Configuring an Oracle^® Solaris 11.3 System as a Router or a Load Balancer

Configuring VRRP

You can use the vrrpadm command to configure a VRRP router. The results of all the subcommands of vrrpadm command are persistent except for the vrrpadm show-router command. For example, the VRRP router that is created by the vrrpadm create-router command persists across reboots. For more information, see the vrrpadm(1M) man page.

You need to have the solaris.network.vrrp authorization, which is part of the Network Management profile, to configure the VRRP router.

Creating a VRRP VNIC for Layer 2 VRRP

VNICs are virtual network interfaces configured on top of a system's physical network adapter and are essential components of network virtualization. A physical interface can have more than one VNIC. For more information about VNICs, see Managing Network Virtualization and Network Resources in Oracle Solaris 11.3.

Each Layer 2 VRRP router requires a special VRRP VNIC. Use the following command syntax.

# dladm create-vnic [-t] [-R root-dir] -l link [-m vrrp -V VRID -A \
{inet | inet6}] [-v VLAN-ID] [-p prop=value[,...]] VNIC 

This command creates a VNIC with a virtual router MAC address that is defined by the VRRP specification. Use the VNIC address type, vrrp, to specify the VRID and address family. The address family is either inet or inet6, which refers to either IPv4 or IPv6 addresses. For example:

# dladm create-vnic -m vrrp -V 21 -A inet6 -l net0 vnic0

For more information, see the dladm(1M) man page.

Creating a VRRP Router

The vrrpadm create-router command creates a Layer 2 or Layer 3 VRRP router with the specified VRID and address family, along with other specified parameters. For more information, see the vrrpadm(1M) man page.

To create a VRRP router, use the following syntax:

# vrrpadm create-router [-T {l2 | l3}] [-f] -V VRID -I ifname \ 
-A [inet | inet6] [-a assoc-IPaddress] [-P primary-IPaddress] \
[-p priority] [-i adv-interval] [-o flags] router-name 

–T l2 | l3

Specifies the type of the router. You can set the type to one of the following values. The default is l2.

• l2 – L2 type VRRP router

• l3– L3 type VRRP router

–f

(L2 VRRP only) Specifies the creation of the VRRP VNIC with an L2 VRRP router. When you specify the –f option, the vrrpadm command checks whether the VRRP VNIC with the specified VRID and address family exists. A VRRP VNIC is created only if it does not already exist. The system generates the name of the VRRP VNIC with the naming convention: vrrp-VRID_ifname_v4 | 6. The –f option does not have any effect when you are creating a Layer 3 VRRP router.

–V VRID

The virtual router identifier that defines the VLAN when associated with the address family.

–I ifname

The interface on which the VRRP router is configured. For a Layer 2 VRRP, the interface can be a physical link, a VLAN, or an aggregation. For a Layer 3 VRRP, the interface can also include an IPMP interface, a DHCP managed interface, and an InfiniBand interface. This link determines the LAN in which this VRRP router is running.

–A [inet | inet6]

The address family, either inet or inet6, which refers to either IPv4 or IPv6 addresses.

–a assoc-IPaddress

Specifies the comma-separated list of IP addresses.

You can specify the IP address in any of the following formats:

• IP-address[/prefix-length]

• hostname[/prefix-length]

• linklocal

  If you specify linklocal, an IPv6 link-local vrrp address is configured based on the VRID of the associated virtual router. The linklocal form applies only to IPv6 VRRP routers. You can combine the –a option with the –f option so that the VNIC is created and plumbed automatically.

–P primary-IPaddress

Specifies the VRRP primary IP address that is used to send the VRRP advertisement.

–p priority

The priority of the specified VRRP router used for master selection. The default value is 255. The router with the highest priority value is selected as the master router.

–i adv-interval

The advertisement interval in milliseconds. The default value is 1000.

–o flags

The pre-empt and accept modes of the VRRP router. The values are preempt or un_preempt, or accept or no_accept. By default, the pre-empt and accept modes are set to preempt and accept respectively.

router-name

The router-name is the unique identifier of this VRRP router. The permitted characters in a router name are alphanumeric (a-z, A-Z, 0-9), and underscore (_). The maximum length of a router name is 31 characters.

Example 2  Creating a Layer 2 VRRP Router

The following example shows how to create a router over a datalink net0.

# dladm create-vnic -m vrrp -V 12 -A inet -l net0 vnic1
# vrrpadm create-router -V 12 -A inet -p 100 -I net0 l2router1
# vrrpadm show-router l2router1
NAME       VRID  TYPE   IFNAME AF   PRIO ADV_INTV MODE  STATE  VNIC
l2router1  12    L2     net0   IPv4 100  1000     e-pa- BACK   vnic1

An L2 VRRP router l2router1 is created over the datalink net0 with an IPv4 address family and VRID 12. For information about the vrrpadm show-router command, see Displaying Layer 2 and Layer 3 VRRP Router Configurations.

Example 3  Creating a Layer 3 VRRP Router

The following example shows how to create an L3 VRRP router over an IPMP interface named ipmp0.

