Fortinet white logo
Fortinet white logo

Administration Guide

Ignore VRRP default route NEW

Ignore VRRP default route NEW

Administrators can choose to exclude the default route from the calculation of available routes to the IPv6 VRRP destination, to better manage and control the VRRP states. Previously, the VRRP state would be Primary as long as any route, including the default route, could reach the IPv6 VRRP destination.

config system interface
    edit <name>
        config ipv6
            config vrrp6
                edit <id>
                    set ignore-default-route {enable | disable}
                next        
            end
        end
    next
end

set ignore-default-route {enable | disable}

Set the default route to be ignored:

  • enable: Ignore the default route when checking the VRRP destination.

  • disable: Include the default route when checking the VRRP destination (default).

Example

In this example, the IPv6 VRRP destination (vrdst6) is set with an IPv6 address of 2000:172:22:20::22, and ignore-default-route is enabled for the destination. As long as non-default routes exist to the VRRP destination, the VRRP state is Primary. When only the default route to the VRRP destination exists, the VRRP state changes to Backup.

To ignore the default route when checking the IPv6 VRRP destination:
  1. Enable the default route to be ignored for IPv6 VRRP.

    The IPv6 VRRP destination (vrdst6) is set with an IPv6 address of 2000:172:22:20::22, and ignore-default-route is enabled for the destination.

    config system interface
        edit "port2"
            config ipv6
                set vrrp-virtual-mac6 enable
                set vrip6_link_local fe80::926c:acff:2222:2222
                config vrrp6
                    edit 100
                        set vrgrp 100
                        set vrip6 2000:10:1:100::222
                        set priority 200
                        set vrdst6 2000:172:22:20::22
                        set ignore-default-route enable
                    next
                end
            end
        next
    end
  2. Check the route for IPv6 VRRP destination.

    The routing table shows an active route through port1 to the IPv6 VRRP destination of 2000:172:22:20::22. The active route is not a default route.

    # get router info6 routing-table 2000:172:22:20::22
    Routing entry for 2000:172:22:20::/80
      Known via "static", distance 10, metric 0
      Last update 00:00:15 ago
        via 2000:172:16:200::55, port1
  3. Check VRRP group information for IPv6.

    The VRRP state is Primary because non-default routes to the IPv6 VRRP destination exist as shown in the previous step.

    # get router info6 vrrp
    Interface: port2, primary IPv6 address: 2000:10:1:100::1
    link-local IPv6 address: fe80::96f3:92ff:fe15:1ecd
    Virtual link-local IPv6 address: fe80::926c:acff:2222:2222
      UseVMAC: 1, SoftSW: 0, EmacVlan: 0 BrPortIdx: 0, PromiscCount: 1
      HA mode: primary (0:0:1)
      VRT primary count: 1
      VRID: 100 version: 3
        vrip: 2000:10:1:100::222, priority: 200, state: PRIMARY
        adv_interval: 1, preempt: 1, ignore_dft: 0, start_time: 3
        primary_adv_interval: 100, accept: 1
        vrmac: 00:00:5e:00:02:64
        vrdst: 2000:172:22:20::22
        vrgrp: 100
    
  4. Delete the non-default routes to the IPv6 VRRP destination (vrdst6), and check the routes again.

    The routing table shows only the default route (::/0) is available to the IPv6 VRRP destination of 2000:172:22:20::22.

    # get router info6 routing-table 2000:172:22:20::22
    Routing entry for ::/0
      Known via "static", distance 10, metric 0, best
      Last update 02:02:09 ago
      * via 2000:172:16:200::254, port1
  5. Check VRRP group information for IPv6.

    The VRRP state is Backup because only the default route is available to the IPv6 VRRP destination as shown in the previous step.

    #get router info6 vrrp
    Interface: port2, primary IPv6 address: 2000:10:1:100::1
    link-local IPv6 address: fe80::96f3:92ff:fe15:1ecd
    Virtual link-local IPv6 address: fe80::926c:acff:2222:2222
      UseVMAC: 1, SoftSW: 0, EmacVlan: 0 BrPortIdx: 0, PromiscCount: 0
      HA mode: primary (0:0:1)
      VRT primary count: 0
      VRID: 100 version: 3
        vrip: 2000:10:1:100::222, priority: 0, state: BACKUP  
        adv_interval: 1, preempt: 1, ignore_dft: 1, start_time: 3 but 
        primary_adv_interval: 100, accept: 1
        vrmac: 00:00:5e:00:02:64
        vrdst: 2000:172:22:20::22
        vrgrp: 100

Ignore VRRP default route NEW

Ignore VRRP default route NEW

Administrators can choose to exclude the default route from the calculation of available routes to the IPv6 VRRP destination, to better manage and control the VRRP states. Previously, the VRRP state would be Primary as long as any route, including the default route, could reach the IPv6 VRRP destination.

config system interface
    edit <name>
        config ipv6
            config vrrp6
                edit <id>
                    set ignore-default-route {enable | disable}
                next        
            end
        end
    next
end

set ignore-default-route {enable | disable}

Set the default route to be ignored:

  • enable: Ignore the default route when checking the VRRP destination.

