Main Page: Difference between revisions
No edit summary |
JulioHindman (talk | contribs) mNo edit summary |
||
Line 1: | Line 1: | ||
The '''Virtual Router Redundancy Protocol''' ('''VRRP''') is a computer networking protocol that provides for automatic assignment of available [[Internet Protocol]] (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic [[default gateway]] selections on an IP [[subnetwork]]. | |||
The protocol achieves this by creation of virtual routers, which are an abstract representation of multiple routers, i.e. master and backup [[router (computing)|router]]s, acting as a group. The default gateway of a participating host is assigned to the virtual router instead of a physical router. If the physical router that is [[routing]] packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router. | |||
VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise [[Internet Protocol|IP]] routes beyond that subnet or affect the [[routing]] table in any way. | |||
VRRP can be used in [[Ethernet]], [[Multiprotocol Label Switching|MPLS]] and [[token ring]] networks with [[IPv4|Internet Protocol Version 4]] (IPv4), as well as [[IPv6]]. | |||
The | The protocol is described in IETF publication RFC 5798, which is an open standard, but a similar protocol with essentially the same facility is allegedly patented and licensed.<ref>[http://www.ietf.org/ietf-ftp/IPR/VRRP-CISCO IETF source]</ref> | ||
== | ==Implementation== | ||
A virtual router must use 00-00-5E-00-01-XX as its [[Media Access Control]] (MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and it will reply with this MAC address when an ARP request is sent for the virtual router's IP address. Physical routers within the virtual router must communicate within themselves using packets with [[Multicast address|multicast]] [[Internet Protocol|IP]] address 224.0.0.18 and IP protocol number 112.<ref>[http://tools.ietf.org/html/rfc3768#section-5.2 Section 5.2.4. Protocol]</ref> | |||
Routers have a priority of between 1-255 and the router with the highest priority will become the master. When a planned withdrawal of a master router is to take place, its priority can be lowered which means a backup router will pre-empt the master router status rather than having to wait for the hold time to expire. This reduces the black hole period. | |||
==Elections of master routers== | |||
A failure to receive a multicast packet from the master router for a period longer than three times the advertisement timer causes the backup routers to assume that the master router is dead. The virtual router then transitions into an unsteady state and an election process is initiated to select the next master router from the backup routers. This is fulfilled through the use of multicast packets. | |||
then | |||
Backup router(s) are only supposed to send multicast packets during an election process. One exception to this rule is when a physical router is configured with a higher priority than the current master, which means that on connection to the network it will preempt the master status. This allows a system administrator to force a physical router to the master state immediately after [[booting]], for example when that particular router is more powerful than others within the virtual router. The backup router with the highest priority becomes the master router by raising its priority above that of the current master. It will then take responsibility for routing packets sent to the virtual gateway's MAC address. In cases where backup routers all have the same priority, the backup router with the highest IP address becomes the master router. | |||
All physical routers acting as a virtual router must be in the same LAN segment. Communication within the virtual router takes place periodically. This period can be adjusted by changing advertisement interval timers. The shorter the advertisement interval, the shorter the black hole period, though at the expense of more traffic in the network. Security is achieved by responding only to first hop packets, though other mechanisms are provided to reinforce this, particularly against local attacks. Election process is made orderly through the use of [[skew time]], derived from a router's priority and used to reduce the chance of the [[thundering herd problem]] occurring during election. The [[skew time]] is given by the formula <math>1 - \frac{Priority}{256}</math> (expressed in milliseconds). | |||
