The Virtual Router Redundancy Protocol provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.
VRRP is an election protocol that dynamically assigns responsibility for one or more virtual routers(which are an abstract representation of multiple routers, i.e. master and backup routers, acting as a group) to the VRRP routers on a LAN, allowing several routers on a multi-access link to utilize the same virtual IP address.
The default gateway of a participating host is assigned to the virtual router instead of a physical router. If the physical router that is routing packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router.
VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise IP routes beyond that subnet or affect the routing table in any way. VRRP can be used in Ethernet, MPLS and token ring networks with Internet Protocol Version 4 (IPv4), as well as IPv6.
VRRP is Layer-4 Protocol :
Routing protocols such as OSPF, proprietary ones such as EIGRP, redundancy protocols such as the Virtual Router Redundancy Protocol (VRRP), and a host of others such as ICMP IGMP, and IP itself can all be identified by a unique protocol number in the IP header.
VRRP Protocol Number is 112.
Importance of VRRP over Dynamic Routing Protocols :
Running a dynamic routing protocol on every end-host may be infeasible for a number of reasons, including administrative overhead, processing overhead, security issues, or lack of a protocol implementation for some platforms. Neighbor or router discovery protocols may require active participation by all hosts on a network, leading to large timer values to reduce protocol overhead in the face of large numbers of hosts. This can result in a significant delay in the detection of a lost (i.e., dead) neighbor; such a delay may introduce unacceptably long "black hole" periods.
The use of a statically configured default route is quite popular; it minimizes configuration and processing overhead on the end-host and is supported by virtually every IPv4 implementation. This mode of operation is likely to persist as dynamic host configuration protocols are deployed, which typically provide configuration for an end-host IPv4 address and default gateway. However, this creates a single point of failure. Loss of the default router results in a catastrophic event, isolating all end-hosts that are unable to detect any alternate path that may be available.
The Virtual Router Redundancy Protocol (VRRP) is designed to eliminate the single point of failure inherent in the static default routed environment. VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling the IPv4 address(es) associated with a virtual router is called the Master and forwards packets sent to these IPv4 addresses. The election process provides dynamic failover in the forwarding responsibility should the Master become unavailable. Any of the virtual router’s IPv4 router by end-hosts. The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host.
Virtual Router MAC Address and Virtual Router Identifier(VRID):
A virtual router must use 00-00-5E-00-01-XX as its Media Access Control (MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and it will reply with this MAC address when an ARP request is sent for the virtual router's IP address.
Physical routers within the virtual router must communicate within themselves using packets with multicast IP address 224.0.0.18 and IP protocol number 112.
Virtual Router Priority :
Routers have a priority of between 1-255 and the router with the highest priority will become the master. The default priority is 100, for address owner the priority is always 255.
Skew Timer :
The skew timer in VRRP is used to ensure that two backup routers do not switch to the master state at the same time in case of a fail-over situation. When there is only one master router and one backup router in the network deployment, you can disable the skew timer, thereby reducing the time required to transition to the master state.
Election process is made orderly through the use of skew time, derived from a router's priority and used to reduce the chance of the thundering herd problem occurring during election.
Skew_Time = (((256 - priority) * Master_Adver_Interval) / 256)
Preempt-mode :
In a Virtual Router Redundancy Protocol (VRRP) configuration, determine whether or not a backup router can preempt a master router:
preempt—Allow the master router to be preempted.
Note: By default, a higher-priority backup router can preempt a lower-priority master router.
no-preempt—Prohibit the preemption of the master router. When no-preempt is configured, the backup router cannot preempt the master router even if the backup router has a higher priority.
The remaining statement is explained separately.
Default
By default the preempt statement is enabled, and a higher-priority backup router preempts a lower-priority master router even if the preempt statement is not explicitly configured.
A virtual router with multiple backups
Suppose there is 3 routers R1, R2 and R3. R1 is designated as the default router for all the hosts and the master of the virtual router V1. R2, R3 are pure redundant backups ready to take over the default router role if R1 were to fail.
If router R1 fails, the router with the highest priority(1-255) will become the master.
But what if both the Backup routers R1 and R2 have the same priority ?
The protocol does not, however, prohibit the assignment of the same priority to different routers, and for that reason it specifies criterion to be used as the tiebreaker in the case of two contending backups with the same priority.
This criterion is based on the specific IP address of a router. Each VRRP router is associated with a set of IP addresses identifying its multiple (real) interfaces. Using an algorithm (the smallest one, the first one in the list, etc.) a router selects one of its IP addresses as its primary IP address. VRRP uses this primary IP address as the tiebreaker in deciding between two VRRP routers with the same priority. In such a decision, the router with the greater primary IP address wins.
VRRP is an election protocol that dynamically assigns responsibility for one or more virtual routers(which are an abstract representation of multiple routers, i.e. master and backup routers, acting as a group) to the VRRP routers on a LAN, allowing several routers on a multi-access link to utilize the same virtual IP address.
The default gateway of a participating host is assigned to the virtual router instead of a physical router. If the physical router that is routing packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router.
VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise IP routes beyond that subnet or affect the routing table in any way. VRRP can be used in Ethernet, MPLS and token ring networks with Internet Protocol Version 4 (IPv4), as well as IPv6.
