VRRP (Virtual Router redundancy Protocol) protocol is used to implement router redundancy protocol, the latest protocol is defined in RFC3768, the original definition RFC2338 was abolished, the new protocol is relatively simplified some functions.
2. Description of the agreement
2.1 Protocol
The VRRP protocol is designed to eliminate the network failure caused by the default router single point failure in the static default routing environment, which makes the device function switch without affecting the internal and external data communication in the event of failure, and does not need to modify the network parameters of the inner network. The VRRP protocol requires IP address backup, priority routing, and less unnecessary inter-router communication.
VRRP protocol to virtual two or more router devices into a device, the external provision of virtual router IP (one or more), and within the router group, if the actual router with the external IP if it is working properly is master, or by the algorithm elected, Master implements various network functions for virtual router IP, such as ARP requests, ICMP, and data forwarding, and so on; Other devices do not own the IP, and the status is backup, except to receive the VRRP status notification information of master, and does not perform external network functions. When the host fails, backup takes over the network functionality of the original master.
Configure the VRRP protocol to configure the virtual router ID (Vrid) and priority values for each router, use Vrid to group routers, routers with the same Vrid value for the same group, and Vrid to be a positive integer of 0~255 The routers in the same group elect master by using the priority value, the priority is master, and the priority is also a positive integer of 0~255.
The VRRP protocol uses multicast data to transmit VRRP data, VRRP data sends data using a special virtual source MAC address instead of the MAC address of its own network card, and the VRRP runtime only has the master router periodically sending VRRP notification messages. Indicates that master is working properly and the virtual router IP (group), backup receives only VRRP data, does not send data, and if no notification of master is received within a certain period of time, each backup will declare itself master, send notification information, Re-conduct the master election status.
2.2 Master Election
If the external virtual router IP is the router itself configured IP address, the router is always master;
Otherwise, if the virtual IP is not available, the master election will be carried out, each router declares that it is master and sends VRRP notification information;
If the notification message received from other machines is higher than the priority, it will be returned to the backup state;
If the priority level is equal, the higher priority of the actual IP,IP value of the router will be compared;
However, if the external virtual router IP is the router itself's IP, the router will always be master, then the priority value is 255.
2.3 Protocol State Machine
VRRP protocol status is relatively simple, on three states, initialization, host, backup machine.
+---------------+
+--------->| |<-------------+
| | Initialize | |
| +------| |----------+ |
| | +---------------+ | |
| | | |
| V V |
+---------------+ +---------------+
| |---------------------->| |
| Master | | Backup |
| |<----------------------| |
+---------------+ +---------------+ Copy Code
Initialization
When the router starts, if the priority of the router is 255 (highest priority, Router has router address), to send VRRP advertisement information, and send broadcast ARP message to advertise router IP address corresponding MAC address for route Virtual Mac, set advertisement information timer ready to send VRRP notification information periodically , to master State;
Otherwise, enter the backup status, set the timer check to check if you receive Master's notification information.
