Administering VRRP Subcommands

The following sections summarize the vrrpadm subcommands. See the vrrpadm(1M) man page for details. The results of all the subcommands are persistent except for the vrrpadm show-router subcommand. For example, the VRRP router created by vrrpadm create-router will persist across reboot.

VRRP VNIC Creation

A pseudo network interface that is configured on top of a system's physical network adapter, also called a network interface (NIC) card. A physical interface can have more than one VNIC. VNICs are essential components of network virtualization. For more information, Using Virtual Networks in Oracle Solaris 11.1.

The existing dladm create-vnic subcommand has been extended to enable you create a VRRP VNIC. The syntax is as follows:

# dladm create-vnic [-t] [-R root-dir] [-l link] [-m vrrp -V VRID -A \
{inet | inet6}] [-v vlan-id] [-p prop=value[,...]] vnic-link

A new VNIC address type, vrrp, has been introduced. You must specify the VRID and address family with this new VNIC address type.

As a result, a VNIC with a well-known virtual router MAC address will be created.

Creating a Router

The vrrpadm create-router subcommand creates a VRRP router with the specified VRID and address family, along with other specified parameters. Each VRRP router requires a special VRRP VNIC to be created, and the VNIC can be created by using the dladm create-vnic command. For more information, see the vrrpadm(1M) man page. The syntax is as follows:

# vrrpadm create-router -V vrid -l link -A {inet | inet6} \
[-p priority] [-i adv-interval] [-o flags] router-name 

The -o option is used to configure the preempt and accept modes of the VRRP router. The values can be: preempt, un_preempt, accept, no_accept. By default, both modes are set to true.

The router-name is used as the unique identifier of this VRRP router and is used in the other vrrpadm subcommands. The permitted characters in a router name are: alphanumeric (a-z, A-Z, 0-9) and underscore ('_'). The maximum length of a router name is 31 characters.

Enabling a Router

A disabled VRRP router can be re-enabled by using the enable-router subcommand. The underlying datalink that the VRRP router is created over (specified with the -l option when the router is created with vrrpadm create-router) and the router's VRRP VNIC must exist when the router is enabled. Otherwise, the enable operation fails. The syntax is as follows:

# vrrpadm enable-router router-name 

Modifying a Router

The vrrpadm modify-router subcommand changes the configuration of a specified VRRP router. The syntax is as follows:

# vrrpadm modify-router [-p priority] [-i adv-interval] \
[-o flags] router-name 

Displaying the Configuration of a Router

The vrrpadm show-router subcommand shows the configuration and status of a specified VRRP router. See more details in the vrrpadm(1M) man page. The syntax is as follows:

# vrrpadm show-router [-P | -x] [-p] [-o field[,...]] [router-name] 

The following are examples of the vrrpadm show-router output:

# vrrpadm show-router vrrp1
NAME VRID LINK AF PRIO ADV_INTV MODE STATE VNIC
vrrp1 1 bge1 IPv4 100 1000 e-pa- BACK vnic1

# vrrpadm show-router -x vrrp1
NAME STATE PRV_STAT STAT_LAST VNIC PRIMARY_IP VIRTUAL_IPS
vrrp1 BACK MAST 1m17s vnic1 10.0.0.100 10.0.0.1

# vrrpadm show-router -P vrrp1
NAME PEER P_PRIO P_INTV P_ADV_LAST M_DOWN_INTV
vrrp1 10.0.0.123 120 1000 0.313s 3609

Example 13-1 VRRP Configuration Example

The following figure shows a typical VRRP configuration.

In this example, the IP address 169.68.82.8 is configured as the default gateway for host1. This IP address is the virtual IP address that is protected by the virtual router that consists of two VRRP routers: router1 and router2. At one time, only one of the two routers serves as the master router and assumes the responsibilities of the virtual router and forwards packets that come from host1.

Assume that the VRID of the virtual router is 12. The following examples shows the commands that are used to configure the preceding VRRP configuration on router1 and router2. router1 is the owner of the virtual IP address 169.68.82.8 and its priority is the default value (255). router2 is the standby router whose priority is 100.

router1:
# dladm create-vnic -m vrrp -V 12 -A inet -l gw0 vnic1
# vrrpadm create-router -V 12 -A inet -l gw0 vrrp1
# ipadm create-addr -d -a 169.68.82.8/24 vnic1/router1
# ipadm create-addr -d -a 169.68.82.100/24 gw0/router1
# vrrpadm show-router -x vrrp1
NAME STATE PRV_STAT STAT_LAST VNIC PRIMARY_IP VIRTUAL_IPS
vrrp1 MAST BACK 1m17s vnic1 169.68.82.100 169.68.82.8
router2:
# dladm create-vnic -m vrrp -V 12 -A inet -l gw1 vnic1
# vrrpadm create-router -V 12 -A inet -l gw1 -p 100 vrrp1
# ipadm create-addr -d -a 169.68.82.8/24 vnic1/router2
# ipadm create-addr -d -a 169.68.82.101/24 gw1/router2
# vrrpadm show-router -x vrrp1
NAME STATE PRV_STAT STAT_LAST VNIC PRIMARY_IP VIRTUAL_IPS
vrrp1 BACK INIT 2m32s vnic1 169.68.82.101 169.68.82.8

Using the configuration of router1 as an example, you must configure at least one IP address over gw0. In the following example, this IP address of router1 is the primary IP address, which is used to send the VRRP advertisement packets:

# vrrpadm show-router -x vrrp1
NAME STATE PRV_STAT STAT_LAST VNIC PRIMARY_IP VIRTUAL_IPS
vrrp1 MAST BACK 1m17s vnic1 169.68.82.100 169.68.82.8

Disabling a Router

A VRRP router does not function until it is enabled. By default, a VRRP router is enabled when it is first created. However, at times, it is useful to temporarily disable a VRRP router so that you can make configuration changes and then re-enable the router. The syntax is as follows:

# vrrpadm disable-router router-name 

Deleting a Router

The vrrpadm delete-router subcommand deletes a specified VRRP router. The syntax is as follows:

# vrrpadm delete-router router-name