VRRP vro redundancy protocol

VRRPVirtualRouterRedundancyProtocol is a fault tolerance protocol. Generally, a default route is set for all hosts in a network. In this way, packets sent from the host with a destination address not in this segment are sent to the router through the default route, thus, the communication between the host and the external network is realized. When a router fails, all the hosts with the routeentry as the default route in this section will be disconnected from external communication, resulting in a single point of failure. VRRP is designed for LAN with multicast or broadcast capabilities, such as Ethernet. VRRP organizes a group of routers in the LAN, including a Master (active router) and several backups (Backup router), into a virtual router, which is called a Backup group. The vro has its own ip address 10.100.10.1 which can be the same as the interface address of a vro in the backup group. The same ip address is called the ip address owner ), vrouters in the Backup group also have their own IP addresses, for example, the Master IP address is 10.100.10.2 and the Backup IP address is 10.100.10.3 ). The host in the LAN only knows the IP address 10.100.10.1 of the virtual router, but does not know the IP address 10.100.10.2 of the specific Master router and the IP address 10.100.10.3 of the Backup router. [1] They set the next hop address of their default route to the IP address 10.100.10.1 of the vro. As a result, the host in the Network communicates with other networks through this virtual router. If the Master router in the Backup group breaks down, the Backup router selects a new Master router through the election policy and continues to provide routing services to the hosts in the network. In this way, the hosts in the network can communicate with the external network continuously.

650) this. width = 650; "title =" 3mc@w.xmkw.mongoj@fjew.sl8'bw.k.jpg "src =" http://www.bkjia.com/uploads/allimg/131227/04220R1A-0.jpg "alt =" 224515544.jpg"/>

650) this. width = 650; "title =" F1] ~ 6q_gvky1_(uz('j3kh(9.jpg "src =" http://www.bkjia.com/uploads/allimg/131227/04220V0K-1.jpg "alt =" 224654105.jpg"/>

Working Principle

A vrrp router has a unique identifier: VRID in the range of 0 to. This router acts as a unique virtual MAC address, the address format is 00-00-5E-00-01-[VRID] The Master router is responsible for responding to ARP requests using this MAC address, ensure that the terminal device has the only consistent IP address and MAC address, and reduce the impact of switching on the terminal device [3] VRRP Control Packet only has one: VRRP announcement (advertisement) it uses IP multicast data packets for encapsulation. The Group address is 224.0.0.18, the release range is limited to the same LAN. This ensures that VRID can be reused in different networks. To reduce network bandwidth consumption, only the master router can periodically send VRRP messages to the backup router. if no VRRP is received within the notice interval or a notice with a priority of 0 is received, start a new round of VRRP election [3] In the VRRP router group, select the master Router Based on the priority. In VRRP, the priority range is 0-255. If the IP address of the VRRP router is the same as that of the virtual router interface, the vro is called the IP address owner in the VRRP group; the IP address owner automatically has the highest priority: 255 priority 0 is generally used when the IP address owner voluntarily waives the master role. The configurable priority range is 1-. The configuration principle can be used based on the link speed and cost, router performance and reliability, and other management policies. setting the election of the master router, A high-priority vro wins. Therefore, if there is an IP address owner in the VRRP group, it will always act as the role of the master route for candidate routers with the same priority, VRRP is selected sequentially Based on the IP address size and provides a priority Preemption Policy. if this policy is configured, A high-priority backup router will deprive the current low-priority master router and become a new master router [3]. To ensure the security of the VRRP Protocol, two security authentication measures are provided: plaintext authentication and IP header authentication: When you join a VRRP router group, you must provide the same VRID and plaintext password to avoid configuration errors in the LAN, however, it cannot prevent attacks such as packet replay and modification by providing higher security by obtaining password and IP header Authentication through network listening.