Backup router utilization can be improved by load sharing. For more on this, see RFC 3768. | |||
==History== | |||
VRRP is based on Cisco's proprietary [[Hot Standby Router Protocol]] (HSRP) concepts. The protocols, while similar in concept, are not compatible. Therefore, on newer installations VRRP is usually implemented, because it is the standard and is supported by many router and switch products. | |||
* (Cisco Example) '''VLAN Tagging''' | |||
track 1 interface Serial0/0/0.1 ip routing ! Points at the interface that needs to be Prioritized | |||
interface fastethernet0/0.1 ! VLANs have to be on a Sub-Interface, It is best practice to match the Sub-Interface # and the VLAN # | |||
encapsulation dot1q 1 ! Enables IEEE 802.1Q VLAN frame tagging, followed by the VLAN # that this sub-interface will route | |||
ip address x.x.x.x 255.255.255.0 ! Make sure the IP is on the same subnet as the virtual Gateway1 | |||
vrrp 1 priority 110 ! The Priority of the Gateway1 | |||
The | vrrp 1 ip <Gateway1> ! The Virtual Gateway for the VLAN 1 | ||
vrrp 1 preempt delay minimum 20 ! If the other router fails it will wait 20 sec before becoming the master | |||
vrrp 1 track 1 decrement 15 ! If the S0/0/0.1 Link fails, This command drops the priority by 15 | |||
! | |||
interface fastethernet0/0.5 ! VLANs have to be on a Sub-Interface, It is best practice to match the Sub-Interface # and the VLAN # | |||
encapsulation dot1q 5 ! Enables IEEE 802.1Q VLAN frame tagging, followed by the VLAN # that this sub-interface will route | |||
ip address x.x.x.x 255.255.255.0 ! Make sure the IP is on the same subnet as the virtual Gateway2 | |||
vrrp 5 priority 110 ! The Priority of the Gateway2 | |||
vrrp 5 ip <Gateway2> ! The Virtual Gateway for the VLAN 5 | |||
vrrp 5 preempt delay minimum 20 ! If the other router fails it will wait 20 sec before becoming the master | |||
vrrp 5 track 1 decrement 15 ! If the Fa0/0.5 Link fails, This command drops the priority by 15 | |||
! | |||
router bgp <ASN> | |||
network <Gateway1> mask 255.255.255.0 ! Broadcasts Gateway1 out the WAN through BGP | |||
network <Gateway2> mask 255.255.255.0 ! Broadcasts Gateway2 out the WAN through BGP | |||
==See also== | ==See also== | ||
*[[ | * [[Common Address Redundancy Protocol]] (CARP) - A non-proprietary, patent-free, and unrestricted alternative to HSRP and VRRP. | ||
*[[ | * [[Gateway Load Balancing Protocol]] - A [[Cisco Systems]] proprietary router redundancy protocol providing load balancing | ||
*[[ | * [[Hot Standby Routing Protocol]] - A [[Cisco Systems]] proprietary router redundancy protocol | ||
*[[ | * [[R-SMLT]] (Routed Split Multilink Trunking) - An [[Avaya]] proprietary router redundancy and router load balancing protocol - replacement for VRRP in Avaya core networks | ||
* [[SMLT]] An [[Avaya]] redundancy protocol | |||
* [[First Hop Redundancy Protocols]] - Lists of default gateway redundancy protocols | |||
==References== | ==References== | ||
{{reflist}} | |||
* | |||
==External links== | |||
* [http://www.keepalived.org/ Keepalived 1.2.x adds ipv6 support] | |||
* [http://tools.ietf.org/html/rfc5798 The current VRRP RFC (RFC 5798 - VRRPv3 for IPv4 and IPv6) which obsoletes RFC3768] | |||
* [http://www.ietf.org/mail-archive/web/vrrp/current/maillist.html The IETF VRRP mailing list archive] | |||
* [http://www.redbooks.ibm.com/redpapers/pdfs/redp3657.pdf A detailed VRRP article] | |||
* [http://kerneltrap.org/comment/reply/477/1567 Controversy involving VRRP and Cisco patents] | |||
* [http://web.archive.org/web/20080625055935/http://www.hanetworks.com/networks/nokia/vrrp/analysis_of_vrrpv2.htm Analysis of VRRPv 2 Issues and Solutions] | |||
* Implementations | |||
** [http://sourceforge.net/projects/vrrpd/ A GPL licensed implementation of VRRP designed for Linux operating systems] | |||
** [http://sourceforge.net/projects/svrrpd/ A BSD licensed implementation of VRRP for Unix-like operating systems] (described as "not functional yet") | |||
** [http://www.keepalived.org A GPL licensed implementation of VRRPv2 for Linux operating systems] | |||
** [http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp.html Configuring VRRP on Cisco IOS] | |||
** [http://support.3com.com/infodeli/tools/bridrout/u_guides/html/nb111/family/features/vrrp.htm Configuring VRRP on 3com NETBuilder] | |||
** [[Vyatta]], a commercial open-source router / firewall with VRRP functionality. | |||
** [http://www.jbm-web.com/cart/index.php?main_page=product_info&cPath=67&products_id=184 JBM C120 - A cellular enabled enterprise class router] | |||
[[Category: | [[Category:Internet protocols]] | ||
