Configuring an Oracle® Solaris 11.3 System as a Router or a Load Balancer

Updated: December 2018

Comparing Layer 2 and Layer 3 VRRP

The following table provides a comparison of Layer 2 and Layer 3 VRRP.

Table 4  Comparison of Layer 2 and Layer 3 VRRP
Layer 2 VRRP
Layer 3 VRRP
Creation of a VRRP VNIC
You need to create a VRRP VNIC.
You do not need to create a VRRP VNIC because the virtual VRRP MAC address that is provided by the VRRP VNIC is not needed.
Support for IPMP
Not supported.
Supported. When a Layer 3 VRRP router is created over an IPMP group interface, each virtual IP address on the master router is associated with a MAC address of the active IPMP underlying interface according to the existing IPMP policy. If the failover occurs in the IPMP group, the L2 or L3 mappings are advertised by using the gratuitous ARP or NDP messages.
Zones support
There are issues running multiple VRRP routers that belong to the same virtual router in different zones. On a system with two or more VRRP routers that share the same VRRP virtual MAC address, the built-in virtual switch disrupts the normal flow of the VRRP advertisement packets to the VRRP router. For more information, see Limitations of Layer 2 and Layer 3 VRRP.
InfiniBand support
Not supported.
Unique virtual router MAC address
Requires a unique virtual router MAC address. The virtual IP addresses always resolve to the same virtual MAC address.
Not required. Uses the MAC address on which the VRRP router is created. The MAC address is different among all the VRRP routers that are in the same virtual router. The same MAC address is associated with the virtual IP addresses that are protected by this L3 VRRP router.
Configuring VRRP virtual IP addresses
Need to configure.
Need to configure.
Internet Control Message Protocol (ICMP) Redirects
Might be used when the L2 VRRP is running between group of routers. When an L2 VRRP router needs to use the ICMP redirects, it checks the destination MAC address (VRRP virtual MAC address) of the packets that need to be redirected. By using the destination MAC address, the L2 VRRP router determines the virtual router to which the packet was initially sent. Hence, the L2 VRRP router is able to select the source address and send the ICMP redirect message to the source node.
Need to disable ICMP redirects. When multiple VRRP routers are created over the same interface, they share the same MAC address. Therefore, the L3 VRRP cannot determine the destination MAC address.
Election of master router
The election of the master router is transparent to the system. When the master router changes, the switch that exists between the system and the router identifies the new port to send the traffic by using its MAC learning capability.
The election of the master router changes the Layer 2 mapping of the virtual IP addresses and the new mapping must be advertised by the gratuitous ARP or NDP messages.
Failover time
Might be longer because of the additional requirement of gratuitous ARP or the NDP messages when election of the Master router changes.