Installation Guide for CISCO models including: SD-WAN Vrrp Interface Tracking, SD-WAN, Vrrp Interface Tracking, Interface Tracking, Tracking
Systems and Interfaces Configuration Guide, Cisco SD-WAN Release 20.x - VRRP Interface Tracking [Cisco SD-WAN] - Cisco
File Info : application/pdf, 8 Pages, 1.11MB
DocumentDocumentVRRP Interface Tracking Table 1: Feature History Feature Name Release Information VRRP Interface Tracking for Cisco Cisco SD-WAN Release vEdge Devices 20.4.1 Cisco vManage Release 20.4.1 VRRP Interface Tracking for Cisco Cisco SD-WAN Release vEdge Devices. 20.7.1 Cisco vManage Release 20.7.1 Description This feature enables VRRP to set the edge as active or standby based on the WAN Interface or SIG tracker events and increase the TLOC preference value on a new VRRP active to ensure traffic symmetry, for Cisco vEdge Devices. In this release, you can configure VRRP interface tracking using only the CLI template. Starting this release, you can configure VRRP interface tracking through Cisco vManage feature template on Cisco vEdge Devices. · Information About VRRP Interface Tracking, on page 1 · Restrictions and Limitations, on page 2 · VRRP Tracking Use Cases, on page 2 · Workflow to Configure VRRP Tracking, on page 3 · Configure an Object Tracker, on page 3 · Configure VRRP for a VPN Interface Template and Associate Interface Object Tracker, on page 4 · Configure VRRP Tracking Using CLI Templates, on page 5 · Configuration Example for VRRP Object Tracking Using CLI, on page 6 · Configuration Examples for SIG Object Tracking, on page 7 · Verify VRRP Tracking, on page 7 Information About VRRP Interface Tracking The Virtual Router Redundancy Protocol (VRRP) is a LAN-side protocol that provides redundant gateway service for switches and other IP end stations. In Cisco SD-WAN, you can configure VRRP on interfaces and subinterfaces, within a VPN. VRRP Interface Tracking 1 Restrictions and Limitations VRRP Interface Tracking For more information, see Configuring VRRP. The VRRP Tracking feature enables switching to a backup or a secondary VRRP router in the following scenarios: · If a single tunnel (or two tunnels - when you configure redundancy using Transport Locators (TLOC)) on a vEdge device goes down. In this case, the VRRP priority decrements and the secondary router becomes the primary router. VRRP notifies this change to the overlay through Overlay Management Protocol (OMP). · VRRP can track up to one interface object or Secure Internet Gateway (SIG) object for a group. The interface object can have up to four interfaces. Hence, a group can track up to four tunnel interfaces. The VRRP priority decrements only if all the interfaces of an interface object go down. Restrictions and Limitations · VRRP is only supported with service-side VPNs. If you are using subinterfaces, configure VRRP physical interfaces in VPN 0. · VRRP tracking is enabled on either a physical uplink interface or a logical tunnel interface (IPSEC or GRE or both). · The VRRP Tracking feature does not support IP prefix as an object. · You can track a maximum of four interfaces simultaneously using a single tracker. VRRP state transition gets triggered only if all four interfaces go down. · You can use the same tracker under multiple VRRP groups or VPNs. · You cannot configure tloc-change and increase-preference on more than one VRRP group. · In Cisco SD-WAN release 20.6.1 and earlier releases, you can configure VRRP tracking only through Cisco vManage CLI template. Note Starting from Cisco SD-WAN release 20.7.1, you can configure VRRP tracking using Cisco vManage feature template as well. Note In Cisco SD-WAN release 20.6.1 and earlier releases, to update any existing VRRP configuration and add VRRP tracking, convert the configuration and the VRRP tracking commands to the CLI template. VRRP Tracking Use Cases The VRRP state is determined based on the tunnel link status. If the tunnel or interface is down on the primary VRRP, then the traffic is directed to the secondary VRRP. The secondary VRRP router in the LAN segment becomes primary VRRP to provide gateway for the service-side traffic. VRRP Interface Tracking 2 VRRP Interface Tracking Workflow to Configure VRRP Tracking Zscaler Tunnel Use Case 1--Primary VRRP, Single Internet Provider The primary and secondary Zscaler tunnels are connected through a single internet provider to the primary VRRP. The primary and secondary VRRP routers are connected through using TLOC extension. In this scenario, the VRRP state transition occurs if the primary and secondary tunnels go down on primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. To