Login
- Released At: 08-05-2025
- Page Views:
- Downloads:
- Table of Contents
- Related Documents
-
|
|
|
VRRP Technology White Paper |
|
|
|
|
|
|
Copyright © 2025 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
This document provides generic technical information, some of which might not be applicable to your products.
The information in this document is subject to change without notice.
Contents
Introduction to virtual router
Virtual MAC address assignment
Packets in VRRP load balancing mode
Backup's monitoring of the master state
Load balancing with multiple VRRP groups
Master's monitoring of uplinks through BFD/NQA
Backup's monitoring of master state through BFD
Overview
|
|
NOTE: The term "router" in this document refers to routers or switches that act as gateways in the network. |
Background
With the development of the Internet, users have higher requirements on network reliability. It is very important to keep contact with other devices on a network especially for end users. As shown in Figure 1, typically a host communicates with the external networks through the default gateway. The host sends the packets accessing the external network to the gateway. The gateway then forwards the packets to the external network, achieving communication between the host and the external network.
When the gateway fails, all the hosts using the gateway as the default next-hop router fail to communicate with the external networks. A common way to improve system reliability is to use more egress gateways. However, most hosts can only be configured with one default gateway. In case that a default gateway fails, you need to manually configure another default gateway for the hosts that originally use the failed gateway, so that the hosts can continue to communicate with the external networks. You can also use a dynamic routing protocol such as Routing Information Protocol (RIP) or Open Shortest Path First routing protocol (OSPF), or ICMP Router Discovery Protocol (IRDP) to solve the problem. However, these protocols cannot satisfy users’ needs due to their complicated configuration or low security guarantee.
Benefits
VRRP is an error-tolerant protocol. With VRRP deployed on a network, if the next-hop router of hosts fails, another router will take it over to ensure continuous and reliable network communication.
VRRP has the following advantages:
· Simplified network management—Deploying VRRP on multicast and broadcast LANs such as Ethernet, you can ensure that the system can still provide highly reliable default links without changing configurations (such as dynamic routing protocols or route discovery protocols) when a device fails, and prevent network interruption due to a single link failure.
· High adaptability—A VRRP packet is encapsulated in an IP packet, and supports different kinds of upper layer protocols.
· Low network overhead—VRRP defines only one packet type, VRRP advertisement, and only the master in a VRRP group can send VRRP advertisements.
Introduction to VRRP
Concepts
· Virtual router—It consists of a master and several backups. Every host on the LAN takes the virtual router as the default gateway.
· VRID—Virtual router identifier. A group of routers with the same VRID form a virtual router.
· Master—The router that forwards packets in a virtual router.
· Backup—The router that can take the responsibility of the master when the master fails.
· Virtual forwarder—You must create a virtual forwarder (VF) on the routers in a VRRP group in load balancing mode to forward host traffic.
· Virtual IP address—IP address of the virtual router. A virtual router can have one or multiple IP addresses.
· IP address owner—The router whose interface IP address is the same as the virtual IP address.
· Virtual MAC address—The values for virtual MAC addresses are as follows:
¡ In VRRP standard mode, a virtual router has one virtual MAC address. In an IPv4 network, the format of a virtual MAC address is 00-00-5E-00-01-{VRID}. In an IPv6 network, the format of a virtual MAC address is 00-00-5E-00-02-{VRID}.
¡ In VRRP load balancing mode, a virtual router has one virtual MAC address. In an IPv4 network, the format of a virtual MAC address is 00-0F-E2-FF-0{VRID}{VFID}. In an IPv6 network, the format of a virtual MAC address is 00-0F-E2-FF-4{VRID}{VFID}.
· Priority—VRRP determines the role (master or backup) of each router in a virtual router by priority.
Introduction to virtual router
VRRP combines a group of routers (including a master and multiple backups) on a LAN into a VRRP group. The VRRP group functions as a virtual router, and is identified by a virtual router ID. A virtual router (VRRP group) has the following features:
· A virtual router has its own virtual IP address and MAC address. Every host on the LAN takes the IP address of the virtual router as its default gateway and communicates with the external networks through the virtual router.
