Use the vrrpadm command to configure a VRRP router. The command creates persistent configurations. For reference, see the vrrpadm(8) man page.
Caution - When you use VRRP with the network firewall bundled with Oracle Solaris, make sure that the incoming or outgoing VRRP packets are allowed by firewall. The packets that are sent to the VRRP multicast address, 224.0.0.18/32, must be allowed to enter or leave the system. Use the pfctl -sr command to see the rules that are currently loaded to the firewall. See also Troubleshooting Issues With VRRP and the Oracle Solaris Bundled Packet Filter in Troubleshooting Network Administration Issues in Oracle Solaris 11.4. |
VNICs are virtual network interfaces configured on top of a system's physical network adapter and are essential components of network virtualization. A physical interface can have more than one VNIC. For more information about VNICs, see Managing Network Virtualization and Network Resources in Oracle Solaris 11.4.
Each Layer 2 VRRP router requires a special VRRP VNIC which you create with the following command syntax.
$ dladm create-vnic [-t] [-R root-dir] -m vrrp -V VRID \
-A {inet|inet6} [-v VLAN-ID] [-p prop=value[,...]] -l link VNIC
This command creates a VNIC with a virtual router MAC address that is defined by the VRRP specification. For the VNIC address type (–m), specify vrrp. The address family (–a) is either inet or inet6, which refers to either IPv4 or IPv6 addresses. For example:
$ dladm create-vnic -m vrrp -V 21 -A inet6 -l net0 vnic0
For more information, see the dladm(8) man page.
To create a VRRP router, use the following syntax:
$ vrrpadm create-router [-t] [-T {l2 | l3}] [-f] -V VRID -I ifname \
-A [inet | inet6] [-a assoc-IPaddress] [-P primary-IPaddress] \
[-p priority] [-i adv-interval] [-o flags] router-name
Creates a temporary VRRP router that is removed at the next reboot.
Specifies the type of VRRP router which can be either l2 (default) or l3.
(L2 VRRP only) Creates a VRRP VNIC with an L2 VRRP router. A VRRP VNIC is created only if it does not already exist. The VNIC name uses the format vrrp-VRID_ifname_[v4|v6].
The virtual router identifier that defines the VLAN when associated with the address family.
The interface on which the VRRP router is configured. For a Layer 2 VRRP, the interface can be a physical link, a VLAN, or an aggregation. For a Layer 3 VRRP, the interface can also include an IPMP interface, a DHCP managed interface, and an InfiniBand interface. This link determines the LAN in which this VRRP router is running.
The address family can be either inet or inet6, for IPv4 or IPv6 addresses, respectively.
Comma-separated list of IP addresses which can be specified asIP-address[/prefix-length], hostname[/prefix-length], or linklocal. linklocal applies only to IPv6 VRRP routers. The IPv6 address is configured based on the VRID of the associated virtual router.
You can combine options –a and –f so that the VNIC is created and plumbed automatically.
VRRP primary IP address that is used to send the VRRP advertisement.
Priority of the specified VRRP router used for master router selection. The default value is 255. The router with the highest priority value is selected as the master router.
Advertisement interval in milliseconds. The default value is 1000.
The preempt and accept flags of the VRRP router. The preempt flag is either preempt or un_preempt. The accept flag is either accept or no_accept. By default, the preempt and accept modes are set to preempt and accept respectively.
Unique identifier of this VRRP router. The permitted characters in a router name are alphanumeric (a-z, A-Z, 0-9), and underscore (_). The maximum length of a router name is 31 characters.
The following example shows how to create a router over a datalink net0.
$ dladm create-vnic -m vrrp -V 12 -A inet -l net0 vnic1 $ vrrpadm create-router -V 12 -A inet -p 100 -I net0 l2router1 $ vrrpadm show-router l2router1 NAME VRID TYPE IFNAME AF PRIO ADV_INTV MODE STATE VNIC l2router1 12 L2 net0 IPv4 100 1000 e-pa- BACK vnic1
An L2 VRRP router l2router1 is created over the datalink net0 with an IPv4 address family and VRID 12. For information about the vrrpadm show-router command, see Displaying Layer 2 and Layer 3 VRRP Router Configurations.
Example 9 Creating a Layer 3 VRRP RouterThe following example shows how to create an L3 VRRP router over an IPMP interface named ipmp0.
$ vrrpadm create-router -V 6 -I ipmp0 -A inet -T l3 l3router1 $ vrrpadm show-router NAME VRID TYPE IFNAME AF PRIO ADV_INTV MODE STATE VNIC l3router1 6 L3 ipmp0 IPv4 255 1000 eopa- INIT --
An L3 VRRP router l3router1 is created over the IPMP interface ipmp0 with an IPv4 address family and VRID 6. For information about the vrrpadm show-router command, see Displaying Layer 2 and Layer 3 VRRP Router Configurations.