Host:
The host state of the router to complete the following functions:
Set up the timer notice;
The ARP request that responds to router IP address with VRRP virtual MAC address;
The forwarding destination Mac is a VRRP virtual Mac packet;
If the owner of the virtual router IP, will accept the destination address is the virtual router IP packet, otherwise discarded;
When the Shutdown event is received, the timer notification timers are removed and the notification packet with priority 0 is sent, and the initialization state is initialized;
If the timed notification timer expires, the VRRP notification message is sent;
When receiving VRRP notification information, if the priority is 0, send VRRP notification information, otherwise determine whether the priority of the data is higher than the local, or equal and the actual IP address is greater than the actual IP, set the timing notification timer, reset the host timeout timer, turn backup state; otherwise, discard the notification packet;
Standby machine:
The router in the standby state implements the following functions:
Set the host timeout timer;
Cannot respond to ARP request information for virtual router IP;
Discard all destination MAC addresses are packets of virtual router MAC addresses;
Do not accept all packets that are intended to be virtual router IP;
When the Shutdown event is received, the host time-out timer is removed and the initialization state is initialized;
When the host time-out timer expires, send VRRP notification information, broadcast ARP address information, turn to master State;
When receiving the VRRP notification information, if the priority is 0, it means entering the master election; otherwise, if the priority of the data is higher than the native, if the high word admits master is valid, reset the host time-out timer; otherwise, discard the notification packet;
2.4 ARP Query processing
When the internal host through ARP query the virtual router IP address corresponding to the MAC address, the master router reply to the MAC address of the virtual VRRP MAC address, instead of the actual network card MAC address, so that the router switch to the intranet machine is not aware of, and when the router restarts, You cannot actively send the actual MAC address of a native network card. If the virtual router turns on the ARP Proxy (proxy_arp) feature, the proxy's ARP response also responds to the VRRP virtual MAC address;
2.5 VRRP Application Examples
+-----------+ +-----------+
| RTR1 | | RTR2 |
| (MR vrid=1) | | (BR vrid=1) |
| (BR vrid=2) | | (MR vrid=2) |
Vrid=1 +-----------+ +-----------+ vrid=2
IP A---------->* *<----------IP B
| |
| |
------------------+------------+-----+--------+--------+--------+--
^ ^ ^ ^
| | | |
(IP A) (IP A) (IP B) (IP B)
| | | |
+--+--+ +--+--+ +--+--+ +--+--+
| H1 | | H2 | | H3 | | H4 |
+-----+ +-----+ +--+--+ +--+--+
Legend:
---+---+---+--= Ethernet, Token Ring, or FDDI
H = Host Computer
MR = Master Router
BR = Backup Router
* = IP Address
(IP) = Default router for hosts copy code
This is usually VRRP using topology, two routers running VRRP each other for backup, Router 1 as Vrid Group 1 MASTER,IP address A,vrid Group 2 backup, Router 2 as Vrid Group 2 MASTER,IP address B,vrid Group 1 backup, The default gateway address for some of the machines in the internal network is IP address A, part IP address B, normally a gateway to the data will walk Router 1, the data with B Gateway will go to Router 2, if one router fails, all data will go to another router.
3. Definition of Agreement
3.1 Ethernet Head
The source MAC address must be a virtual MAC address: 00-00-5e-00-01-{Vrid},vrid is a virtual router ID value, 16 binary format, so there are up to 255 VRRP routers in the same network segment; The destination Mac is a multicast type Mac.
It's very important to see vrid here.
3.2 IP Header Parameters
The source address of the VRRP package is a native address, the destination address must be 224.0.0.18, the TTL value for the IP protocol number 112;IP packet must be 255.
which
Version: Versions, 4-bit, defined as 2 in RFC3768;
Type: 4-bit, currently only one class type is defined: advertised data, with a value of 1;
Vsan ID: Virtual router id,8 bit
Priority: Prioritized, 8-bit, with redundant IP addresses for devices with a priority of 255;
The number of IP addresses in the Count IP ADDRS:VRRP packet, 8 bits;
Auth Type: Authentication type, 8-bit, RFC3768 authentication function has been canceled, this field value definition 0 (not certified), 1, 2 only as the old version of compatibility;
Adver INT: Notification packet send interval time, 8 bits, Unit is seconds, default is 1 seconds;
Checksum: Checksum, 16-bit, checksum data range is just VRRP data, that is, data starting from the VRRP version field, not including the IP header;
IP address (es): The number of IP addresses associated with the virtual router, determined by the count IP Addrs
This field is defined in authentication data:rfc3768 only for compatibility with older versions and must be set to 0.
3.4 must check when receiving data
When you receive the VRRP packet, the following validation occurs, and the packets that are not satisfied are discarded:
-The TTL must be 255;
-The VRRP version number must be 2;
-The data field in a package must be complete;
-The checksum must be correct;
-You must verify that the Vrid value is configured on the received NIC, and that the local router is not the owner of the routed IP address
-Must verify that the VVRP authentication type and configuration are consistent;
4. Conclusion
VRRP implementation of the router IP address redundancy, to prevent a single point of failure caused by network failure, VRRP itself is a hot standby form, but can be mutually hot standby router equalization processing, the new version of the VRRP older version simplifies the authentication process, the actual no data authentication, This is because authentication often occurs in real-world applications as an exception that causes multiple master to be used simultaneously.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.