avoid asymmetric routing, VRRP notifies this change to the Overlay through OMP. Zscaler Tunnel Use Case 2--VRRP Routers in TLOC Extension, Dual Internet Providers The primary and secondary VRRP routers are configured in TLOC extension high availability mode. The primary and secondary Zscaler tunnels are directly connected with primary and secondary VRRP routers, respectively, using dual internet providers. In this scenario too, the VRRP state transition occurs if the primary and secondary tunnels go down on primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. VRRP notifies this change to the Overlay through OMP. TLOC Preference Transport Locators (TLOCs) connect an OMP route to a physical location. A TLOC is directly reachable using an entry in the routing table of the physical network, or represented by a prefix beyond a NAT device. The TLOC change preference is an optional configuration under VRRP group. If you configure TLOC change preference value using the tloc-change-pref command, the value increases by 1 when a node becomes the primary node. The configured or default TLOC preference is applied back on standby state. Note We recommend that you use the same TLOC preference value for all TLOCs in a site. For a Cisco vEdge device, the default TLOC preference for the tunnel interface can be modified irrespective of whether VRRP is configured or not. However, if you want to use the VRRP tracking feature and utilize the advantage of TLOC preference values for VRRP tracking, ensure that the default tunnel preference is same on both the VRRP routers. Workflow to Configure VRRP Tracking 1. Configure an object tracker. For more information, see Configure an Object Tracker, on page 3. 2. Configure VRRP for a VPN Interface template and associate the object tracker with the template. For more information, see Configure VRRP for a VPN Interface Template and Associate Interface Object Tracker, on page 4. Configure an Object Tracker Use the System template to configure an object tracker. 1. From the Cisco vManage menu, choose Configuration > Templates. 2. Click Feature. 3. Navigate to the System template for the device. VRRP Interface Tracking 3 Configure VRRP for a VPN Interface Template and Associate Interface Object Tracker VRRP Interface Tracking Note To create a System template, see Create System Template 4. Click Tracker, and click New Object Tracker to configure the tracker parameters. Table 2: Tracker Parameters Field Description Tracker Type Choose Interface or SIG to configure the Object tracker. Tracker List Enter the name of the tracker list. Interface Choose global or device-specific tracker interface name. 5. Click Add. 6. Click Save. Configure VRRP for a VPN Interface Template and Associate Interface Object Tracker To configure VRRP for a VPN template, do the following: 1. From the Cisco vManage menu, choose Configuration > Templates. 2. Click Feature Templates. Note In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature. 3. Navigate to the VPN Interface Ethernet template for the device. Note For information about creating a new VPN Interface Ethernet template, see Configure VPN Ethernet Interface. 4. Click VRRP and choose IPv4. 5. Click New VRRP to create a new VRRP or edit the existing VRRP and configure the following parameters: Parameter Name Description TLOC Preference Change (Optional) Choose On or Off to set whether the TLOC preference can be changed or not. VRRP Interface Tracking 4 VRRP Interface Tracking Configure VRRP Tracking Using CLI Templates 6. Click the Add Tracking Object link, and in the Tracking Object dialog box that is displayed, click Add Tracking Object. 7. In the Tracker Name field, enter the name of the tracker. 8. From the Action drop-down list, choose Decrement and enter the Decrement Value. 9. Click Add. 10. Click Add to save the VRRP details. 11. Click Save. Configure VRRP Tracking Using CLI Templates You can configure VRRP tracking using the CLI add-on feature templates and CLI device templates. For more information, see CLI Templates. VRRP Object Tracking Using CLI Configure Track List Interface Use the following configuration to add an interface to a track list using Cisco vManage device CLI tempale: Device# config terminal Device(config)# system Device(config-system)# track-list zs1 interface ge0/1 gre1 ipsec1 Device(config-track-list-zs1)# commit Device(config-system-tracker-list-zs1)# exit Device(config-system)# exit Configure Interface Tracking and Priority Decrement Device(config)# vpn 1 Device(config-vpn-1)# name vpn-name Device(config- vpn-1)# interface ge0/2 Device(config-interface-ge0/2)# ip