Cisco VRRP Interface Tracking User Guide
- June 15, 2024
- Cisco
Table of Contents
- VRRP Interface Tracking
- Information About VRRP Interface Tracking
- VRRP Tracking Use Cases
- Configure VRRP for a VPN Interface Template and Associate Interface
- Configure VRRP Tracking Using CLI Templates
- VRRP Object Tracking Using CLI
- SIG Container Tracking
- Configuration Example for VRRP Object Tracking Using CLI
- Verify VRRP Tracking
- References
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
VRRP Interface Tracking
User Guide
VRRP Interface Tracking
Note
To achieve simplification and consistency, the Cisco SD-WAN solution has been
rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN
Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following
component changes are applicable: Cisco v Manage to Cisco Catalyst SD-WAN
Manager, Cisco v Analytics to Cisco Catalyst SD-WAN Analytics, Cisco v Bond to
Cisco Catalyst SD-WAN Validator, and Cisco v Smart to Cisco Catalyst SD-WAN
Controller. See the latest Release Notes for a comprehensive list of all the
component brand name changes. While we transition to the new names, some
inconsistencies might be present in the documentation set because of a phased
approach to the user interface updates of the software product.
Feature Name | Release Information | Description |
---|---|---|
VRRP Interface Tracking for Cisco IOS XE Catalyst SD-WAN Devices | Cisco IOS XE |
Catalyst
SD-WAN Release 17.7.1a
Cisco vManage Release 20.7.1| This feature enables VRRP to set the edge as
active or standby based on the WAN Interface or SIG tracker events andincrease
the TLOC preference
value on a new VRRP active to ensure traffic symmetry, for Cisco IOS XE
Catalyst
SD-WAN Devices.
| | Starting this release, you can configure VRRP interface tracking through
Cisco SD-WAN Manager feature template and CLI template on Cisco IOS XE
Catalyst SD-WAN Devices.
Information About VRRP Interface Tracking
The Virtual Router Redundancy Protocol (VRRP) is a LAN-side protocol that
provides redundant gateway service for switches and other IP end stations. In
Cisco IOS XE Catalyst SD-WAN devices, you can configure VRRP on interfaces and
sub interfaces using Cisco SD-WAN Manager templates and CLI add-on templates.
For more information, see Configuring
VRRP.
Restrictions and Limitations
- VRRP is only supported with service-side VPNs. If you are using sub interfaces, configure VRRP physical interfaces in VPN 0.
- VRRP tracking is enabled on either a physical uplink interface or a logical tunnel interface (IPSEC or GRE or both).
- The VRRP Tracking feature does not support IP prefix as an object.
- You can use the same tracker under multiple VRRP groups or VPNs.
- You cannot use the same track object to track multiple interfaces.
- You can group a maximum of 16 track objects under a list track object.
- You cannot configure tlocchange and increase-preference on more than one VRRP group.
VRRP Tracking Use Cases
The VRRP state is determined based on the tunnel link status. If the tunnel or
interface is down on the primary VRRP, then the traffic is directed to the
secondary VRRP. The secondary VRRP router in the LAN segment becomes primary
VRRP to provide gateway for the service-side traffic.
Zscaler Tunnel Use Case 1—Primary VRRP, Single Internet Provider
The primary and secondary Zscaler tunnels are connected through a single
internet provider to the primary VRRP. The primary and secondary VRRP routers
are connected through using TLOC extension. In this scenario, the VRRP state
transition occurs if the primary and secondary tunnels go down on primary
VRRP. The predetermined priority value decrements when the tracking object is
down, which triggers the VRRP state transition. To avoid asymmetric routing,
VRRP notifies this change to the Overlay through OMP.
Zscaler Tunnel Use Case 2—VRRP Routers in TLOC Extension, Dual Internet
Providers
The primary and secondary VRRP routers are configured in TLOC extension high
availability mode. The primary and secondary Zscaler tunnels are directly
connected with primary and secondary VRRP routers, respectively, using dual
internet providers. In this scenario too, the VRRP state transition occurs if
the primary and secondary tunnels go down on primary VRRP. The predetermined
priority value decrements when the tracking object is down, which triggers the
VRRP state transition. VRRP notifies this change to the Overlay through OMP.
