VRRP Interface Tracking

Table 1. Feature History

Feature Name

Release Information

Description

VRRP Interface Tracking for Cisco vEdge Devices

Cisco SD-WAN Release 20.4.1

Cisco vManage Release 20.4.1

This feature enables VRRP to set the edge as active or standby based on the WAN Interface or SIG tracker events and increase the TLOC preference value on a new VRRP active to ensure traffic symmetry, for Cisco vEdge Devices.

In this release, you can configure VRRP interface tracking using only the CLI template.

VRRP Interface Tracking for Cisco vEdge Devices.

Cisco SD-WAN Release 20.7.1

Cisco vManage Release 20.7.1

Starting this release, you can configure VRRP interface tracking through Cisco vManage feature template on Cisco vEdge Devices.

Information About VRRP Interface Tracking

The Virtual Router Redundancy Protocol (VRRP) is a LAN-side protocol that provides redundant gateway service for switches and other IP end stations. In Cisco SD-WAN, you can configure VRRP on interfaces and subinterfaces, within a VPN.

For more information, see Configuring VRRP.

The VRRP Tracking feature enables switching to a backup or a secondary VRRP router in the following scenarios:

  • If a single tunnel (or two tunnels - when you configure redundancy using Transport Locators (TLOC)) on a vEdge device goes down. In this case, the VRRP priority decrements and the secondary router becomes the primary router. VRRP notifies this change to the overlay through Overlay Management Protocol (OMP).

  • VRRP can track up to one interface object or Secure Internet Gateway (SIG) object for a group. The interface object can have up to four interfaces. Hence, a group can track up to four tunnel interfaces. The VRRP priority decrements only if all the interfaces of an interface object go down.

Restrictions and Limitations

  • VRRP is only supported with service-side VPNs. If you are using subinterfaces, configure VRRP physical interfaces in VPN 0.

  • VRRP tracking is enabled on either a physical uplink interface or a logical tunnel interface (IPSEC or GRE or both).

  • The VRRP Tracking feature does not support IP prefix as an object.

  • You can track a maximum of four interfaces simultaneously using a single tracker. VRRP state transition gets triggered only if all four interfaces go down.

  • You can use the same tracker under multiple VRRP groups or VPNs.

  • You cannot configure tloc-change and increase-preference on more than one VRRP group.

  • In Cisco SD-WAN release 20.6.1 and earlier releases, you can configure VRRP tracking only through Cisco vManage CLI template.


Note
Starting from Cisco SD-WAN release 20.7.1, you can configure VRRP tracking using Cisco vManage feature template as well.

Note
In Cisco SD-WAN release 20.6.1 and earlier releases, to update any existing VRRP configuration and add VRRP tracking, convert the configuration and the VRRP tracking commands to the CLI template.

VRRP Tracking Use Cases

The VRRP state is determined based on the tunnel link status. If the tunnel or interface is down on the primary VRRP, then the traffic is directed to the secondary VRRP. The secondary VRRP router in the LAN segment becomes primary VRRP to provide gateway for the service-side traffic.

Zscaler Tunnel Use Case 1—Primary VRRP, Single Internet Provider

The primary and secondary Zscaler tunnels are connected through a single internet provider to the primary VRRP. The primary and secondary VRRP routers are connected through using TLOC extension. In this scenario, the VRRP state transition occurs if the primary and secondary tunnels go down on primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. To avoid asymmetric routing, VRRP notifies this change to the Overlay through OMP.

Zscaler Tunnel Use Case 2—VRRP Routers in TLOC Extension, Dual Internet Providers

The primary and secondary VRRP routers are configured in TLOC extension high availability mode. The primary and secondary Zscaler tunnels are directly connected with primary and secondary VRRP routers, respectively, using dual internet providers. In this scenario too, the VRRP state transition occurs if the primary and secondary tunnels go down on primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. VRRP notifies this change to the Overlay through OMP.