· A virtual router consists of multiple physical routers including a master and several backups. When the master works normally, the hosts on the LAN communicate with the external networks through the master; when the master fails, one of the backups becomes the master to forward packets, as shown in Figure 2.
Figure 2 Network diagram for a virtual router
VRRP working process
VRRP works as the following:
· The routers in a virtual router elect the master based on their priorities. The master sends a gratuitous ARP packet to notify the devices and hosts connected to it of its virtual MAC address, and is responsible for forwarding packets.
· The master sends VRRP advertisements periodically to advertise its configuration information (for example, its priority) and working status.
· If the master fails, the backups in the virtual router elect a new master based on their priorities.
· When the master in a virtual router is changed, the new master sends a gratuitous ARP packet carrying the virtual router MAC address and IP address to update the ARP-related information of the hosts or devices connected to it. The hosts in the network cannot detect the change of the master.
· If the priority of a backup is higher than that of the master, whether a new master needs to be elected depends on the working mode of the backup (preemptive or non-preemptive).
¡ Non-preemptive mode—The backup working in non-preemptive mode remains as a backup as long as the master does not fail. The backup will not become the master even if the former is configured with a higher priority.
¡ Preemptive mode—The backup working in preemptive mode compares the priority in the packet with that of its own when a backup receives a VRRP advertisement. If its priority is higher than that of the master if preempts as the master; otherwise, it remains a backup.
To sum up, to ensure normal working of the master and backups in a virtual router, VRRP needs to implement the following functions:
· Master election
· Master state advertisement
· Authentication to enhance security
Master election
A router in a virtual router works as a backup after it is created, and it gets the master priority by receiving VRRP advertisements.
· If the master priority in the VRRP advertisement is higher than the priority of the router, the router remains as a backup.
· If the master priority in the VRRP advertisement is lower than the priority of the router, when the router works in preemptive mode, it becomes the master to periodically send VRRP packets; when the router works in non-preemptive mode, it remains as a backup.
· If the router does not receive a VRRP advertisement in a certain period, it becomes the master.
VRRP priority is in the range of 0 to 255. A bigger number means a higher priority. Priorities 1 to 254 are configurable. Priority 0 is reserved for master that releases its master responsibility, and priority 255 for the IP address owner. When a router acts as the IP address owner, its priority is always 255. That is, if there is an IP address owner in a virtual router, it acts as the master as long as it works properly.
When multiple masters exist in a VRRP group due to a network failure, they elect a master based on the priorities and the IP addresses of the interfaces configured for the VRRP group. The router with higher priority becomes the master. The router with the lower priority becomes the backup. If two routers have the same priority, the router with higher interface IP address becomes the master.
Master state advertisement
The master in a virtual router sends VRRP advertisements periodically to inform the other routers in the virtual router of its configuration information (for example, priority) and working status. The backups judge whether the master works normally according to the advertisements received.
The master can release responsibility of a master by sending a VRRP advertisement with priority being 0 to trigger to trigger an immediate master election among backups. The time used for the election is called Skew time, in seconds, and is calculated as ((256 – Priority)/256).
If the master fails and cannot send VRRP advertisements, a backup cannot know the state of the master immediately; it waits for a period of time, and if it still receives no advertisements from the master, it considers that the master fails and assumes itself as the master. If at this time, multiple backups compete for becoming the master, a master election is triggered. The time interval for the backups to declare master down is called Master_Down_Interval, in seconds, and is calculated as (3 × Advertisement_Interval) + Skew time.
On an unstable network, a backup might fail to receive the packets from the master in Master_Down_Interval due to network congestion, thus causing the members in the virtual router to change their states frequently. This problem can be addressed through setting the VRRP preemption delay timer. With the VRRP preemption delay timer set, if a backup receives no advertisement in Master_Down_Interval and then the preemption delay, it considers that the master fails. In this case, it assumes itself as the master and sends VRRP advertisements.
You can configure the VRRP preemption delay timer for the following purposes:
· Avoid frequent state changes among members in a VRRP group.
· Provide the backups with enough time to collect information (such as routing information).
