Chapter 33 Device HA
33.1.1Additional VRRP Notes
•It is possible to set up two virtual routers so that they back up each other.
•VRRP uses IP protocol 112.
33.2 VRRP Group Overview
In the ZyWALL, you should create a VRRP group to add one of its interfaces to a virtual router. You can add any Ethernet or VLAN interface with a static IP address. You do not configure VRRP groups for virtual interfaces.
"You can only use interfaces that have static IP addresses.
You can only enable one VRRP group for each interface, and you can only have one active VRRP group for each virtual router.
"If you create a VRRP group for an Ethernet interface that has a VLAN interface configured on it, make sure you create a separate VRRP group for the VLAN interface. This will avoid an IP conflict if the backup ZyWALL takes over for the master.
You must set up a static IP address for the interface first, and this IP address should be the IP address of the virtual router, not the management IP address. The management IP address is assigned in the VRRP group. When the ZyWALL is the master router, the interface uses its IP address, the IP address of the virtual router. If the ZyWALL is a backup router, the interface uses its management IP address. You can look at the current IP address of the interface in the Status screen.
"You can only have one active VRRP group for each interface, and you can only have one active VRRP group for each virtual router (VR ID).
If there is a PPPoE/PPTP interface on top of an interface in a VRRP group, the PPPoE/PPTP interface cannot connect to the ISP until the interface becomes the master in the virtual router.
At the time of writing, the advertisement interval is fixed at one second.
You can also set up authentication for a VRRP group. If you select AH MD5 authentication, the VRRP group uses IP protocol 51 (AH), instead of IP protocol 112 (VRRP).
| 495 |
ZyWALL USG 1000 User’s Guide | |
|
|