VRRP Groups without using lots of IP

I would like know if it possible to have one interface which connect two routers together and have VRRP running over that interface. The purpose of this is for simple - to check if the routers are alive.

Naturally I can do this, but I would like to add VIPs on other interface (VLANs for each IP block) but I only want the VIP to be on theses VLANs and not the extra IPs which are fixed to each interface.

e.g.

ethernet eth2 {
address 37.143.136.229/30
description vrrp-link… }

and

high-availability {
vrrp {
group dip {
interface eth2
priority 200
virtual-address 37.143.136.231/30
vrid 10
}
group wan_a {
interface eth1
virtual-address 37.142.137.1/26
vrid 20
}
}
}

but it seems I cannot do this without adding and interface IP to eth1 which will eat into the limited address space for small blocks?

Or have i got something wrong here?

Hi Tim,

So you would like to have VRRP on one interface of a router which connects to two other routers? However, I see your configuration shows two interfaces, one per VRRP group.

In order to clarify, maybe you can send a diagram showing what you are trying to achieve?

As you are trying to save IP addresses, please note that interface addresses are needed for VRRP group communication, but they don’t need to be in the same subnet as the virtual address. The virtual address is the one that will communicate to other hosts for normal traffic.

So maybe you want to save public addresses at interfaces and use private ones instead. For instance, you could use a /31 private network for the interfaces of a 2-host VRRP group and use just one public IP address as its virtual one.

Ok… I think I get what you are saying. So I do need IPs on all interfaces we want a virtual IP on but the virtual IP on the interfaces can be outside the physical IPs we allocate to the interface? e.g. small blocks of private IPs on each VLAN we need need a public virtual IP address on? So if I have say 10 VLANs on an interface I guess I need to allocate a physical private IP on each VLAN interface.

Hi Tim,

Yes.

If it does not work, please share a diagram of what you are trying to achieve and configurations, so that I understand better your use of VLANs there.

Hi… this worked … many thanks. I think I’ll do a write up with examples to help others. What do I need to do for IPV6 VRRP… do I also need an IP(v6) on the interface for ipv6 VRRP?

Cool.

You can set every address as IPv6, but you can also use IPv6 only for the virtual address while using IPv4 addresses for the physical interfaces.