VRRP is Layer-4 Protocol :
Routing protocols such as OSPF, proprietary ones such as EIGRP, redundancy protocols such as the Virtual Router Redundancy Protocol (VRRP), and a host of others such as ICMP IGMP, and IP itself can all be identified by a unique protocol number in the IP header.
VRRP Protocol Number is 112.
Importance of VRRP over Dynamic Routing Protocols :
Running a dynamic routing protocol on every end-host may be infeasible for a number of reasons, including administrative overhead, processing overhead, security issues, or lack of a protocol implementation for some platforms. Neighbor or router discovery protocols may require active participation by all hosts on a network, leading to large timer values to reduce protocol overhead in the face of large numbers of hosts. This can result in a significant delay in the detection of a lost (i.e., dead) neighbor; such a delay may introduce unacceptably long "black hole" periods.
The use of a statically configured default route is quite popular; it minimizes configuration and processing overhead on the end-host and is supported by virtually every IPv4 implementation. This mode of operation is likely to persist as dynamic host configuration protocols are deployed, which typically provide configuration for an end-host IPv4 address and default gateway. However, this creates a single point of failure. Loss of the default router results in a catastrophic event, isolating all end-hosts that are unable to detect any alternate path that may be available.
The Virtual Router Redundancy Protocol (VRRP) is designed to eliminate the single point of failure inherent in the static default routed environment. VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling the IPv4 address(es) associated with a virtual router is called the Master and forwards packets sent to these IPv4 addresses. The election process provides dynamic failover in the forwarding responsibility should the Master become unavailable. Any of the virtual router’s IPv4 router by end-hosts. The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host.
Virtual Router MAC Address and Virtual Router Identifier(VRID):
A virtual router must use 00-00-5E-00-01-XX as its Media Access Control (MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and it will reply with this MAC address when an ARP request is sent for the virtual router's IP address.
Physical routers within the virtual router must communicate within themselves using packets with multicast IP address 224.0.0.18 and IP protocol number 112.
Virtual Router Priority :
Routers have a priority of between 1-255 and the router with the highest priority will become the master. The default priority is 100, for address owner the priority is always 255.
Skew Timer :
The skew timer in VRRP is used to ensure that two backup routers do not switch to the master state at the same time in case of a fail-over situation. When there is only one master router and one backup router in the network deployment, you can disable the skew timer, thereby reducing the time required to transition to the master state.
Election process is made orderly through the use of skew time, derived from a router's priority and used to reduce the chance of the thundering herd problem occurring during election.
Skew_Time = (((256 - priority) * Master_Adver_Interval) / 256)
Maximum Advertisement Interval (Max Adver Int)
The Maximum Advertisement Interval is a 12-bit field that indicates the time interval (in centiseconds) between ADVERTISEMENTS. The default is 100 centiseconds (1 second).
The Maximum Advertisement Interval is a 12-bit field that indicates the time interval (in centiseconds) between ADVERTISEMENTS. The default is 100 centiseconds (1 second).
In a Virtual Router Redundancy Protocol (VRRP) configuration, determine whether or not a backup router can preempt a master router:
preempt—Allow the master router to be preempted.
Note: By default, a higher-priority backup router can preempt a lower-priority master router.
no-preempt—Prohibit the preemption of the master router. When no-preempt is configured, the backup router cannot preempt the master router even if the backup router has a higher priority.
The remaining statement is explained separately.
Default
By default the preempt statement is enabled, and a higher-priority backup router preempts a lower-priority master router even if the preempt statement is not explicitly configured.
A virtual router with multiple backups
Suppose there is 3 routers R1, R2 and R3. R1 is designated as the default router for all the hosts and the master of the virtual router V1. R2, R3 are pure redundant backups ready to take over the default router role if R1 were to fail.
If router R1 fails, the router with the highest priority(1-255) will become the master.
But what if both the Backup routers R1 and R2 have the same priority ?
The protocol does not, however, prohibit the assignment of the same priority to different routers, and for that reason it specifies criterion to be used as the tiebreaker in the case of two contending backups with the same priority.
This criterion is based on the specific IP address of a router. Each VRRP router is associated with a set of IP addresses identifying its multiple (real) interfaces. Using an algorithm (the smallest one, the first one in the list, etc.) a router selects one of its IP addresses as its primary IP address. VRRP uses this primary IP address as the tiebreaker in deciding between two VRRP routers with the same priority. In such a decision, the router with the greater primary IP address wins.
Nice Blog...Thanks for sharing. Please also check my some of blog
ReplyDeleteWhy is it necessary to access the Huawei router admin login?
Create a Guest Network on the TPLink AC1200 WiFi Router
USB LED Indicates Red Light Of Tplink MiFi Router
Orange Light On Belkin N450 N+ Router
PlayStation 5 Not Connecting To WiFi Of Netgear XR500 Router
Trouble Finding the Synology Router RT2600ac
Laptop Not Connecting To Dlink Gigabit WiFi Router
Can i have guide to access admin panel of 192.168.1.1,192.168.0.1,192.168.10.1 please.
ReplyDeleteNowadays, many users across the globe report that their Netgear router failed to obtain IP address.
Delete