TLOC Preference

Transport Locators (TLOCs) connect an OMP route to a physical location. A TLOC is directly reachable using an entry in the routing table of the physical network, or represented by a prefix beyond a NAT device.

The TLOC change preference is an optional configuration under VRRP group. If you configure TLOC change preference value using the tloc-change-pref command, the value increases by 1 when a node becomes the primary node. The configured or default TLOC preference is applied back on standby state.


Note

We recommend that you use the same TLOC preference value for all TLOCs in a site. For a Cisco vEdge device, the default TLOC preference for the tunnel interface can be modified irrespective of whether VRRP is configured or not. However, if you want to use the VRRP tracking feature and utilize the advantage of TLOC preference values for VRRP tracking, ensure that the default tunnel preference is same on both the VRRP routers.

Configure an Object Tracker

Use the System template to configure an object tracker.

  1. From the Cisco vManage menu, choose Configuration > Templates.

  2. Click Feature.

  3. Navigate to the System template for the device.


    Note

    To create a System template, see Create System Template

  4. Click Tracker, and click New Object Tracker to configure the tracker parameters.

    Table 2. Tracker Parameters

    Field

    Description

    Tracker Type

    Choose Interface or SIG to configure the Object tracker.

    Tracker List

    Enter the name of the tracker list.

    Interface

    Choose global or device-specific tracker interface name.

  5. Click Add.

  6. Click Save.

Configure VRRP for a VPN Interface Template and Associate Interface Object Tracker

To configure VRRP for a VPN template, do the following:

  1. From the Cisco vManage menu, choose Configuration > Templates.

  2. Click Feature Templates.


    Note

    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

  3. Navigate to the VPN Interface Ethernet template for the device.


    Note

    For information about creating a new VPN Interface Ethernet template, see Configure VPN Ethernet Interface.

  4. Click VRRP and choose IPv4.

  5. Click New VRRP to create a new VRRP or edit the existing VRRP and configure the following parameters:

    Parameter Name

    Description

    TLOC Preference Change

    (Optional) Choose On or Off to set whether the TLOC preference can be changed or not.

  6. Click the Add Tracking Object link, and in the Tracking Object dialog box that is displayed, click Add Tracking Object.

  7. In the Tracker Name field, enter the name of the tracker.

  8. From the Action drop-down list, choose Decrement and enter the Decrement Value.

  9. Click Add.

  10. Click Add to save the VRRP details.

  11. Click Save.

Configure VRRP Tracking Using CLI Templates

You can configure VRRP tracking using the CLI add-on feature templates and CLI device templates. For more information, see CLI Templates.

VRRP Object Tracking Using CLI

Configure Track List Interface

Use the following configuration to add an interface to a track list using Cisco vManage device CLI tempale:

Device# config terminal
Device(config)# system
Device(config-system)# track-list zs1 interface ge0/1 gre1 ipsec1
Device(config-track-list-zs1)# commit 
Device(config-system-tracker-list-zs1)# exit
Device(config-system)# exit

Configure Interface Tracking and Priority Decrement

Device(config)# vpn 1
Device(config-vpn-1)# name vpn-name
Device(config- vpn-1)# interface ge0/2
Device(config-interface-ge0/2)# ip address 172.16.10.1/24
Device(config-interface-ge0/2)# no shutdown
Device(config-interface-ge0/2)# vrrp 100
Device(config-vrrp-100)# track zs1 decrement 10
Device(config-vrrp-track-zs1)# exit
Device(config-vrrp-100)# ipv4 172.16.10.100
Device(config-vrrp-100)# tloc-change-pref

SIG Container Tracking

The following example shows how to configure a track list and tracking for SIG containers using the Cisco vManage device CLI template.


Note

In SIG Object Tracking, you can only set global as the variable for Service Name.