address 172.16.10.1/24 Device(config-interface-ge0/2)# no shutdown Device(config-interface-ge0/2)# vrrp 100 Device(config-vrrp-100)# track zs1 decrement 10 Device(config-vrrp-track-zs1)# exit Device(config-vrrp-100)# ipv4 172.16.10.100 Device(config-vrrp-100)# tloc-change-pref SIG Container Tracking The following example shows how to configure a track list and tracking for SIG containers using the Cisco vManage device CLI template. Note In SIG Object Tracking, you can only set global as the variable for Service Name. VRRP Interface Tracking 5 Configuration Example for VRRP Object Tracking Using CLI VRRP Interface Tracking Configure Track List for SIG Container Device# config terminal Device(config)# system Device(config-system)# track-list SIG sig-container global Device(config-system-tracker-list-SIG)# exit Device(config-system)# exit Configure SIG Container Tracking and Priority Decrement Device(config)# vpn 1 Device(config-vpn-1)# name vpn-name Device(config- vpn-1)# interface ge0/2 Device(config-interface-ge0/2)# ip address 172.16.10.1/24 Device(config-interface-ge0/2)# no shutdown Device(config-interface-ge0/2)# vrrp 100 Device(config-vrrp-100)# track SIG decrement 10 Device(config-vrrp-track-zs1)# exit Device(config-vrrp-100)# ipv4 172.16.10.100 Device(config-vrrp-100)# tloc-change-pref Configure SIG Container Tracking for VRRP Group Device(config-vpn-1)# int ge0/4 Device(config-interface-ge0/4)# vrrp 10 Device(config-vrrp-10)# track SIG decrement 10 Device(config-track-SIG)# commit Commit complete. Device(config-track-SIG)# Configuration Example for VRRP Object Tracking Using CLI Interface Object Tracking Using CLI This example shows how to addan interface to a track list using Cisco vManage device CLI template: Configure terminal system track-list zs1 interface ge0/1 gre1 ipsec1 commit exit Configure Interface Tracking and Priority Decrement vpn 1 name vpn-name interface ge0/2 ip address 172.16.10.1/24 no shutdown vrrp 100 track zs1 decrement 10 exit ipv4 172.16.10.100 tloc-change-pref VRRP Interface Tracking 6 VRRP Interface Tracking Configuration Examples for SIG Object Tracking Configuration Examples for SIG Object Tracking Configure Track List for SIG Container config terminal system track-list SIG sig-container global exit exit Configure SIG Container Tracking and Priority Decrement vpn 1 name vpn-name interface ge0/2 ip address 172.16.10.1/24 no shutdown vrrp 100 track SIG decrement 10 exit ipv4 172.16.10.100 tloc-change-pref Verify VRRP Tracking Device# show vrrp The following is a sample output for the show vrrp command: vrrp vpn 1 interfaces ge0/4 groups 10 virtual-ip 10.1.1.2 virtual-mac 00:00:5e:00:01:0a priority 100 real-priority 100 vrrp-state init omp-state up advertisement-timer 1 primary-down-timer 3 last-state-change-time 0000-00-00T00:00:00+00:00 Device# show vrrp detail The following is a sample output for the show vrrp detail command: OMP status: up group-id: 10, track-omp: no, initialized: yes address: 10.20.24.1 track-prefix-list: -, resolved: state: Primary, down-reason: none, cfg-priority: 100, priority: 100 adv-timer: 1, primary-down-timer: 3, sock-fd: 23, addr-count: 1 adv-timer: Enabled (e: 4 v: 10 c: 1) primary-down-timer: Disabled (e: -1 v: 30 c: 3) virtual-mac: 0x0 0x0 0x5e 0x0 0x1 0xa TLOC Change Preference: Configured TLOC Change Preference value: 1 TLOC Real Preference value: 1 VRRP Interface Tracking 7 Verify VRRP Tracking Group current adaptive priority: 0 Total Tracking object : 1 (head: 0x7f0f6d6771c0) Group Address: 0x7f0f6d624100 Name: zs1 Decrement: 18 Adaptive direction: 0 List Entry :0x7f0f6d687230 Track List: Name: zs1 Total Tracking Objects: 0 VRRP Daemon: 0x7f0f6d68e140 Tracking Object: 0x7f0f6d677270 Type: 1 VRRP Daemon: 0x7f0f6d68e140 Total Interface: 1 Interface: ge0_1(0x7f0f6d66a700) Interface Created: Yes Operational State: UP Device# show run system The following is a sample output for the show run system command: system host-name vm6 system-ip 172.16.255.16 site-id 600 no admin-tech-on-failure route-consistency-check organization-name "vIPtela Inc Regression" track-list SIG container global ! track-list zs1 track-interface ge0/1 ge0/7 ! VRRP Interface Tracking VRRP Interface Tracking 8
Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Catalyst SD-WAN Release 17.x - CLI Templates for Cisco IOS XE Catalyst SD-WAN Devices [Cisco SD-WAN] - CiscoCisco Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Catalyst SD-WAN Release 17.x - System and Interfaces Overview [Cisco SD-WAN] - CiscoSystems and Interfaces Configuration Guide, Cisco SD-WAN Release 20.x - Configure Network Interfaces [Cisco SD-WAN] - Cisco