The Concept of Virtual Router Redundancy Protocol

 

1. Virtual Router Redundancy Protocol background
 

Solve the problem of single point of failure at the link layer, the problem of single gateway defects, and the problem of automatic implementation and data switching between multiple redundant gateways.

 

 

 

VRRP is an optional protocol that dynamically assigns the responsibilities of a virtual router to one of the VRRP routers on the local area network. The VRRP router that controls the IP addresses of the virtual routers is called the master router, and it is responsible for forwarding packets to these virtual IP addresses. This selection process provides a dynamic failover mechanism once the primary router is unavailable, which allows the IP address of the virtual router to act as the default first-hop router for end hosts. It is a backup protocol for LAN access equipment. All hosts in a local area network are set with default gateways, so that the packets sent by hosts whose destination address is not in this network segment will be sent to the Layer 3 switch through the default gateway, thus realizing the communication between the host and the external network.

 

VRRP is a routing fault-tolerant protocol, also known as a backup routing protocol. All hosts in a local area network are set with default routes. When the destination address sent by the hosts in the network is not in this network segment, the packets will be sent to the external routers through the default route, thus realizing the communication between the host and the external network. When the default router is down (that is, the port is closed), the internal host will not be able to communicate with the outside world. If VRRP is set on the router, then the virtual router will enable the backup router to realize network-wide communication.

 

In the VRRP protocol, there are two groups of important concepts: VRRP routers and virtual routers, master routers and backup routers. A VRRP router is a router that runs VRRP and is a physical entity; a virtual router is created by the VRRP protocol and is a logical concept. A group of VRRP routers work together to form a virtual router. The virtual router externally appears as a logical router with a unique fixed IP address and MAC address. Routers in the same VRRP group have two mutually exclusive roles: master router and backup router. In a VRRP group, there is only one router in the master role, and there can be one or more routers in the backup role. The VRRP protocol selects one router from the router group as the master router, which is responsible for ARP parsing and forwarding IP packets. The other routers in the group act as backups and are on standby. When the master router fails for some reason, One of the backup routers can be upgraded to the master router after a momentary delay, which is transparent to the end-user system because the switchover is very fast and does not need to change the IP address and MAC address.

 

 

A virtual router, an abstract object based on a subnet interface, including a virtual router identifier (VRID) and one or more IP addresses, which are also called virtual IP addresses. The virtual IP address serves as the default gateway for the host .

 

A VRRP router is a router running the VRRP protocol. A VRRP router can be added to one or more virtual routers.

 

IP address owner, a VRRP router whose virtual IP address is the same as the interface's real IP address.

 

The virtual master router is responsible for forwarding the Layer 3 data packets that pass through the virtual router, and responds to the ARP request for the IP address of the virtual router. If a VRRP router is the IP address owner, it is always the virtual master router.

 

The virtual backup router does not forward Layer 3 data packets and does not respond to the ARP request of the virtual IP address. When the virtual master router fails, it takes over the work of the virtual master router.

 

 

4.1 IP address backup, the main function of VRRP. It can provide load balancing of multiple VirtuaI Router elections in the network and support multiple logical IP subnets in a single network.

 

4.2 Optimal path indication. From the routes of multiple routers in the VRRP group, ensure that the master converges to the router with the highest priority available.

 

4.3 Minimize unnecessary service interruptions. During the normal operation of the main route, other low-priority routers are not triggered to select the main route service.

 

4.4 Extensive Security. It can adopt different security policies in many different interactive environments, and it can carry out strict verification with very little configuration and overhead.

 

4.5 Work efficiently on scalable networks.

 

 

The protocol specifies three states for VRRP: INITIALIZE, MASTER and BACKUP. Simply put, INITIALIZE is the initial state, MASTER is the active state, that is, the router that really works in the VRRP backup group, and BACKUP is the standby state, which is the backup of MASTER. For the realization of different states, there are the following requirements:

 

When the router starts up, if the priority of the router is 255 (the highest priority, if and only if the configured VRRP virtual IP address is the same as the interface IP, that is, the so-called IP address owner), it will send VRRP advertisement information and broadcast ARP information The MAC address corresponding to the IP address of the advertising router is the routing virtual MAC, and the advertisement information timer is set to prepare to send VRRP advertisement information at regular intervals, and the state changes to the MASTER state: otherwise, it enters the BACKUP state, and the timer is set to check regularly to check whether the advertisement information of MASTER is received.

