Re: VRRP for two routers with many subinterfaces

kapydan88 · ‎07-26-2019

Hello.

What is the best decision for implementing two routers in vrrp with many subinterfaces in each one?

balaji.bandi · ‎07-27-2019

How about considering VRF here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Giuseppe Larosa · ‎07-27-2019

Hello Kapydan88,

if have two routers both connecting to multiple Vlan based subinterfaces and in each of them you want to run VRRP there are two possible design choices:

a) use both routers as Active / Master VRRP in different Vlans subsets, in this way both routers are working and you can achieve some load sharing

b) have all the VRRP groups on all Vlans use the same router as Active/Master. All the load in upstream direction is in a single device. It may be easier to troubleshoot, however if the number of subinterfaces is high (more then 30) you can face issues at the NIC MAC address filter level (for each active group the corresponding VIP MAC address has to be added to the NIC MAC address filter). Besides this you have less performance because a single device is used.

Because you are mentioning routers and not multilayer switches I would go for option A to achieve better performance.

VRRP might overcome the MAC address limitation when the VRRP VIP address is equal to the IP address of the VRRP master for the group (this option is not available in HSRP, HSRP supports only using the BIA with standby XX use-bia) because it might use the interface MAC address instead of the VRRP MAC address.

Hope to help

Giuseppe

kapydan88 · ‎07-28-2019

Hi.

Thanks for answer. Right now we have one 4331 as "router on a stick" and old 3750 with 12 sfp. And we are thinking of reserving it with the second 4331. If i understood correctly, in the second router we need to create a subinterface in the same as the first 4331 vlan + vrrp subinterface.

But there is a problem - this router is the owner of DHCP pools (i know that it is wrong, but it is impossible to change it at this time).

balaji.bandi · ‎07-28-2019

If i understood correctly, in the second router we need to create a subinterface in the same as the first 4331 vlan + vrrp subinterface. <<-- yes this correct you need to create same as otehr rouer. - make sure you have all the VLAN reachability on the both router (on Switch config)

But there is a problem - this router is the owner of DHCP pools (i know that it is wrong, but it is impossible to change it at this time). <-- you can still keep this as Local IP address, But suggest to have another dedicated DHCP Server if possible, so can have HA availability.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kapydan88 · ‎08-01-2019

Thnx a lot

balaji.bandi · ‎08-01-2019

let us know how it goes, if resolved mark as solution.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kapydan88 · ‎08-02-2019

For example, its part of config from current router

0/0/0 - external interface

0/0/01 - internal interface

GigabitEthernet0/0/0 15.14.13.12 YES NVRAM up up
GigabitEthernet0/0/1 192.168.1.1 YES NVRAM up up
GigabitEthernet0/0/1.2 192.168.2.1 YES NVRAM up up
Gi0/0/1.10 192.168.10.1 YES NVRAM up up
Gi0/0/1.11 192.168.11.1 YES NVRAM up up
Gi0/0/1.12 192.168.12.1 YES NVRAM up up
Gi0/0/1.13 192.168.13.1 YES NVRAM up up
Gi0/0/1.15 192.168.15.1 YES NVRAM up up
Gi0/0/1.20 192.168.20.1 YES NVRAM up up
Gi0/0/1.21 192.168.21.1 YES NVRAM up up
...

R1_4331#sh run int gi0/0/1.10
Building configuration...

Current configuration : 165 bytes
!
interface GigabitEthernet0/0/1.10
description wifi_hotspot
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip helper-address 192.168.10.4
end

R1_4331#sh run int gi0/0/1.20
Building configuration...

Current configuration : 151 bytes
!
interface GigabitEthernet0/0/1.20
description controller
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip helper-address 192.168.10.4
end

Port settings into switch

interface GigabitEthernet1/0/1
description UPLINK_to_R1
switchport trunk encapsulation dot1q
switchport mode trunk
end

If we will add second router, its settings will be as follows (+appropriate setting for switch port)

GigabitEthernet0/0/0 15.14.13.11 YES NVRAM up up
GigabitEthernet0/0/1 192.168.1.2 YES NVRAM up up
GigabitEthernet0/0/1.2 192.168.2.2 YES NVRAM up up
Gi0/0/1.10 192.168.10.2 YES NVRAM up up
Gi0/0/1.11 192.168.11.2 YES NVRAM up up
Gi0/0/1.12 192.168.12.2 YES NVRAM up up
Gi0/0/1.13 192.168.13.2 YES NVRAM up up
Gi0/0/1.15 192.168.15.2 YES NVRAM up up
Gi0/0/1.20 192.168.20.2 YES NVRAM up up
Gi0/0/1.21 192.168.21.2 YES NVRAM up up

R2_4331#sh run int gi0/0/1.10
Building configuration...

Current configuration : 165 bytes
!
interface GigabitEthernet0/0/1.10
description wifi_hotspot_2
encapsulation dot1Q 10
ip address 192.168.10.2 255.255.255.0
ip helper-address 192.168.10.4
end

R2_4331#sh run int gi0/0/1.20
Building configuration...

Current configuration : 151 bytes
!
interface GigabitEthernet0/0/1.20
description controller_2
encapsulation dot1Q 20
ip address 192.168.20.2 255.255.255.0
ip helper-address 192.168.10.4
end

And the last one - config with vrrp for both routers. In this particular case R1 is main router, R2 is backup. VRRP group number on the subinterface is identical number of vlan.

R1_4331#sh run int gi0/0/1.10
Building configuration...

Current configuration : 165 bytes
!
interface GigabitEthernet0/0/1.10
description wifi_hotspot
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip helper-address 192.168.10.4
vrrp 10 ip 192.168.10.254
vrrp 10 preempt
end

R1_4331#sh run int gi0/0/1.20
Building configuration...

Current configuration : 151 bytes
!
interface GigabitEthernet0/0/1.20
description controller
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip helper-address 192.168.10.4
vrrp 20 ip 192.168.20.254
vrrp 20 preempt
end

...

R2_4331#sh run int gi0/0/1.10
Building configuration...

Current configuration : 165 bytes
!
interface GigabitEthernet0/0/1.10
description wifi_hotspot_2
encapsulation dot1Q 10
ip address 192.168.10.2 255.255.255.0
ip helper-address 192.168.10.4
vrrp 10 ip 192.168.10.254
vrpp 10 priority 90
end

R2_4331#sh run int gi0/0/1.20
Building configuration...

Current configuration : 151 bytes
!
interface GigabitEthernet0/0/1.20
description controller_2
encapsulation dot1Q 20
ip address 192.168.20.2 255.255.255.0
ip helper-address 192.168.10.4
vrrp 20 ip 192.168.20.254
vrpp 20 priority 90
end

Giuseppe Larosa · ‎08-02-2019

Hello kapydan88,

in VRRP pre-emption is enabled by default you don't need to enable it and in any case it would be needed on both devices.

If you make all VRRP groups master/active on Router1 you need to take care how many vlan based subifs and VRRP groups are present as I have explained in previous post ( how many VRRP MAC addresses can be installed in the NIC MAC address filter ???)

also you need to replicate DHCP scopes on both routers to have redundancy on this aspect.

A possible approach is to divide each subnet in two sub-pools with R1 assigning IP addresses in first pool and R2 assigning IP addresses in second pool for each Vlan/subnet.

This approach may fit your needs if the IP address usage per subnet is less then 50%.

Hope to help

Giuseppe