The Virtual Router Redundancy Protocol (VRRP) provides high availability of IP addresses, such as those that are used for routers and load balancers. Oracle Solaris supports both L2 and L3 VRRP. For more information, see Chapter 3, Using Virtual Router Redundancy Protocol, in Configuring an Oracle Solaris 11.2 System as a Router or a Load Balancer .
The standard VRRP multicast address (224.0.0.18/32) is used to ensure that VRRP functions properly. See for more information. When you use VRRP with the Oracle Solaris bundled IP Filter, you must explicitly check whether outgoing or incoming IP traffic is allowed for the multicast address.
Use the ipfstat –io command as follows to check for this information:
# ipfstat -io empty list for ipfilter(out) empty list for ipfilter(in)
If the output of the command indicates that traffic is not allowed for the standard multicast address, you must add the following rules to the IP Filter configuration for each VRRP router:
# echo "pass out quick on VRRP VIP Interface from VRRP VIP/32 to 224.0.0.18/32 \ pass in quick on VRRP VIP Interface from VRRP IP/32 to 224.0.0.18/32" | ipf -f
For more information about configuring an IP Filter rule set, see How to Append Rules to the Active Packet Filtering Rule Set in Securing the Network in Oracle Solaris 11.2 .