VRRP troubleshooting guide
Contents
Troubleshooting scenario 1: Multiple masters appear in a VRRP group
Troubleshooting scenario 2: A downlink device cannot ping the virtual IP address
Objective
This guide describes the troubleshooting methods to find out the causes of network failures induced by VRRP.
Requirements
- Omada and Omada Pro L3 Switches
- Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller, v5.9 and above)
Introduction
This article introduces the monitoring of VRRP to ensure its proper functioning and the troubleshooting measures taken in the event of a VRRP failure. The VRRP show commands enable you to monitor the operation status of VRRP, and the syslog helps you troubleshoot network failures and retain the information. Two common VRRP failures and their troubleshooting process will be presented.
VRRP show commands
The VRRP show commands help you view the status information of the VRRP backup group, making it easier to analyze and locate the cause of the failure. You can use “?” in the CLI interface to invoke the HELP function. Effective monitoring of the VRRP status is crucial for network operation and maintenance. By monitoring devices and VRRP backup group status in real time, you can troubleshoot network failures promptly and ensure normal network operation.
- show ip vrrp
The show ip vrrp command allows you to have an overview of all VRRP backup groups on the device and the negotiation status of the VRRP backup group devices.
- show ip vrrp interface <interface-name interface-id | interface-type interface-number>
The show ip vrrp interface <interface-name interface-id | interface-type interface-number> command is used to view specific configuration information on the interface of the VRRP backup group. This command displays the VRRP protocol, VRRP negotiation status, real IP address, virtual IP address, priority, advertise timer, preempt mode, and preempt delay timer used by the VRRP backup group device, as shown in the following figure.
- show ip vrrp vrid <vrid>
The show ip vrrp vrid <vrid> command displays the specific configuration information of VRRP under the VRID, including the VRRP protocol used by the VRRP backup group devices, VRRP negotiation status, interface IP address, virtual IP address, priority, advertise timer, preempt mode, and preempt delay timer.
You can also specify a specific interface at the end of this command. The VRRP configuration information of the corresponding interface under the VRID will then be shown; otherwise, the information of all interfaces under the VRID will be displayed.
- show ip vrrp statistics interface <interface-name interface-id | interface-type interface-number>
The show ip vrrp statistics interface <interface-name interface-id | interface-type interface-number> command is used to view the statistics of VRRP advertisement messages of the interface, as shown in the following figure.
The statistical information of the VRRP backup group is explained as follows:
- State Transitioned to Master: The number of times that the VRRP state has transitioned to Master;
- Advertisement Received: The number of advertisement messages received;
- Advertisement Sent: The number of advertisement messages sent;
- IP TTL Errors: The number of advertisement messages received with TTL being not 255;
- Authentication Failure: The number of VRRP authentication failures;
- Address List Errors: The number of advertisement messages received with virtual primary IP / secondary IP addresses that do not match the VRRP backup group;
- Packet Length Errors: The number of advertisement packets received with incorrect total IP header length;
- Advertisement Interval Errors: The number of advertisement messages received whose advertisement time does not match that of the VRRP backup group;
- Invalid Type Packets Received: The number of VRRP advertisement packets received whose packet type is not Advertisement;
- Zero Priority Packets Received: The number of advertisement packets received with the priority 0;
- Zero Priority Packets Sent: The number of advertisement packets sent with the priority 0;
- Invalid Authentication Type: The number of advertisement messages received with invalid authentication type (not md5 or simple);
- Authentication Type Mismatch: The number of advertisement messages received with the authentication type that does not match that of the VRRP backup group;
- Router Checksum Errors: The number of advertisement messages received with incorrect checksum;
- Router Version Errors: The number of advertisement messages received with inconsistent VRRP protocols;
- Router VRID Errors: The number of advertisement messages received with inconsistent VRID.
- show ip vrrp statistics vrid <vrid>
The show ip vrrp statistics vrid <vrid> command is used to view the statistics of VRRP advertisement messages of all the interfaces under the VRID, as shown in the following figure.
You can also specify a specific interface at the end of this command. The statistical information of VRRP advertisement messages of the corresponding interface will then be shown.
