The Virtual Router Redundancy Protocol, or VRRP, is inextricably linked with the implementation of content switching, not because it is used by user applications, but because it provides a mechanism to eliminate single points of failure within content switching topologies. VRRP provides a mechanism to group two or more IP addresses, typically representing a routed interface, and make them appear to all surrounding devices as a single logical IP address. Many of the topologies described later in this book will show how multiple content switches, and other routers, can be deployed to ensure a resilient and fault-tolerant implementation. For this reason, we need to examine the concepts and theory of VRRP in some more detail. Figure 2-12 The UDP-based DNS response.Internet Protocol Headers Version: 4 Time to live: 249 Protocol: UDP (0x11) Header checksum: 0xc8de (correct) Source: 20.20.20.20 Destination: 10.10.10.10 Transmission Control Protocol Headers Source port: domain (53) Destination port: 1763 (1763) Length: 276 Checksum: 0x04bc (correct) Domain Name System (response) Answers www.foo.com: type A, class inet, addr 1.2.3.4 Name: www.foo.com Type: Host address Class: inet Time to live: 10 minutes Data length: 4 Addr: 1.2.3.4 Layer 2 and 3 RedundancyLet's consider a network as shown in Figure 2-13. To eliminate a single point of failure for clients on the network accessing the Internet, the network administrator might consider deploying two Internet facing routers, R1 and R2. The client PC on the network will have been configured with a default route; for example, 10.10.10.2 pointing to router R1. Figure 2-13. Example network without VRRP.
This "hard-coding" of the default gateway IP address into the client's TCP/IP settings presents the network administrator with two challenges when considering resilience:
It is for these reasons that we need VRRP to provide resilience at both Layer 2, by providing a virtual MAC address, and at Layer 3, by providing a virtual IP address. This virtualization of addresses amongst two or more physical units means that the client or client router will always have a default gateway both in terms of MAC address and IP address. The Components of VRRPRFC 2338 defines the following component parts in a network running VRRP:
VRRP AddressingLet's take our previous example and expand it now to include VRRP on the two routers, R1 and R2. Assuming that router R1 is configured with the IP address that matches the proposed VRRP address, it will become the VRRP master and VRRP owner . Router R2 will become the VRRP backup . The IP address of router 1, 10.10.10.1, is also configured to be the VRRP router address, and this will be used by all clients on the network as a default route to the Internet. If router R1 was to fail, router R2 would take over while preserving the IP address to the clients. To manufacture a resilient Layer 2 MAC address, the following standard is used: 00:00:5E:00:01:[VRID] where the virtual router ID is used to make the last byte of the MAC address. In our example, let's assume that a VRID of 10 has been used, giving us the VRRP MAC address of 00:00:5E:00:01:0A. Figure 2-14 shows our implementation with the new VRRP addressing. Figure 2-14. VRRP addressing example topology.
VRRP OperationNow that we have all of the component parts in place, let's look at how the routers operate together to provide a resilient pair. VRRP uses advertisement messages between all participating routers to indicate the health and availability of the current virtual router master. These messages are exchanged using a common multicast destination address of 224.0.0.18, and it is to this address that the current master router will continually advertise to indicate that it is still operational on the network. In our example topology, during normal operation, router R1 will continually advertise the virtual router ID, the virtual router address, and its priority inside the multicast frame. The source IP address on these advertisements will be the interface on router R1 along with a source MAC address of the virtual MAC address we calculated earlier. The use of this virtual MAC address in these advertisements allows any Layer 2 infrastructure surrounding the VRRP routerstypically Layer 2 switchesto source learn where the common MAC address is currently located. Now for the interesting part, a router failure. Let's imagine that router R1 experiences a power failure and effectively disappears from the network. In this instance, the following series of events would occur:
VRRP, or variations on it, is commonly implemented in many content switching platforms, and as such it forms an important part of any implementation. More information about VRRP can be found in RFC 2338. |