Gateway redundancy technology commonly used in enterprise networks-VRRP protocol principle and configuration

Language 2023-12-27 18:20:30 views: null
  • User terminals in the LAN usually access the external network by configuring a default gateway. If the default gateway device fails at this time, the network access of all user terminals will be interrupted, which is likely to cause unpredictable losses to the users, so you can By deploying multiple gateways to solve the single point of failure problem, how to make multiple gateways work together without conflicting with each other has become the most urgent problem to be solved.
  • So VRRP came into being, which can not only realize gateway backup, but also solve the problem of conflicts between multiple gateways. So how does VRRP work? How to configure it in the network?

Disadvantages of a single gateway 

 

  • When the gateway router RouterA fails, hosts in this network segment that use this device as the gateway cannot communicate with the Internet .

Problems with multiple gateways

  • Gateway backup is achieved by deploying multiple gateways.
  • However, there may be some problems with multiple gateways: IP address conflicts between gateways; the host will frequently switch network exits.

VRRP basic overview

  • VRRP can virtualize multiple routers into one virtual router without changing the networking. By configuring the IP address of the virtual router as the default gateway, gateway backup can be achieved.
  • Protocol version: VRRPv2 (commonly used) and VRRPv3 :
  • VRRPv2 is only applicable to IPv4 networks, and VRRPv3 is applicable to both IPv4 and IPv6 networks.
  • VRRP protocol message:
  • There is only one kind of message: Advertisement message; its destination IP address is 224.0.0.18 , destination MAC address is 01-00-5e-00-00-12 , and protocol number is 112 .

 VRRP basic structure

 

  • Basic concepts of VRRP :
  • VRRP Router : A device running the VRRP protocol, such as RouterA and RouterB .
  • Virtual Router : Also known as VRRP backup group, it consists of a Master device and multiple Backup devices, and is used as the default gateway for hosts in a shared LAN. For example, RouterA and RouterB together form a virtual router.
  • Master router ( Virtual Router Master ): VRRP device responsible for forwarding packets , such as RouterA .
  • Backup router ( Virtual Router Backup ): A group of VRRP devices that are not responsible for forwarding tasks . When the Master device fails, they will become the new Master device through election, such as RouterB .
  • Priority : The priority of the device in the backup group, the value range is 0 ~ 255 . 0 indicates that the device stops participating in the VRRP backup group, which is used to make the backup device become the master device as soon as possible without waiting for the timer to expire; 255 is reserved for the IP address owner and cannot be configured manually; the default priority value of the device is 100 .
  • vrid : The identifier of the virtual router. In the figure, the vrid of the virtual router composed of RouterA and RouterB is 1 , which needs to be specified manually, ranging from 1-255 .

 state machine

 

The VRRP protocol state machine has three states: Initialize (initial state), Master (active state), and Backup (standby state).
The transition conditions between the three states are as follows:
Initialize->MasterStartup priority=255
Initialize->BackupStartup priority=255
Master->Initialize : The device is shut down;
Master->Backup : Receives data packets with a higher priority than itself;
Backup->Initialize : The device is shut down;
Backup->Master : No VRRP notification message is received within the timeout period or the original Master priority of the received notification message is 0 , or the priority of the original Master in the received notification message is lower than its own priority.

 

VRRP primary and secondary backup working process 

The working process of VRRP is as follows:
  • Elect the Master :
  • The devices in the VRRP backup group elect the master based on priority . The master device notifies the virtual MAC address to the device or host connected to it by sending gratuitous ARP packets , thereby undertaking the task of packet forwarding .
  • Election rules: Compare the priorities, and the one with the higher priority is elected as the Master device. When the priorities of two devices are the same, if a Master already exists , it will remain the Master and does not need to continue the election; if there is no Master , the interface IP address size will continue to be compared, and the device with the larger interface IP address will be elected as the Master device.
  • Notification of Master device status ( VRRP backup group status maintenance):
  • The master device periodically sends VRRP notification messages and announces its configuration information (priority, etc.) and working status in the VRRP backup group. The Backup device determines whether the Master device is working properly by receiving VRRP packets . When the Master device voluntarily gives up its Master status (for example, the Master device exits the backup group), it will send a notification message with a priority of 0 , which is used to quickly switch the Backup device to the Master device without waiting for the Master_Down_Interval timer to expire. The switching time is called Skew_Time , and the calculation method is: ( 256 - the priority of the Backup device) / 256 , in seconds.
  • When a network failure occurs on the Master device and it cannot send notification messages, the Backup device cannot immediately know its working status. After the Master_Down_Interval timer times out, the Master device will be considered to be unable to work properly and the status will be switched to Master . Among them, the value of the Master_Down_Interval timer is: 3×Advertisement_Interval + Skew_Time , in seconds.

