![\"\"](\"https:\/\/www.spktechfit.com\/wp-content\/uploads\/2024\/05\/8.1.png\")
<\/p>\nAn endpoint may only have one DG (Default Gateway), and a single DG means a single point of failure.<\/p>\n
<\/p>\n
In this example, if Core-1 is the DG for PC-1 and Core-1 fails, PC-1 and any other endpoints using Core-1 as the DG will be isolated.
\nYou could add another DG for redundancy, but you would have to somehow change the IP of the DG configured all the endpoints network configuration in the case of a failure (either manually for each end point or by reconfiguring the DHCP scope. This is not practical.<\/p>\n
The solution to this issue is to use some kind of First Hop Routing Protocol. This uses a coordinated Gateway Solution which means there is no change to endpoint IP configuration. Normally, the Primary routing device serves the DG role, forwarding traffic for endpoints. The Secondary unit monitors the Primary device state. If the Primary fails the Secondary device takes over. From the endpoint perspective the VIP address is always available and there is no disruption to users.<\/p>\n RFC 5798 defines the VRRP, a standard FHRP that enables two or more routing devices to provide gateway redundancy.\u00a0VRRP uses a Master-Standby architecture, one gateway forwards traffic sent to the VIP address, while the other non-forwarding device is the backup.<\/p>\n AOS-CX allows you to deploy multiple instances of VRRP, often to balance the load for VLANs.<\/p>\n Each instance has a unique Virtual Router ID (VRID) which AOS-CX refers to as Group ID. In this example VRRP Group 1 serves VLAN 10 while VRRP Group 2 serves VLAN 20. Instances in VVRP are also known as Virtual Router IDs (VRIDs), the number the switch supports depends on the switch type. You can verify this by using the show capacities VRRP command.<\/p>\n VRRP members exchange multicast messages to elect the Master gateway using address 224.0.0.18, IP protocol number 112. To control the Master election you set a priority value from 1 to 255. The highest priority wins. If both devices have the same priority the gateway with the highest IP address wins the election. The default priority is set to 100.<\/p>\n You assign a unique “real” IP address to each individual gateway, then a unique IP for the VIP address. Each VRRP instance must also have a unique IP address.<\/p>\n A Virtual MAC address (vMAC) is automatically assigned to the VIP. This MAC is: The Standby monitors the Master gateway via a keepalive mechanism. If the Master fails the standby stops receiving keepalive messages. The former Standby then takes over as the new VRRP Master and begins to froward traffic sent to VIP 10.10.10.3<\/p>\n In the previous example, what happens when the switch on the left comes back online?<\/p>\n When using VVRP and MSTP there must be coordination between the MSTP Root Bridge and the VRRP. Otherwise if there is a loop there could be some unexpected behaviours.<\/p>\n In figure 8-10, Core 1 is configure as the Root Bridge for MSTP 1 which supports VLANs 1-20. Core 1 is also the VRRP Master for the same VLAN range. If Core 1 fails, Core 2 becomes the new MSTP Root Bridge for instance 1 and the new VVRP Master. Both L2 and L3 protocols are coordinated, L2 STP uses the same forwarding path as L3 Routing.<\/p>\n On Core switch 1<\/span><\/p>\n On int VLAN 1111 create the VRRP routing process using Group 1<\/p>\n Interface vlan 1111<\/span><\/p>\n VRRP 11 address-family ipv4<\/span><\/p>\n Define 10.11.11.254 as the virtual IP address then enable the group<\/strong><\/p>\n Address 10.11.11.254 primary<\/span><\/p>\n No shutdown <\/span><\/p>\n exit<\/span><\/p>\n Display the VRRP information<\/strong><\/p>\n Show VRRP in vlan 1111<\/span><\/p>\n You must then configure core switch 2<\/span><\/p>\n conf<\/span><\/p>\n Interface vlan 1111<\/span><\/p>\n VRRP 11 address-family ipv4<\/span><\/p>\n Address 10.11.11.254 primary<\/span><\/p>\n No shutdown <\/span><\/p>\n Priority 254<\/span><\/p>\n Exit<\/span><\/p>\n As we set the higher priority on Core 2 it will become the master.<\/span><\/p>\n \n","protected":false},"excerpt":{"rendered":" An endpoint may only have one DG (Default Gateway), and a single DG means a single point of failure. In this example, if Core-1 is the DG for PC-1 and Core-1 fails, PC-1 and any other endpoints using Core-1 as the DG will be isolated. You could add another DG for redundancy, but you would […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[17],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/945"}],"collection":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=945"}],"version-history":[{"count":2,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/945\/revisions"}],"predecessor-version":[{"id":1000,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/945\/revisions\/1000"}],"wp:attachment":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nFHRP creates a single coordinated gateway from two or more physical routers. They appear as a single device to the endpoints with a single Virtual IP address<\/strong> (VIP).<\/p>\n![\"\"](\"https:\/\/www.spktechfit.com\/wp-content\/uploads\/2024\/05\/8.2.png\")
<\/p>\nVirtual Router Redundancy Protocol (VRRP)<\/h2>\n
![\"\"](\"https:\/\/www.spktechfit.com\/wp-content\/uploads\/2024\/05\/8.3.png\")
<\/p>\nVRRP Instances<\/h3>\n
![\"\"](\"https:\/\/www.spktechfit.com\/wp-content\/uploads\/2024\/05\/8.4.png\")
<\/p>\n
\nIn this example both Core switches are being used as a Master and Standby for load balancing.
\nCore 1 is the Master for VLAN 10 with Core 2 as the Standby.
\nCore 2 is the Master for VLAN 20 with Core as 1 the Standby.<\/p>\nVRRP Instances Capacity<\/h3>\n
![\"\"](\"https:\/\/www.spktechfit.com\/wp-content\/uploads\/2024\/05\/8.5.png\")
<\/p>\nMaster Election<\/h3>\n
![\"\"](\"https:\/\/www.spktechfit.com\/wp-content\/uploads\/2024\/05\/8.6.png\")
<\/p>\nVirtual IP Address<\/h3>\n
![\"\"](\"https:\/\/www.spktechfit.com\/wp-content\/uploads\/2024\/05\/8.7.png\")
<\/p>\n
\n– 00:00:5e:00:00:XX, where XX= the VRID (Group ID)
\nIn the above example the VRID = 10, so the vMAC is:
\n– 00:00:5e:00:00:0A (in Hex A = 10 decimal)
\nWhen the endpoints ARP for the DG address of 10.0.10.3, they will learn the vMAC and add it to their ARP table.<\/p>\nVRRP Failover Operation<\/h3>\n
![\"\"](\"https:\/\/www.spktechfit.com\/wp-content\/uploads\/2024\/05\/8.8.png\")
<\/p>\nVRRP Preemption<\/h4>\n
\n
VRRP and MSTP Coordination<\/h3>\n
![\"\"](\"https:\/\/www.spktechfit.com\/wp-content\/uploads\/2024\/05\/8.9.png\")
<\/p>\nConfiguring VRRP<\/h2>\n