# vrrpadm create-router -V 6 -I ipmp0 -A inet -T l3 l3router1
# vrrpadm show-router
NAME      VRID TYPE IFNAME AF   PRIO ADV_INTV MODE  STATE VNIC
l3router1 6    L3   ipmp0  IPv4 255  1000     eopa- INIT  --
  

An L3 VRRP router l3router1 is created over the IPMP interface ipmp0 with an IPv4 address family and VRID 6. For information about the vrrpadm show-router command, see Displaying Layer 2 and Layer 3 VRRP Router Configurations.

Configuring the Virtual IP Address for Layer 2 and Layer 3 VRRP Routers

To configure the IP address for an L2 VRRP router, you must configure the virtual IP address of type vrrp over the VRRP VNIC that is associated with it.

To configure the virtual IP address for an L3 VRRP router, you must use an IP address of type vrrp on the same IP interface over which the L3 VRRP router is configured.

To configure a virtual IP address for a VRRP router, use the following syntax:

# ipadm create-addr [-t] -T vrrp [-a local=addr[/prefix-length]] \
 [-n router-name].... addr-obj | interface

–t

Specifies that the configured address is temporary and that the changes apply only to the active configuration.

–T vrrp

Specifies that the configured address is of the type vrrp.

–n router-name

The –n router-name option is optional for an L2 VRRP router because the VRRP router name can be derived from the VRRP VNIC interface on which the IP addresses are configured.

For more information, see the ipadm(1M) man page.

Example 4  Configuring Virtual IP Address for an L2 VRRP Router

You can use the vrrp type IP address to configure the virtual IP addresses for an L2 VRRP router. The following example shows how to create the virtual IP address for l2router1.

# ipadm create-ip vrrp_vnic1
# ipadm create-addr -T vrrp -n l2router1 -a 192.0.2.8/27 vrrp_vnic1/vaddr1

The following example shows how to create an IPv6 link-local vrrp IP address for V6vrrp_vnic1/vaddr1.

# ipadm create-ip V6vrrp_vnic1
# ipadm create-addr -T vrrp V6vrrp_vnic1/vaddr1

To configure the IPv6 link-local vrrp type IP address for an VRRP router, you do not need to specify the local address. An IPv6 link-local vrrp type IP address is created based on the VRID of the associated VRRP router.

Example 5  Configuring the Virtual IP Address for an L3 VRRP Router

The following example shows how to configure the virtual IP address for l3router1.

# ipadm create-ip ipmp0
# ipadm create-addr -T vrrp -n l3router1 -a 198.51.100.8/27 ipmp0/vaddr1

The following example shows how to configure an IPv6 link-local vrrp type IP address for the L3 VRRP router l3V6router1.

# ipadm create-ip ipmp1
# ipadm create-addr -T vrrp -n l3V6router1 ipmp1/vaddr0

Enabling and Disabling VRRP Routers

A VRRP router is enabled by default when you first create it. You can disable a VRRP router or all the VRRP routers on the system or zone at the same time by using the vrrpadm disable-router command. You can then re-enable a VRRP router or all the disabled VRRP routers on the system or zone at the same time by using the vrrpadm enable-router command.

The interface over which the VRRP router is created (specified with the -I option when the router is created with vrrpadm create-router) must exist when the router is enabled. Otherwise, the enable operation fails. For an L2 VRRP router, if the router's VRRP VNIC does not exist, the router is not effective. The syntax is as follows:

# vrrpadm enable-router [-a] [router-name]

–a

Specifies that all the disabled routers in the system or zone have to be re-enabled. You must not specify router-name with this option.

router-name

Specifies the name of the router to be re-enabled.

At times, you might need to temporarily disable a VRRP router to make configuration changes and then re-enable the router. The syntax for disabling a router is as follows:

# vrrpadm disable-router [-a] [router-name]

–a

Specifies that all the routers in the system or zone have to be disabled. You must not specify router-name with this option.

router-name

Specifies the name of the router to be disabled.

Modifying a VRRP Router

The vrrpadm modify-router command changes the configuration of a specified VRRP router. You can modify the priority, the advertisement interval, the pre-empt mode, and the accept mode of the router. The syntax is as follows:

# vrrpadm modify-router [-p priority] [-i adv-interval] [-o flags] router-name

Displaying Layer 2 and Layer 3 VRRP Router Configurations

The vrrpadm show-router command shows the configuration and status of a specified VRRP router. For more information, see the vrrpadm(1M) man page. The syntax is as follows:

# vrrpadm show-router [-P | -x] [-p] [-o field[,...]] [router-name] 

Example 6  Displaying a Layer 2 VRRP Router Configuration

The following examples show the vrrpadm show-router command output.

# vrrpadm show-router vrrp1
NAME VRID TYPE  IFNAME  AF   PRIO ADV_INTV MODE  STATE  VNIC
vrrp1 1   L2    net1    IPv4 100  1000     e-pa- BACK   vnic1

NAME

Name of the VRRP router.

VRID

VRID of the VRRP router.

TYPE

The type of VRRP router, which is either L2 or L3.