TLOC Preference
Transport Locators (TLOCs) connect an OMP route to a physical location. A TLOC
is directly reachable using an entry in the routing table of the physical
network, or represented by a prefix beyond a NAT device. In Cisco IOS XE
Catalyst SD-WAN devices, the TLOC change increase preference value increases
based on the configured value. You can configure the TLOC change increase
preference value on both the active and the backup nodes.
Workflow to Configure VRRP Tracking
- Configure an object tracker. For more information, see Configure an Object Tracker, on page 3.
- Configure VRRP for a VPN Interface template and associate the object tracker with the template. For more information, see Configure VRRP for a VPN Interface Template and Associate Interface Object Tracker, on page 4.
Configure an Object Tracker
Use the Cisco System template to configure an object tracker.
-
From the Cisco SD-WAN Manager menu, choose Configuration > Templates.
-
Click Feature Templates.
Note
In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature. -
Navigate to the Cisco System template for the device.
Note
To create a System template, see Create System Template -
Click Tracker and choose New Object Tracker to configure the tracker parameters.
Table 2: Tracker Parameters** Field| Description
---|---
Tracker Type| Choose Interface or SIG to configure the object tracker.
Object ID| Enter the object ID number.
Interface**| Choose global or device-specific tracker interface name. -
Click Add.
-
Optionally, to create a tracker group, click Tracker, and click Tracker Groups > New Object Tracker Groups to configure the tracker parameters.
Note
Ensure that you have created two trackers to create a track group.
Table 3: Object Tracker Group Parameters****
Field | Description |
---|---|
Group Tracker ID | Enter the name of the tracker group. |
Tracker ID | Enter the name of the object tracker that you want to |
group.
Criteria| Choose AND or OR explicitly.
OR ensures that the transport interface status is reported as active if
either one of the associated trackers of the tracker group reports that the
route is active.
If you choose AND operation, the transport interface status is reported as
active if both the associated trackers of the tracker group report that the
route is active.
Field| Description
Group Tracker ID| Enter the name of the tracker group.
Tracker ID| Enter the name of the object tracker that you want to
group.
Criteria| Choose AND or OR explicitly.
OR ensures that the transport interface status is reported as active if
either one of the associated trackers of the tracker group reports that the
route is active.
If you choose AND operation, the transport interface status is reported as
active if both the associated trackers of the tracker group report that the
route is active.
**** Note
Provide information in all the mandatory fields before you save the template.
- Click Add.
- Click Save.
Configure VRRP for a VPN Interface Template and Associate Interface
Object Tracker
To configure VRRP for a Cisco VPN template, do the following:
-
From the Cisco SD-WAN Manager menu, choose Configuration > Templates.
-
Click Feature Templates.
Note In Cisco v Manage Release 20.7.x and earlier releases, Feature Templates is titled Feature. -
Navigate to the Cisco VPN Interface Ethernet template for the device.
Note For information about creating a new Cisco VPN Interface Ethernet template, see Configure VPN Ethernet Interface. -
Click VRRP and choose IPv4.
-
Click New VRRP to create a new VRRP or edit the existing VRRP and configure the following parameters:
Parameter Name| Description
---|---
TLOC Preference Change| (Optional) Choose On or Off to set whether the TLOC preference can be changed or not.
TLOC Preference Change Value| (Optional) Enter the TLOC preference change. Range: 1 to 4294967295. -
Click the Add Tracking Object link, and in the Tracking Object dialog box that is displayed, click Add Tracking Object.
-
In the Tracker ID field, enter the Interface Object ID or Object Group Tracker ID.
-
From the Action drop-down list, choose Decrement and enter the Decrement Value as 1. Cisco vEdge Devices supports decrement value of 1. Or Choose Shutdown.
-
Click Add.
-
Click Add to save the VRRP details.
-
Click Save.
Configure VRRP Tracking Using CLI Templates
You can configure VRRP tracking using the CLI add-on feature templates and CLI device templates. For more information, see CLI Templates.
VRRP Object Tracking Using CLI
Interface Object Tracking using CLI
Use the following configuration to add an interface to a track list using
Cisco SD-WAN Manager device CLI tempale:
Device(config)# track
Device(config)# track < object-id2> interface
Device(config)# track
Device(config-tracker)# object
Device(config-tracker)# exit
Device(config)# interface GigabitEthernet2
Device(config-if)# vrf forwarding
Device(config-if)# ipv4 address
Device(config-if)# negotiation auto
Device(config-if)# vrrp
Device(config-if-vrrp)# address
Device(config-if-vrrp)# exit
SIG Container Tracking
The following example shows how to configure a track list and tracking for SIG
containers using the Cisco SD-WAN Manager device CLI template.
