The principle of the VRRP protocol
FHRP (First Hop Redundancy Protocol) is a family of protocols designed to create a default gateway redundancy. A common idea for these protocols is to combine several routers into one virtual router with a common IP address. This IP address will be assigned to the hosts as the default gateway address. VRRP (Virtual Router Redundancy Protocol) is a free implementation of this idea. This article will cover the basics of the VRRP protocol.
VRRP routers are combined into one virtual router. All routers in a group have a common virtual IP (VIP) address and a common group number or VRID (Virtual Router Identifier). One router can be in several groups, each of which must have its own unique VIP / VRID pair.
In the case of Cisco, the virtual router is set on the interface of interest to us with the command:
')
All routers are divided into two types: VRRP Master and VRRP Backup.
VRRP Master is a router that handles packets for a given virtual group.
VRRP Backup is the router that expects a packet from the Master. If packets from the master stop coming, Backup tries to go to the Master state.
The router becomes the master if it has the highest priority. The master constantly sends messages to the broadcast address 224.0.0.18 in order to inform Backup routers that it is working. The master sends messages according to the Adver Timer timer, which is equal to 1 second by default.
In this case, the group MAC address of the sender is 00: 00: 5E: 00: 01: xx, where xx is the VRID in hexadecimal format. In this example, the first group is used.
If Backup routers do not receive messages within three Adver Timer (Master Down Timer), then the new Master becomes the router with the highest priority, or the router with the highest IP. At the same time, a Backup router with a higher priority will intercept the Master role with a lower priority. However, when preempt is disabled in Backup, Backup will not intercept the role of the Master.
If the VRRP router owns the VIP address, then it always intercepts the Master role.
VRRP priority is specified in values from 1 to 254. A value of 0 is reserved for cases where the Master needs to disclaim responsibility for routing. The value 255 is set by the VIP owner router. The default priority is 100, but can be set administratively:
Here we can see the priority of the router when it is set administratively:
And here is the case when the router is the owner of the VIP:
VRRP router can have three states: Initialize, Backup, Master. These states of the router sequential changes.
In the Initialize state, the router is waiting to start working. If this router is the owner of the VIP address (priority is 255), then the router sends messages that it becomes the Master. It also sends a gratuitous ARP request in which the source MAC address is equal to the address of the virtual router. Then it goes to the Master state. If the router is not the VIP owner, then it enters the Backup state.
In the Backup state, the router waits for packets from the master. The router in this state does not respond to ARP requests from the VIP address. It also does not accept packets that have the virtual router MAC address as the destination address.
If Backup does not receive messages from Master during Master Down Timer, then it sends a message to VRRP that it is going to become Master. It then sends a VRRP broadcast message in which the source MAC address is equal to the address of this virtual router. In this message, the router indicates its priority.
In the Master state, the router processes packets addressed to the virtual router. He also responds to ARP requests for VIP. The master sends out VRRP messages every Adver Timer to confirm that it is working.
VRRP also allows load balancing between multiple routers. To do this, two VRRP groups are created on one interface. One group is assigned a higher priority than the other. At the same time, the priority on the second router is set in the opposite way. Those. if on one router the priority of the first group is 100, and that of the second group is 200, then on the other router the priority of the first group will be 200 and the second 100.
As stated earlier, each group must have its own unique VIP. As a result, we get two ip addresses serviced by two routers, each of which can serve as a default gateway.
Half of the computers are assigned one default gateway address, half the other. Thus, half of the traffic will go through one router, and half through the other. When one of the routers fails, the second intercepts the work of both VIPs.
Thus, VRRP allows you to organize the fault tolerance of the default gateway, increasing the reliability of the network. And in the case of using multiple virtual routers, you can also balance the load between real routers. The rate of reaction to a failure can be reduced by reducing the timers.
VRRP routers are combined into one virtual router. All routers in a group have a common virtual IP (VIP) address and a common group number or VRID (Virtual Router Identifier). One router can be in several groups, each of which must have its own unique VIP / VRID pair.
In the case of Cisco, the virtual router is set on the interface of interest to us with the command:
')
R1(config-if)# vrrp <group-number> ip <ip-address> All routers are divided into two types: VRRP Master and VRRP Backup.
VRRP Master is a router that handles packets for a given virtual group.
VRRP Backup is the router that expects a packet from the Master. If packets from the master stop coming, Backup tries to go to the Master state.
The router becomes the master if it has the highest priority. The master constantly sends messages to the broadcast address 224.0.0.18 in order to inform Backup routers that it is working. The master sends messages according to the Adver Timer timer, which is equal to 1 second by default.
In this case, the group MAC address of the sender is 00: 00: 5E: 00: 01: xx, where xx is the VRID in hexadecimal format. In this example, the first group is used.
If Backup routers do not receive messages within three Adver Timer (Master Down Timer), then the new Master becomes the router with the highest priority, or the router with the highest IP. At the same time, a Backup router with a higher priority will intercept the Master role with a lower priority. However, when preempt is disabled in Backup, Backup will not intercept the role of the Master.
R1(config-if)# no vrrp <group-number> preempt If the VRRP router owns the VIP address, then it always intercepts the Master role.
VRRP priority is specified in values from 1 to 254. A value of 0 is reserved for cases where the Master needs to disclaim responsibility for routing. The value 255 is set by the VIP owner router. The default priority is 100, but can be set administratively:
R1(config-if)#vrrp <group-number> priority <priority 1-254> Here we can see the priority of the router when it is set administratively:
And here is the case when the router is the owner of the VIP:
VRRP router can have three states: Initialize, Backup, Master. These states of the router sequential changes.
In the Initialize state, the router is waiting to start working. If this router is the owner of the VIP address (priority is 255), then the router sends messages that it becomes the Master. It also sends a gratuitous ARP request in which the source MAC address is equal to the address of the virtual router. Then it goes to the Master state. If the router is not the VIP owner, then it enters the Backup state.
In the Backup state, the router waits for packets from the master. The router in this state does not respond to ARP requests from the VIP address. It also does not accept packets that have the virtual router MAC address as the destination address.
If Backup does not receive messages from Master during Master Down Timer, then it sends a message to VRRP that it is going to become Master. It then sends a VRRP broadcast message in which the source MAC address is equal to the address of this virtual router. In this message, the router indicates its priority.
In the Master state, the router processes packets addressed to the virtual router. He also responds to ARP requests for VIP. The master sends out VRRP messages every Adver Timer to confirm that it is working.
*May 13 19:52:18.531: %VRRP-6-STATECHANGE: Et1/0 Grp 1 state Init -> Backup *May 13 19:52:21.751: %VRRP-6-STATECHANGE: Et1/0 Grp 1 state Backup -> Master VRRP also allows load balancing between multiple routers. To do this, two VRRP groups are created on one interface. One group is assigned a higher priority than the other. At the same time, the priority on the second router is set in the opposite way. Those. if on one router the priority of the first group is 100, and that of the second group is 200, then on the other router the priority of the first group will be 200 and the second 100.
As stated earlier, each group must have its own unique VIP. As a result, we get two ip addresses serviced by two routers, each of which can serve as a default gateway.
Half of the computers are assigned one default gateway address, half the other. Thus, half of the traffic will go through one router, and half through the other. When one of the routers fails, the second intercepts the work of both VIPs.
Thus, VRRP allows you to organize the fault tolerance of the default gateway, increasing the reliability of the network. And in the case of using multiple virtual routers, you can also balance the load between real routers. The rate of reaction to a failure can be reduced by reducing the timers.
Source: https://habr.com/ru/post/452490/
All Articles