Does ClearPass implement VRRP for redundancy?
Environment : Applicable for all Clearpass Servers running 6.1 and above versions where Virtual IP is configured
Clearpass doesn’t implement VRRP as the redundancy protocol instead we use UCARP(http://www.ucarp.org) which is a portable implementation of the CARP protocol for redundancy.
We don’t use multicast address for VIP although that’s the default with UCARP/VRRP instead we use Broadcast address ff:ff:ff:ff:ff:ff in our implementation. Note that the target IP address will still be multicast but the L2 address (target MAC) will be broadcast MAC.
UCARP uses the host's MAC address itself for the virtual IP addresses.
Please note that Wireshark decodes these packets as VRRP packets due to the same protocol number being shared by these 2 protocols which gives misleading information.