Overview of VRRP and its simulation experiment
1. VRRP related
1.1 Introduction to VRRP
VRRP: Virtual Router Redundancy Protocol (VRRP) is a routing protocol proposed by the IETF to solve the single point of failure when configuring static gateways in a local area network. Its design goal is to support the failover of IP data traffic under certain circumstances without causing confusion, allowing hosts to use a single router, and maintaining connectivity between routers even when the actual first-hop router fails.
1.2 Working principle
VRRP is a fault-tolerant protocol. It guarantees that when the host's next-hop route fails to work, it can be replaced by another route in time to ensure the continuity and reliability of communication.
(1) This protocol virtualizes two routers that are also connected to the PC to create an IP and MAC address together, and the two routers are the master and backup routes for each other.
(2) The virtual IP and MAC addresses are the addresses jointly displayed by the two routers. No matter which route the PC sends data to, it will use this IP and MAC address by default (that is, send to this virtual route). ), the two real routers are divided into main and standby, and they are processed by default to the main route (but they are still sent to the virtual address).
(3) The main route handles the routing function. Until the main route fails and the next hop fails, a message will be sent through the heart line to let the backup route take over the actual routing task. During this period, the routing addresses that the outside world thinks are all virtual addresses.
As shown in the figure: AR1 and AR2 are real, AR3 does not exist, it is a virtual route based on the VRRP protocol. The PC sends data to the virtual AR3.
It can be understood as the relationship between the evil contractor and the workers. The contractor accepts the tasks from the PC client to assign. Two of his workers have signed a work agreement. One has a good relationship and a poor relationship, but the work effect is the same (relative to The master and backup of specific work), when he receives a one-person job task, he gives priority to assigning tasks to the good relationship. When the good relationship cannot work, he can only hand over the work to the poor relationship in order to complete the task. , When the relationship is good and can work again, he will do the job to make the relationship good. Among them, for the customer, he is accustomed to handing over the task to the contractor by default, and he does not know the specific work below (virtual AR3). The real person who does the work is the actual AR1 and AR2.
2. VRRP terminology:
2.1 VRRP routing
VRRP router
For routers running VRRP, a VRRP router (the interface) can participate in multiple VRRP groups at the same time. In different groups, a VRRP router can play different roles.
VRRP group
A VRP group consists of multiple VRRP routers, which are identified by the group ID. VRRP routers belonging to the same VRRP group exchange information with each other. Each VRRP group can only have one Master.
Virtual router
For each VRRP group, a logical router is abstracted out. The router acts as a gateway for network users. The router does not really exist. In fact, for users, they only need to know the IP of the virtual router. As for the role of the specific virtual router Who will undertake the task, who will undertake the task of data forwarding, and who will take over after the Master hangs up? This is the job of VRRP.
2.2 Master and Backup routers
2.2.1 Master router
It is the router that actually forwards the data packet in the VRRP group. In each VRRP group, only the Master responds to the ARP request for the virtual IP address. The Master router sends VRRP messages at a certain time interval at the same time to inform the Backup router of its survival.
2.2.2 Backup router
It is the router in the listening state in the VRRP group. Once the Master router fails, the Backup router will start to take over.
Election basis: first compare the interface priority (larger ratio), if equal, then compare the interface IP address (larger ratio)
2.3 Virtual IP address, MAC address
2.3.1 Virtual IP address
Used to indicate the virtual router, the address is actually the user's gateway address.
The MAC corresponding to the virtual IP address is also virtual. The MAC address consists of a fixed bit plus the VRRP group ID. When the PC sends an arp request for the MAC address corresponding to the virtual IP address, the Master router responds to the arp request and informs the virtual MAC address.
2.3.2 Virtual MAC address
The virtual router formed by VRRP uses virtual IP address and virtual MAC to communicate with PCs in the network. The format of the virtual MAC is as follows, the last 1 byte of VRID represents the hexadecimal of the VRRP ID number, for example, VRID is 1, and the virtual MAC address is 00-00-5E-00-01-01.
2.4 Master/Backup Router
Master Router
Respond to the ARP request from the PC to the gateway (virtual router IP address) (use virtual MAC response).
Forward IP packets with the virtual MAC address as the destination MAC address.
Periodically send VRRP multicast packets to inform your own survival status.
Backup Router
Continuously listen to VRRP multicast packets sent by Master router;
When there is a problem with the Master Router, take its place;
No response to the ARP request of the virtual IP address;
Discard IP packets whose destination MAC address is a virtual MAC address;
IP packets whose destination IP addresses are virtual IP addresses are discarded.
3. VRRP protocol status
There are three VRRP protocol states, namely Initialize, Master, Backup. The initial state is Initialize. Master and Backup are generated by comparing priorities. If Backup does not receive a heartbeat message from Master within a specified time, it will switch. To the Master state, that is, disaster recovery processing.
4. VRRP packets
Version:2
Type:1 ADVERTISEMENT
Virtual Rtr ID (VRID): configured VRRP backup group number, 1~255
Priority: Priority, 0~255 (where 0, 255 cannot be configured)
255: If the configured virtual address is the same as the actual IP address of the interface, the priority is 255
Advertisement Interval (Adver Int ): The time interval for sending packets, the default is 1 second
Checksum: checksum
IP Address( es ): List of configured virtual addresses of the backup group (a backup group can support multiple addresses)
Authentication Data: Authentication word.
ecksum: checksum
IP Address( es ): List of configured virtual addresses of the backup group (a backup group can support multiple addresses)
Authentication Data: Authentication word.
Equipment refers to routers or Layer 3 switches
5. Simulation experiment
As shown in the figure:
PC1 and PC2 send data in two VLANs at the same time, and two three-layer switches use VRRP for each other as the master and backup experiment.
We first configure each interface on R1 and the loopback network port
Configure each interface and virtual interface on the Layer 3 switch
Configure the active and standby
tracert PC1 on PC2 to try to
deploy the point of failure to see if it will take the backup route. The
failover is successful, and the active and standby experiment is successful.
