Cisco VRRP Interface Tracking User Guide

June 15, 2024
Cisco

CISCO Unified Express Communications Manager - Featured
Image VRRP Interface Tracking
User Guide

VRRP Interface Tracking

Cisco VRRP Interface Tracking

Note
To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco v Manage to Cisco Catalyst SD-WAN Manager, Cisco v Analytics to Cisco Catalyst SD-WAN Analytics, Cisco v Bond to Cisco Catalyst SD-WAN Validator, and Cisco v Smart to Cisco Catalyst SD-WAN Controller. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.

Feature Name Release Information Description
VRRP Interface Tracking for Cisco IOS XE Catalyst SD-WAN Devices Cisco IOS XE

Catalyst
SD-WAN Release 17.7.1a
Cisco vManage Release 20.7.1| This feature enables VRRP to set the edge as active or standby based on the WAN Interface or SIG tracker events andincrease the TLOC preference
value on a new VRRP active to ensure traffic symmetry, for Cisco IOS XE Catalyst
SD-WAN Devices.
| | Starting this release, you can configure VRRP interface tracking through Cisco SD-WAN Manager feature template and CLI template on Cisco IOS XE Catalyst SD-WAN Devices.

Information About VRRP Interface Tracking

The Virtual Router Redundancy Protocol (VRRP) is a LAN-side protocol that provides redundant gateway service for switches and other IP end stations. In Cisco IOS XE Catalyst SD-WAN devices, you can configure VRRP on interfaces and sub interfaces using Cisco SD-WAN Manager templates and CLI add-on templates. For more information, see Configuring VRRP.
Restrictions and Limitations

  • VRRP is only supported with service-side VPNs. If you are using sub interfaces, configure VRRP physical interfaces in VPN 0.
  • VRRP tracking is enabled on either a physical uplink interface or a logical tunnel interface (IPSEC or GRE or both).
  •  The VRRP Tracking feature does not support IP prefix as an object.
  • You can use the same tracker under multiple VRRP groups or VPNs.
  • You cannot use the same track object to track multiple interfaces.
  • You can group a maximum of 16 track objects under a list track object.
  •  You cannot configure tlocchange and increase-preference on more than one VRRP group.

VRRP Tracking Use Cases

The VRRP state is determined based on the tunnel link status. If the tunnel or interface is down on the primary VRRP, then the traffic is directed to the secondary VRRP. The secondary VRRP router in the LAN segment becomes primary VRRP to provide gateway for the service-side traffic.
Zscaler Tunnel Use Case 1—Primary VRRP, Single Internet Provider
The primary and secondary Zscaler tunnels are connected through a single internet provider to the primary VRRP. The primary and secondary VRRP routers are connected through using TLOC extension. In this scenario, the VRRP state transition occurs if the primary and secondary tunnels go down on primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. To avoid asymmetric routing, VRRP notifies this change to the Overlay through OMP.
Zscaler Tunnel Use Case 2—VRRP Routers in TLOC Extension, Dual Internet Providers
The primary and secondary VRRP routers are configured in TLOC extension high availability mode. The primary and secondary Zscaler tunnels are directly connected with primary and secondary VRRP routers, respectively, using dual internet providers. In this scenario too, the VRRP state transition occurs if the primary and secondary tunnels go down on primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. VRRP notifies this change to the Overlay through OMP.
TLOC Preference
Transport Locators (TLOCs) connect an OMP route to a physical location. A TLOC is directly reachable using an entry in the routing table of the physical network, or represented by a prefix beyond a NAT device. In Cisco IOS XE Catalyst SD-WAN devices, the TLOC change increase preference value increases based on the configured value. You can configure the TLOC change increase preference value on both the active and the backup nodes.
Workflow to Configure VRRP Tracking

  1. Configure an object tracker. For more information, see Configure an Object Tracker, on page 3.
  2.  Configure VRRP for a VPN Interface template and associate the object tracker with the template. For more information, see Configure VRRP for a VPN Interface Template and Associate Interface Object Tracker, on page 4.