Note
In Cisco IOS XE Catalyst SD-WAN Release 17.7.1a SIG Object Tracking, you can
only set global as the variable for Service Name.
SIG Object Tracking Using CLI
Device(config)# track
Device(config-tracker)# exit
Device(config)# track
Device(config-tracker)# exit
Device(config)# track
Device(config-tracker)# object
Device(config-tracker)# exit
Device(config)# interface GigabitEthernet2
Device(config-if)# vrf forwarding
Device(config-if)# ip address
Device(config-if)# negotiation auto
Device(config-if)# vrrp
Device(config-if-vrrp)# address
Device(config-if-vrrp)#exit
Configuration Example for VRRP Object Tracking Using CLI
Interface Object Tracking Using CLI
config-transaction
track 100 interface Tunnel123 line-protocol
exit
track 200 interface GigabitEthernet5 line-protocol
exit
track 400 list boolean and
object 100
object 200
exit
interface GigabitEthernet2
vrf forwarding 1
ip address 10.10.1.1 255.255.255.0
negotiation auto
vrrp 1 address-family ipv4
address 10.10.1.10 primary
track 400 decrement 10
tloc-change increase-preference 333
exit
Configuration Examples for SIG Object Tracking
SIG Object Tracking Using CLI
config-transaction
track 1 service global
exit
exit
track 2 service global
track 3 list boolean and
object 1
object 2
exit
interface GigabitEthernet2
vrf forwarding 1
ip address 10.10.1.1 255.255.255.0
negotiation auto
vrrp 1 address-family ipv4
address 10.10.1.10 primary
track 3 decrement 10
tloc-change increase-preference 333
exit
Monitor VRRP Configuration
To view information about VRRP configuration:
-
From the Cisco SD-WAN Manager menu, choose Monitor > Devices.
Cisco vManage Release 20.6.x and earlier: From the Cisco SD-WAN Manager menu, choose Monitor > Network. -
Choose a device from the list of devices.
-
Click Real Time.
-
From the Device Options drop-down list, choose VRRP Information.
Note You can view the status of the VRRP configuration in Track State.
Verify VRRP Tracking
Device# show vrrp
The following is a sample output for the show vrrp command:
GigabitEthernet2 – Group 1 – Address-Family IPv4
State is MASTER
State duration 37 mins 52.978 secs
Virtual IP address is 10.10.1.10
Virtual MAC address is 0000.5E00.0101
Advertisement interval is 1000 msec
Preemption enabled
Priority is 100
State change reason is VRRP_TRACK_UP
Tloc preference configured, value 333 Track object 400 state UP decrement 10
Master Router is 10.10.1.1 (local), priority is 100
Master Advertisement interval is 1000 msec (expires in 607 msec)
Master Down interval is unknown
FLAGS: 1/1
Device# show track brief
The following is a sample output for the show track brief command:
Track | Type | Instance | Parameter | State | Last Change |
---|---|---|---|---|---|
100 | interface | Tunnel123 | line-protocol | Up | 0:12:48 |
200 | interface | GigabitEthernet5 | line-protocol | Up | 0:49:57 |
400 | list | boolean | Up | 0:12:47 |
Device# show track list
The following is a sample output for the show track list command:
Track 400
List boolean and
Boolean AND is Up
6 changes, last change 00:12:58
object 100 Up
object 200 Up
Tracked by:
VRRPv3 GigabitEthernet2 IPv4 group 1
Device# show track list brief
The following is a sample output for the show track brief command:
Track | Type | Instance | Parameter | State | Last Change |
---|---|---|---|---|---|
400 | list | boolean | Up | 0:13:02 |
References
- Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Catalyst SD-WAN Release 17.x - CLI Templates for Cisco IOS XE Catalyst SD-WAN Devices [Cisco SD-WAN] - Cisco
- Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Catalyst SD-WAN Release 17.x - System and Interfaces Overview [Cisco SD-WAN] - Cisco
- Systems and Interfaces Configuration Guide, Cisco SD-WAN Release 20.x - Configure Network Interfaces [Cisco SD-WAN] - Cisco
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>