Virtual Router Redundancy Protocol (VRRP)

The Virtual Router Redundancy Protocol, or VRRP, is inextricably linked with the implementation of content switching, not because it is used by user applications, but because it provides a mechanism to eliminate single points of failure within content switching topologies. VRRP provides a mechanism to group two or more IP addresses, typically representing a routed interface, and make them appear to all surrounding devices as a single logical IP address.

Many of the topologies described later in this book will show how multiple content switches, and other routers, can be deployed to ensure a resilient and fault-tolerant implementation. For this reason, we need to examine the concepts and theory of VRRP in some more detail.

Figure 2-12 The UDP-based DNS response.

 Internet Protocol Headers     Version: 4     Time to live: 249     Protocol: UDP (0x11)     Header checksum: 0xc8de (correct)     Source: 20.20.20.20     Destination: 10.10.10.10 Transmission Control Protocol Headers  Source port: domain (53)   Destination port: 1763 (1763)   Length: 276   Checksum: 0x04bc (correct)  Domain Name System (response)     Answers         www.foo.com: type A, class inet, addr 1.2.3.4             Name: www.foo.com             Type: Host address             Class: inet             Time to live: 10 minutes             Data length: 4             Addr: 1.2.3.4 

Layer 2 and 3 Redundancy

Let's consider a network as shown in Figure 2-13. To eliminate a single point of failure for clients on the network accessing the Internet, the network administrator might consider deploying two Internet facing routers, R1 and R2. The client PC on the network will have been configured with a default route; for example, 10.10.10.2 pointing to router R1.

This "hard-coding" of the default gateway IP address into the client's TCP/IP settings presents the network administrator with two challenges when considering resilience:

• Router R1 might fail, leaving the client with a default gateway of an unreachable IP address.

• The client PC will resolve the IP address of the default gateway to the Ethernet address of router R1. This means that even if we replace the hardware of router R1, the client will still not have access to the Internet until its ARP cache has timed out or has been cleared.

It is for these reasons that we need VRRP to provide resilience at both Layer 2, by providing a virtual MAC address, and at Layer 3, by providing a virtual IP address. This virtualization of addresses amongst two or more physical units means that the client or client router will always have a default gateway both in terms of MAC address and IP address.

The Components of VRRP

RFC 2338 defines the following component parts in a network running VRRP:

• VRRP router: A router running VRRP. It can participate in one or more virtual routers.

• Virtual router: An abstract object managed by VRRP that acts as a default router for hosts on a shared LAN. It consists of a virtual router identifier (VRID) and a set of associated IP address(es) across a common LAN. A VRRP router can back up one or more virtual routers.

• IP address owner: The VRRP router that has the virtual router's IP address(es) as real interface address(es). This is the router that, when up, will respond to packets addressed to one of these IP addresses for ICMP pings , TCP connections, and so forth. Other routers that do not have an IP interface equal to the virtual IP address are commonly referred to as an IP address renter .

• Primary IP address: An IP address selected from the set of real interface addresses. One possible selection algorithm is to always select the first address. VRRP advertisements are always sent using the primary IP address as the source of the IP packet.

• Virtual router master: The VRRP router that is assuming the responsibility of forwarding packets sent to the IP address(es) associated with the virtual router, and answering ARP requests for these IP addresses. Note that if the IP address owner is available, it will always become the master.

• Virtual router backup : The set of VRRP routers available to assume forwarding responsibility for a virtual router should the current master fail.

• VRID: Configured item in the range 1255 (decimal). There is no default.

• Priority: Priority value to be used by this VRRP router in master election for this virtual router. The value of 255 (decimal) is reserved for the router that owns the IP addresses associated with the virtual router. The value of 0 (zero) is reserved for the master router to indicate that it is releasing responsibility for the virtual router. The range 1254 (decimal) is available for VRRP routers backing up the virtual router. The default value is 100 (decimal).

VRRP Addressing

Let's take our previous example and expand it now to include VRRP on the two routers, R1 and R2. Assuming that router R1 is configured with the IP address that matches the proposed VRRP address, it will become the VRRP master and VRRP owner . Router R2 will become the VRRP backup .

The IP address of router 1, 10.10.10.1, is also configured to be the VRRP router address, and this will be used by all clients on the network as a default route to the Internet. If router R1 was to fail, router R2 would take over while preserving the IP address to the clients. To manufacture a resilient Layer 2 MAC address, the following standard is used:

 00:00:5E:00:01:[VRID] 

where the virtual router ID is used to make the last byte of the MAC address. In our example, let's assume that a VRID of 10 has been used, giving us the VRRP MAC address of 00:00:5E:00:01:0A. Figure 2-14 shows our implementation with the new VRRP addressing.

VRRP Operation

Now that we have all of the component parts in place, let's look at how the routers operate together to provide a resilient pair. VRRP uses advertisement messages between all participating routers to indicate the health and availability of the current virtual router master. These messages are exchanged using a common multicast destination address of 224.0.0.18, and it is to this address that the current master router will continually advertise to indicate that it is still operational on the network.

In our example topology, during normal operation, router R1 will continually advertise the virtual router ID, the virtual router address, and its priority inside the multicast frame. The source IP address on these advertisements will be the interface on router R1 along with a source MAC address of the virtual MAC address we calculated earlier. The use of this virtual MAC address in these advertisements allows any Layer 2 infrastructure surrounding the VRRP routerstypically Layer 2 switchesto source learn where the common MAC address is currently located.

Now for the interesting part, a router failure. Let's imagine that router R1 experiences a power failure and effectively disappears from the network. In this instance, the following series of events would occur:

1. The master router, R1, would cease sending multicast packets advertising the virtual router.

2. After several missed packets, the standby router, R2, will acknowledge this occurrence by commencing with its own multicast advertisements. When it does, it will use a source MAC address of the VRRP virtual MAC address, thus informing the attached Layer 2 switch that the MAC address has moved ports.

3. Since the virtual IP address and associated virtual MAC address have now survived the failure of router R1, the client will notice only minimal disruption during the re-election. This period is dependent on the configurable parameters associated with the advertisement intervals, but should typically be no more than 2 to 3 seconds.

VRRP, or variations on it, is commonly implemented in many content switching platforms, and as such it forms an important part of any implementation. More information about VRRP can be found in RFC 2338.