Configure high availability (VRRP)

mbox (CMG, HSG, HSA) uses standard VRRP protocol for network redundancy or high availability (HA).

Virtual Router Redundancy Protocol (VRRP) creates a VIP (virtual IP address) and enables automatic failover between gateways within the same VRRP group, so that clients sharing the VIP (as default gateway) experience no downtime as long as one of the gateway (within the same VRRP group) is still alive.

We can configure several gateways for the same VRRP group, and the one with highest priority within the same group becomes MASTER, holding the VIP. If MASTER fails, the next highest priority gateway will immediately become MASTER and take over the VIP, etc.

!interface eth 0 enable ip address dhcp!interface eth 1 enable!interface vlan 1 100 enable ip address vrrp-group 100 state MASTER priority 120 authentication Letmein99 virtual_ipaddress start!interface vlan 1 101 enable ip address vrrp-group 101 state SLAVE priority 80 authentication Letmein99 virtual_ipaddress start!

Optional features:

  • "track eth0 weight 50". This command tracks eth0 availability. if the interface goes down, VRRP group priority will reduce by 50, so it may potentially become SLAVE (depending on other peers priority).
  • "track eth0 host 2". This command track upstream host availability. It helps to detect upstream connectivity issues. eg. if is not available due to ISP links or ISP backbone outage, within 2 minutes the mbox will shutdown it's VRRP service and completely failover to other peers within same group. Note, each box can only add one host tracking command.
  • "preempt no/delay xx". This command determines if mbox should resume back to its previous status after a failover event occured. eg. if it was a MASTER and failover to become SLAVE (due to reboot, interface down or upstream host tracking failure etc), and after service recovered mbox should decide to become MASTER or remain as SLAVE. By default it's "preempt yes". If you put as "no", the box will not take over MASTER role after recovered (even if it has higher priority). You may also use "preempt delay xx" to delay the status recover. This optional feature is typically used to minimize operations after failure recovery.


Useful troubleshooting commands:

show interface vlansshow ip interface briefshow interface brief