Configure an Object Tracker
Use the Cisco System template to configure an object tracker.

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates.
    Note
    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

  3.  Navigate to the Cisco System template for the device.
    Note
    To create a System template, see Create System Template

  4. Click Tracker and choose New Object Tracker to configure the tracker parameters.
    Table 2: Tracker Parameters** Field| Description
    ---|---
    Tracker Type| Choose Interface or SIG to configure the object tracker.
    Object ID| Enter the object ID number.
    Interface**| Choose global or device-specific tracker interface name.

  5. Click Add.

  6.  Optionally, to create a tracker group, click Tracker, and click Tracker Groups > New Object Tracker Groups to configure the tracker parameters.
    Note
    Ensure that you have created two trackers to create a track group.
    Table 3: Object Tracker Group Parameters****

Field Description
Group Tracker ID Enter the name of the tracker group.
Tracker ID Enter the name of the object tracker that you want to

group.
Criteria| Choose AND or OR explicitly.
OR ensures that the transport interface status is reported as active if either one of the associated trackers of the tracker group reports that the route is active.
If you choose AND operation, the transport interface status is reported as active if both the associated trackers of the tracker group report that the route is active.
Field| Description
Group Tracker ID| Enter the name of the tracker group.
Tracker ID| Enter the name of the object tracker that you want to group.
Criteria| Choose AND or OR explicitly.
OR ensures that the transport interface status is reported as active if either one of the associated trackers of the tracker group reports that the route is active.
If you choose AND operation, the transport interface status is reported as active if both the associated trackers of the tracker group report that the route is active.

**** Note
Provide information in all the mandatory fields before you save the template.

  1. Click Add.
  2. Click Save.

Configure VRRP for a VPN Interface Template and Associate Interface

Object Tracker

To configure VRRP for a Cisco VPN template, do the following:

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates.
    Note In Cisco v Manage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

  3.  Navigate to the Cisco VPN Interface Ethernet template for the device.
    Note For information about creating a new Cisco VPN Interface Ethernet template, see Configure VPN Ethernet Interface.

  4.  Click VRRP and choose IPv4.

  5.  Click New VRRP to create a new VRRP or edit the existing VRRP and configure the following parameters:
    Parameter Name| Description
    ---|---
    TLOC Preference Change| (Optional) Choose On or Off to set whether the TLOC preference can be changed or not.
    TLOC Preference Change Value| (Optional) Enter the TLOC preference change. Range: 1 to 4294967295.

  6. Click the Add Tracking Object link, and in the Tracking Object dialog box that is displayed, click Add Tracking Object.

  7.  In the Tracker ID field, enter the Interface Object ID or Object Group Tracker ID.

  8. From the Action drop-down list, choose Decrement and enter the Decrement Value as 1. Cisco vEdge Devices supports decrement value of 1. Or Choose Shutdown.

  9.  Click Add.

  10. Click Add to save the VRRP details.

  11.  Click Save.

Configure VRRP Tracking Using CLI Templates

You can configure VRRP tracking using the CLI add-on feature templates and CLI device templates. For more information, see CLI Templates.

VRRP Object Tracking Using CLI

Interface Object Tracking using CLI
Use the following configuration to add an interface to a track list using Cisco SD-WAN Manager device CLI tempale:
Device(config)# track interface [line- protocol] Device(config-tracker)# exit
Device(config)# track < object-id2> interface [line- protocol] Device(config-tracker)# exit
Device(config)# track list boolean [and | Or] Device(config- tracker)# object
Device(config-tracker)# object
Device(config-tracker)# exit
Device(config)# interface GigabitEthernet2
Device(config-if)# vrf forwarding
Device(config-if)# ipv4 address
Device(config-if)# negotiation auto
Device(config-if)# vrrp address-family ipv4
Device(config-if-vrrp)# address [primary | secondary] Device (config-if-vrrp)# track [decrement | shutdown] Device (config-if-vrrp)# tloc-change increase-preference
Device(config-if-vrrp)# exit

