This article lists the configuration requirements / considerations and limitations for VRRP cluster running on Gaia OS.
Feature / Blade
Notes
MDPS routing separation
MDPS routing separation is not supported with a VRRP cluster.
More than two members in VRRP cluster
Not supported by design.
VRRP active-active in a ClusterXL environment
Not Supported
Synchronization of Dynamic Routes between VRRP cluster members for any protocols
In versions R77.30 and higher, routes learned from OSPF and BGP are synchronized from the VRRP Master to the VRRP Backup. With "Graceful Restart" enabled, on a cluster failover, neighboring routers do not remove the routes learned from the VRRP cluster. The previously synchronized routes keep traffic flowing while the protocol state is rebuilt.
In versions R77.20 and lower - not supported by design.
VRRP configuration in VSX mode
Not supported by design.
Simplified VRRP configuration (Monitored-Circuit) and Advanced VRRP configuration on the same machine
Not supported by design.
Dynamic Routing neighborship with VRRP Backup member
Not supported by design.
StandAlone configuration (Security Gateway and Security Management Server on the same machine)
Not supported by design.
Setting number of critical interfaces when using Bond ($FWDIR/conf/cpha_bond_ls_config)
Not supported by design.
Multiple "Backup Addresses" configured on the same subnet on the same interface (the same VRID)
Example:
Not supported by design when VRRP cluster is configured per sk92061 - How to configure VRRP on Gaia (i.e., the "ClusterXL" is enabled in the cluster object).
Only one Backup address is supported per interface.
VRRP configuration on all routers in a Virtual Router
System time must be identical on all routers by design.
VRRP Hello Interval must be identical on all routers by design.
Virtual Router IDs must be the identical on all routers by design.
Priority Delta must be sufficiently large for the Effective Priority to be lower than the Master router by design.
Virtual Address support for any supported Dynamic Routing protocol (advertising the Virtual IP address, rather than the real (physical) IP address of the interface - i.e., neighbor relationship is established by using the Virtual IP address as the Source IP address of Dynamic Routing packet)
Dynamic Routing protocols must be enabled only on interfaces running VRRP. The Virtual Address option must be enabled for the following protocols: OSPF, OSPFv3, RIP, and PIM.
RIP
RIP runs only on the VRRP Master by design.
OSPF
OSPF runs only on the VRRP Master by design.
Router ID must be identical on all VRRP members.
OSPFv3
OSPFv3 runs only on the VRRP Master by design.
Router ID must be identical on all VRRP members.
BGP
BGP must be enabled only on interfaces running VRRP.
In R77.10 and lower, BGP Virtual Address option must be enabled with the Local Address configured.
In R77.20 and higher, the Virtual Address option is removed and is not needed - it is automatically used.
PIM
PIM runs only on the VRRP Master by design.
IPv6 Router Discovery
Advertisements are sent with the Virtual IP Address as the Source IP Address. The Source MAC Address used depends on the VRRP VMAC configuration.
Additional Notes:
Must configure firewall rule to accept VRRP packets sent from VRRP routers to multicast IP address 224.0.0.18.
When using VRRP VMAC mode, both spanning tree and IGMP snooping must be disabled to avoid split brain.
