Virtual Router Redundancy Protocol
Encyclopedia
The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol
(IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway
selections on an IP subnetwork
.
The protocol achieves this by creation of virtual routers, which are an abstract representation of multiple routers, i.e. master and backup routers, acting as a group. The default gateway of a participating host is assigned to the virtual router instead of a physical router. If the physical router that is routing
packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router.
VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise IP
routes beyond that subnet or affect the routing
table in any way.
VRRP can be used in Ethernet
, MPLS
and token ring networks with Internet Protocol Version 4
(IPv4), as well as IPv6
.
The protocol is described in IETF publication RFC 5798, which is an open standard, but a similar protocol with essentially the same facility is allegedly patented and licensed.
(MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and it will reply with this MAC address when an ARP request is sent for the virtual router's IP address. Physical routers within the virtual router must communicate within themselves using packets with multicast
IP
address 224.0.0.18 and IP protocol number 112.
Routers have a priority of between 1-255 and the router with the highest priority will become the master. When a planned withdrawal of a master router is to take place, its priority can be lowered which means a backup router will pre-empt the master router status rather than having to wait for the hold time to expire. This reduces the black hole period.
Backup router(s) are only supposed to send multicast packets during an election process. One exception to this rule is when a physical router is configured with a higher priority than the current master, which means that on connection to the network it will preempt the master status. This allows a system administrator to force a physical router to the master state immediately after booting
, for example when that particular router is more powerful than others within the virtual router. The backup router with the highest priority becomes the master router by raising its priority above that of the current master. It will then take responsibility for routing packets sent to the virtual gateway's MAC address. In cases where backup routers all have the same priority, the backup router with the highest IP address becomes the master router.
All physical routers acting as a virtual router must be in the same LAN segment. Communication within the virtual router takes place periodically. This period can be adjusted by changing advertisement interval timers. The shorter the advertisement interval, the shorter the black hole period, though at the expense of more traffic in the network. Security is achieved by responding only to first hop packets, though other mechanisms are provided to reinforce this, particularly against local attacks. Election process is made orderly through the use of skew time, derived from a router's priority and used to reduce the chance of the thundering herd problem
occurring during election.
Backup router utilization can be improved by load sharing. For more on this, see RFC 3768.
(HSRP) concepts. The protocols, while similar in concept, are not compatible. Therefore, on newer installations VRRP is usually implemented, because it is the standard and is supported by many router and switch products.
track 1 interface Serial0/0/0.1 ip routing ! Points at the interface that needs to be Prioritized
interface fastethernet0/0.1 ! VLANs have to be on a Sub-Interface, It is best practice to match the Sub-Interface # and the VLAN #
encapsulation dot1q 1 ! Enables IEEE 802.1Q VLAN frame tagging, followed by the VLAN # that this sub-interface will route
ip address x.x.x.x 255.255.255.0 ! Make sure the IP is on the same subnet as the virtual Gateway1
vrrp 1 priority 110 ! The Priority of the Gateway1
vrrp 1 ip ! The Virtual Gateway for the VLAN 1
vrrp 1 preempt delay minimum 20 ! If the other router fails it will wait 20 sec before becoming the master
vrrp 1 track 1 decrement 15 ! If the S0/0/0.1 Link fails, This command drops the priority by 15
!
interface fastethernet0/0.5 ! VLANs have to be on a Sub-Interface, It is best practice to match the Sub-Interface # and the VLAN #
encapsulation dot1q 5 ! Enables IEEE 802.1Q VLAN frame tagging, followed by the VLAN # that this sub-interface will route
ip address x.x.x.x 255.255.255.0 ! Make sure the IP is on the same subnet as the virtual Gateway2
vrrp 5 priority 110 ! The Priority of the Gateway2
vrrp 5 ip ! The Virtual Gateway for the VLAN 5
vrrp 5 preempt delay minimum 20 ! If the other router fails it will wait 20 sec before becoming the master
vrrp 5 track 1 decrement 15 ! If the S0/0/0.1 Link fails, This command drops the priority by 15
!
router bgp
network mask 255.255.255.0 ! Broadcasts Gateway1 out the WAN through BGP
network mask 255.255.255.0 ! Broadcasts Gateway2 out the WAN through BGP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
(IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway
Default gateway
In computer networking, a gateway is a node on a TCP/IP network that serves as an access point to another network. A default gateway is the node on the computer network that the network software uses when an IP address does not match any other routes in the routing table.In home computing...
selections on an IP subnetwork
Subnetwork
A subnetwork, or subnet, is a logically visible subdivision of an IP network. The practice of dividing a network into subnetworks is called subnetting....