Example 10 Creating a Temporary Layer 3 VRRP RouterThe following example shows how to create a temporary L3 VRRP router.
$ vrrpadm create-router -t -V 8 -I net0 -A inet -T l3 l3router1 $ vrrpadm show-router NAME VRID TYPE IFNAME AF PRIO ADV_INTV MODE STATE VNIC l3router1 8 L3 net0 IPv4 255 1000 eopa- INIT --
To configure the IP address for an L2 VRRP router, you must configure the virtual IP address of type vrrp over the VRRP VNIC that is associated with it.
To configure the virtual IP address for an L3 VRRP router, you must use an IP address of type vrrp on the same IP interface over which the L3 VRRP router is configured.
To configure a virtual IP address for a VRRP router, use the following syntax:
$ ipadm create-addr [-t] -T vrrp [-a local=addr[/prefix-length]] \ [-n router-name].... addr-obj | interface
Specifies that the configured address is temporary and that the changes apply only to the active configuration.
Specifies that the configured address is of the type vrrp.
The –n router-name option is optional for an L2 VRRP router because the VRRP router name can be derived from the VRRP VNIC interface on which the IP addresses are configured.
For more information, see the ipadm(8) man page.
You can use the vrrp type IP address to configure the virtual IP addresses for an L2 VRRP router. The following example shows how to create the virtual IP address for l2router1.
$ ipadm create-ip vrrp_vnic1 $ ipadm create-addr -T vrrp -n l2router1 -a 192.0.2.8/27 vrrp_vnic1/vaddr1
The following example shows how to create an IPv6 link-local vrrp IP address for V6vrrp_vnic1/vaddr1.
$ ipadm create-ip V6vrrp_vnic1 $ ipadm create-addr -T vrrp V6vrrp_vnic1/vaddr1
To configure the IPv6 link-local vrrp type IP address for an VRRP router, you do not need to specify the local address. An IPv6 link-local vrrp type IP address is created based on the VRID of the associated VRRP router.
Example 12 Configuring the Virtual IP Address for an L3 VRRP RouterThe following example shows how to configure the virtual IP address for l3router1.
$ ipadm create-ip ipmp0 $ ipadm create-addr -T vrrp -n l3router1 -a 198.51.100.8/27 ipmp0/vaddr1
The following example shows how to configure an IPv6 link-local vrrp type IP address for the L3 VRRP router l3V6router1.
$ ipadm create-ip ipmp1 $ ipadm create-addr -T vrrp -n l3V6router1 ipmp1/vaddr0
A VRRP router is enabled by default when you first create it. You can disable a VRRP router or all the VRRP routers on the system or zone at the same time by using the vrrpadm disable-router command. You can then re-enable a VRRP router or all the disabled VRRP routers on the system or zone at the same time by using the vrrpadm enable-router command.
The interface over which the VRRP router is created (specified with the -I option when the router is created with vrrpadm create-router) must exist when the router is enabled. Otherwise, the enable operation fails. For an L2 VRRP router, if the router's VRRP VNIC does not exist, the router is not effective. The syntax is as follows:
# vrrpadm enable-router [t] [-a] [router-name]
Specifies that enabling of the VRRP router is temporary and the change lasts only till the next reboot.
Specifies that all the disabled routers in the system or zone have to be re-enabled. If the –t option is specified, all the currently active VRRP routers are enabled, or else all the active and persistent VRRP routers are enabled. You must not specify router-name with this option.
Specifies the name of the router to be re-enabled.
At times, you might need to temporarily disable a VRRP router to make configuration changes and then re-enable the router. The syntax for disabling a router is as follows:
$ vrrpadm disable-router [t] [-a] [router-name]
Specifies that disabling of the VRRP router is temporary and the change lasts only till the next reboot.
Specifies that all the routers in the system or zone have to be disabled. If the –t option is specified, all the currently active VRRP routers are disabled, or else all the active and persistent VRRP routers are disabled. You must not specify router-name with this option.
Specifies the name of the router to be disabled.
The vrrpadm modify-router command changes the configuration of a specified VRRP router. You can modify the priority, the advertisement interval, the pre-empt mode, and the accept mode of the router. You can modify the router either temporarily to change only the active system configuration by specifying the –t option or permanently to change the persistent system configuration. The syntax is as follows:
$ vrrpadm modify-router [t] [-p priority] [-i adv-interval] [-o flags] router-name
where the –t option specifies that the modification is temporary and lasts only till the next reboot.
The vrrpadm show-router command shows the configuration and status of a specified VRRP router. For more information, see the vrrpadm(8) man page. The syntax is as follows:
$ vrrpadm show-router [-P | -x] [-p] [-S] [-o field[,...]] [router-name]
where the –S option is used to display the persistent configuration information of the given VRRP router. If the –S option is not specified, vrrpadm show-router displays the currently active VRRP router configuration.
Example 13 Displaying a Layer 2 VRRP Router ConfigurationThe following examples show the vrrpadm show-router command output.
