Hi folks, I had some trouble finding script examples when I wanted to sync my VRRP interfaces. Thought I’d post my examples for what worked for me in the end, to hopefully signpost others.
In my scenario: I wanted to ensure that all the VRRP interfaces across my two gateway devices had consistent states. So if my “Primary” router (vrrp interfaces priority 200) had a failed link and one of the interfaces on my “Secondary” router (vrrp priority 100) became Master; I wanted all the interfaces on the Secondary to become master. I later wanted to ensure that if the Primary came back up again that the interface that initiated the state changes would fail back and that the other interfaces artificially migrated would also fail back.
Here are the scripts I ended up with. I store them both in System / Scripts on my Secondary router and then call them from the ON MASTER and ON BACKUP script interface for each VRRP interface I want to keep in sync. They only run on the Secondary router. In my setup all the VRRP interfaces on the Primary have Priority 200 and Priority 100 on the matching Secondary router. I have Preemption Mode turned on.
System / Scripts
#on-master
/interface vrrp set [/interface vrrp find master!=yes priority=100] priority=250;
#on-backup
/interface vrrp set [/interface vrrp find master=yes priority=250] priority=100;
Then on each VRRP interface, in the respective script boxes.
#on-master
{/system script run on-master}
#on-backup
{/system script run on-backup}
When one of the interfaces on the secondary system becomes Master the script looks for all VRRP interfaces that aren’t currently in Master mode and have a Priority of 100 then inflates their priority to 250. This initiates a Master migration for all of those ports. All ports on the Secondary become master, the interface that initiated the migration keeps its original priority and all other interfaces recieve a priority of 250.
When the interface that initiated the migration comes back up, normal priorities cause it to return to Backup status on the Secondary and initiates the On-Backup script. This script looks for all VRRP interfaces on the Secondary that are both in Master mode and currently have a Priority of 250, it then re-sets their Priority to the original 100. This initiates a fail back of all interfaces to the Master and sets all ports to their original configuration.
If you have any VRRP interface that you don’t want to participate in the state sync, simply set a very slightly different priority for those (210 and 110), the scripts will then ignore those interfaces when setting priorities.
I’ve had this code in production for a while now and so far has worked well for me. It’s also quite tolerant of multiple simultaneous interface failures or full router failures. I’m very happy to receive any suggestions for improvement or consideration of factors I might not have thought of.
Cheers.