.
The protocol achieves this by creation of virtual routers, which are an abstract representation of multiple routers, i.e. master and backup routers, acting as a group. The default gateway of a participating host is assigned to the virtual router instead of a physical router. If the physical router that is routing
Routing
Routing is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network , electronic data networks , and transportation networks...
packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router.
VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
routes beyond that subnet or affect the routing
Routing
Routing is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network , electronic data networks , and transportation networks...
table in any way.
VRRP can be used in Ethernet
Ethernet
Ethernet is a family of computer networking technologies for local area networks commercially introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired LAN technologies....
, MPLS
Multiprotocol Label Switching
Multiprotocol Label Switching is a mechanism in high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links between...
and token ring networks with Internet Protocol Version 4
IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
(IPv4), as well as IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
.
The protocol is described in IETF publication RFC 5798, which is an open standard, but a similar protocol with essentially the same facility is allegedly patented and licensed.
Implementation
A virtual router must use 00-00-5E-00-01-XX as its Media Access ControlMedia Access Control
The media access control data communication protocol sub-layer, also known as the medium access control, is a sublayer of the data link layer specified in the seven-layer OSI model , and in the four-layer TCP/IP model...
(MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and it will reply with this MAC address when an ARP request is sent for the virtual router's IP address. Physical routers within the virtual router must communicate within themselves using packets with multicast
Multicast address
A multicast address is a logical identifier for a group of hosts in a computer network, that are available to process datagrams or frames intended to be multicast for a designated network service...
IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
address 224.0.0.18 and IP protocol number 112.
Routers have a priority of between 1-255 and the router with the highest priority will become the master. When a planned withdrawal of a master router is to take place, its priority can be lowered which means a backup router will pre-empt the master router status rather than having to wait for the hold time to expire. This reduces the black hole period.
Elections of master routers
A failure to receive a multicast packet from the master router for a period longer than three times the advertisement timer causes the backup routers to assume that the master router is dead. The virtual router then transitions into an unsteady state and an election process is initiated to select the next master router from the backup routers. This is fulfilled through the use of multicast packets.Backup router(s) are only supposed to send multicast packets during an election process. One exception to this rule is when a physical router is configured with a higher priority than the current master, which means that on connection to the network it will preempt the master status. This allows a system administrator to force a physical router to the master state immediately after booting
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
, for example when that particular router is more powerful than others within the virtual router. The backup router with the highest priority becomes the master router by raising its priority above that of the current master. It will then take responsibility for routing packets sent to the virtual gateway's MAC address. In cases where backup routers all have the same priority, the backup router with the highest IP address becomes the master router.
All physical routers acting as a virtual router must be in the same LAN segment. Communication within the virtual router takes place periodically. This period can be adjusted by changing advertisement interval timers. The shorter the advertisement interval, the shorter the black hole period, though at the expense of more traffic in the network. Security is achieved by responding only to first hop packets, though other mechanisms are provided to reinforce this, particularly against local attacks. Election process is made orderly through the use of skew time, derived from a router's priority and used to reduce the chance of the thundering herd problem
Thundering herd problem
The thundering herd problem occurs when a large number of processes waiting for an event are awoken when that event occurs, but only one process is able to proceed at a time. After the processes wake up, they all demand the resource and a decision must be made as to which process can continue...
occurring during election.
Backup router utilization can be improved by load sharing. For more on this, see RFC 3768.
History
VRRP is based on Cisco's proprietary Hot Standby Router ProtocolHot Standby Router Protocol
Hot Standby Router Protocol is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway, and has been described in detail in RFC 2281....
(HSRP) concepts. The protocols, while similar in concept, are not compatible. Therefore, on newer installations VRRP is usually implemented, because it is the standard and is supported by many router and switch products.
- (Cisco Example) VLAN Tagging
track 1 interface Serial0/0/0.1 ip routing ! Points at the interface that needs to be Prioritized
interface fastethernet0/0.1 ! VLANs have to be on a Sub-Interface, It is best practice to match the Sub-Interface # and the VLAN #
encapsulation dot1q 1 ! Enables IEEE 802.1Q VLAN frame tagging, followed by the VLAN # that this sub-interface will route
ip address x.x.x.x 255.255.255.0 ! Make sure the IP is on the same subnet as the virtual Gateway1
vrrp 1 priority 110 ! The Priority of the Gateway1
vrrp 1 ip
vrrp 1 preempt delay minimum 20 ! If the other router fails it will wait 20 sec before becoming the master
vrrp 1 track 1 decrement 15 ! If the S0/0/0.1 Link fails, This command drops the priority by 15
!
interface fastethernet0/0.5 ! VLANs have to be on a Sub-Interface, It is best practice to match the Sub-Interface # and the VLAN #
encapsulation dot1q 5 ! Enables IEEE 802.1Q VLAN frame tagging, followed by the VLAN # that this sub-interface will route
ip address x.x.x.x 255.255.255.0 ! Make sure the IP is on the same subnet as the virtual Gateway2
vrrp 5 priority 110 ! The Priority of the Gateway2
vrrp 5 ip
vrrp 5 preempt delay minimum 20 ! If the other router fails it will wait 20 sec before becoming the master
vrrp 5 track 1 decrement 15 ! If the S0/0/0.1 Link fails, This command drops the priority by 15
!
router bgp
network
network
See also
- Common Address Redundancy ProtocolCommon Address Redundancy ProtocolThe Common Address Redundancy Protocol or CARP is a protocol which allows multiple hosts on the same local network to share a set of IP addresses. Its primary purpose is to provide failover redundancy, especially when used with firewalls and routers. In some configurations CARP can also provide...
(CARP) - A non-proprietary, patent-free, and unrestricted alternative to HSRP and VRRP. - Gateway Load Balancing ProtocolGateway Load Balancing ProtocolGateway Load Balancing Protocol is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols by adding basic load balancing functionality....
- A Cisco SystemsCisco SystemsCisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, United States, that designs and sells consumer electronics, networking, voice, and communications technology and services. Cisco has more than 70,000 employees and annual revenue of US$...
proprietary router redundancy protocol providing load balancing - Hot Standby Routing Protocol - A Cisco SystemsCisco SystemsCisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, United States, that designs and sells consumer electronics, networking, voice, and communications technology and services. Cisco has more than 70,000 employees and annual revenue of US$...
proprietary router redundancy protocol - R-SMLTR-SMLTRouted-SMLT is a computer networking protocol designed by Nortel as an enhancement to SMLT enabling the exchange of Layer 3 information between peer nodes in a Switch Cluster for unparalleled resiliency and simplicity for both L3 and L2.In many cases, core network convergence-times after a...
(Routed Split Multilink Trunking) - An AvayaAvayaAvaya Inc. is a privately held computer networking, information technology and telecommunications company that is a global provider of business communications systems. The international head quarters is in Basking Ridge, New Jersey, United States...
proprietary router protocol - SMLT An AvayaAvayaAvaya Inc. is a privately held computer networking, information technology and telecommunications company that is a global provider of business communications systems. The international head quarters is in Basking Ridge, New Jersey, United States...
redundancy protocol - NetScreen Redundancy Protocol (NSRP) - A Juniper NetworksJuniper NetworksJuniper Networks is an information technology and computer networking products multinational company, founded in 1996. It is head quartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services...
proprietary router redundancy protocol providing load balancing - First Hop Redundancy ProtocolsFirst Hop Redundancy ProtocolsA First Hop Redundancy Protocol is a computer networking protocol which is designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address; in the event of failure of the/an active router, the backup router will take over the address,...
- Lists of default gateway redundancy protocols
External links
- Keepalived 1.2.x adds ipv6 support
- The current VRRP RFC (RFC 5798 - VRRPv3 for IPv4 and IPv6) which obsoletes RFC3768
- The IETF VRRP mailing list archive
- A detailed VRRP article
- Controversy involving VRRP and Cisco patents
- Analysis of VRRPv 2 Issues and Solutions
- Implementations
- A GPL licensed implementation of VRRP designed for Linux operating systems
- A BSD licensed implementation of VRRP for Unix-like operating systems (described as "not functional yet")
- A GPL licensed implementation of VRRPv2 for Linux operating systems
- Configuring VRRP on Cisco IOS
- Configuring VRRP on 3com NETBuilder
- VyattaVyattaVyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others...
, a commercial open-source router / firewall with VRRP functionality. - JBM C120 - A cellular enabled enterprise class router