After you configure the preemption delay timer, a backup does not immediately become the master after it receives an advertisement with lower priority than the local priority. Instead, it waits for expiration of the preemption delay timer before taking over as the master.
Authentication modes
VRRP provides three authentication modes:
· No authentication—No authentication is performed for any VRRP packet, without security guarantee.
· Simple text authentication—You can adopt the simple text authentication mode in a network facing possible security problems. A router sending a VRRP packet fills an authentication key into the packet, and the router receiving the packet compares its local authentication key with that of the received packet. If the two authentication keys are the same, the received VRRP packet is considered valid; otherwise, the received packet is considered an invalid one.
· MD5 authentication—You can adopt MD5 authentication in a network facing severe security problems. The router encrypts a VRRP packet to be sent using the authentication key and MD5 algorithm and saves the encrypted packet in the authentication header. The router receiving the packet uses the authentication key to decrypt the packet and checks whether the validity of the packet.
VRRP has two versions: VRRPv2 and VRRPv3. Only VRRPv2 supports authentication configuration. VRRPv3 does not support authentication configuration.
VRRP in Comware
VRRP load balancing mode
In a standard-mode VRRP group, only the master can forward packets and backups are in listening state. You can create multiple VRRP groups to share traffic, but you must configure different gateways for hosts on the subnet.
In load balancing mode, a VRRP group maps its virtual IP address to multiple virtual MAC addresses, assigning one virtual MAC address to each member router. Every router in this VRRP group can forward traffic and respond to IPv4 ARP requests or IPv6 ND requests from hosts. Because their virtual MAC addresses are different, traffic from hosts is distributed across the VRRP group members. Load balancing mode simplifies configuration and improves forwarding efficiency.
VRRP load balancing mode uses the same master election, preemption, and tracking mechanisms as the standard mode. New mechanisms have been introduced to VRRP load balancing mode.
Virtual MAC address assignment
In load balancing mode, the master assigns virtual MAC addresses to routers in the VRRP group. The master uses different MAC addresses to respond to ARP requests or ND requests from different hosts. The backup routers, however, do not answer ARP requests or ND requests from hosts.
In an IPv4 network, a load balanced VRRP group works as follows:
1. The master assigns virtual MAC addresses to all member routers, including itself. This example assumes that the virtual IP address of the VRRP group is 10.1.1.1/24, Router A is the master, and Router B is the backup. Router A assigns 000f-e2ff-0011 for itself and 000f-e2ff-0012 for Router B. See Figure 3.
Figure 3 Virtual MAC address assignment
2. When an ARP request arrives, the master (Router A) selects a virtual MAC address based on the load balancing algorithm to answer the ARP request. In this example, Router A returns the virtual MAC address of itself in response to the ARP request from Host A. Router A returns the virtual MAC address of Router B in response to the ARP request from Host B. See Figure 4.
Figure 4 Answering ARP requests
3. Each host sends packets to the returned MAC address. As shown in Figure 5, Host A sends packets to Router A and Host B sends packets to Router B.
Figure 5 Sending packets to different routers for forwarding
In the ARP reply sent by the master, the source MAC address in the Ethernet header is different from the sender MAC address in the message body. If a Layer 2 device is deployed between the master/backup router and the hosts, follow these configuration guidelines on the Layer 2 device:
· Do not enable ARP packet source MAC address consistency check.
· Do not check the MAC addresses when you enable ARP packet validity check for ARP detection.
Virtual forwarder
Virtual forwarder creation
Virtual MAC addresses enable traffic distribution across routers in a VRRP group. To enable routers in the VRRP group to forward packets, VFs must be created on them. Each VF is associated with a virtual MAC address in the VRRP group and forwards packets that are sent to this virtual MAC address.
VFs are created on routers in a VRRP group, as follows:
1. The master assigns virtual MAC addresses to all routers in the VRRP group. Each member router creates a VF for this MAC address and becomes the owner of this VF.
2. Each VF owner advertises its VF information to the other member routers.
3. After receiving the VF advertisement, each of the other routers creates the advertised VF.
Eventually, every member router maintains one VF for each virtual MAC address in the VRRP group.