[[Category: | [[Category:Routing protocols]] | ||
[[de:Virtual Router Redundancy Protocol]] | |||
[[de: | [[es:Virtual Router Redundancy Protocol]] | ||
[[ | [[fr:Virtual Router Redundancy Protocol]] | ||
[[ | [[ja:Virtual Router Redundancy Protocol]] | ||
[[ja: | [[ru:VRRP]] | ||
[[ru: | |||
Revision as of 23:05, 12 August 2014
The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.
The protocol achieves this by creation of virtual routers, which are an abstract representation of multiple routers, i.e. master and backup routers, acting as a group. The default gateway of a participating host is assigned to the virtual router instead of a physical router. If the physical router that is routing packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router.
VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise IP routes beyond that subnet or affect the routing table in any way.
VRRP can be used in Ethernet, MPLS and token ring networks with Internet Protocol Version 4 (IPv4), as well as IPv6.
The protocol is described in IETF publication RFC 5798, which is an open standard, but a similar protocol with essentially the same facility is allegedly patented and licensed.[1]
Implementation
A virtual router must use 00-00-5E-00-01-XX as its Media Access Control (MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and it will reply with this MAC address when an ARP request is sent for the virtual router's IP address. Physical routers within the virtual router must communicate within themselves using packets with multicast IP address 224.0.0.18 and IP protocol number 112.[2]
Routers have a priority of between 1-255 and the router with the highest priority will become the master. When a planned withdrawal of a master router is to take place, its priority can be lowered which means a backup router will pre-empt the master router status rather than having to wait for the hold time to expire. This reduces the black hole period.
Elections of master routers
A failure to receive a multicast packet from the master router for a period longer than three times the advertisement timer causes the backup routers to assume that the master router is dead. The virtual router then transitions into an unsteady state and an election process is initiated to select the next master router from the backup routers. This is fulfilled through the use of multicast packets.
Backup router(s) are only supposed to send multicast packets during an election process. One exception to this rule is when a physical router is configured with a higher priority than the current master, which means that on connection to the network it will preempt the master status. This allows a system administrator to force a physical router to the master state immediately after booting, for example when that particular router is more powerful than others within the virtual router. The backup router with the highest priority becomes the master router by raising its priority above that of the current master. It will then take responsibility for routing packets sent to the virtual gateway's MAC address. In cases where backup routers all have the same priority, the backup router with the highest IP address becomes the master router.
All physical routers acting as a virtual router must be in the same LAN segment. Communication within the virtual router takes place periodically. This period can be adjusted by changing advertisement interval timers. The shorter the advertisement interval, the shorter the black hole period, though at the expense of more traffic in the network. Security is achieved by responding only to first hop packets, though other mechanisms are provided to reinforce this, particularly against local attacks. Election process is made orderly through the use of skew time, derived from a router's priority and used to reduce the chance of the thundering herd problem occurring during election. The skew time is given by the formula (expressed in milliseconds).
Backup router utilization can be improved by load sharing. For more on this, see RFC 3768.
