SDWAN - Service side redundancy using VRRP

Service Side redundancy using VRRP

Virtual Router Redundancy Protocol(VRRP)

redundancy options for the service side VPNs is to provide a resilient default gateway to hosts in a segment using the Virtual Router Redundancy Protocol(VRRP).However, we have to make one important design consideration when designing service-side redundancy using VRRP in Cisco SD-WAN. Because vEdges never exchange control-plane information directly among themselves, when the master router loses connection to the overlay fabric, the hosts in the segment lose connection to the network domain.

The below LAB SITE ID 100 

The VRRP SETUP for VPN 1 

For vEDGE 1  SITE ID 100

vpn 1

 name Corporate-VPN

 interface ge0/3

  ip address 10.160.10.2/24

  no shutdown

  vrrp 100

   priority 200

   ipv4 10.160.10.1

For vEDGE 2 SITE ID 100

vpn 1

 name Corporate-VPN

 interface ge0/3

  ip address 10.160.10.3/24

  no shutdown

  vrrp 100

   ipv4 10.160.10.1

When no priority on vrrp means default priority 100 

Now higher Priority WIN for  VRRP MASTER and Other become BACKUP , in that case vEDGE 1 become VRRP Master for VPN 1 Service VPN and vEDGE 2 Become BACKUP 

vedge-01# show vrrp

vrrp vpn 1

 interfaces ge0/3

  groups 100

   virtual-ip             10.160.10.1

   virtual-mac            00:00:5e:00:01:64

   priority               200

   vrrp-state             master

   omp-state              up

   advertisement-timer    1

   master-down-timer      3

   last-state-change-time 2023-07-08T04:22:12+00:00

vEdge-02# show vrrp

vrrp vpn 1

 interfaces ge0/3

  groups 100

   virtual-ip             10.160.10.1

   virtual-mac            00:00:5e:00:01:64

   priority               100

   vrrp-state             backup

   omp-state              up

   advertisement-timer    1

   master-down-timer      3

   last-state-change-time 2023-07-08T07:09:17+00:00

NEXT Blog will discuss on Trackers