Kaspersky SD-WAN
2.2
English

Contents

Ensuring high availability with VRRP

Kaspersky SD-WAN supports the Virtual Router Redundancy Protocol (VRRP) for combining network interfaces of multiple CPE devices into virtual routers. When network interfaces are combined into a virtual router, they share a virtual IP address. One network interface is primary and the others are secondary. A virtual IP address is assigned to the primary network interface.

Network interfaces in a virtual router exchange control packets to determine which network interfaces have failed. If a primary network interface fails, a new primary network interface is elected and a virtual IP address is assigned to it. Traffic that was relayed to the virtual IP address through the failed network interface is automatically taken over by the new primary network interface.

You can create VRRP instances to combine network interfaces into virtual routers. When creating a VRRP instance, you must specify a network interface, a Virtual Router ID (VRID), and a virtual IP address. Network interfaces are combined into a virtual router if the same virtual router ID and virtual IP address are specified in the VRRP instances created for them.

If you need to synchronously change the primary network interface in multiple virtual routers, you can create groups of VRRP instances. If the primary network interface changes in one of the VRRP instances, this change also occurs in all other VRRP instances in the VRRP instance group.

In this section

Enabling or disabling the VRRP protocol

Managing VRRP instances

Managing VRRP instance groups
Page top
[Topic 246585]

Enabling or disabling the VRRP protocol

You can enable or disable the VRRP protocol in a CPE template or on a CPE device. VRRP protocol enabled or disabled in the CPE template is automatically enabled or disabled on all CPE devices that use this CPE template.

To enable or disable the VRRP protocol:

  1. Enable or disable the VRRP protocol in one of the following ways:
    • If you want to enable or disable the VRRP protocol in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the VRRP → VRRP instances tab.
    • If you want to enable or disable the VRRP protocol on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the VRRP → VRRP instances tab, and select the Override check box.

    A table of VRPP instances is displayed.

  2. In the VRRP drop-down list, select one of the following values:
    • Enabled
    • Disabled Default value.

    When enabling VRRP, you must create at least one VRRP instance.

  3. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 256539]

Managing VRRP instances

The table of VRRP instances is displayed in the CPE template and on the CPE device:

  • To display the table of VRRP instances in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the VRRP instances → VRRP tab.
  • To display the table of VRRP instances on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and select the VRRP → VRRP instances tab.

Information about VRRP instances is displayed in the following table columns:

  • Name is the name of the VRRP instance.
  • VRID is the virtual router ID.
  • Interface is the network interface that has been added to the virtual router.
  • VIP is the virtual IP address assigned to the network interface.
  • State is the role of the network interface:
    • Backup is the backup network interface.
    • Master is the primary network interface.
  • Priority is the priority of the network interface. The greater the value, the higher the priority. When the primary network interface fails, it is replaced by the backup network interface with the highest priority. If, when selecting the new primary network interface, all backup network interfaces have the same priority, the new primary network interface is selected at random.
  • Advertise interval (sec.) is the time interval in seconds for sending control packets from a network interface to other network interfaces.
  • Nopreempt specifies if the role of the network interface that became the primary must change if the previous primary network interface recovers:
    • Yes
    • No
  • Management contains the actions that can be performed with the VRRP instance.

In this section

Creating a VRRP instance

Editing a VRRP instance

Deleting a VRRP instance
Page top
[Topic 271048]

Creating a VRRP instance

You can create a VRRP instance in a CPE template or on a CPE device. A VRRP instance created in the CPE template is automatically created on all CPE devices that use this CPE template.

To create a VRRP instance:

  1. Create a VRRP instance in one of the following ways:
    • If you want to create a VRRP instance in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the VRRP → VRRP instances tab.
    • If you want to create a VRRP instance on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the VRRP → VRRP instances tab, and select the Override check box.

    A table of VRPP instances is displayed.

  2. Click + VRRP instance.
  3. This opens a window; in that window, in the Name field, enter the name of the VRRP instance. Maximum length: 16 characters.
  4. In the VRID field, enter the ID of the virtual router. You must specify the same ID when creating VRRP instances for all network interfaces that you want to combine into a virtual router. Range of values: 1 to 255.
  5. In the Interface drop-down list, select the created network interface that you want to add to the virtual router.
  6. In the VIP field, enter the virtual IP address that you want to assign to this network interface. You must assign the same virtual IP address to all network interfaces that you want to combine into a virtual router.
  7. In the State drop-down list, select the role of the network interface:
    • Backup is the backup network interface. Default value.
    • Master is the primary network interface.
  8. In the Priority field, enter the priority of the network interface. The greater the value, the higher the priority. When the primary network interface fails, it is replaced by the backup network interface with the highest priority. If, when selecting the new primary network interface, all backup network interfaces have the same priority, the new primary network interface is selected at random. Range of values: 1 to 1000. Default value: 100.
  9. In the Advertise interval (sec.) field, enter the time interval in seconds for sending control packets from a network interface to other network interfaces. Range of values: 1 to 60. Default value: 5.
  10. If you do not want to change the role of the backup network interface that has become the primary router, even if the old primary network interface becomes operational again, select the Nopreempt check box. This check box is cleared by default.
  11. If you want to configure unicast sending of control packets by the network interface:
    1. Select the Unicast check box. This check box is cleared by default.
    2. In the Main VRPP router IP field, enter the IP address of the source network interface for sending control packets.
    3. In the Backup VRRP router IP field, enter the IP address of the destination network interface for sending control packets.

    By default, the network interface uses multicast to send control packets.

