Support Center > Search Results > SecureKnowledge Details
Configuration requirements / considerations and limitations for VRRP cluster on Gaia OS Technical Level
Solution

This article lists the configuration requirements / considerations and limitations for VRRP cluster running on Gaia OS.

Feature / Blade Notes
More than two members in VRRP cluster Not supported by design.
Synchronization of Dynamic Routes between VRRP cluster members for any protocols
  • In versions R77.30 and higher, routes learned from OSPF and BGP are synchronized from the VRRP Master to the VRRP Backup.
    With "Graceful Restart" enabled, on a cluster failover, neighboring routers do not remove the routes learned from the VRRP cluster.
    The previously synchronized routes keep traffic flowing while the protocol state is rebuilt.
  • In versions R77.20 and lower - not supported by design.
VRRP configuration in VSX mode Not supported by design.
Simplified VRRP configuration (Monitored-Circuit) and Advanced VRRP configuration on the same machine Not supported by design.
Dynamic Routing neighborship with VRRP Backup member Not supported by design.
StandAlone configuration (Security Gateway and Security Management Server on the same machine) Not supported by design.
Setting number of critical interfaces when using Bond ($FWDIR/conf/cpha_bond_ls_config) Not supported by design.
Multiple "Backup Addresses" configured on the same subnet on the same interface (the same VRID) Example:

Not supported by design when VRRP cluster is configured per sk92061 - How to configure VRRP on Gaia (i.e., the "ClusterXL" is enabled in the cluster object). 

Only one Backup address is supported per interface.
VRRP configuration on all routers in a Virtual Router
  • System time must be identical on all routers by design.
  • VRRP Hello Interval must be identical on all routers by design.
  • Virtual Router IDs must be the identical on all routers by design.
  • Priority Delta must be sufficiently large for the Effective Priority to be lower than the Master router by design.
Virtual Address support for any supported Dynamic Routing protocol (advertising the Virtual IP address, rather than the real (physical) IP address of the interface - i.e., neighbor relationship is established by using the Virtual IP address as the Source IP address of Dynamic Routing packet) Dynamic Routing protocols must be enabled only on interfaces running VRRP. The Virtual Address option must be enabled for the following protocols: OSPF, OSPFv3, RIP, and PIM.
RIP RIP runs only on the VRRP Master by design.
OSPF

OSPF runs only on the VRRP Master by design.

Router ID must be identical on all VRRP members.
OSPFv3

OSPFv3 runs only on the VRRP Master by design.

Router ID must be identical on all VRRP members.
BGP
  • BGP must be enabled only on interfaces running VRRP.
  • In R77.10 and lower, BGP Virtual Address option must be enabled with the Local Address configured.
  • In R77.20 and higher, the Virtual Address option is removed and is not needed - it is automatically used.
PIM PIM runs only on the VRRP Master by design.
IPv6 Router Discovery Advertisements are sent with the Virtual IP Address as the Source IP Address. The Source MAC Address used depends on the VRRP VMAC configuration.

 

Additional Notes:

  • Must configure firewall rule to accept VRRP packets sent from VRRP routers to multicast IP address 224.0.0.18.

 

Related Documentation:

 

Related Solutions:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment