How VRRP works

FHRP (First Hop Redundancy Protocol) is a family of protocols designed to create redundancy for the default gateway. A common idea for these protocols is to combine several routers into one virtual router with a common IP address. This IP address will be assigned on the hosts as the default gateway address. The free implementation of this idea is the VRRP protocol (Virtual Router Redundancy Protocol). This article will cover the basics of VRRP.

VRRP routers are combined into one virtual router. All routers in the group have a common virtual IP (VIP) address and a common group number or VRID (Virtual Router Identifier). One router can consist of several groups, each of which must have its own unique VIP / VRID pair.

In the case of Cisco, the virtual router is set on the interface of interest to us with the command:

R1(config-if)# vrrp  ip 

All routers are divided into two types: VRRP Master and VRRP Backup.

VRRP Master is a router that forwards packets for this virtual group.

VRRP Backup is a router that expects a packet from Master. If packets from the Master stop arriving, Backup tries to switch to the Master state.

The router becomes Master if it has the highest priority. Master constantly sends messages to the broadcast address to inform Backup routers that it is working. Master sends messages according to the Adver Timer, which defaults to 1 second.

In this case, the group address 00: 00: 5E: 00: 01: xx is used as the MAC address of the sender, where xx is the VRID in hexadecimal format. In this example, the first group is used.

If Backup routers do not receive messages within three Adver Timer (Master Down Timer), then the router with the highest priority, or the router with the highest IP, becomes the new Master. At the same time, a backup router with a higher priority will take over the role of a master with a lower priority. However, when Backup is disabled in preempt mode, Backup will not intercept the role from Master.

R1(config-if)# no vrrp  preempt

If the VRRP router is the owner of the VIP address, then it always intercepts the role of Master.

VRRP priority is set in values ​​from 1 to 254. The value 0 is reserved for cases when the Master needs to relieve responsibility for routing. The value 255 is set by the router to the VIP owner. The default priority is 100, but can be set administratively:

R1(config-if)#vrrp  priority 

Here we can see the priority of the router when it is set administratively:

And here is the case when the router is the owner of the VIP:

A VRRP router can have three states: Initialize, Backup, Master. These states the router changes sequentially.

In the Initialize state, the router is waiting for operation to begin. If this router is the owner of the VIP address (priority is 255), then the router sends messages that become Master. It also sends a gratuitous ARP request in which the source MAC address is equal to the address of the virtual router. Then it goes into Master state. If the router does not own the VIP, then it enters the Backup state.

In the Backup state, the router expects packets from the Master. The router in this state does not respond to ARP requests from the VIP address. Also, it does not accept packets with the MAC address of the virtual router as the destination address.

If Backup does not receive messages from Master during Master Down Timer, then it sends a VRRP message that it is going to become Master. It then sends a broadcast VRRP message in which the source MAC address is equal to the address of this virtual router. In this message, the router indicates its priority.

In the Master state, the router processes packets addressed to the virtual router. He also responds to VIP ARP requests. Master sends VRRP messages every Adver Timer to confirm that it is running.

*May 13 19:52:18.531: %VRRP-6-STATECHANGE: Et1/0 Grp 1 state Init -> Backup
*May 13 19:52:21.751: %VRRP-6-STATECHANGE: Et1/0 Grp 1 state Backup -> Master

VRRP also allows load balancing between multiple routers. To do this, two VRRP groups are created on the same interface. One group is given higher priority than another. At the same time, the priority is set in the opposite way on the second router. Those. if on one router the priority of the first group is 100 and the second group is 200, then on the other router the priority of the first group will be 200 and the second 100.

As mentioned earlier, each group must have its own unique VIP. As a result, we get two ip addresses served by two routers, each of which can serve as a default gateway.

Half of the computers are assigned one default gateway address, half the other. Thus, half of the traffic will go through one router, and half through another. If one of the routers fails, the second one intercepts the work of both VIPs.

Thus, VRRP allows you to organize the fault tolerance of the default gateway, increasing the reliability of the network. And in the case of using several virtual routers, it is possible to balance the load between real routers. Failure response rates can be reduced by decreasing timers.

Also popular now: