This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VRRP - separate VRIDs or single?

VRRP - separate VRIDs or single?

EtherNation_Use
Contributor II

‎01-07-2014 09:59 PM

Create Date: Feb 21 2013 9:35PM

Hi, I'm trying to optimize the implementation of VRRP on a pair of 480s at our network's core, and I'm wondering if the way it's set up now is optimal or not. Here's the current anonymized config (the switch has appropriate real IPs on each network):

create vrrp vlan client-net vrid 1
configure vrrp vlan client-net vrid 1 priority 90
configure vrrp vlan client-net vrid 1 authentication simplepassword pass1
create vrrp vlan client-net-2 vrid 20
configure vrrp vlan client-net-2 vrid 20 priority 90
configure vrrp vlan client-net-2 vrid 20 authentication simplepassword pass2
create vrrp vlan client-net-3 vrid 10
configure vrrp vlan client-net-3 vrid 10 priority 90
configure vrrp vlan client-net-3 vrid 10 authentication simplepassword pass3
configure vrrp vlan client-net vrid 1 add 192.168.1.1
configure vrrp vlan client-net-2 vrid 20 add 172.16.2.1
configure vrrp vlan client-net-3 vrid 10 add 10.200.150.1
enable vrrp vlan client-net vrid 1
enable vrrp vlan client-net-2 vrid 20
enable vrrp vlan client-net-3 vrid 10

What is best practice here? Should I roll all of the VRRP instances up into a single VRID, or keep them separate? These are networks we need to be resilient to failures and attacks - the separation of the VRIDs was intended to separate them so if one was knocked offline by a traffic storm or other problem the others would stay online, but I'm not sure that's a valid assumption. Any insight is appreciated. Thanks!

(from Ansley_Barnes)
0 Kudos
5 REPLIES 5

EtherNation_Use
Contributor II

‎01-07-2014 09:59 PM

Create Date: Feb 25 2013 7:15PM

Hello Ansleybarnes

I am not sure using different VRIDs will give you what you want. A VRID is used to designate a Virtual Router pair. When any two routers have the same VRID it allows them to trade VRRP messages and provide redundancy for any VLAN that they have VRRP enabled on.

The best way I think to look at it is this. If I have two routers and those two routers provide VRRP for x number of VLANs/subnets then they can share one VRID for all of the VLANs. If I add two more routers and those routers provide VRRP to another set of x VLANs then I will use a separate VRID for those two routers so they know they can talk to one another.

If in your case you only have two routers you can use the same VRID whether or not the VRRP fails over is dependent on each VLAN so VLAN1 may fail over but VLAN2 may not depending on if you are using track or if a particular interface goes down. One thing to note is that if you do have a split VRRP where one router is master for x number of VLANs and the second router is Master for another set of x VLANs and all VLANs need to route between then then you may need to have a routed segment between the two routers so that they can route to the other router.

I hope that is clear although some of this is a little hard to explain via txt.

Let me know if this helps or makes things worse and I will try to be more clear.

Thanks
P (from Paul_Russo)
0 Kudos
GTM-P2G8KFN