Networking in Pictures: What is Virtual Router Redundancy Protocol (VRRP)?

VRRP is a commonly used fault-tolerant protocol that can improve network reliability. Today, Rui Ge will introduce the VRRP protocol to you in detail.

Let’s get straight to the point!

What is VRRP?

• English full name: Virtual Router Redundancy Protocol
• Chinese name: Virtual Router Redundancy Protocol
• Protocol: IETF – RFC 3768
• Multicast address: 224.0.0.18
• Network layer protocol
• Protocol number: 112

VRRP Terminology

• VRRP router: A router running VRRP that may belong to one or more virtual routers.
• Virtual IP address: The IP address is assigned as a virtual IP address from the local subnet.
• Virtual MAC address: Use the last 8 bytes of the hexadecimal format as the VRRP group number to automatically generate a virtual MAC address.
• Master router: The master router is selected based on priority. If a VRRP group member has a higher priority than other group members, it will be selected as the master router.
• Backup router: Only one of the VRRP group members becomes the master router, and the other members become backup routers. If the master router fails, one of the backup routers will become the master router.

How VRRP works

VRRP uses virtual routers to control which physical routers are assigned to the access network. A VRRP group consists of a master router and one or more backup routers that share a virtual IP address. If the master router fails, VRRP automatically assigns one of the backup routers without affecting network traffic. When the failed router is operational again, it becomes the master router again. VRRP provides this redundancy without requiring user intervention or additional configuration of any device on the network.

The VRRP master router sends VRRP advertisement messages to the backup routers. When the VRRP master router fails to send the advertisement message, the backup router with the highest priority takes over as the master router.

VRRP normal working scenario

As shown in the figure below, there are two virtual devices, the upper one is the main router, and the lower one is the backup router. Under normal circumstances, traffic flows through the main router:

VRRP normal working traffic flow

When the main router fails and shuts down:

VRRP master/slave switch working scenario

At this time, the original backup router quickly becomes the main router, and the traffic is also switched to the backup router. This is the power of VRRP!

VRRP three states

VRRP has the following three states:

Initialize Initial state

• The Initialize state means that VRRP is unavailable. A device in the Initialize state cannot process VRRP announcement messages.
• When the VRRP process starts or the device is in the active/standby state and detects a fault, it enters the initialization state.

Master Activity Status

• The router obtains the virtual address.
• Responsible for traffic forwarding.

Backup Status

• The router is starting up or preparing to acquire a virtual address in case the primary device fails.
• No traffic forwarding will be performed.

VRRP election mechanism

As shown in the picture, no matter how difficult the technology is, it will be very clear as long as you draw it!

The main thing is to pay attention to selecting the main router based on priority: the router with higher priority is selected as the main router.

If two routers have the same priority, the interface IP addresses are compared and the router with the larger interface IP address is selected as the primary router.

Other routers act as backup routers and monitor the status of the Master router at any time.

If the backup router in the group does not receive a message from the Master router within the Master_Down_Interval time, it will switch to the master router. In a VRRP group with multiple backup routers, multiple Master routers may be generated in a short period of time. The priority in the received VRRP message is then compared with the local priority, and the router with the highest priority is selected as the Master router.

Case

Virtual Router Network Environment Example - Master Router Election

As shown in the figure, routers R1, R2, and R3 form a virtual router VRRP. The virtual IP address of VRRP is 192.168.1.1. Since the priority of R1 is 100, which is higher than 80 of R2 and 60 of R3, R1 is the Master router, with an IP address of 192.168.1.11. R2 and R3 are backup routers, with IP addresses of 192.168.1.12 and 192.168.1.13 respectively.

The default gateway of hosts PC1, PC2, and PC3 in the LAN is set to the VRRP virtual IP address 192.168.1.1. Under normal circumstances, R1 acts as the main router and is responsible for forwarding messages in the LAN to the external network. When router A is shut down or fails, router B or router C (based on priority) will become the main router as the backup router and forward messages from the LAN to the external network, thereby maintaining communication between the LAN and the external network and improving network reliability.

Now there are several situations:

R1 fails, R2 and R3 have different priorities

R1 fails, R2 and R3 have different priorities

As shown in the figure, due to the failure of R1, its link has been grayed out. At this time, since the priority of R2 is 80, which is higher than R3's 60, R2 is the primary router and R3 is still the backup router.

R1 fails, R2 and R3 have the same priority

R1 fails, R2 and R3 have the same priority

As shown in the figure, the priority of R2 and R3 is 80. At this time, the size of the IP address is compared. Since R3's IP address 192.168.1.13 is higher than R2's IP address 192.168.1.12, R3 is the primary router and R2 is the backup router.

Notice:

VRRP rejects packets in any of the following situations:

• The authentication schemes for routers and incoming packets are different.
• The MD5 digests of the router and the incoming packet are different.
• The authentication characters are different on the router and on the incoming packet.

Other points about VRRP

VRRP Preemption

VRRP preemption is enabled by default, which enables a higher priority virtual router backup to take over from the virtual router backup that was elected as the virtual router master. If preemption is disabled, the virtual router backup that was elected as the virtual router master remains the master until the original virtual router master recovers and becomes the master again.

VRRP Versions

VRRP has two versions: version 2 and version 3.

Version 2 is widely used.

• VRRPv2: Support for IPv4
• VRRPv3: Supports IPv4 and IPv6

VRRP packet capture - version information

VRRP Authentication

VRRP provides many authentication methods to protect the infrastructure running VRRP from malicious attacks. Generally, there are two types of authentication methods:

VRRP Authentication

Authentication is not enabled by default.

VRRP authentication packet capture

As shown in the packet capture, authentication is not enabled.

Advantages of VRRP

VRRP provides failover/redundancy at the network gateway.

There is no single point of failure because the standby device is configured to take over if the primary device fails.

Failover occurs quickly (usually within seconds).

VRRP is used in an active-passive (primary-backup) configuration and can also be configured in an active-active configuration with load balancing.

VRRP is an IETF open standard protocol, therefore, multiple vendors/types of devices can be part of a VRRP group.

The master gateway device can have multiple backup devices.

Summarize

VRRP is an open standard IEEE protocol that enables a group of routers to form a single virtual router. Using VRRP, several routers are grouped together to appear as a single default gateway for the network, providing redundancy in the network and eliminating the single point of failure inherent in a static default routing environment.

VRRP is a network layer protocol with protocol number 112. The number of routers in the group acts as a virtual logical router, acting as the default gateway for all local hosts. If any router fails, other group members can assume the responsibility of forwarding traffic.

This article mainly introduces:

• What is VRRP?
• VRRP Terminology
• How VRRP works
• VRRP has three states: Initialize (initial state), Master (active state), Backup (backup state).
• VRRP election mechanism example
• VRRP Other points VRRP preemption VRRP version VRRP certification
• VRRP Advantages