Routing backup of VRRP

Date:2017-08-01
VRRP Overview
      With the development of Internet, increasingly high network reliability is required. For LAN users, it is vital to be in contact with the external network at any time. Generally, all hosts in an internal network are configured with one default route destined for an egress gateway, through which they communicate with external networks. If the egress gateway fails, communication between these hosts and external networks will be interrupted. It is a common method to configure multiple egress gateways to improve system reliability. However, most hosts on a LAN usually do not support dynamic routing protocols, so how to select a route path among multiple egress gateways is an issue. IETF (Internet Engineering Task Force) has developed VRRP (Virtual Router Redundancy Protocol) to enable hosts on a LAN to reliably access external networks.
 
 20170801100022797.png
Common Networking Mode
 
 

1. What is VRRP?
    VRRP (Virtual Routing Redundancy Protocol) is a network selection protocol. In simple terms, the basic principle of VRRP is a redundant backup of the gateway, that is, a virtual router is created from two or more routers through the operation of VRRP, and the virtual router is used as a gateway for downstream devices.
Basic concepts associated with VRRP are shown as follows:

Concepts

   Descriptions
VRRP Router A router that runs VRRP and may belong to one or multiple virtual routers.
Virtual RouterAn abstract device managed by VRRP, also called a VRRP backup group. A virtual router serves as a default gateway for hosts on a shared local area network (LAN). 
A virtual router comprises a virtual router identifier and a set of virtual IP addresses.
Virtual IP AddressIP address of a virtual router. A virtual router is manually assigned one or multiple virtual IP addresses.
(IP Address  Owner)   A VRRP router that uses a virtual router's IP address as an actual interface address.When working properly, the VRRP router responds to packets destined for the virtual IP address, such as ping packets and TCP packets.
 
( Virtual MAC Address)
A MAC address that is generated by a virtual router according to the virtual router ID. A virtual router has one virtual MAC address.
A virtual router responds to Address Resolution Protocol (ARP) requests using virtual MAC address instead of actual MAC address of the interface.
(Primary IP  Address)An IP address selected from one of the physical interfaces' IP addresses. It is usually the first configured IP address.
The primary IP address serves as the source IP address in VRRP broadcast packets.
 Master Router(Virtual Router Master)AVRRP router that forwards packets to the virtual IP address and responds to ARP requests.
When an IP address owner is available, it usually functions as the master router.
Backup Router(Virtual Router  Backup)A set of VRRP routers that do not forward packets. If the master router fails, the most suitable backup router that is selected through competition will become the new master router.
 
3. What are the Benefits of VRRP?
     The function of VRRP is to dynamically assign one virtual router to one of the VRRP routers on a LAN. The VRRP router that controls the IP address of virtual router is called master router, which forwards packets to these virtual IP addresses. If the master router fails, this selection process provides a dynamic failover mechanism. In this way, if a host fails in the next-hop routing, another router can be timely used to replace it, thus ensuring the continuity and reliability of communication.


4. How does VRRP Work?
      As shown in Figure 1, routers A, B and C constitute a virtual router VRRP. Virtual IP address of the VRRP is 10.110.10.1. Router A serves as the master router and its IP address is 10.110.10.5; router B and router C serve as backup router, and their IP addresses are 10.110.10.6 and 10.110.10.7 respectively. The default gateway for Host A, Host B and Host C on the LAN is set to the VRRP virtual IP address of 10.110.10.1. Normally, the router A serves as the master router for forwarding packets from the LAN to the external network; in case the router A is turned off or fails, router B or router C (based on priority) as Backup router will become the master router to forward packets from the LAN to external networks, so as to maintain the communication between LAN and external network, and improve network reliability.
Figure 1 Virtual Router Diagram
 
20170823040037313.png
 
As shown in figure 1, virtual router networking environment is as follows:
Hosts communicate with external networks through this virtual gateway. Working mechanism of router is as follows:
● Master router is selected according to the levels of priority:
The router with higher priority is selected as the master router.
If two routers have the same priority, then compare interface IP address. The router with a larger interface IP address will be selected as the master router.
Other routers serve as backup routers which monitor the status of Master router at any time.
● In case the backup router in the group does not receive packets from the master router within the period of Master_Down_Interval, it will switch into the master router. In a VRRP group with multiple backup routers, multiple Master routers might be generated in a short period, and then the priorities in the received VRRP packets will be compared with local priorities, and the router with the highest priority is selected as the master router.
 
 
5. VRRP State Machine
VRRP defines three states: Initialize, Master, and Backup. Only the router in the Master state can forward packets destined for the virtual IP address.

Figure 1 shows the VRRP state transition.
Figure 1 VRRP State Transition
20170807042158397.png
Master becomes  Initialize: Receive a ShutDown message
Initialize becomes Master:  Receive a Shutup message with the priority of 255
Master becomes Backup:  Receive a packet with higher priority than local one
Initialize becomes Baackup :Receive a Shutup message with the priority lower than 255
Backup becomes Master :times out
·  Initialize
       A router enters the Initialize state when started. If an interface Startup message is received, the router changes to the Backup state or the Master state (if the interface priority of IP address owner is 255, the router directly switches to Master state). In this state, the router does not process VRRP packets.
· Master
(1) In the Master state, a router performs the following:
· Forwards VRRP packets periodically.
· Responds to ARP request for a virtual IP address and it responses to virtual MAC address instead of physical interface MAC address.
· Forwards packets in which the destination MAC address is a virtual MAC address.
· Transitions to Backup state if a packet with higher priority is received.
· Transitions to Backup state if a packet with the same priority is received and the primary IP address at the transmitting end is larger than the local one.
· Transitions to the Initialize state when the interface Shutdown event is received.
· Backup
· (2) In the Backup state, a router performs the following:
· Receives VRRP packets forwarded by the master and determine whether the master router is working properly.
· Does not respond to ARP request for the virtual IP address.
· Discards the IP packets in which the destination MAC address is virtual MAC address.
· Does not receive the IP packets in which the destination IP address is virtual IP address.
· Transitions to Master state only when the Backup router receives an event that MASTER_DOWN_TIMER times out.
· Transitions to Initialize state when receiving an interface shutdown event.



6. Conclusion
VRRP implements backup through two or multiple routing switches that support VRRP. When the Master router fails, communication can be maintained through other backup routers. In the event of a failure, any configuration of customer premises equipment (CPE) is not required to be replaced. The routing function automatically jumps to the backup routers. In the practical application, selecting appropriate routing technology in combination of requirements to plan is very beneficial to network stable operation.