With the development of the Internet, people have higher and higher requirements for network reliability. Especially for end users, it is very important to be able to keep in touch with the rest of the network in real time. However, most networks rely on single-gateway systems:
Under normal circumstances, the host can completely trust the work of the gateway, but when the gateway is broken, the communication between the host and the outside world will be interrupted. To solve the problem of network interruption, it can be solved by adding a gateway. However, since most hosts only allow one default gateway to be configured, the network administrator needs to manually intervene in the network configuration so that the host can use the new gateway for communication; Sometimes, people use dynamic routing protocol methods to solve the problem of network failure, such as running RIP, OSPF, etc., or using IRDP. However, these protocols cannot meet the needs of users due to their complicated configuration or poor security performance.
In order to better solve the problem of network interruption, network developers proposed VRRP, which neither needs to change the networking situation nor do any configuration on the host, but only needs to configure a few commands on the relevant routers. The backup of the next-hop gateway can be realized without any burden on the host. Compared with other methods, VRRP is more able to meet the needs of users.
Overview of VRRP
VRRP combines several routing devices to form a virtual “routing device”, and uses a certain mechanism to ensure that when the next-hop routing device of the host fails, the service can be switched to the backup routing device in time, so as to maintain the continuity of communication and reliability.
VRRP divides a group of routers in the LAN together to form a VRRP backup group, which is equivalent to a virtual router in function and is identified by the virtual router number. The following description uses virtual routers instead of VRRP backup groups.
The virtual router has its own virtual IP address and virtual MAC address, and its external appearance is exactly the same as that of the actual physical router. The host in the LAN sets the IP address of the virtual router as the default gateway, and communicates with the external network through the virtual router.
- VRRP routers: routers that run the VRRP protocol, such as R1 and R2. VRRP is configured on the interface of the router, and it also works based on the interface.
- VRID: A VRRP group (VRRP Group) is composed of multiple routers (interfaces) working together, and is identified by the same VRID (Virtual Router Identifier). Routers belonging to the same VRRP group exchange VRRP protocol packets to generate a virtual “router”. Only one master router can appear in a VRRP group
- Virtual router: VRRP abstracts a virtual “router” (Virtual Router) for each group. The router is not a real physical device, but a logical device virtualized by VRRP. A VRRP group only generates one virtual router.
- Virtual IP address and virtual MAC address: The virtual router has its own IP address and MAC address. The IP address is specified by the network administrator when configuring VRRP. A virtual router can have one or more IP addresses. This address serves as the gateway address. The format of the virtual MAC address is “0000-5e00-01xx”, where xx is the VRID.
- Master router: The “Master router” undertakes the packet forwarding task in a VRRP group. In each VRRP group, only the Master router will respond to the ARP Request for the virtual IP address. The master router periodically sends VRRP packets at a certain interval to notify the backup routers in the same VRRP group about its own survival.
- Backup Router: Also known as Backup Router. The backup router will listen to the VRRP packets sent by the master router in real time, and it is ready to take over the work of the master router at any time.
- Priority: The priority value is the basis for electing the Master router and the Backup router. The priority value ranges from 0 to 255. The higher the value, the higher the priority. If the values are equal, the interface IP addresses are compared, and the higher value takes precedence.
Election of Master Router
VRRP determines the role of each router in the virtual router (Master router or Backup router) based on priority. The higher the priority, the more likely it will become the Master router.
The initially created router works in the Backup state, and learns the priorities of other members in the virtual router through the interaction of VRRP packets:
- If the priority of the master router in the VRRP packet is higher than its own priority, the router remains in the Backup state;
- If the priority of the master router in the VRRP packet is lower than its own priority, the router using the preemptive mode will preempt to become the master state and periodically send VRRP packets, and the router using the non-preemptive mode will remain in the Backup state;
- If no VRRP packet is received within a certain period of time, the router switches to the Master state.
The value range of VRRP priority is 0 to 255 (the larger the value, the higher the priority), the configurable range is 1 to 254, the priority 0 is reserved for the router to give up the master position, and 255 is reserved by the system For use by IP address owners. When the router is the IP address owner, its priority is always 255. Therefore, when there is an IP address owner in the virtual router, as long as it works properly, it is the Master router.
Advertisement of Master Router Status
The master router periodically sends VRRP packets to announce its configuration information (priority, etc.) and working status in the virtual router. The backup router determines whether the master router works normally by receiving VRRP packets.
When the master router voluntarily relinquishes the master status (for example, when the master router exits the virtual router), it will send a VRRP packet with a priority of 0, causing the backup router to quickly switch to the master router. The switching time is called Skew time, and the calculation method is: (256 – the priority of the Backup router)/256, and the unit is seconds.
When the master router has a network failure and cannot send VRRP packets, the backup router cannot immediately know its working status. After the backup router waits for a period of time, if it has not received VRRP packets, it considers that the master router cannot work properly, and upgrades itself to the master router to periodically send VRRP packets. If multiple backup routers compete for the position of the master router at this time, the master router will be elected by priority. The default waiting time of the Backup router is called Master_Down_Interval, and the value is: (3 × interval for sending VRRP packets) + Skew time, in seconds.
In a network whose performance is not stable enough, the Backup router may not receive the message from the Master router during the Master_Down_Interval due to network congestion, but proactively preempts the Master position. If the message from the original Master router arrives again at this time, it will appear The members of the virtual router frequently preempt the master. In order to alleviate the occurrence of this phenomenon, a delay waiting timer is specially formulated. It can make the Backup router wait for the delay waiting time after waiting for the Master_Down_Interval. If no VRRP packets are received during this period, the backup router will switch to the master router and send VRRP packets to the outside world.
Typical VRRP Networking Cases
By creating multiple virtual routers, each physical router plays a different role in different VRRP groups, and the Virtual IPs of different virtual routers are used as different intranet gateway addresses to implement traffic forwarding load balancing.
Master and Backup
VRRP can track the status of the uplink port. When the device senses that the uplink port or link is faulty, it can actively reduce the VRRP priority, so as to ensure that the backup device with a normal uplink link can switch to the master state through election to guide packet forwarding.
VRRP with BFD
By configuring the linkage between VRRP and BFD, when the backup device detects a fault through BFD, it does not wait for the Master_Down_Timer timer to expire, but switches to the VRRP state immediately after the BFD detection period.