Hi there, Community friends! This time, I will share with you about the introduction to VRRP. Hope you like it!
The Virtual Router Redundancy Protocol (VRRP) is a fault tolerant protocol that groups several switches into a virtual router. If the next hop switch of a host fails, VRRP switches traffic to another switch, ensuring continuous and reliable communication.
The basic concepts related to VRRP are as follows:
VRRP Router: a router running VRRP, which may belong to one or multiple virtual routers.
Virtual router: an abstract device managed by VRRP, also called a VRRP backup group. A virtual router functions as a default gateway on a shared local area network (LAN). A virtual router is identified by a virtual router identifier and has a set of virtual IP addresses.
Virtual IP address: IP address of a virtual router. A virtual router is manually assigned one or multiple virtual IP addresses.
IP address owner: a VRRP router that uses a virtual router's IP address as an actual interface address. When working normally, the VRRP router responds to packets destined for the virtual IP address, such as ping packets and TCP packets.
Virtual MAC address: a MAC address that is generated according to a virtual router ID. A VRRP virtual router has a virtual MAC address in the format of 00-00-5E-00-01-{VRID}, and a VRRP6 virtual router has a virtual MAC address in the format of 00-00-5E-00-02-{VRID}. A virtual router responds to Address Resolution Protocol (ARP) requests using the virtual MAC address but not the interface's actual MAC address.
Primary IP address: an IP address selected from one of the physical interfaces' IP addresses. It is usually the first configured IP address. The primary IP address functions as the source IP address in VRRP multicast packets.
Master Router (virtual router master): a VRRP router that forwards packets to the virtual IP address and responds to ARP requests. When an IP address owner is available, it usually functions as the master router.
Backup Router (virtual router backup): a set of VRRP routers that do not forward packets. If the master router fails, the backup routers will compete to be the new master router.
Preemption mode: a mode in which a backup router becomes the master router if the backup router has a higher priority than the current master router.
As the Internet grows quickly, higher network reliability is required. It is important for LAN users to be in contact with external networks at any time.
Generally, all hosts within an internal network are configured with one default route destined for an egress gateway to communicate with external networks. If the egress gateway fails, communication between these hosts and external networks will be interrupted.
Configuring multiple egress gateways is a common method to improve system reliability. However, route selection between the gateways becomes an issue because most hosts on a LAN do not support dynamic routing protocols.
The Internet Engineering Task Force (IETF) developed VRRP to enable hosts on a LAN to reliably access external networks. VRRP provides the following functions:
Master/backup mode: The IP address-based master/backup mode is the backup method provided by VRRP. A virtual router is set up, with a master router and multiple backup routers forming a backup group. The master router transmits all services. When the master router fails, a backup router takes over the services.
VRRP load balancing: Multiple virtual routers transmit service at the same time. Load balancing is performed on at least two backup groups on multiple routers, rather than on a single VRRP backup group. In load balancing mode, each backup group has a master device and transmits some of service traffic.
VRRP tracking interface status: Each VRRP backup group can track the status of all interfaces bound to it. If an interface fails, the router with the highest priority will be re-selected as the master router. A VRRP monitoring interface can sense interface status of the local device. When the upstream link of the device is a cross-device link and a non-neighbor device is faulty, VRRP cannot sense the fault. Therefore, master/backup VRRP switchover is not performed and services are interrupted.
Tracking an NQA test instance: NQA can verify the reachability of a destination IP address of a device over a link with transmission devices or a multi-hop link. If an NQA test instance detects a fault in the link with transmission devices or multi-hop link, the NQA test instance notifies VRRP of the fault and VRRP then performs a master/backup switchover. This addresses the problem that VRRP tracking a VRRP-disabled interface cannot detect a fault in the link with transmission devices or multi-hop link.
Virtual IP address ping: Ping to the virtual IP address of a VRRP backup group can be enabled using commands.
VRRP security: Different authentication modes and authentication keys can be set in VRRP packet headers in networks requiring different security levels.
VRRP smooth switching: VRRP master/backup mode must be enabled on customer edge (CE) routers that function as gateways of a service system. During an Active Main Board (AMB)/Standby Main Board (SMB) switchover on a CE, VRRP status will not be switched on local and peer CEs. This prevents packet loss during the switchover.
VRRP fast switchover: VRRP tracks BFD session status to perform a fast switchover in milliseconds.
Rapid VRRP switchback: If the original master device recovers and increases its VRRP priority to be higher than that of the existing master device, the original master device immediately preempts the Master state, and does not have to wait until it receives VRRP packets carrying a lower priority than its priority from the existing master device. This allows user traffic to successfully switch back to the master device before being forwarded to the Internet.
Configuring the backup device to forward traffic: The backup device can forward traffic with a virtual Media Access Control (MAC) address as the destination MAC address. If a master device or a working path on a mobile bearer network is faulty and traffic is switched from the working path to a protection path before a master/backup VRRP switchover is complete, traffic is forwarded to the backup device. If the backup device is capable of forwarding traffic, service interruption time is reduced.
That's all, I welcome everyone to leave a message and exchange in the comment area!