VF weight and priority
The weight of a VF indicates the forwarding capability of a VF. A higher weight means higher forwarding capability. When the weight is lower than the lower limit of failure, the VF cannot forward packets.
The priority of a VF determines the VF state. Among the VFs created on different member routers for the same virtual MAC address, the VF with the highest priority is in active state. This VF, known as the active virtual forwarder (AVF), forwards packets. All other VFs listen to the state of the AVF and are known as the listening virtual forwarders (LVFs). VF priority is in the range of 0 to 255, where 255 is reserved for the VF owner. When the weight of a VF owner is higher than or equal to the lower limit of failure, the priority of the VF owner is 255.
The priority of a VF is calculated based on its weight.
· If the VF weight is higher than or equal to the lower limit of failure, the following VF priorities apply:
¡ On a VF owner, the VF priority is 255.
¡ On a non-VF owner, the VF priority is calculated as weight/(number of local AVFs + 1).
· If the VF weight is lower than the lower limit of failure, the VF priority is 0.
VF backup
Figure 6 shows the VF table on each router in the VRRP group and how the VFs back up one another. The master, Router A, assigns virtual MAC addresses 000f-e2ff-0011, 000f-e2ff-0012, and 000f-e2ff-0013 to itself, Router B, and Router C, respectively. Each router creates VF 1, VF 2, and VF 3 for virtual MAC addresses 000f-e2ff-0011, 000f-e2ff-0012, and 000f-e2ff-0013, respectively. The VFs for the same virtual MAC address on different routers back up one another. For example, the VF 1 instances on Router A, Router B, and Router C back up one another.
· The VF 1 instances on Router B and Router C have a priority of 255/(1 + 1), or 127. Because their priorities are lower than the priority of the VF 1 instance on Router A, they act as LVFs. These LVFs listen to the state of the VF 1 instance on Router A.
· When the VF 1 instance on Router A fails, the VF 1 instances on Router B and Router C elect the one with higher priority as the new AVF. This AVF forwards packets destined for virtual MAC address 000f-e2ff-0011. If the two LVFs' priorities are the same, the LVF with a greater device MAC address becomes the new AVF.
A VF always operates in preemptive mode. When an LVF finds its priority value higher than the one advertised by the AVF, the LVF declares itself as the AVF.
VF timers
When the AVF on a router fails, the new AVF on another router creates the following timers for the failed AVF:
· Redirect timer—Before this timer expires, the master still uses the virtual MAC address corresponding to the failed AVF to respond to ARP/ND requests from hosts. The VF owner can share traffic load if the VF owner resumes normal operation within this time. When this timer expires, the master stops using the virtual MAC address corresponding to the failed AVF to respond to ARP/ND requests from hosts.
· Timeout timer—The duration after which the new AVF takes over responsibilities of the failed VF owner. Before this timer expires, all routers in the VRRP group keep the VFs that correspond to the failed AVF. The new AVF forwards packets destined for the virtual MAC address of the failed AVF. When this timer expires, all routers in the VRRP group remove the VFs that correspond to the failed AVF, including the new AVF. Packets destined for the virtual MAC address of the failed AVF are not forwarded any longer.
VF tracking
An AVF forwards packets destined for the MAC address of the AVF. If the AVF's upstream link fails but no LVF takes over, the hosts that use the AVF's MAC address as their gateway MAC address cannot access the external network.
The VF tracking function can solve this problem. You can use NQA or BFD to monitor the upstream link state of the VF owner, and associate the VFs with NQA or BFD through the tracking function. This enables the collaboration between VRRP and NQA or BFD through the Track module. When the upstream link fails, the state of the track entry changes to Negative. The weights of the VFs (including the AVF) on the router decrease by a specific value. The corresponding LVF with a higher priority on another router becomes the AVF and forwards packets.
Packets in VRRP load balancing mode
In VRRP standard mode, only VRRP advertisement packets are used. Only the master router periodically sends VRRP advertisement packets. Backup routers do not send VRRP advertisement packets.
For correct operation of the VRRP load balancing feature, the following types of packets are defined for VRRP load balancing mode:
· Advertisement packets—Advertise the state of the VRRP group on the router and the information of the VFs in active state on the router. Both master and backup routers periodically send advertisement packets.