IFNAME

The interface on which the VRRP router is configured. For an L2 VRRP router, the interface can be a physical Ethernet interface, a VLAN, or an aggregation.

AF

The address family of the VRRP router. It can be either IPv4 or IPv6.

PRIO

The priority of the VRRP router, which is used for master selection.

ADV_INTV

The advertisement interval displayed in milliseconds.

MODE

A set of flags that are associated with the VRRP router and include the following possible values:

• e – Specifies that the router is enabled.

• p – Specifies that the mode is preempt.

• a – Specifies that the mode is accept.

• o – Specifies that the router is the virtual address owner.

STATE

The current state of the VRRP router. The possible values are: INIT (initialize), BACK (backup), and MAST (master).

In this example, information about the specified VRRP router vrrp1 is displayed.

# vrrpadm show-router -x vrrp1
NAME  STATE PRV_STAT STAT_LAST VNIC  PRIMARY_IP     VIRTUAL_IPS
vrrp1 BACK  MAST     1m17s     vnic1 203.0.113.100  203.0.113.1

PRV_STAT

The previous state of the VRRP router.

STAT_LAST

Time since the last state transition.

PRIMARY_IP

The primary IP address selected by the VRRP router.

VIRTUAL_IPS

The virtual IP addresses configured on the VRRP router.

In this example, additional information about the router, such as the primary IP address selected by the VRRP router, virtual IP address configured on the VRRP router, and the previous state of the VRRP router is displayed.

# vrrpadm show-router -P vrrp1
NAME  PEER           P_PRIO  P_INTV  P_ADV_LAST  M_DOWN_INTV
vrrp1 203.0.113.123  120     1000    0.313s      3609

PEER

The primary IP address of the peer VRRP router.

P_PRIO

The priority of the peer VRRP router, which is part of the advertisement received from the peer.

P_INTV

The advertisement interval (in milliseconds), which is part of the advertisements received from the peer.

P_ADV_LAST

Time since the last received advertisement from the peer.

M_DOWN_INTV

Time interval (in milliseconds) after which the master router is declared down.

The –P option is used only when the VRRP router is in the backup state.

Example 7  Displaying the L3 VRRP Router on a System

# vrrpadm show-router
NAME   VRID  TYPE  IFNAME  AF    PRIO  ADV_INTV  MODE   STATE   VNIC
l3vr1  12    L3    net1    IPv6  255   1000      eopa-  INIT    -

In this example, the L3 VRRP router l3vr1 is configured over the interface net1.

Displaying IP Addresses That Are Associated With VRRP Routers

You can display the IP address associated with a VRRP router by using the ipadm show-addr command. The ROUTER field in the output of the ipadm show-addr command displays the name of the VRRP router that is associated with a specific vrrp type IP address.

For the vrrp type IP address of an L2 VRRP, the name of the VRRP router is derived from the VRRP VNIC over which the IP address is configured. If you issue the ipadm show-addr command before you create the L2 router for a VRRP VNIC, the ROUTER field displays ?. For the vrrp type IP address of an L3 VRRP, the ROUTER field always displays the specified router name. For other types of IP addresses, the ROUTER field is not applicable and -- is displayed.

Example 8  Displaying IP Addresses That Are Associated With VRRP Routers

# ipadm show-addr -o addrobj,type,vrrp-router,addr
ADDROBJ              TYPE     VRRP-ROUTER	  ADDR
lo0/v4               static   --               127.0.0.1/8
net1/p1              static   --               192.0.2.10/27
net1/v1              vrrp     l3router1        192.0.2.38/27
vrrp_vnic1/vaddr1    vrrp     l2router1        192.0.2.66/27
lo0/v6               static   --               ::1/128

In this example, l3router1 is associated with the vrrp type IP address 192.0.2.38/27 and l2router1 is associated with the vrrp type IP address 192.0.2.66/27.

The output shows the following information:

ADDROBJ

The name of the address object.

TYPE

The type of the address object, which can be one of the following:

• from-gz

• static

• dhcp

• addrconf

• vrrp

VRRP-ROUTER

The name of the VRRP router.

ADDR

The numeric IPv4 or IPv6 address.

Deleting a VRRP Router

The vrrpadm delete-router command deletes a specified VRRP router. The syntax is as follows:

# vrrpadm delete-router router-name 

Controlling Gratuitous ARP and NDP Messages

When a backup router becomes a master VRRP router, VRRP sets a flag on all the virtual IP addresses associated with the master router and therefore the virtual IP addresses are protected. If there are no conflicts for the virtual IP addresses, several gratuitous ARP and neighbor advertisement messages are sent to advertise the new mapping between the virtual IP address and the MAC address of the new master.

To control the number of messages sent and the interval between the advertisement of messages, you can use the following IP protocol properties:

• arp_publish_count

• arp_publish_interval

• ndp_unsolicit_count

• ndp_unsolicit_interval

For more information about the IP protocol properties, see IP Tunable Parameters Related to Duplicate Address Detection in Oracle Solaris 11.3 Tunable Parameters Reference Manual.