vrrp-Virtual Routing Redundancy Protocol

VRRP Full name Virtual Router redundancy Protocol, which is the VPN protocol.

Protocols that implement routers that are highly available,

Principle: The router that will provide the same function for n sets a router group, there is a master and several backup,master above a VIP (the default route for the other machines in the LAN that the route resides on is the VIP), master will send multicast, When backup does not receive the VRRP package, it is assumed that master is down, and it is time to select a backup as the new master based on the priority of the VRRP. This enables routers to be highly available.

Specific application keepalived

VRRP Virtual Router Redundancy protocol

VRRP (virtualrouterredundancyprotocol, Virtual Routing Redundancy Protocol) is a fault-tolerant protocol. Typically, all hosts in a network have a default route, so that messages sent by the host that are not in this segment will be routed through the default route to router Routera, thus enabling the host to communicate with the external network.

AD:

VRRP (virtualrouterredundancyprotocol, Virtual Routing Redundancy Protocol) is a fault-tolerant protocol. Typically, all hosts in a network have a default route, so that messages sent by the host that are not in this segment will be routed through the default route to router Routera, thus enabling the host to communicate with the external network. When the router Routera is broken, all the hosts in this network segment with Routera as the default route next hop will be disconnected from the external communication to generate a single point of failure. VRRP is to solve the above problems, it is to have multicast multicast or broadcast capability of the local area network (such as: Ethernet) design.

The VRRP organizes a set of routers for a LAN (including a master-active router and several backup-as-a-back routers) into a virtual router called a backup group.   This virtual router has its own IP address 10.100.10.1 (this IP address can be the same as the interface address of one of the routers in the backup group, the same as the IP owner), and the routers within the backup group have their own IP addresses (such as the IP address of master The IP address of the 10.100.10.2,backup is 10.100.10.3). The host in the LAN only knows the IP address of this virtual router 10.100.10.1, but does not know the specific master router's IP address 10.100.10.2 and the backup router's IP address 10.100.10.3. [1] They set their default route to the next-hop address to the IP address of the virtual router 10.100.10.1. Thus, the host in the network communicates with other networks through this virtual router. If the master router in the backup group is broken, the backup router will select a new master router through an election policy and continue to provide routing services to hosts within the network. This enables the hosts within the network to communicate with the external network without interruption.

Working principle

A VRRP router has a unique identity: Vrid, with a range of 0-255 the router behaves as a unique virtual MAC address, the address is in the format 00-00-5e-00-01-[vrid] The master router is responsible for answering the ARP request with the MAC address so that, regardless of switching, Guaranteed to end devices are the only consistent IP and MAC addresses, reducing the effect of switching on end devices [3]

There is only one VRRP control message: VRRP notification (advertisement) it is encapsulated with an IP multicast packet with a group address of 224.0.0.18, the release scope is only Limited to the same LAN this ensures that the Vrid can be reused in different networks in order to reduce network bandwidth consumption only the primary control router can periodically send VRRP notification messages backup routers start a new round of VRRP elections after three consecutive notification intervals, or receive a priority 0 announcement [3 ]

In the VRRP router group, the host router is elected by priority, and the priority range in the VRRP protocol is 0-255 if the IP address of the VRRP router and the interface IP address of the virtual router are the same, the virtual router is said to be the IP address owner in the VRRP group; The P address owner automatically has the highest priority: 255 priority 0 is typically used when the IP address owner actively abandons the master role using a configurable priority range of 1-254 priority configuration principles can be based on the speed of the link and the cost of router performance and reliability and other management policies to set the main control router election, A high-priority virtual router wins, so if there is an IP address owner in the VRRP group, then it always appears as the master routing role for the same priority candidate routers, the election of VRRP in the IP address size order also provides a priority preemption policy, if the policy is configured, A high-priority backup router robs the current low-priority master router and becomes the new master router [3]

In order to ensure the security of VRRP protocol, two kinds of security authentication measures are provided: Clear text authentication and IP header authentication method requirements: When joining a VRRP router group, the same vrid and plaintext password must be provided to avoid configuration errors in LAN. But does not prevent the network listens to obtain the password IP header authentication Way provides the higher security, can prevent the message replay and the modification and so on attack

vrrp-Virtual Routing Redundancy Protocol