VRRP is a fault-tolerant protocol that ensures that when the next hop router of the host fails, it can be replaced by another router in a timely manner to maintain the continuity and reliability of communication.
VRRP simulates multiple physical routers into one virtual router by means of interactive packets. The host on the network communicates with the virtual router. Once a physical router in the VRRP group fails, other routers will automatically take over.VRRPThree states:
Initial status (Initialize): this status is entered when the vro is started. Data is switched through VRRP and enters other statuses. Active status (Master): a status Backup status (Backup) of the current forwarded data packet determined by the router in the VRRP group after VRRP Packet Exchange ): the VRRP packet in the VRRP group is determined to be in the listening state after the VRRP packet is switched. The VRRP packet is a multi-broadcast packet, and the MASTER router regularly sends an announcement about its existence, VRRP packets can be used to detect vro parameters for primary router election.
VRRP packets are carried over IP packets and use Protocol No. 112
The IP address used for VRRP packets is 224.0.0.18.
The message format is as follows:
| Version |
Type |
VRID |
Priority |
Count IP Addrs |
| Auth Type |
Adver Int |
Checksum |
| IP Address (1) |
| ... |
| IP Address (n) |
| Authentication Data (1) |
| Authentication Data (2) |
Key Attribute Version of VRRP packets: VRRP Protocol Version number Type: Type of VRRP packets. There is only one type in version 2: 1-ADVERTISEMENT any unknown type will be discarded. Vroid ID: Virtual Router ID, used to identify vrouters belonging to the same VRRP group. Priority: used for MASTER selection. Priority is given priority. If the priority is the same, default priority is given when the main IP address of the interface is large, the priority of the master router with the VRRP address is 255, the priority of the router in the Backup state is 1-254, and the default priority is 100. Priority 0 indicates that the current primary router no longer participates in the VRRP group. Generally, it is used to stop the Master router immediately, so that the original vrobackup in the Backup status does not need to wait for the Master router to time out, quickly switch to the Master status. Count IP Address: number of IP addresses included in VRRP notification packets. Auth Type: VRRP Authentication Type. RFC2338 requires three types: 0-No Authentication (No Authentication) 1-Simple Text Password (Simple plaintext Authentication) 2-IP Authentication Header (MD Authentication)
Vrrp two important time parameters
Advertisement_Interval: The primary router sends Vrrp notification packets according to the interval defined by Advertisement_Interval. The default value is 1 s. you can manually configure the backup router, but it must be with the primary router. You can also learn the time interval from the primary router. master_Down_Timer: The interval at which the Backup router considers the Master router to be down. by default, it is three times the interval between VRRP messages.
Vrrp Technology Application in actual production environments-redundant gateway devices
In the actual production environment, the use of the Spanning Tree Protocol can only achieve link-level backup, but cannot achieve gateway-level backup. The combination of MSTP and VRRP can achieve both link backup and gateway-level backup, this greatly improves the robustness of the network.
For example
Configuration Requirements: vlan 10 uses SW1 as the root bridge, and the VRRP Master is also on SW1. vlan 20 uses SW2 as the root bridge, and the VRRP Master is on sw2. An important principle for VRRP + MSTP configuration is: When MSTP and VRRP are configured and used in combination, note that the root bridge of each VLAN and the VRRP Master must be kept on the same layer-3 switch.
VSS-Virtual Switching System
Core of VSS technology is Cisco's latest flagship routing exchange device, Catalyst 6500, VS-Sup720-10G routing exchange engine, its Virtual Switching connection (VSL) Establishment and Management, the virtual switch system presents other nodes in the network as a single device (unique MAC address, unique IPv4 address), and all ports are managed in one network element. In the network design based on VSS technology, to provide redundancy for physical connections, any access layer device still needs to be connected to two different devices in the same VSS system, however, because VSS technology supports cross-Chassis link bundling (MEC), it is still a physical device in the access layer. The MEC technology is irrelevant to the link bundling technology used by users. MEC supports industry-standard 802.1ad link bundling protocols and the PAgP Protocol extended by Cisco. No matter what link binding protocol is used between the access layer device and the VSS device, no Spanning Tree Protocol is required. during normal operation, data passes through any link in the MEC
When considering network reliability, network administrators usually use redundant devices, redundant links, and related L3/L2 layers to ensure management costs and configuration complexity. The Virtual Switching system simplifies the network by reducing the number of network devices and simplifying the management of redundant devices and links.
The Virtual Switching System uses the MEC multi-Chassis channel technology to reduce the 3-layer routing neighbor and 2-layer no-ring topology, simplifying network configuration and operations.