· Request packets—If a router in the backup state is not a VF owner, it sends a request packet to request the master router to assign it a virtual MAC address.
· Reply packets—Upon receiving a request packet, the master router assigns a virtual MAC address to the backup router through a reply packet. Upon receiving the reply packet, the backup router creates a VF corresponding to the virtual MAC address, and the router becomes the owner of this VF.
· Release packet—When the VF owner has been invalid for a certain period of time, the router taking over its role sends a release packet to notify other routers in the VRRP group to delete the VF corresponding to the VF owner.
Application limitations
The master router uses different virtual MAC addresses to respond to ARP (in IPv4 networks) or ND (in IPv6 networks) requests from hosts. Therefore, in the ARP/ND reply sent by the master, the source MAC address in the Ethernet header is different from the sender MAC address in the message body. If a Layer 2 device is deployed between the master/backup router and the hosts, follow these configuration guidelines on the Layer 2 device:
· Do not enable ARP packet source MAC address consistency check.
· Do not check the MAC addresses when you enable ARP packet validity check for ARP detection.
Monitoring the uplinks
VRRP needs other technologies to perfect its functions. For example, if the link on the master to a network is down, the hosts cannot access the network through the master. This problem can be solved by the master’s monitoring of the uplink of a specified interface. If the master detects that the uplink fails, it reduces its priority (making the master priority lower than that of a backup), and sends a VRRP advertisement. Upon receiving the VRRP advertisement, the backup with the highest priority becomes the new master in the skew time, so that the hosts can communicate with the external networks.
VRRP can monitor the state of the uplink interface. If a router interface connected to an uplink is down, the priority of the master can be reduced by a specified value, and the value can be reduced to 1.
VRRP can monitor the state of the remote hosts or the network connected to the uplinks with the NQA technology. For example, you can enable the NQA ICMP-echo function on the master to detect the reachability of the remote hosts; if ICMP-echo probe fails, NQA will notify the master of the probe results, so as to reduce its priority in a virtual router.
VRRP can also monitor the state of the remote hosts or the network connected to the uplinks with the BFD technology. With millisecond-level detection time, BFD can quickly detect the connectivity of links in networks, so as to implement quick preemption in a virtual router. For example, BFD can be used on the master to monitor the physical state of an uplink device. When the uplink device is faulty, BFD can quickly detect that, and the priority of the master will be reduced to make a backup preempt as the master in the skew time
Backup's monitoring of the master state
Typically, a backup in a VRRP group waits for Master_Down_Interval to become the master after the master becomes faulty. During this time, the hosts in the LAN cannot communicate as no master can forward packets for them. To solve the problem, VRRP allows a backup to monitor the master state, ensuring uninterrupted network communication.
The BFD technology is adopted for a backup to monitor the master state. With this function enabled on a backup, the backup can automatically become the new master as soon as the master fails, with the Skew Time being reduced to milliseconds.
Master IPv4 VRRP group
About this feature
Each VRRP group determines the device role (master or backup) by exchanging VRRP packets among member devices, which might consume excessive bandwidth and CPU resources. To reduce the number of VRRP packets in the network, you can configure a subordinate VRRP group to follow a master VRRP group.
A master VRRP group determines the device role through exchanging VRRP packets among member devices. A VRRP group that follows a master group, called a subordinate VRRP group, does not exchange VRRP packets among its member devices. The state of the subordinate VRRP group follows the state of the master group.
Restrictions and guidelines
· To ensure the master router election, configure the settings such as the router priority, preemptive mode, and tracking function for the master IPv4 VRRP group. The settings are not required for subordinate IPv4 VRRP groups.
· You can configure a subordinate VRRP group to follow a master VRRP group in both VRRP standard and load balancing modes. The configuration takes effect only in VRRP standard mode.
· An IPv4 VRRP group cannot be both a master group and a subordinate group.
· An IPv4 VRRP group stays in Inactive state if it is configured to follow a nonexistent master group.
· If an IPv4 VRRP group in Inactive or Initialize state follows a master group that is not in Inactive state, the state of the VRRP group does not change.
