keepalived principle and actual combat intensive--VRRP Agreement
Source: Internet
Author: User
1. Foreword
The VRRP (Virtual Router redundancy Protocol) protocol is a protocol for implementing router redundancy, the latest protocol is defined in RFC3768, the original definition RFC2338 is abolished, and the new protocol simplifies some functions.
2. Description of the agreement
2.1 Protocol
The VRRP protocol is a primary standby protocol designed to eliminate the network failure caused by the default router's single point fault in the static default routing environment, so that the internal and external data communication can not be affected when the equipment function is switched in the event of failure, and the network parameters of the inner network need not be modified. VRRP protocol needs to have IP address backup, priority routing, reduce unnecessary communication between routers and other functions.
VRRP protocol will be two or more router devices virtual into a device, the external provision of virtual router IP (one or more), and within the router group, if the actual use of this external IP router if the work is normal, is master, or by the algorithm election, Master implements various network functions for the IP of the virtual router, such as ARP request, ICMP, data forwarding, etc. other devices do not own the IP, the state is backup, in addition to receiving master's VRRP status notification information, do not perform external network functions. When the host fails, backup takes over the network capabilities of the original master.
Configuring the VRRP protocol requires that you configure the virtual router IDs (Vrid) and priority values for each router, use Vrid to group routers, routers with the same Vrid value are the same group, Vrid is a positive integer of 0~255 The routers in the same group elect master by using the priority value, the priority is master, and the priority is a 0~255 positive integer.
The VRRP protocol uses multicast data to transmit VRRP data, VRRP data uses a special virtual source MAC address to send data instead of its own network card's MAC address, VRRP runtime only the master router sends VRRP notification information at regular intervals, Indicates that master is working properly and the virtual router IP (group), backup only receives VRRP data, does not send data, if a certain period of time did not receive Master's notification information, each backup will announce itself as Master, send notification information, Restart the master election status.
2.2 Master Election
If the external virtual router IP is the router itself configured IP address, the router is always master;
Otherwise, if you do not have a virtual IP, will be the master election, each router has declared itself master, send VRRP notification information;
If you receive notification messages from other machines that have higher priority than yourself, you will revert back to backup status.
If the priority is equal, the higher priority of the actual IP,IP value of the router is compared;
However, if the external virtual router IP is the router's own IP, the router will always be master, when the priority value is 255.
2.3 Protocol State Machine
VRRP protocol state is relatively simple, in three states, initialization, host, backup machine.
+---------------+
+--------->| |<-------------+
| | Initialize | |
| +------| |----------+ |
| | +---------------+ | |
| | | |
| V V |
+---------------+ +---------------+
| |---------------------->| |
| Master | | Backup |
| |<----------------------| |
+---------------+ +---------------+ Copy Code
Class
When the router is started, if the router has a priority of 255 (the highest priority, the router has the router address), send the VRRP notification information, and send the broadcast ARP information to the router IP address of the corresponding MAC address for the routing virtual Mac, set the notification information timer ready to send VRRP notification information to master State;
Otherwise go into backup state, set timer Check to check whether receive master notice information.
Host:
The router in the host State completes the following functions:
Setting timer for timing notification;
Using VRRP virtual MAC address to respond to ARP request of router IP address;
Forwarding Purpose Mac is a VRRP virtual Mac packet;
If the owner of the virtual router IP, will accept the destination address is a virtual router IP packet, otherwise discarded;
When the Shutdown event is received, the timer is deleted and the notification packet with priority level 0 is sent to initialize the state;
If timed notification timer timed out, send VRRP notification information;
When received VRRP notification information, if the priority is 0, send VRRP notice information, otherwise judge the priority of the data is higher than the local, or equal and the actual IP address is greater than the actual IP, set timer notification timer, reset the host timeout timer, to backup status; otherwise, discard the notice packet;
Standby machine:
The router in the standby state implements the following functions:
Set the host timeout timer;
Cannot respond to ARP request information for virtual router IP;
Discard all destination MAC address is a virtual router MAC address packet;
Does not accept all packets that are intended to be a virtual router IP;
When the Shutdown event is received, the host timeout timer is deleted and the initialization state is initialized;
When the host timeout timer times out, send VRRP notification information, broadcast ARP address information, turn master State;
When receiving the VRRP notification information, if the priority is 0, to enter the master election, otherwise the priority of the data is higher than the local, if the high recognition of master effective, reset the host timeout timer, otherwise, discard the notification package;
2.4 ARP Query processing
When the internal host through the ARP query virtual router IP address of the corresponding MAC address, the master router reply MAC address is virtual VRRP MAC address, rather than the actual network card MAC address, so that when the router switch so that the intranet machine is not aware; and when the router restarts, You cannot actively send the actual MAC address of the native network card. If the virtual router opens the ARP Proxy (proxy_arp) function, the proxy ARP response also responds to the VRRP virtual MAC address;
2.5 VRRP Application Examples
+-----------+ +-----------+
| RTR1 | | RTR2 |
| (MR vrid=1) | | (BR vrid=1) |
| (BR vrid=2) | | (MR vrid=2) |
Vrid=1 +-----------+ +-----------+ vrid=2
IP A---------->* *<----------IP B
| |
| |
------------------+------------+-----+--------+--------+--------+--
^ ^ ^ ^
| | | |
(IP A) (IP A) (IP B) (IP B)
| | | |
+--+--+ +--+--+ +--+--+ +--+--+
| H1 | | H2 | | H3 | | H4 |
+-----+ +-----+ +--+--+ +--+--+
Legend:
---+---+---+--= Ethernet, Token ring, or FDDI
H = Host Computer
MR = Master Router
BR = Backup Router
* = IP Address
(IP) = Default router for hosts copy code
This is usually VRRP use topology, two routers run VRRP for backup, Router 1 as Vrid Group 1 MASTER,IP address A,vrid Group 2 backup, Router 2 as Vrid Group 2 MASTER,IP address B,vrid Group 1 backup, The default gateway address for some machines in the internal network is IP address A, part is IP address B, under normal circumstances with a gateway data will go Router 1, with B as the gateway data will go Router 2, if a router failure, all data will go to another router.
3. Agreement definition
3.1 Ether Head
The source MAC address must be a virtual MAC address: 00-00-5e-00-01-{Vrid},vrid is a virtual router ID value, 16 in-system format, so there are up to 255 VRRP routers in the same network segment; The destination Mac is a Mac of multicast type.
Here you can see that Vrid is very important.
3.2 IP Header Parameters
The source address of the VRRP package is the native address, the destination address must be 224.0.0.18, a multicast address, and the TTL value for the IP protocol number 112;IP package must be 255.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