$ vrrpadm show-router vrrp1 NAME VRID TYPE IFNAME AF PRIO ADV_INTV MODE STATE VNIC vrrp1 1 L2 net1 IPv4 100 1000 e-pa- BACK vnic1
Name of the VRRP router.
VRID of the VRRP router.
The type of VRRP router, which is either L2 or L3.
The interface on which the VRRP router is configured. For an L2 VRRP router, the interface can be a physical Ethernet interface, a VLAN, or an aggregation.
The address family of the VRRP router. It can be either IPv4 or IPv6.
The priority of the VRRP router, which is used for master router selection.
The advertisement interval displayed in milliseconds.
A set of flags that are associated with the VRRP router and include the following possible values:
e – Specifies that the router is enabled.
p – Specifies that the mode is preempt.
a – Specifies that the mode is accept.
o – Specifies that the router is the virtual address owner.
The current state of the VRRP router. The possible values are: INIT (initialize), BACK (backup), and MAST (master).
In this example, information about the specified VRRP router vrrp1 is displayed.
$ vrrpadm show-router -x vrrp1 NAME STATE PRV_STAT STAT_LAST VNIC PRIMARY_IP VIRTUAL_IPS vrrp1 BACK MAST 1m17s vnic1 203.0.113.100 203.0.113.1
The previous state of the VRRP router.
Time since the last state transition.
The primary IP address selected by the VRRP router.
The virtual IP addresses configured on the VRRP router.
In this example, additional information about the router, such as the primary IP address selected by the VRRP router, virtual IP address configured on the VRRP router, and the previous state of the VRRP router is displayed.
$ vrrpadm show-router -P vrrp1 NAME PEER P_PRIO P_INTV P_ADV_LAST M_DOWN_INTV vrrp1 203.0.113.123 120 1000 0.313s 3609
The primary IP address of the peer VRRP router.
The priority of the peer VRRP router, which is part of the advertisement received from the peer.
The advertisement interval (in milliseconds), which is part of the advertisements received from the peer.
Time since the last received advertisement from the peer.
Time interval (in milliseconds) after which the master router is declared down.
The –P option is used only when the VRRP router is in the backup state.
Example 14 Displaying the L3 VRRP Router on a System$ vrrpadm show-router NAME VRID TYPE IFNAME AF PRIO ADV_INTV MODE STATE VNIC l3vr1 12 L3 net1 IPv6 255 1000 eopa- INIT -
In this example, the L3 VRRP router l3vr1 is configured over the interface net1.
You can display the IP address associated with a VRRP router by using the ipadm show-addr command. The ROUTER field in the output of the ipadm show-addr command displays the name of the VRRP router that is associated with a specific vrrp type IP address.
For the vrrp type IP address of an L2 VRRP, the name of the VRRP router is derived from the VRRP VNIC over which the IP address is configured. If you issue the ipadm show-addr command before you create the L2 router for a VRRP VNIC, the ROUTER field displays ?. For the vrrp type IP address of an L3 VRRP, the ROUTER field always displays the specified router name. For other types of IP addresses, the ROUTER field is not applicable and -- is displayed.
Example 15 Displaying IP Addresses That Are Associated With VRRP Routers$ ipadm show-addr -o addrobj,type,vrrp-router,addr ADDROBJ TYPE VRRP-ROUTER ADDR lo0/v4 static -- 127.0.0.1/8 net1/p1 static -- 192.0.2.10/27 net1/v1 vrrp l3router1 192.0.2.38/27 vrrp_vnic1/vaddr1 vrrp l2router1 192.0.2.66/27 lo0/v6 static -- ::1/128
In this example, l3router1 is associated with the vrrp type IP address 192.0.2.38/27 and l2router1 is associated with the vrrp type IP address 192.0.2.66/27.
The output shows the following information:
The name of the address object.
The type of the address object, which can be one of the following:
from-gz
static
dhcp
addrconf
vrrp
The name of the VRRP router.
The numeric IPv4 or IPv6 address.
The vrrpadm delete-router command deletes a specified VRRP router. The syntax is as follows:
$ vrrpadm delete-router [-t] router-name
where the –t option specifies that the deletion is temporary. The temporary deletion lasts only until the next reboot.
When a backup router becomes a master VRRP router, VRRP sets a flag on all the virtual IP addresses associated with the master router and therefore the virtual IP addresses are protected. If there are no conflicts for the virtual IP addresses, several gratuitous ARP and neighbor advertisement messages are sent to advertise the new mapping between the virtual IP address and the MAC address of the new master router.
To control the number of messages sent and the interval between the advertisement of messages, you can use the following IP protocol properties:
arp-publish-count
arp-publish-interval
ndp-unsolicit-count
ndp-unsolicit-interval
For more information about the IP protocol properties, see IP Tunable Parameters Related to Duplicate Address Detection in Oracle Solaris 11.4 Tunable Parameters Reference Manual.