Sunday, December 31, 2017

Cisco CCNP:300-115 - 3.0 Infrastructure Services: 3.1 Configure and verify first-hop redundancy protocols: 3.1.b VRRP

Recently I needed to renew my Cisco CCNPs, that is both CCNP Routing and Switching as well as CCNP Security. While working with Cisco products (well now they own SourceFire, so exclude these) is not within my daily duties, I still thought it was important for me to maintain these two credentials. As a result, I've put together my notes below focusing on the key points I used to study. I believe that someone else may find them useful.

    -    designed for use over multiaccess, multicast, or broadcast capable Ethernet LANs
    -    VRRP is supported on Ethernet, Fast Ethernet, Bridge Group Virtual Interface (BVI), and Gigabit Ethernet interfaces, and on Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs), VRF-aware MPLS VPNs, and VLANs
    -    The address of the virtual router is the same as that of the physical interface of a router. This host is called the  "virtual router master"
    -    Every other router in the VRRP group are called "Virtual Router Backup"
    -    "Virtual Router Master" uses the IP address of the physical interface
    -    "Virtual Router Master" is also known as the IP owner
    -    If the "Virtual Router Master" fails, the router with the highest priority becomes the "Virtual Router Master"
    -    When the original Master recovers it becomes the Master once again
    -    Can be configured to share the traffic
    -    Provides Redundancy, Load Balancing, Multiple Virtual IPs, Authentication, preemption, advertisement protocol and object tracking
    -    Supports up to 255 Virtual Router - depending on resources, etc.
    -    Uses MD5 authentication to mitigate spoofing
    -    Uses multicat IP 224.0.0.18
    -    Can track interfaces, route state
    -    The host owning the IP address on the physical interface which maps the gateway becomes the "Virtual Router Master"        
    -    Like HSRP highest priority wins when electing a master if the primary fails
    -    Unlike HSRP priority which goes from 0 - 255, VRRP goes from 1-254
    -    Like HSRP if the priority is the same on two devices, then the higher IP wins
    -    Advertisements are sent to devices in the same group
    -    Default advertisements are sent every second
    -    While the RFC does not support milliseconds timer, Cisco support allows you to do so
    -    Milliseconds seconds support needs to be configured manually on both primary and backup devices
    -    Milliseconds support works only with Cisco devices
    -    VRRP can track interface, reachability of a route along with state of an IP route
    -    Default authentication type is "text", you can also use MD5 Key string or MD5 key chains
    -    Can have different IOS version on primary and backup
    -    It is recommended to customize VRRP before enabling as it can become the master of a group
    -    The device with the owner IP will preempt regardless of preempt configuration
    -    All devices in the VRRP group must use the same timer values
    -    If timer values not set devices in the group will not communicate and any misconfigured router will change it state to master


References:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4/fhp-12-4-book/fhp-vrrp.html

No comments:

Post a Comment