how to save time and change the mac address table in case VRRP master went down

Created: Jan 9, 2019 10:31:49Latest reply: Jan 9, 2019 11:55:00 360 2 3 0
  Rewarded Hi-coins: 0 (problem resolved)

182948bu4an1vaavzirvdr.png

1. if vrrp master on router A

2. if for some reason a went down

3. how router b force the switch to change the MAC table so the virtual mac can be on port b instead waiting the aging time 300 sec ?

  • x
  • convention:

Featured Answers
Mohamed_Mostafa
Created Jan 9, 2019 11:55:00 Helpful(0) Helpful(0)

The VRRP working process is as follows:

1.Devices in a VRRP group select the master based on their priorities. The master sends gratuitous ARP packets to notify the connected network devices or hosts of the virtual MAC address of the VRRP group.
2.The master periodically sends VRRP Advertisement packets to all backups in the VRRP group to advertise its configuration (for example, priority) and running status.
3.If the master fails, the backup with the highest priority becomes the new master.
4.If the original master is replaced by another device in the group, the new master sends gratuitous ARP packets carrying the virtual MAC address and virtual IP address of the virtual router. The new master uses these packets to update the MAC address entry on the connected network devices or hosts. User traffic is then switched to the new master. This process is transparent to users.
5.When the original master recovers and is the IP address owner (with priority 255), the original master reverts to the Master state. If the priority of the original master is smaller than 255, the device switches to the Backup state. The priority of the device is then restored to its original value before the failure.

6.If the backup has a higher priority than the master, the working mode of the backup (preemption or non-preemption) determines whether the master is re-selected.

•Preemption mode: If the priority of a backup is higher than the priority of the current master, the backup automatically becomes the master.


•Non-preemption mode: As long as the master is working properly, the backup with a higher priority cannot become the master.

So the Answer is the  gratuitous ARP is responsible to update  CAM tables. and ensured the CAM table always had an entry for the VRRP MAC.

Example :
image
  • SwitchA is the master, with the priority 120. It uses the delayed preemption mode.
  • SwitchB is the backup, with the priority 100. It uses the immediate preemption mode.
  • SwitchC is the backup, with the priority 110. It uses the immediate preemption mode.

The following describes how traffic is forwarded in the network:

  1. When SwitchA is running properly, traffic sent from users is transmitted along the path Switch -> SwitchA -> Router. SwitchA periodically sends VRRP Advertisement packets to SwitchB and SwitchC, notifying them that the master is working properly.

  2. When a fault occurs on SwitchA, VRRP does not function on SwitchA, which stops sending VRRP Advertisement packets to SwitchB and SwitchC. Because SwitchC has a higher priority than SwitchB, SwitchC becomes the master. SwitchC starts to send VRRP Advertisement packets and gratuitous ARP packets, whereas SwitchB remains in Backup state. User traffic is transmitted along the path Switch -> SwitchC -> Router.

  3. When SwitchA recovers, its priority is restored to 120 and it enters the Backup state. SwitchC continues sending VRRP Advertisement packets. When SwitchA receives a VRRP Advertisement packet, it compares the priority in the packet with its own priority and detects that its priority is higher. After the preemption delay, SwitchA reverts to being the master and starts to send VRRP Advertisement packets and gratuitous ARP packets. User traffic is again transmitted along the path Switch -> SwitchA -> Router.

This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

Network%20%26%20Security%20Engineer
All Answers
chenhui
chenhui Admin Created Jan 9, 2019 11:46:11 Helpful(0) Helpful(0)

@mesbah when the master router went down, the vrrp group will elect the new master, after the new master generated, the new master router will send gratuitous arp packet to refresh the mac-address table which on the connected device, so that the connected device will forwarding traffic to the new master rather than the old one.
  • x
  • convention:

Mohamed_Mostafa
Mohamed_Mostafa Created Jan 9, 2019 11:55:00 Helpful(0) Helpful(0)

The VRRP working process is as follows:

1.Devices in a VRRP group select the master based on their priorities. The master sends gratuitous ARP packets to notify the connected network devices or hosts of the virtual MAC address of the VRRP group.
2.The master periodically sends VRRP Advertisement packets to all backups in the VRRP group to advertise its configuration (for example, priority) and running status.
3.If the master fails, the backup with the highest priority becomes the new master.
4.If the original master is replaced by another device in the group, the new master sends gratuitous ARP packets carrying the virtual MAC address and virtual IP address of the virtual router. The new master uses these packets to update the MAC address entry on the connected network devices or hosts. User traffic is then switched to the new master. This process is transparent to users.
5.When the original master recovers and is the IP address owner (with priority 255), the original master reverts to the Master state. If the priority of the original master is smaller than 255, the device switches to the Backup state. The priority of the device is then restored to its original value before the failure.

6.If the backup has a higher priority than the master, the working mode of the backup (preemption or non-preemption) determines whether the master is re-selected.

•Preemption mode: If the priority of a backup is higher than the priority of the current master, the backup automatically becomes the master.


•Non-preemption mode: As long as the master is working properly, the backup with a higher priority cannot become the master.

So the Answer is the  gratuitous ARP is responsible to update  CAM tables. and ensured the CAM table always had an entry for the VRRP MAC.

Example :
image
  • SwitchA is the master, with the priority 120. It uses the delayed preemption mode.
  • SwitchB is the backup, with the priority 100. It uses the immediate preemption mode.
  • SwitchC is the backup, with the priority 110. It uses the immediate preemption mode.

The following describes how traffic is forwarded in the network:

  1. When SwitchA is running properly, traffic sent from users is transmitted along the path Switch -> SwitchA -> Router. SwitchA periodically sends VRRP Advertisement packets to SwitchB and SwitchC, notifying them that the master is working properly.

  2. When a fault occurs on SwitchA, VRRP does not function on SwitchA, which stops sending VRRP Advertisement packets to SwitchB and SwitchC. Because SwitchC has a higher priority than SwitchB, SwitchC becomes the master. SwitchC starts to send VRRP Advertisement packets and gratuitous ARP packets, whereas SwitchB remains in Backup state. User traffic is transmitted along the path Switch -> SwitchC -> Router.

  3. When SwitchA recovers, its priority is restored to 120 and it enters the Backup state. SwitchC continues sending VRRP Advertisement packets. When SwitchA receives a VRRP Advertisement packet, it compares the priority in the packet with its own priority and detects that its priority is higher. After the preemption delay, SwitchA reverts to being the master and starts to send VRRP Advertisement packets and gratuitous ARP packets. User traffic is again transmitted along the path Switch -> SwitchA -> Router.

This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

Network%20%26%20Security%20Engineer

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login