The Virtual Router Redundancy Protocol (VRRP) provides high availability of IP addresses, such as those that are used for routers and load balancers. Oracle Solaris supports both L2 and L3 VRRP. The standard VRRP multicast address (224.0.0.18/32) is used to ensure that VRRP functions properly. See http://www.rfc-editor.org/rfc/rfc5798.txt for more information. When you use VRRP with the Oracle Solaris bundled Packet Filter, you must explicitly check whether outgoing or incoming IP traffic is allowed for the multicast address.
Use the pfctl –sr command to check the IP traffic information:
# pfctl -sr
#
/* pfctl -sr shows rules, loaded to PF kernel module, of there
* are no rules loaded output is empty
*/
If the output of the command indicates that traffic is not allowed for the standard multicast address, you must add the following rules to the Packet Filter configuration for each VRRP router:
# echo "pass quick on VRRP VIP Interface from VRRP VIP/32 to 224.0.0.18/3" | pfctl -f -