History
VRRP is based on Cisco's proprietary Hot Standby Router Protocol (HSRP) concepts. The protocols, while similar in concept, are not compatible. Therefore, on newer installations VRRP is usually implemented, because it is the standard and is supported by many router and switch products.
- (Cisco Example) VLAN Tagging
track 1 interface Serial0/0/0.1 ip routing ! Points at the interface that needs to be Prioritized interface fastethernet0/0.1 ! VLANs have to be on a Sub-Interface, It is best practice to match the Sub-Interface # and the VLAN # encapsulation dot1q 1 ! Enables IEEE 802.1Q VLAN frame tagging, followed by the VLAN # that this sub-interface will route ip address x.x.x.x 255.255.255.0 ! Make sure the IP is on the same subnet as the virtual Gateway1 vrrp 1 priority 110 ! The Priority of the Gateway1 vrrp 1 ip <Gateway1> ! The Virtual Gateway for the VLAN 1 vrrp 1 preempt delay minimum 20 ! If the other router fails it will wait 20 sec before becoming the master vrrp 1 track 1 decrement 15 ! If the S0/0/0.1 Link fails, This command drops the priority by 15 ! interface fastethernet0/0.5 ! VLANs have to be on a Sub-Interface, It is best practice to match the Sub-Interface # and the VLAN # encapsulation dot1q 5 ! Enables IEEE 802.1Q VLAN frame tagging, followed by the VLAN # that this sub-interface will route ip address x.x.x.x 255.255.255.0 ! Make sure the IP is on the same subnet as the virtual Gateway2 vrrp 5 priority 110 ! The Priority of the Gateway2 vrrp 5 ip <Gateway2> ! The Virtual Gateway for the VLAN 5 vrrp 5 preempt delay minimum 20 ! If the other router fails it will wait 20 sec before becoming the master vrrp 5 track 1 decrement 15 ! If the Fa0/0.5 Link fails, This command drops the priority by 15 ! router bgp <ASN> network <Gateway1> mask 255.255.255.0 ! Broadcasts Gateway1 out the WAN through BGP network <Gateway2> mask 255.255.255.0 ! Broadcasts Gateway2 out the WAN through BGP
See also
- Common Address Redundancy Protocol (CARP) - A non-proprietary, patent-free, and unrestricted alternative to HSRP and VRRP.
- Gateway Load Balancing Protocol - A Cisco Systems proprietary router redundancy protocol providing load balancing
- Hot Standby Routing Protocol - A Cisco Systems proprietary router redundancy protocol
- R-SMLT (Routed Split Multilink Trunking) - An Avaya proprietary router redundancy and router load balancing protocol - replacement for VRRP in Avaya core networks
- SMLT An Avaya redundancy protocol
- First Hop Redundancy Protocols - Lists of default gateway redundancy protocols
References
43 year old Petroleum Engineer Harry from Deep River, usually spends time with hobbies and interests like renting movies, property developers in singapore new condominium and vehicle racing. Constantly enjoys going to destinations like Camino Real de Tierra Adentro.
External links
- Keepalived 1.2.x adds ipv6 support
- The current VRRP RFC (RFC 5798 - VRRPv3 for IPv4 and IPv6) which obsoletes RFC3768
- The IETF VRRP mailing list archive
- A detailed VRRP article
- Controversy involving VRRP and Cisco patents
- Analysis of VRRPv 2 Issues and Solutions
- Implementations
- A GPL licensed implementation of VRRP designed for Linux operating systems
- A BSD licensed implementation of VRRP for Unix-like operating systems (described as "not functional yet")
- A GPL licensed implementation of VRRPv2 for Linux operating systems
- Configuring VRRP on Cisco IOS
- Configuring VRRP on 3com NETBuilder
- Vyatta, a commercial open-source router / firewall with VRRP functionality.
- JBM C120 - A cellular enabled enterprise class router
de:Virtual Router Redundancy Protocol es:Virtual Router Redundancy Protocol fr:Virtual Router Redundancy Protocol ja:Virtual Router Redundancy Protocol ru:VRRP