored in about 7 seconds

At the same time, the virtual IP address "192.168.100.1", which is the default gateway (line 20), is switched to the backup machine, and ping responses are restored

The loss was also kept to a minimum

Verification 2) When the Internet is down (physically disconnecting the master WAN)

Reply from 192.168.10.1: bytes=32 time=1ms TTL=63 Request timed out. Reply from 192.168.10.1: bytes=32 time=1ms TTL=63　

→ We confirmed that recovery was possible with almost no interruption
→ The switch from master to backup was also completed immediately. Good job Tae-chan!

It's a good idea. I
feel like it would be very useful in case of an emergency.

Status check command

During verification, I used this to check the switching status

■ VRRP

show status vrrp # Example output show status vrrp LAN1 ID:1 Virtual IP address: 192.168.100.1 Current master: 192.168.100.2 Priority: 200 My status: Master / Priority: 200 Preempt Authentication: NONE Timer: 1

⇧The main side is running as the master

■Checking the interface and keepalive

show status lan2 show status ip keepalive 

～Complete～