VRRP master and backup router switching process (1) 

  • If the Master fails, the process of active/standby switchover is as follows:

 

Master equipment failure working process:
  • When the backup device in the group does not receive a message from the Master device within a period of time ( the value of the Master_Down_Interval timer is 3×Advertisement_Interval + Skew_Time , in seconds) , it will turn itself into the Master device.
  • When there are multiple backup devices in a VRRP group, multiple master devices may be generated in a short period of time. At this time, the device will compare the priority in the received VRRP packet with the local priority to select the one with the highest priority. The device becomes the Master .
  • After the status of the device changes to Master, it will immediately send free ARP to refresh the MAC table entries on the switch , thus directing user traffic to this device. The entire process is completely transparent to the user.

VRRP master and backup router switching process (2) 

  • If the original Master fails and recovers, the process of master/backup switchback is as follows: 

 

Preemption Mode :
  • Controls whether the backup router with higher priority can preempt the master router with lower priority and make itself the master . The default is preemption mode.
  • Note: The exception is that if the IP address owner is available, it is always in preemption and becomes the master device.
Preemption delay ( Delay Time ):
  • Preemption delay time, the default is 0 , which means immediate preemption.
  • After RouterA recovers from the fault in the figure , immediate preemption may cause traffic interruption because the routing protocol of RouterA 's uplink may not have completed convergence. In this case, you need to configure the preemption delay of the Master device.
  • In addition, in a network with unstable performance, network congestion may cause the Backup device to not receive packets from the Master device during the Master_Down_Interval period, and the Backup device will actively switch to the Master device . If packets from the original Master device arrive again at this time, the new Master device will switch back to Backup again . In this case, the VRRP backup group member status will switch frequently. To alleviate this phenomenon, you can configure the preemption delay so that the Backup device waits for the Master_Down_Interval time before waiting for the preemption delay time. If no notification message is received during this period, the Backup device will switch to the Master device.

 VRRP failure scenario

 

  • In the figure, the uplink failure of RouterA will not cause a VRRP active/standby switchover. This will cause HostA's Internet traffic to be dropped at RouterA . Therefore, the VRRP device needs to be able to sense the uplink failure and perform active/standby switchover in a timely manner.
  • If RouterA or the interface connected to RouterB fails , a VRRP master/backup switchover will occur because the Backup device cannot receive the protocol packets sent by the Master device within the Master_Down_Interval time .

 VRRP linkage function

 Solution: Use the linkage function of VRRP to monitor uplink interface or link failures and proactively perform active/standby switchover.

Problems solved: VRRP cannot sense the status changes of non-running VRRP interfaces. Therefore, when the uplink fails, VRRP cannot sense it and will not perform active/standby switchover, resulting in service interruption.
Solution: Use the linkage function of VRRP to monitor uplink interface or link failures and proactively perform active/standby switchover.

 

VRRP load sharing working process 

  • Load balancing means that multiple VRRP backup groups are responsible for service forwarding at the same time. The basic principles and message negotiation processes of VRRP load balancing and VRRP active/standby backup are the same. Each VRRP backup group contains a Master device and several Backup devices.
  • The difference from the master-backup backup method is that the load sharing method requires the establishment of multiple VRRP backup groups, and the master devices of each backup group are shared on different devices; a single device can join multiple backup groups and play roles in different backup groups. Different roles.

 VRRP configuration implementation

  • The load sharing method is the same as the master/backup backup method. Taking a single VRRP backup group as an example, the master device configuration is as follows:
  1. vrrp vrid 1 virtual-ip 10.0.0.10 // Configure the virtual IP address in vrid1 .
  2. vrrp vrid 1 priority 120 // The priority configured in vrid1 is 120. The priorities of other devices are not manually specified. The default is 100 , then this device is the Master .
  3. vrrp vrid 1 preempt-mode timer delay 20 // Configure the preemption delay of the Master device to 20 seconds.
  4. vrrp vrid 1 track interface GigabitEthernet0/0/0 reduce 30 // Track the status of the uplink interface G0/0/0 . If the port fails, the VRRP priority of the Master device is reduced by 30 .
  • Backup device configuration:
  1. vrrp vrid 1 virtual-ip 10.0.0.10 // Configure the virtual IP address in vrid1 .

Guess you like

Origin blog.csdn.net/yy123cisco/article/details/135146511
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com