When an interconnected switch connects to the VSS, it is connected to the two switches in the VSS system through the common Ethernet channel (EtherChannel) technology. VSS uses the MEC technology to implement redundancy and load balancing on the bundled logical port. The MEC technology makes a vswitch seem to be connected to a vswitch. A non-circular L2 network structure is formed between the VSS and the downlink switch without the need to generate the Tree Protocol. VSS can also simplify the L3 network topology by reducing the layer-3 route neighbors.
When you create and enable a VSS, the two VSS member devices negotiate with each other, one of which will become Active and the other will become standby. The Active device controls VSS and runs Layer 2 and Layer 3 control protocols for all modules of the two devices, that is, only the control plane of the master device works, the data plane of both devices works. Standby devices send control traffic over VSL (Virtual Switching link) to active devices for unified processing. VSL is a special link used to transmit control information and data between two devices in a VSS system. VSL can bind up to eight 10GE physical links.
In VSL, control information has a higher priority than normal data, which ensures control information transmission and integrity. Data in VSL is load balanced using Etherchannel technology. In the VSS system, the standby device uses VSL to monitor active devices. Once an active fault is detected. The standby device switches itself to active status.
VSS System engine redundancy mode: SSO/NSF and RPR.
The switch time In SSO mode can be measured in milliseconds.
Sequence of startup behaviors of the VSS System
1. The two VSS members copy the VSS-related configuration to the SP configuration;
2. When SP software is started, vss initializes all modules with VSL interfaces, initializes VSL interfaces, and uses LMP (Link Management Protocol) detection of VSL link survival and the presence of peer
3. If VSL is disconnected, the peer does not exist. The system defines its role as ACTIVE and starts the instance.
4. If the peer is alive, the role is negotiated with RRP (the role determines the protocol). If the VSS priority is configured, the highest priority is ACTIVE, the lower is in the STANDBY status.
5, if the priority is not configured, the small VSS-SW-ID number is ACTIVE, the large is STANDBY, such as SW1, and SW2 is STANDBY
The standby status device sends the virtual exchange information in the startup-config file to the active device. The active device determines the Virtual Switching domain, the Virtual Switching contacts, the switch priority, the switch preemptible parameter, and the VSL identifier, number of VSL instances, power redundancy mode, and Power Parameter consistency of the VSL module. If they are consistent, the SSO redundancy mode is enabled. Otherwise, the RPR redundancy mode is enabled.
6. synchronous configuration and application of active devices to standby Devices
7. If a preemptible device with a high priority is enabled, the device will become the master device after the preemptible timer (15 minutes by default) expires, the original master device automatically restarts and becomes a slave device.
8. When the role is stable, the configuration priority and preemption will not take effect immediately. They will take effect only when the role is restarted.
VSL Link
VSL transmits data traffic and controls traffic. All traffic passing through VSL is encapsulated with a 32-byte header, including the input and output switch port indexes, VLAN numbers, COS values, and other information.
Layer-2 protocols supported on VSL include STP, VTP, and Etherchannel control protocols (LACP, PAGP). It supports all layer-3 routing protocols and multicast.
VSL can also transmit system data, such as Netflow output data and SNMP data of standby devices, VSL supports all SPAN protocols, and SPAN of all non-VSL Interfaces
The traffic load mode on VSL is calculated based on the Etherchannel load mode. The default value is source-destination-IP.
VSL link problems
As long as the VSL link is not completely disconnected, information interaction and data transmission between the master and slave hosts are not affected, it will not affect the stability of the role between the master and slave machines (because VSS uses the adptive channel load balancing algorithm automatically, the recovery is faster)
If the entire VSL link is disconnected, the two VSS members are active-active, and communication is interrupted.
The dual-active detection mechanism can be used to prevent the emergence of Dual-active problems and ensure the stability of the master and slave roles.
There are three active-active detection mechanisms:
Add PAGP Mode
Ip bfd (Bidirectional Forwarding Detection)
Quick HELLO
If dual-active detection determines that a dual-active condition exists, the original master device places itself in recovery mode and closes all non-VSL ports (some specific interfaces can be excluded from being disabled ), ensure that the communication is not affected. After the VSL link is restored, it will automatically restart and re-determine the active/standby status.
Three detection mechanisms can be used at the same time. We recommend that you add PAGP and quick HELLO mode for CISCO. The above is my understanding of the two technologies, subsequent articles will use actual projects to describe the configuration and application of the two.
Author gaby blog