 

The router in the host state should complete the following functions:

●Set the timing notification timer;

● Respond to the ARP request of the router's IP address with the VRRP virtual MAC address;

●Forwarding the data packets whose destination MAC is VRRP virtual MAC;

●If it is the owner of the virtual router IP, it will accept the data packet whose destination address is the virtual router IP, otherwise it will be discarded;

When receiving the shutdown event, delete the regular notification timer, send the notification packet with the priority value of 0, and transfer to the initialization state;

●If the timing notification timer times out, send VRRP notification information;

When receiving VRRP advertisement information, if the priority value is 0, send VRRP advertisement information; otherwise, judge whether the priority of the data is higher than that of the local machine, or equal and the actual IP address is greater than the local actual IP, set the timing advertisement timer, reset The host times out the timer, and turns to the BACKUP state; otherwise, the advertisement packet is discarded.

 

The router in the standby state should implement the following functions:

●Set the host timeout timer;

●Cannot respond to ARP request information for virtual router IP;

● Discard all packets whose destination MAC address is the MAC address of the virtual router;

●Do not accept all data packets whose destination is the virtual router IP;

●When receiving the shutdown event, delete the host timeout timer and transfer to the initialization state;

When the host timeout timer expires, it sends VRRP notification information, broadcasts ARP address information, and transfers to the MASTER state;

●When receiving VRRP advertisement information. If the priority value is 0, it means to enter the election with MASTER, otherwise, judge whether the priority of the data is higher than that of the local machine, if it is high, the MASTER is recognized as valid, and the host timeout timer is reset; otherwise, the notification packet is discarded.

 

 

VRRP uses an election mechanism to determine the state of a router (Master or Backup). A group of routers running VRRP form a virtual router. One router is in the Master state, and the others are in the Backup state.

 

All routers running VRRP send and receive VRRP advertisement messages, which contain their own VRRP priority information. VRRP conducts elections by comparing the priorities of routers. The router with a higher priority will become the master router, and the other routers will be backup routers.

 

Both the virtual router and the VRRP router have their own IP addresses (the IP address of the virtual router can be the same as the interface address of a router in the VRRP backup group). If there is an IP address owner in the VRRP group, that is, when the virtual address is the same as that of a VRRP router, the IP address owner becomes the master router and has the highest priority of 255. If the IP address owner does not exist in the VRRP group. The VRRP router will determine the master router by comparing the priority. The router's configurable priority ranges from 1 to 254. By default, the VRRP router's priority is 100. When the priorities are the same, VRRP will conduct elections by comparing IP addresses, and the router with the larger IP address will become the master router.

 

 

 

The devices in the VRRP backup group elect the master according to the priority. By sending gratuitous ARP packets, the master device notifies the virtual MAC address to the devices or hosts connected to it, thereby undertaking the task of packet forwarding.

 

Election rules: Compare the priority, and the one with the higher priority is elected as the Master device. When two devices have the same priority, if a master already exists, it maintains the master identity and does not need to continue the election; if there is no master, it continues to compare the interface IP addresses, and the device with the larger interface IP address is elected as the master device.

 

 

Master device periodically sends VRRP advertisement messages to announce its configuration information (priority, etc.) and working status in the VRRP backup group. The Backup device judges whether the Master device is working properly through the received VRRP packets. When the master device voluntarily relinquishes the master status (for example, the master device exits the backup group), it will send a notification message with a priority of 0 to quickly switch the backup device to the master device without waiting for the Master_Down_Interval timer to expire. The switching time is called Skew_Time, and the calculation method is: (256-the priority of the Backup device)/256, and the unit is seconds.

 

When the master device fails to send notification messages due to a network failure, the backup device cannot immediately know its working status. After the Master_Down_Interval timer expires, it will be considered that the Master device cannot work normally, and the state will be switched to Master. Among them, the value of the Master_Down_Interval timer is: 3×Advertisement_Interval+Skew_Time, the unit is second.