· A subordinate IPv4 VRRP group does not exchange VRRP packets, which might cause the MAC address entry for its virtual MAC address not to be updated on downstream devices. As a best practice, enable periodic sending of gratuitous ARP packets for IPv4 VRRP by using the vrrp send-gratuitous-arp command.
Application scenarios
Master/Backup mode
In master/backup mode, only one router, the master, provides services. When the master fails, a new master is elected from the original backups to take the responsibility of the master, as shown in Figure 7.
Figure 7 VRRP in master/backup mode
At the beginning, Device A is the master and therefore can forward packets to the external networks, while Device B and Device C are backups and are thus in the state of listening. If Device A fails, Device B and Device C will elect a new master according to their priorities. The new master takes over the forwarding task to provide services to the hosts on the LAN.
Load balancing with multiple VRRP groups
You can create more than one virtual router on an interface of a router, allowing the router to be the master of one virtual router but a backup of another at the same time.
In load balancing mode, multiple routers provide services at the same time. This mode requires two or more virtual routers, each of which includes a master and one or more backups. The masters of the virtual routers can be different routers, as shown in Figure 8.
Figure 8 VRRP in load balancing mode
In Figure 8, three virtual routers are present:
· Virtual router 1—Device A is the master; Device B and Device C are the backups.
· Virtual router 2—Device B is the master; Device A and Device C are the backups.
· Virtual router 3—Device C is the master; Device A and Device B are the backups.
For load balancing among Device A, Device B, and Device C, hosts on the LAN need to be configured to use virtual router 1, 2, and 3 as the default gateways respectively. When configuring VRRP priorities, make sure that each router holds such a priority in each virtual router that it will take the expected role in the virtual router.
Load balancing mode
VRRP load balancing mode requires configuring only one VRRP group. The VRRP group elects a master, which is responsible for assigning virtual MAC addresses to VFs and responding to ARP (in IPv4 networks) or ND (in IPv6 networks) requests from hosts by using different virtual MAC addresses. This ensures that every router within the VRRP group can take on forwarding tasks.
Figure 9 VRRP load balancing mode
In Figure 9, Device A responds to ARP/ND requests from hosts by using the virtual MAC addresses of AVF 1, AVF 2, and AVF 3, and distributes host traffic among Device A, Device B, and Device C to achieve load balancing. Each router creates its own forwarder and creates an LVF to monitor the forwarders on other routers. If any router fails, the forwarders in the listening state on the remaining routers will elect a forwarder based on weight to take over the packet forwarding tasks. When the master fails, in addition to taking over the forwarding tasks of the associated forwarder, the other routers will also elect a new master router to respond to ARP/ND requests from hosts, and assign virtual MAC addresses to newly added routers.
Master's monitoring of uplinks through BFD/NQA
VRRP monitors the uplinks through BFD or NQA to make the master quickly find network faults and reduce its priority, thus ensuring a backup whose uplink is working normally to assume the responsibility of a master.
Figure 10 Master monitors the uplinks
As shown in Figure 10, Device A works as the master to forward packets by default. Device B works as the backup and is in the listening state. Device A uses BFD to monitor the state of the uplink to the Internet. If the uplink of Device A fails, Device A can detect the network change in milliseconds. Then it reduces its priority by a specified value, and sends a VRRP advertisement to Device B. If the priority of Device B is higher than that contained in the VRRP advertisement, Device B will become the master in skew time, and then the new master will forward packets for the hosts in the network.
Backup's monitoring of master state through BFD
To ensure transmission stability on a network, you can use BFD on a backup to monitor the master state, ensuring that the backup can become the master immediately when the master fails.
Figure 11 Backup monitors the master state
As shown in Figure 11, Device A works as the master at first to forward packets. Device B works as the backup and is in the listening state. Device B uses BFD to monitor the reachability of the IP address 10.1.1.1 on Device A. If Device A fails, Device B can detect the change of Device A through BFD and becomes the new master, and then forwards packets for the hosts in the network.
References
· RFC 3768: Virtual Router Redundancy Protocol (VRRP)