SIG Container Tracking

The following example shows how to configure a track list and tracking for SIG containers using the Cisco SD-WAN Manager device CLI template.
Note
In Cisco IOS XE Catalyst SD-WAN Release 17.7.1a SIG Object Tracking, you can only set global as the variable for Service Name.
SIG Object Tracking Using CLI
Device(config)# track service global
Device(config-tracker)# exit
Device(config)# track service global
Device(config-tracker)# exit
Device(config)# track list boolean [and | Or] Device(config- tracker)# object
Device(config-tracker)# object
Device(config-tracker)# exit
Device(config)# interface GigabitEthernet2
Device(config-if)# vrf forwarding
Device(config-if)# ip address
Device(config-if)# negotiation auto
Device(config-if)# vrrp address-family ipv4
Device(config-if-vrrp)# address [primary | secondary] Device (config-if-vrrp)# track [decrement | shutdown] Device (config-if-vrrp)# tloc-change increase-preference
Device(config-if-vrrp)#exit

Configuration Example for VRRP Object Tracking Using CLI

Interface Object Tracking Using CLI
config-transaction
track 100 interface Tunnel123 line-protocol
exit
track 200 interface GigabitEthernet5 line-protocol
exit
track 400 list boolean and
object 100
object 200
exit
interface GigabitEthernet2
vrf forwarding 1
ip address 10.10.1.1 255.255.255.0
negotiation auto
vrrp 1 address-family ipv4
address 10.10.1.10 primary
track 400 decrement 10
tloc-change increase-preference 333
exit
Configuration Examples for SIG Object Tracking
SIG Object Tracking Using CLI
config-transaction
track 1 service global
exit
exit
track 2 service global
track 3 list boolean and
object 1
object 2
exit
interface GigabitEthernet2
vrf forwarding 1
ip address 10.10.1.1 255.255.255.0
negotiation auto
vrrp 1 address-family ipv4
address 10.10.1.10 primary
track 3 decrement 10
tloc-change increase-preference 333
exit
Monitor VRRP Configuration
To view information about VRRP configuration:

  1. From the Cisco SD-WAN Manager menu, choose Monitor > Devices.
    Cisco vManage Release 20.6.x and earlier: From the Cisco SD-WAN Manager menu, choose Monitor > Network.

  2. Choose a device from the list of devices.

  3. Click Real Time.

  4. From the Device Options drop-down list, choose VRRP Information.

Note You can view the status of the VRRP configuration in Track State.

Verify VRRP Tracking

Device# show vrrp
The following is a sample output for the show vrrp command:
GigabitEthernet2 – Group 1 – Address-Family IPv4
State is MASTER
State duration 37 mins 52.978 secs
Virtual IP address is 10.10.1.10
Virtual MAC address is 0000.5E00.0101
Advertisement interval is 1000 msec
Preemption enabled
Priority is 100
State change reason is VRRP_TRACK_UP
Tloc preference configured, value 333 Track object 400 state UP decrement 10
Master Router is 10.10.1.1 (local), priority is 100
Master Advertisement interval is 1000 msec (expires in 607 msec)
Master Down interval is unknown
FLAGS: 1/1
Device# show track brief
The following is a sample output for the show track brief command:

Track Type Instance Parameter State Last Change
100 interface Tunnel123 line-protocol Up 0:12:48
200 interface GigabitEthernet5 line-protocol Up 0:49:57
400 list boolean Up 0:12:47

Device# show track list
The following is a sample output for the show track list command:
Track 400
List boolean and
Boolean AND is Up
6 changes, last change 00:12:58
object 100 Up
object 200 Up
Tracked by:
VRRPv3 GigabitEthernet2 IPv4 group 1
Device# show track list brief
The following is a sample output for the show track brief command:

Track Type Instance Parameter State Last Change
400 list boolean Up 0:13:02

CISCO Unified Express Communications Manager - Featured
Image

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals