vrrpadm - VRRP administration tool
vrrpadm create-router [-t] [-T l2 | l3] -V <vrid> -I <ifname>
-A inet | inet6 [-a <assoc_ipaddrs>] [-P <primary_ipaddr]
[-p <priority>] [-i <adv_interval>] [-o <flags>] <router_name>
vrrpadm delete-router [-t] router_name
vrrpadm disable-router [-t] [-a] [router_name]
vrrpadm enable-router [-t] [-a] [router_name]
vrrpadm modify-router [-t] [-p priority] [-i adv_interval]
[-o flags] [router_name]
vrrpadm show-router [-P | -x | -S] [-p] [-o field[,...]] [router_name]
The vrrpadm command is used to administer the VRRP (Virtual Router Redundancy Protocol) service in a system.
VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers within a LAN. At a given moment, only one VRRP router controls the IPv4 or IPv6 virtual address(es) associated with a virtual router (known as the master), and forwards packets sent to these IP addresses. The election process provides dynamic failover of the forwarding responsibility should the master become unavailable.
There are two types of VRRP router:
The L2 type of VRRP router is the VRRP router defined in the VRRP protocol specification, where all the master and the backup routers of the same VRRP router associate the same VRRP virtual MAC address with the protected virtual VRRP IP addresses, hence guarantees the fast failover time of the master router.
The l3 type of VRRP router, on the other hand, does not strictly conform to the VRRP specification. Different virtual routers participating the same L3 VRRP router do not share the same MAC address. Instead, it relies on the gratuitous ARP or NDP messages to advertise the change of the layer 2 address mapped to the virtual VRRP IP addresses protected when election of the master router changes. This additional requirement means longer failover time. But not requiring the VRRP virtual MAC address makes VRRP router configuration more flexible, for example, being able to be created over IPMP group interfaces.
When the router-name argument is specified by the administrator, each vrrpadm subcommand operates on a VRRP router that is identified by the given name. When –a option is given for the enable-router and disable-router subcommands, the subcommand will operate on all the VRRP routers in the system or zone.
VRRP routers with the same VRID and address family within a LAN comprise a virtual router, which protects a set of virtual IP addresses.
A system can have multiple VRRP routers; each belongs to a different virtual router.
The following subcommands are supported. Note that all subcommands but show-router require the solaris.network.vrrp authorization. The show-router subcommand does not require special authorizations.
Create a VRRP router with a specified configuration.
Specifies that the VRRP router is temporary. Temporary VRRP routers last until the next reboot.
VRRP router type. Either l2 or l3. The default is l2.
Address family. Either IPv4 or IPv6.
The advertisement interval in milliseconds. Default is 1000 (one second). The valid interval range is 10-40950.
The interface on which the VRRP router is configured. This determines the LAN this VRRP router is running in. For l2 VRRP router, the interface can be a physical Ethernet interface, a VLAN, or an aggregation. For l3 VRRP router, aside from the above types, the interface can also be an IPMP interface, or a physical IB interface.
The preempt and accept modes, delimited by a comma. Values can be:
preempt
un_preempt
accept
noaccept
By default both modes are set to true.
The preempt mode controls whether an enabled higher priority backup router preempts a lower priority master router. If preempt mode is true, then the preemption is allowed; otherwise, preemption is prohibited. Note that the preempt mode must be true if the VRRP router is the owner of the virtual IP addresses.
The accept mode controls the local packet acceptance of the virtual IP addresses. If accept mode is true, the master must accept packets sent to the virtual IP addresses. If accept mode is false, the master does not accept those packets, although it does respond to ARP requests or ND Solicitations and Advertisement for those non-accepted virtual IP addresses. It also must forward packets for the router specified in this subcommand. Note that accept mode must be true if the VRRP router is the owner of the virtual IP addresses. An example of syntax for this option:
-o preempt,no_accept
The priority of the specified VRRP router used in master selection. The higher the value, the greater the possibility the router is selected as the master.
The default value is 255, which indicates the specified VRRP router is the IP Address Owner and owns all the virtual IP addresses. An IP Address Owner will respond to the packets addressed to one of the virtual IP addresses for ICMP pings, TCP connections, and so forth.
The range 1-254 is available for VRRP routers backing up a virtual router. Master selection is weighted toward the VRRP router with the higher priority.
The virtual router identifier (VRID). Together with the address family, it identifies a virtual router within a LAN.
In order to function properly, each l2 VRRP router requires a special VRRP VNIC with the well-known virtual router MAC address exists, and all the virtual IP addresses associated with this VRRP router reside on this VNIC. This special VNIC can be created with the dladm create-vnic subcommand using + the "–m vrrp" option.
In the global zone, one can force the VNIC to be created and plumbed by specifying the '–f' option, and the system will create/plumb the VRRP VNIC automatically as part of the "vrrpadm create-router" operation. Note that the name of the automatically created VNIC will be in the form of vrrp-<vrid>_<ifname>_v[4|6]. The command may fail if the name has already been taken.
The '–f' option does not have any effect if this is creating a l3 VRRP router.
The associated virtual IP addresses protected by the VRRP router, each in any of the form below:
<ipaddr>[/<prefixlen>]> <hostname>[/<prefixlen>] linklocal
If there are more than one virtual IP addresses, they are separated by commas.
If "linklocal" is specified, an IPv6 link-local vrrp address based on the VRID of the associated virtual router will be configured. This also means that "linklocal" only applies to the IPv6 VRRP routers.
For l2 type VRRP routers, this option may be combined with the '–f' option, so that VNIC can be created and plumbed automatically.
The IP addresses configured over the <ifname> interface which can be potentially selected as the primary IP address used to send the VRRP advertisement.
The name of a VRRP router. This name is used to identify a VRRP router in other vrrpadm subcommands.
The maximum length of a valid router name is 31 characters. Legal characters are alphanumeric (a-z, A-Z, 0-9) and the underscore ('_').
Delete the VRRP router identified by router_name.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
Disable the VRRP router identified by router_name. If no router_name is given, but the –a option is specified instead, the command will disable all the VRRP routers on the system or zone.
Once a router is disabled, it will stop participating in the master selection process in the virtual router.
Specifying both the –a option and the router_name will be considered as an error and the command will fail.
Specifies that the disabling request is temporary. Temporary disabling last until the next reboot.
Specifies that the disabling request is for all the VRRP routers. If –t is specified, all the current active VRRP routers will be disabled; otherwise, all the active and persistent VRRP routers will be disabled.
Re-enable the VRRP router identified by router_name that was disabled. If no router_name is given, but the –a option is specified instead, the command will enable all the VRRP routers that were disabled. Once a router is re-enabled, it will resume participating in the master selection process in the virtual router.
Specifying both the –a option and the router_name will be considered as an error and the command will fail.
Specifies that the enabling request is temporary. Temporary enabling last until the next reboot.
Specifies that the enabling request is for all the VRRP routers. If –t is specified, all the current active VRRP routers will be enabled; otherwise, all the active and persistent VRRP routers will be enabled.
Modify the configuration of the VRRP router identified by router_name. Only the priority, the advertisement interval, the preempt mode, and the accept mode can be modified.
The new priority of this VRRP router.
The new advertisement interval.
The new preempt and accept modes. Either one or both can be specified. If both are specified, they are delimited by a comma. For example:
-o preempt,no_accept
Specifies that the modification is temporary. Temporary modification last until the next reboot.
Display the information for the VRRP router identified by router_name. If no router_name is specified, display information for all the VRRP routers on the system.
By default (with no options), the following fields are displayed:
The name of the VRRP router.
The type of the VRRP router, either l2 or l3.
The VRID of the VRRP router.
The interface on which the VRRP router is created.
The address family of the VRRP router, either IPv4 or IPv6.
The priority of this VRRP router used in master selection.
The advertisement interval, in milliseconds.
The current state of the VRRP router, INIT (Initialize), BACK (Backup), or MAST (Master).
A set of flags associated with the VRRP router. Possible values are:
The router has been enabled.
Preempt mode is true.
Accept mode is true.
Virtual address owner.
The VRRP VNIC created for this VRRP router.
Note that the name of the VNIC can change over time unless the router is enabled.
The show-router subcommand has the following options:
Display additional information of the given VRRP router:
The primary IP address selected by the VRRP router.
The virtual IP addresses configured on the VRRP router.
The previous state of the VRRP router.
Time since the last state transition.
Display information for the backup VRRP router. This option is meaningful only when the VRRP router is in the backup state.
The following fields are displayed:
The name of the VRRP router.
The primary IP address of the peer VRRP router.
The priority of the peer VRRP router contained in the advertisement received from the peer.
The advertisement interval (in milliseconds) contained in advertisements received from the peer.
Time since last received advertisement from the peer.
Time interval (in milliseconds) after which to declare Master down.
Display the persistent configuration information of the given VRRP router:
The name of the VRRP router.
The type of the VRRP router, either l2 or l3.
The VRID of the VRRP router.
The interface on which the VRRP router is created.
The address family of the VRRP router, either IPv4 or IPv6.
The priority of this VRRP router used in master selection.
The advertisement interval, in milliseconds.
Display the VRRP router information in the machine parseable format.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed above, or the special value all to display all fields. By default (without –o), vrrpadm show displays all fields.
See attributes(7) for descriptions of the following attributes:
|