Hello,
I'm writing to ask for some VRRP recommendations. I'm looking to setup 3 pairs of controllers with VRRP redundancy.
An active-backup pair of 7210 masters
An active-active pair of 7240 locals
A 2nd pair active-active 7240 locals
My first question regards the "authentication" parameter in the VRRP configuration; the other questions will manifest themselves at some point.
The 6.2 CLI specifies :
"Configureanoptionalpasswordofupto8characterstobeusedtoauthenticationVRRPpeersintheiradvertisements. Thepasswordmustbethesameonbothmembersoftheredundantpair. Thepasswordissentinplain-textandthereforeshouldnotbetreatedasasecuritymeasure. Rather, thepurposeofthepasswordistoguardagainstmisconfigurationsintheeventthatotherVRRPdevicesexistonthesamenetwork."
So, doIneedtobewaryofmy5VRRPinstancessuchthatIshouldspecifydistinctpasswordsforeachVRRPinstanceinordertoavoidmisconfigurations? ShouldItakethisintoconsiderationsinceallofmyVRRPswillliveonthesameVLAN?
I imagine these misconfiguration, the docs mention, would occur if I (or someone else) mistakenly configures the same vrrp ID in a set of these configs that wasn't meant to be there. Additionally, one would have to also mistakenly issue the same peer-ip-address in the master-redundancy config?
Ah, and does the above only apply for master redundancy? The 6.2 User Guide only specifies issuing the following for local redundancy.
(host) (config) #vvrrp <id>
ip address <ipaddr>
vlan <vlan>
no shutdown
I'm assuming that the "vvrrp" command is a typo. I'm also going to assume that the ip address is actually going to be my local VIP.
This means that for my active-active local controller redundancy, each controller will have 2 VRRP IDs.
vrrp 20
vlan MGMT_VLAN
ip address LOC_A_VIP
priority 110
preempt
description Preferred-Local-A1
no shutdown
!
vrrp 25
vlan MGMT_VLAN
ip address LOC_B_VIP
priority 100
preempt
description Backup-Local-B2
no shutdown
!
And its cousin would have the config :
vrrp 25
vlan MGMT_VLAN
ip address LOC_B_VIP
priority 110
preempt
description Preferred-Local-B1
no shutdown
!
vrrp 20
vlan MGMT_VLAN
ip address LOC_A_VIP
priority 100
preempt
description Backup-Local-A2
no shutdown
!
Is this all making sense? Am I on the right track?
Ah, found this KB Article : https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1633 & that pretty much confirms my initial configuration parameters.
So, I guess my only question then regards the authentication password? The KB Article doesn't specify if the passwords in the active-active config need to be distinct, nor does it go into additional configs, so my question still is should I specify distinct passwords for each VRRP instance in order to avoid misconfigurations?
Thanks,
#7210#7240