When it comes to today’s networks, resilience and redundancy are the most important aspects that network engineers have in mind. Compromising service continuity is something undesirable and impermissible at the same time.
To provide redundancy at the network layer a few approaches can be considered. The most famous protocols used for router redundancy are Cisco’s proprietary HSRP: Hot Standby Routing Protocol and IETF standardized VRRP: Virtual Router Redundancy Protocol. Both protocols have the same concept. They utilize virtual IP addresses shared across several gateways within a network. Only a single gateway at a time can acquire and utilize a virtual address. In case of failure, the virtual address is undertaken by another gateway so that service is never discontinued.
In the past I have described in detail the HSRP protocol. You can refresh your memory and learn more about it in my article on how to achieve network redundancy with HSRP.
In this article we will focus on VRRP which is a standardized protocol used across multivendor routers, although Cisco also supports it. It is the only network layer redundancy protocol that can be used in a network with multivendor routers, so it is very important to get familiar with it.
The virtual Router Redundancy Protocol (VRRP) is defined in IETF standard RFC 2338. Before looking into the details of VRRP’s functionality you should get familiar with the following terms related to VVRP:
- VRRP Router: A router that runs VRRP protocol. It may participate in one or more virtual routers.
- Virtual Router: From the Client’s perspective, the virtual router represents the default gateway for hosts within a LAN. It utilizes a Virtual Router Identifier (VRID) within a given LAN subnet and exchanges VRRP protocol messages with other Virtual Routers within the same LAN in order to decide upon the selection of Master and Backup Virtual Routers.
- IP Address Owner: The VRRP router that owns the Virtual Router’s IP address as real interface address and respond’s to clients ARP request for this address.
- Primary IP: VRRP Advertisements are always transmitted using this IP address as source IP address. It is the physical IP address assigned on an interface or VLAN participating in VRRP.
- Master VR: The Virtual Router that is currently elected as master. It is the Virtual Router that serves clients within the specific shared LAN.This VR is the current owner of the Virtual IP address.
- Backup VR: The Virtual Router or set of Virtual Routers that behave as backup routers for the IP address(es) associated with them. The Backup VR immediately takes over the responsibilities of the VR when the Master fails.
- VRID: The Virtual Router Identifier field of the VRRP packet. It has only local significance (within a single LAN) and it is only used for differentiating exchange of messages between Virtual Router instances in a given LAN. It can take a number between 1 and 255.
- Priority: The priority field within the VRRP packet indicates the sending VRRP Router’s priority for the Virtual Router. It can take any value between 0 (which means no participation in VRRP Master election) and 255 (which means that the router owns the IP address associated with the VR). The VR with the highest priority is elected as the Master VR. The default Priority for VRRP routers backing up a VR is 100.
VRRP Message Interaction
One major difference compared to HSRP which is worth telling is the fact that only the VRRP Master VR transmits periodic VRRP messages. This is a major difference compared to HSRP, where, the later specifies that both Master and Backup exchange VRRP messages. We should now examine the VR’s operation on both Master and Backup roles.
While in Master state, the Virtual Router operates as the default gateway of end-users within the LAN. It responses to ARP requests for the IP address associated with the VR. While in Master state, the VR has to periodically send VRRP Advertisements. The Advertisement Internal is manually configured. By default the advertisement interval is set to 1 second. The Master VR, in case it receives a VRRP Advertisement, it performs the following:
- If the received Priority is greater than the locally configured Priority, transition to the Backup state occurs.
- If the Priority is equal to the local Priority and the IP address of the sender is greater than the local primary IP address, then transition to the Backup state is initialized.
While in Backup state, the VR does not participate in any way in normal traffic. It monitors VRRP announcements from the Master and performs the following:
- If an announcement is not received (after a predefined time interval) then, transition to the Master State is performed. To do so, the Backup VR, broadcasts a gratuitous ARP request containing the VR MAC address of the IP address associated with the VR so that layer 2 devices update their forwarding table. From that point onwards, the previously backup VR is now the current master VR.
- By default, if a Backup VR is elected as Master VR and the previously Master (with higher Priority) becomes available, pre-emption takes place, i.e. the active master gives its place to the previous master. Pre-emption can be disabled.
VRRP Message Format
They say that a single picture is equivalent to a thousand words. Well, that is partly true. In our case, I guess, the following picture tells everything about the VRRP packet layout.
Pay attention to the following major characteristics:
- Sender’s source MAC address has the format 00-00-5E-00-01-[XX], where the “XX” consists of a two digit hexadecimal value equivalent to the VRRP Virtual Router Identifier (VRID). For example, a VRRP interface assigned the VRID 12 would have a MAC address of 00-00-5E-00-01-0C.
- Destination MAC address is equivalent the well known multicast address defined for VRRP which is 00-00-5E-00-01-12.
I have included some notes next to the marked items on the above diagram. It is all that you need to know about VRRP message content.
Major VRRP Commands
I would like to close the discussion about VRRP with the major VRRP Interface commands.
Vrrp [VRID] priority [value]
e.g. vrrp 1 priority 110
Vrrp [VRID] timers advertise [msec] [interval]
e.g. vrrp 1 timers advertise msec 500
e.g. vrrp 1 timers advertise 1 …….(seconds)
Vrrp [VRID] ip[ip address]
e.g. vrrp 1 ip 10.10.10.10
No Vrrp [VRID] preempt
e.g no vrrp 1 preempt