  • disable: Include the default route when checking the VRRP destination (default).

Example

In this example, the IPv6 VRRP destination (vrdst6) is set with an IPv6 address of 2000:172:22:20::22, and ignore-default-route is enabled for the destination. As long as non-default routes exist to the VRRP destination, the VRRP state is Primary. When only the default route to the VRRP destination exists, the VRRP state changes to Backup.

To ignore the default route when checking the IPv6 VRRP destination:
  1. Enable the default route to be ignored for IPv6 VRRP.

    The IPv6 VRRP destination (vrdst6) is set with an IPv6 address of 2000:172:22:20::22, and ignore-default-route is enabled for the destination.

    config system interface
        edit "port2"
            config ipv6
                set vrrp-virtual-mac6 enable
                set vrip6_link_local fe80::926c:acff:2222:2222
                config vrrp6
                    edit 100
                        set vrgrp 100
                        set vrip6 2000:10:1:100::222
                        set priority 200
                        set vrdst6 2000:172:22:20::22
                        set ignore-default-route enable
                    next
                end
            end
        next
    end
  2. Check the route for IPv6 VRRP destination.

    The routing table shows an active route through port1 to the IPv6 VRRP destination of 2000:172:22:20::22. The active route is not a default route.

    # get router info6 routing-table 2000:172:22:20::22
    Routing entry for 2000:172:22:20::/80
      Known via "static", distance 10, metric 0
      Last update 00:00:15 ago
        via 2000:172:16:200::55, port1
  3. Check VRRP group information for IPv6.

    The VRRP state is Primary because non-default routes to the IPv6 VRRP destination exist as shown in the previous step.

    # get router info6 vrrp
    Interface: port2, primary IPv6 address: 2000:10:1:100::1
    link-local IPv6 address: fe80::96f3:92ff:fe15:1ecd
    Virtual link-local IPv6 address: fe80::926c:acff:2222:2222
      UseVMAC: 1, SoftSW: 0, EmacVlan: 0 BrPortIdx: 0, PromiscCount: 1
      HA mode: primary (0:0:1)
      VRT primary count: 1
      VRID: 100 version: 3
        vrip: 2000:10:1:100::222, priority: 200, state: PRIMARY
        adv_interval: 1, preempt: 1, ignore_dft: 0, start_time: 3
        primary_adv_interval: 100, accept: 1
        vrmac: 00:00:5e:00:02:64
        vrdst: 2000:172:22:20::22
        vrgrp: 100
    
  4. Delete the non-default routes to the IPv6 VRRP destination (vrdst6), and check the routes again.

    The routing table shows only the default route (::/0) is available to the IPv6 VRRP destination of 2000:172:22:20::22.

    # get router info6 routing-table 2000:172:22:20::22
    Routing entry for ::/0
      Known via "static", distance 10, metric 0, best
      Last update 02:02:09 ago
      * via 2000:172:16:200::254, port1
  5. Check VRRP group information for IPv6.

    The VRRP state is Backup because only the default route is available to the IPv6 VRRP destination as shown in the previous step.

    #get router info6 vrrp
    Interface: port2, primary IPv6 address: 2000:10:1:100::1
    link-local IPv6 address: fe80::96f3:92ff:fe15:1ecd
    Virtual link-local IPv6 address: fe80::926c:acff:2222:2222
      UseVMAC: 1, SoftSW: 0, EmacVlan: 0 BrPortIdx: 0, PromiscCount: 0
      HA mode: primary (0:0:1)
      VRT primary count: 0
      VRID: 100 version: 3
        vrip: 2000:10:1:100::222, priority: 0, state: BACKUP  
        adv_interval: 1, preempt: 1, ignore_dft: 1, start_time: 3 but 
        primary_adv_interval: 100, accept: 1
        vrmac: 00:00:5e:00:02:64
        vrdst: 2000:172:22:20::22
        vrgrp: 100