Virtual Router Redundancy Protocol
From Wikipedia, the free encyclopedia
Virtual Router Redundancy Protocol (VRRP) is a non-proprietary redundancy protocol described in RFC 3768 designed to increase the availability of the default gateway servicing hosts on the same subnet. This increased reliability is achieved by advertising a "virtual router" (an abstract representation of master and backup routers acting as a group) as a default gateway to the host(s) instead of one physical router. Two or more physical routers are then configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical router that is routing the data on behalf of the virtual router fails, an arrangement is made for another physical router to automatically replace it. The physical router that is currently forwarding data on behalf of the virtual router is called the master router. Physical routers standing by to take over from the master router in case something goes wrong are called backup routers.
VRRP can be used over Ethernet, MPLS and token ring networks. Implementations for IPv6 are in development, but not yet available. The VRRP protocol is more widely implemented than its competitors. Vendors like Dell, Nortel Networks, Cisco Systems, Inc, Juniper Networks, Huawei, Foundry Networks and 3Com Corporation all offer routers and Layer 3 switches that can use the VRRP protocol. VRRP implementations for Linux and BSD are also available.
VRRP is not a routing protocol as it does not advertise IP routes or affect the routing table in any way.
Contents |
[edit] Implementation
A virtual router must use 00-00-5E-00-01-XX as its Media Access Control (MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and is the only way that other physical routers can identify the master router within a virtual router. Physical routers acting as a virtual routers must communicate within themselves using packets with multicast IP address 224.0.0.18 and IP protocol number 112.
Master routers have a priority of 255 and backup router(s) can have priority between 1-254. When a planned withdraw of a master router is to take place, it changes its priority to zero which forces a backup router to take up the master router status more quickly. This is in order to reduce the black hole period.
[edit] Elections of master routers
Election on which physical router will replace the fallen master router is accomplished as follows. A failure to receive a multicast packet from master router for a period longer than three times the advertisement timer, triggers the backup routers to assume that the master router is dead. The virtual router then transitions into unsteady state and an election process is initiated to select the next master router from the backup routers. This is fulfilled though the use of multicast packets.
It should be noted that backup router(s) are only supposed to send multicast packets during election process. Exception to this rule is when a physical router is configured to always overthrow the current master after it has been introduced to the virtual router. This facilitates a way for system user to force a physical router to master state immediately after booting, for example when that particular router is more powerful than others within the virtual router or when that particular router uses the least expensive bandwidth. The backup router with the highest priority becomes the master router by raising its priority to 255 and sending Address Resolution Protocol packets, with the virtual MAC address and its physical IP address. This redirect the host's packets from the fallen master router to the current master router. In cases where backup routers all have the same priority, the backup router with the highest IP address becomes the master router.
All physical routers acting as a virtual router must be within one hop of each other. Communication within the virtual router takes place periodically. This period can be adjusted by changing advertisement interval timers. The shorter the advertisement interval, the shorter the black hole period, though at the expense of more traffic in the network. Security is achieved by responding only to first hop packets, though other mechanisms are provided to reinforce above, especially from local attacks. Some details have been omitted to improve readability. Notable among these is the use of skew time, derived from a router's priority and used to reduce the chance of the thundering herd problem occurring during election.
Backup router utilization can be improved by load sharing. For more on this, see RFC 3768.
[edit] History
VRRP is based on Cisco's proprietary HSRP concepts. VRRP is actually a standardized version of Cisco's HSRP. Those protocols, while similar in concept, are *not* compatible. Therefore, on newer installations it is recommended to implement VRRP, because it is the standard.
[edit] See also
- HSRP Cisco proprietary router redundancy solution
- GLBP Cisco proprietary router redundancy solution providing load balancing
- Common Address Redundancy Protocol (CARP)
- Routed Split Multilink Trunking Nortel Networks proprietary router redundancy solution. Provides the same services as VRRP, but more efficiently and quicker.