Configure Track List for SIG Container

Device# config terminal
Device(config)# system
Device(config-system)# track-list SIG sig-container global
Device(config-system-tracker-list-SIG)# exit
Device(config-system)# exit

Configure SIG Container Tracking and Priority Decrement

Device(config)# vpn 1
Device(config-vpn-1)# name vpn-name
Device(config- vpn-1)# interface ge0/2
Device(config-interface-ge0/2)# ip address 172.16.10.1/24
Device(config-interface-ge0/2)# no shutdown
Device(config-interface-ge0/2)# vrrp 100
Device(config-vrrp-100)# track SIG decrement 10
Device(config-vrrp-track-zs1)# exit
Device(config-vrrp-100)# ipv4 172.16.10.100
Device(config-vrrp-100)# tloc-change-pref

Configure SIG Container Tracking for VRRP Group

Device(config-vpn-1)# int ge0/4
Device(config-interface-ge0/4)# vrrp 10
Device(config-vrrp-10)# track SIG decrement 10 
Device(config-track-SIG)# commit
Commit complete.
Device(config-track-SIG)#

Configuration Example for VRRP Object Tracking Using CLI

Interface Object Tracking Using CLI

This example shows how to addan interface to a track list using Cisco vManage device CLI template:

Configure terminal
 system
track-list zs1 interface ge0/1 gre1 ipsec1 
commit
exit

Configure Interface Tracking and Priority Decrement

vpn 1
name vpn-name
interface ge0/2
ip address 172.16.10.1/24
no shutdown
vrrp 100
track zs1 decrement 10
exit
ipv4 172.16.10.100
tloc-change-pref

Configuration Examples for SIG Object Tracking

Configure Track List for SIG Container

config terminal
system
track-list SIG sig-container global
 exit 
exit

Configure SIG Container Tracking and Priority Decrement

vpn 1
name vpn-name
interface ge0/2
ip address 172.16.10.1/24
no shutdown
vrrp 100
track SIG decrement 10
exit
ipv4 172.16.10.100
tloc-change-pref

Verify VRRP Tracking

Device# show vrrp

The following is a sample output for the show vrrp command: 

vrrp vpn 1
 interfaces ge0/4
  groups 10
   virtual-ip             10.1.1.2
   virtual-mac            00:00:5e:00:01:0a
   priority               100
   real-priority          100
   vrrp-state             init
   omp-state              up
   advertisement-timer    1
   primary-down-timer     3
   last-state-change-time 0000-00-00T00:00:00+00:00

Device# show vrrp detail

The following is a sample output for the show vrrp detail command: 

OMP status: up

group-id: 10, track-omp: no, initialized: yes
  address: 10.20.24.1
  track-prefix-list: -, resolved: -
  state: Primary, down-reason: none, cfg-priority: 100, priority: 100
  adv-timer: 1, primary-down-timer: 3, sock-fd: 23, addr-count: 1
  adv-timer: Enabled (e: 4 v: 10 c: 1)
  primary-down-timer: Disabled (e: -1 v: 30 c: 3)
  virtual-mac: 0x0 0x0 0x5e 0x0 0x1 0xa
  TLOC Change Preference: Configured
  TLOC Change Preference value: 1
  TLOC Real Preference value: 1
  Group current adaptive priority: 0
  Total Tracking object : 1 (head: 0x7f0f6d6771c0)
  Group Address: 0x7f0f6d624100
       Name: zs1
       Decrement: 18
       Adaptive direction: 0
       List Entry :0x7f0f6d687230

Track List:
    Name: zs1
    Total Tracking Objects: 0
    VRRP Daemon: 0x7f0f6d68e140
    Tracking Object: 0x7f0f6d677270
        Type:  1
        VRRP Daemon: 0x7f0f6d68e140
        Total Interface: 1
             Interface: ge0_1(0x7f0f6d66a700)
            Interface Created: Yes
            Operational State: UP

Device# show run system

The following is a sample output for the show run system command: 

system
host-name               vm6
system-ip               172.16.255.16
site-id                 600
no admin-tech-on-failure
route-consistency-check
organization-name       "vIPtela Inc Regression"
track-list SIG
  container global  
!
track-list zs1
  track-interface ge0/1 ge0/7  
!