Tip

This is the documentation for the 23.11 version. Looking for the documentation of the latest version? Have a look here.

VRRP Compatibility

Currently VRRP is only compatible with routed deployments.

VRRP Hardware Compatibility

VRRP requires network interface hardware on which DPDK PMDs support programming an additional MAC address. Without this capability, the interface cannot receive traffic addressed to the VRRP MAC address.

The following DPDK PMDs are supported:

  • em

  • fm10k

  • i40e

  • iavf

  • ice

  • igb

  • ixgbe

  • mlx4

  • mlx5

  • virtio

Disable Source Pruning

Some poll mode drivers (PMDs) require configuration changes for VRRP to function. Specifically, devices from the Intel X710/XL710 Family use the I40E PMD which has issues with VRRP due to “source pruning”. When a VRRP virtual MAC address is added to the NIC, source pruning causes any received packets which have that virtual MAC address as the source MAC address to be dropped. This can cause a VRRP VR to fail to receive advertisements from a higher priority peer after it enters the master state. The end result is more than one VRRP VR thinks it is in the master state.

There is a device argument to disable this behavior which allows VRRP to function normally.

Determine if the driver is affected

The first step is to check the hardware used by TNSR to see if it is affected. The easiest way is to check sudo vppctl show hardware-interfaces from a shell prompt. Affected interfaces have Intel X710/XL710 Family in their output. For example:

[...]
TenGigabitEthernet6/0/0            3     up   TenGigabitEthernet6/0/0
  Link speed: 10 Gbps
  RX Queues:
    queue thread         mode
    0     main (0)       polling
  Ethernet address 00:e0:ed:87:24:54
  Intel X710/XL710 Family
[...]

Any interfaces participating in VRRP from this device family must have source pruning disabled.

Set Device Argument

To disable source pruning, set the device argument disable_source_pruning=1 on each affected interface.

See also

For more information on setting device arguments, see DPDK Configuration.

Using the example above, to disable it on that device, use:

tnsr(config)# dataplane dpdk dev 0000:06:00.0 network devargs disable_source_pruning=1

Alternately, disable it on all interfaces by setting it as a default network device configuration parameter:

tnsr(config)# dataplane dpdk dev default network devargs disable_source_pruning=1

Restart the dataplane to activate the changes:

tnsr(config)# service dataplane restart

VRRP and NAT

VRRP may not be used on interfaces involved in outbound NAT when the VR priority is 255. Currently there is an interaction between NAT and VRRP in this case which leads to both nodes failing to receive and process VRRP advertisements from peers. When NAT is present on outbound NAT interfaces, use a lower priority value. Conflicting configurations will be rejected by input validation.

See also

See the recipe VRRP with Outside NAT for a compatible example configuration.

VRRP and Reflect ACLs

As there is not yet a method for VRRP cluster nodes to share state data, using reflect type ACLs may result in active connections being dropped when control is transferred between cluster nodes. New connections may be made immediately.

VRRP and AWS/Azure

Currently VRRP does not support unicast peers for routed environments such as AWS and Azure. This functionality will be added in a future release.