Configure Virtual Router Redundancy Protocol
Virtual Router Redundancy Protocol (VRRP) is a widely used protocol that provides device redundancy to eliminate the single point of failure inherent in the static default-routed environment. VRRP allows you to configure two or more routers to form a group. This group appears as a single default gateway with one virtual IP address and one virtual MAC address.
A back-up router automatically takes over if the primary / master router fails. In a VRRP set-up, the master router sends a VRRP packet known as an advertisement to the back-up routers. If the master router stops sending the advertisement, the back-up router sets the interval timer. If no advertisement is received within this hold period, the back-up router initiates the failover routine.
VRRP specifies an election process in which, the router with the highest priority becomes the master. If the priority is same among the routers, the router with the highest IP address becomes the master. The other routers are in backup state. The election process is initiated again if the master fails, a new router joins the group, or an existing router leaves the group.
VRRP ensures a high availability default path without configuring dynamic routing or router discovery protocols on every end-host.
Citrix SD-WAN release version 10.1 supports VRRP version 2 and version 3 to inter-operate with any third party routers. The SD-WAN appliance acts as a master router and direct the traffic to use Virtual Path Service between sites. You can configure the SD-WAN appliance as the VRRP master by configuring the Virtual Interface IP as the VRRP IP and by manually setting the priority to a higher value than the peer routers. You can configure the advertisement interval and the preempt option.
The below network diagram shows a Citrix SD-WAN appliance and a router configured as a VRRP group. The SD-WAN appliance is configured to be the master. If the SD-WAN appliance fails, the back-up router takes-over within milliseconds, ensuring that there is no downtime.
To configuring VRRP instance:
In the Configuration Editor, navigate to Sites > Site name > VRRP and click **+.
Configure a VRRP instance. Enter the values for the following fields:
- VRRP group ID: The VRRP group ID. The group ID should be a value range is 1 - 255. The same group ID should be configured on the back-up routers too.
Currently you can configure up to four groups only.
- Version: The VRRP protocol version. You can choose between VRRP protocol V2 and V3.
- Priority: The priority of the Citrix SD-WAN appliance for the VRRP group. The priority range is 1–254. Set this value to maximum (254) to make the SD-WAN appliance the master.
If the router is the owner of the VRRP IP address, the Priority is set to 255 by default.
- Advertisement Interval: The frequency in milliseconds, with which the VRRP advertisements are sent when the SD-WAN appliance is the master. The default advertisement interval is one second.
- Authentication Type: You can choose Plain Text to enter an authentication string. The authentication string is sent as a plain text without any encryption in the VRRP Advertisements. Choose None, if you do not want to set up authentication.
- Authentication Text: The authentication string to be sent in the VRRP Advertisement. This option is enabled if the Authentication Type is Plain Text.
Authentication is supported in VRRPv2 only.
- Reclaim: enables preemption when the priority of the SD-WAN appliance is highest in the VRRP group.This is used in the VRRP election process.
- Use V2 Checksum: enables compatibility with third party network devices for VRRPv3. By default, VRRPv3 uses v3 checksum computation method. Certain third party devices may only support VRRPv2 checksum computation. In such cases, enable this option.
Configure the VRRP IP address. Enter values for the following fields and click Apply.
- Virtual Interface: The virtual interface to be used for VRRP. Choose one of the configured virtual interfaces.
- Virtual IP Address: The virtual IP address assigned to the virtual interface. Choose one of the configured virtual IP addresses for the virtual interface.
VRRP Router IP: The virtual router IP address for the VRRP group. By default, the Virtual IP address of the SD-WAN appliance is assigned as the virtual router IP address.
You can view the VRRP statistics under Monitoring > VRRP Protocol.
You can view the following statistics data:
- VRRP ID: The VRRP group ID
- Version: The VRRP protocol version.
- Interface: The virtual interface used for VRRP.
- State: The VRRP state of the SD-WAN appliance. It indicates whether the appliance is a master or a backup.
- Priority: The priority of the SD-WAN appliance for a VRRP Group
- Virtual Router IP: The virtual router IP address for the VRRP group.
- Advertisement Interval: The frequency of VRRP advertisements.
- Enable: Select this to enable the VRRP instance on the SD-WAN appliance.
- Disable: Select this to disable the VRRP instance on the SD-WAN appliance.
- VRRP is supported in Gateway Mode deployment only.
- You can configure up to four VRRP IDs (VRID).
- Up to 16 virtual network interfaces can participate in VRID.
- VRRP is not supported in HA deployment.
High Availability and VRRP
You can significantly reduce network downtime and traffic disruption by leveraging both the high availability and VRRP features on your SD-WAN network. Deploy a pair of Citrix SD-WAN appliance in active/standby roles along with a standby router to form the VRRP group. This group appears as a single default gateway with one virtual IP address and one virtual MAC address. When the HA failover time is greater than VRRP failover time, the VRRP failover happens and the router becomes the master. The router remains as the master until the HA failover happens and the secondary SD-WAN appliance becomes the master based on other VRRP attributes like higher priority and pre-emption, and so on. For more information on high availability deployment modes, see High Availability.