  12. If you want to use a password for authentication of control packets on the network interface:
    1. Select the Authentication check box. This check box is cleared by default.
    2. Enter a password in the field that is displayed. Maximum length of the password: 16 characters. You must specify the same password for all network interfaces that you want to combine into a virtual router. To see the entered password, you can click the show icon .
  13. Click Create.

    The VRRP instance is created and displayed in the table.

  14. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 246590]

Editing a VRRP instance

You can edit a VRRP instance in a CPE template or on a CPE device. A VRRP instance edited in the CPE template is automatically modified on all CPE devices that use this CPE template. You cannot edit a VRRP instance that is inherited from a CPE template on a CPE device.

To edit a VRRP instance:

  1. Edit a VRRP instance in one of the following ways:
    • If you want to edit a VRRP instance in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the VRRP → VRRP instances tab.
    • If you want to edit a VRRP instance on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the VRRP → VRRP instances tab, and select the Override check box.

    A table of VRPP instances is displayed.

  2. Click Edit next to the VRRP instance that you want to edit.
  3. This opens a window; in that window, if necessary, edit the VRRP instance settings. For a description of the settings, see the instructions for creating a VRRP instance.
  4. Click Save.

    The VRRP instance is modified and updated in the table.

  5. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 256542]

Deleting a VRRP instance

You can delete a VRRP instance in a CPE template or on a CPE device. A VRRP instance deleted in the CPE template is automatically deleted on all CPE devices that use this CPE template. You cannot delete a VRRP instance that is inherited from a CPE template on a CPE device.

Deleted VRRP instances cannot be restored.

To delete a VRRP instance:

  1. Delete a VRRP instance in one of the following ways:
    • If you want to delete a VRRP instance in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the VRRP → VRRP instances tab.
    • If you want to delete a VRRP instance on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the VRRP → VRRP instances tab, and select the Override check box.

    A table of VRPP instances is displayed.

  2. Click Delete next to the VRRP instance that you want to delete.
  3. In the confirmation window, click Delete.

    The VRRP instance is deleted and is no longer displayed in the table.

  4. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 256546]

Managing VRRP instance groups

The table of VRRP instance groups is displayed in the CPE template and on the CPE device:

  • To display the table of VRRP instance groups in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the VRRP → VRRP instance groups tab.
  • To display the table of VRRP instance groups on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and select the VRRP → VRRP instance groups tab.

Information about VRRP instance groups is displayed in the following columns of the table:

  • Name is the name of the VRRP instance group.
  • VRRP instances are VRRP instances that have been added to the VRRP instance group.
  • Management contains the actions that can be performed with the VRRP instance group.

In this section

Creating a VRRP instance group

Editing a VRRP instance group

Deleting a VRRP instance group
Page top
[Topic 271053]

Creating a group of VRRP instances

You can create a VRRP instance group in a CPE template or on a CPE device. A VRRP instance group created in the CPE template is automatically created on all CPE devices that use this CPE template.

To create a VRRP instance group:

  1. Create a VRRP instance group in one of the following ways:
    • If you want to create a VRRP instance group in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the VRRP → VRRP instance groups tab.
    • If you want to create a VRRP instance group on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the VRRP → VRRP instance groups tab, and select the Override check box.

    A table of VRRP instance groups is displayed.

  2. Click + VRRP instance group.
  3. This opens a window; in that window, in the Name field, enter the name of the VRRP instance group. Maximum length: 16 characters. Default value: 1.
  4. In the VRRP instances drop-down list, select the created VRRP instance that you want to add to the VRRP instance group.

    The VRRP instance is added and displayed in the lower part of the window. You can add multiple VRRP instances or delete a VRRP instance. To delete a VRRP instance, click Delete next to it.

  5. Click Create.

    The VRRP instance group is created and displayed in the table.

  6. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 246599]

Editing a VRRP instance group

You can edit a VRRP instance group in a CPE template or on a CPE device. A VRRP instance group edited in the CPE template is automatically modified on all CPE devices that use this CPE template. You cannot edit a VRRP instance group that is inherited from a CPE template on a CPE device.

To edit a group of VRRP instances:

  1. Edit a VRRP instance group in one of the following ways:
    • If you want to edit a VRRP instance group in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the VRRP → VRRP instance groups tab.
    • If you want to edit a VRRP instance group on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the VRRP → VRRP instance groups tab, and select the Override check box.

    A table of VRRP instance groups is displayed.

  2. Click Edit next to the VRRP instance group that you want to edit.
  3. This opens a window; in that window, if necessary, edit the name of the VRRP instance group and add or delete created VRRP instances.
  4. Click Save.

    The VRRP instance group is modified and updated in the table.

  5. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 256548]

Deleting a VRRP instance group

You can delete a VRRP instance group in a CPE template or on a CPE device. A VRRP instance group deleted in the CPE template is automatically deleted on all CPE devices that use this CPE template. You cannot delete a VRRP instance group that is inherited from a CPE template on a CPE device.

Deleted VRRP instance groups cannot be restored.

To delete a VRRP instance group:

  1. Delete a VRRP instance group in one of the following ways:
    • If you want to delete a VRRP instance group in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the VRRP → VRRP instance groups tab.
    • If you want to delete a VRRP instance group on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the VRRP → VRRP instance groups tab, and select the Override check box.

    A table of VRRP instance groups is displayed.

  2. Click Delete next to the VRRP instance group that you want to delete.
  3. In the confirmation window, click Delete.

    The VRRP instance group is deleted and is no longer displayed in the table.

  4. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 256550]