VRRP Tracking with master redundancy

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.


 The VRRP tracking mechanism provides the ability to track a particular variable and adjust the priority accordingly these variables are: 


a. master-up-time tracking based on how long we have been MASTER 


b. vrrp-master-state tracking based on another vrrp's MASTER state The master-up-time option tracked the duration that the controller has been Master for this VRRP instance and the vrrp-master-state option track the master state of the other VRRP group. 


Aruba controllers can be configured as master, local or standby. The master and standby controllers are function as a group to provide master redundancy. The role of the controller is base on the state of the VRRP group configured in the master redundancy configuration. 


If the VRRP state is master, the controller role is master, and if the VRRP state is backup, the controller role is standby. The standby controller will become the master controller should the master controller failed. The default VRRP priority is 100, the higher the value, the higher the priority.


If preempt is enable, the controller with higher priority will be the VRRP master for the VRRP group. 


The VRRP preempt option has to be enable on both controllers for VRRP tracking to work. 


If more than one VRRP groups are configured on the controller, it is important to ensure that the master redundancy will failover to the other controller if the any of the VRRP group failed, this could be done with the vrrp-master-state option. 


The VRRP group is shutdown by default, it is recommended that you enable the VRRP group after you have configured the master redundancy.


Configuration on master controller: 
master-vrrp 1 
peer-ip-address ipsec <key> (The IPSEC key is required for AOS 3.x configuration)
vrrp 1 
priority 110 
ip address 
vlan 1 
tracking master-up-time 30 add 20 
no shutdown 

The "tracking master-up-time 30 add 20" means that a priority of 20 should be added to the configured priority 
if the switch stays as the Master for this VRRP group for 20 minutes or more.
CLI: AOS 2.5.x and 3.x 
Syntax: show vrrp 
Description: To verify VRRP configuration and check the state 
(Lab-02) #show vrrp 
Virtual Router 1: 
Admin State UP, VR State MASTER 
IP Address, MAC Address 00:00:5e:00:01:01, vlan 1 
Priority 110, Advertisement 1 sec, Preemption Enable 
Auth type NONE 
tracking type is master-up-time, duration 30 minutes, value 20 
tracked priority 130
CLI: AOS 2.5.x and 3.x 
Syntax: show master-redundancy 
Description: Check master redundancy state 
(Lab-02) #show master-redundancy 
Master redundancy configuration: 
VRRP Id 1 current state is MASTER 
Peer's IP Address is 
Peer's IPSEC Key is ********

CLI: AOS 2.5.x and 3.x 
Syntax: show switches 
Description: Check master redundancy state between the master and standby 
(Lab-02) #show switches 
All Switches 
IP Address Name Location Type Version Status Configuration State Config Sync Time (sec) 
---------- ---- -------- ---- ------- ------ ------------------- ---------------------- Lab-02 Building1.floor1 master up UPDATE SUCCESSFUL 0 Lab-03 Building1.floor1 standby up UPDATE SUCCESSFUL 5 

CLI: AOS 3.x 
Syntax: show crypto ipsec sa 
Description: Check ipsec tunnel status between master and stanby 
(Lab-02) #show crypto ipsec sa 
Initiator IP: 
Responder IP: 
Initiator: No 
Initiator cookie:1231f7a723c2475f Responder cookie:bd1beabce1fc6cb9 
Ipsec-map name: default-primary-master-ipsecmap 
SA Creation Date: Thu Dec 20 08:39:54 2007 
Life secs: 7200 
Initiator Phase2 ID: 
Responder Phase2 ID: 
Phase2 Transform: EncAlg:esp-3des HMAC:esp-sha-hmac 
Encapsulation Mode:Tunnel 
PFS: No 
OUT SPI c6da4200, IN SPI bb40ff00 
Reference count: 3 

CLI: AOS 2.5.x and 3.x 
Syntax: show vrrp statistics <VRRP ID> 
Description: Check VRRP statistictics and master up time 
(Lab-02) #show vrrp statistics 1
Virtual Router 1:
Admin State UP, VR State MASTER
Sent: 83194 Received: 170 
Zero priority sent: 1 Zero priority received: 0 
Tracking priority overflow: 0 
Advertisements received errors: 
Interval mismatch 0 Invalid TTL 0 
Invalid packet type 0 Authentication failure 0 
Invalid auth type 0 Mismatch auth type 0 
Invalid VRRP IP address 0 Invalid packet length 0 
VRRP Up timestamp: Wed Dec 19 12:03:10 2007 
Master Up timestamp: Wed Dec 19 18:12:11 2007 
Last advertisement sent timestamp: Wed Dec 19 22:56:07 2007 
Last advertisement received timestamp: Wed Dec 19 18:12:08 2007 
Current time: Wed Dec 19 22:56:08 2007 
Number times became VRRP Master: 4