- clear vrrp statistics
The clear vrrp statistics command is used to clear the statistics counts of VRRP backup groups, an operation sometimes necessary for troubleshooting. This operation will clear the statistics counts of all VRRP backup groups on the device. The specific operation command is shown in the following figure.
syslog
The syslog is an effective troubleshooting tool that can record and track critical events in the operation of a device. Logs are helpful for network analysis, evidence collection, and troubleshooting. The currently supported log record types are listed below.
- Determining logging levels
By determining the logging level of VRRP, you can control the logs that are to be recorded. Eight logging levels are available on the Omada switches. You can determine the logging level of the module by checking the historical logs with the show logging command. As shown in the following figure, the logging level of the VRRP module is 6.
After determining the logging level of the VRRP module, you can filter logs at Level 0-6 with the show logging 6 commands.
- Saving logs to the syslog server
Logs are saved in the buffer with limited memory by default. When the buffer is full, the latest logs will overwrite the earliest ones. Therefore, the logging host index <1-4> <ip-address> <0-7> command can be used to save the logs to the syslog server to avoid the logs being overwritten, preventing the impact on the troubleshooting process.
Troubleshooting Steps
Troubleshooting scenario 1: Multiple masters appear in a VRRP group
Fault description: After the show ip vrrp command is executed on each device in the VRRP backup group to check the respective VRRP status, it is found that multiple VRRP devices are in the Master state.
Step 1. Check whether the VRRP devices receive the advertisement messages.
- Use the show ip vrrp statistics command to check whether the VRRP devices have received advertisement messages. In other words, check multiple times to see whether other statistical items are growing except for Advertisement Sent.
- If only the count of the Advertisement Sent is increasing, proceed to Step 2 for further troubleshooting. If other statistics counts are also increasing, perform the show ip vrrp vrid <vrid> command to check whether the corresponding configuration of each VRRP device is correct. As shown below, if the count of the Advertisement Interval Errors is continuously growing, check the Advertise Timer respectively configured in each device with the show ip vrrp vrid 10 command and the configuration is found to be inconsitent.
The Advertise Timer is configured as 200cs for DUT1:
The Advertise Timer is configured as 100cs for DUT2:
To solve the problem, reconfigure the Advertise Timer of DUT1 and DUT2 as the same value. As shown in the following figure, the Advertise Timer of DUT2 is reconfigured to 200cs, and the VRRP state of DUT2 transitions to Backup. Now, the VRRP backup group does not have multiple Masters.
Step 2. Ping the VRRP devices to check network connectivity between them
- Ping the IP address of the interface directly. If the ping operation fails, examine the network connectivity first.
Troubleshooting scenario 2: A downlink device cannot ping the virtual IP address
Fault description: After a VRRP backup group is configured in the network, the downstream device cannot ping the virtual IP address of the VRRP backup group.
Step 1. Confirm the virtual IP address of the VRRP backup group and the corresponding virtual MAC address.
Execute the show ip vrrp vrid <vrid> command on the VRRP backup group device to view the virtual IP address and virtual MAC address of the VRRP backup group.
Step 2. Confirm that the downlink device has an ARP for the VRRP backup group.
Check the ARP on the downlink device and ensure that the ARP has learned the virtual IP address and the corresponding virtual MAC address of the VRRP backup group.
Step 3. Confirm that the downlink device has a MAC table entry for the VRRP backup group.
Check the MAC address table entry on the downlink device and confirm that the virtual MAC address of the VRRP backup group is available and the corresponding outgoing port is correct.
Step 4. Check whether the VRRP backup group devices can ping each other.
If the master and backup devices cannot ping each other, examine the network connectivity first. If the ping operation succeeds, collect the information on configuration, log files, and operation procedures and contact TP-Link Support.
Conclusion
This article describes the VRRP troubleshooting methods and two common troubleshooting scenarios. With the help of show commands and syslog, most network problems can be solved. If not, collect the configuration information, log files, and operation procedures and contact TP-Link Support
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
FAQ
VRRPv3 supports both IPv4 and IPv6. This guide mainly introduces the troubleshooting methods for IPv4 VRRP backup groups. Is there any difference between the troubleshooting methods between IPv6 VRRP backup groups and IPv4 ones?
Re. The IPv6 VRRP backup group follows the same troubleshooting procedure as IPv4.