VRRP (Virtual Router Redundancy Protocol, referred to as VRRP) is a static gateway routing protocol configuration appears to solve local area network proposed by the IETF single point of failure phenomena.
1. Design goals
VRRP widely used in the edge of the network, it's designed to support IP data traffic under certain circumstances failover will not cause confusion, allowing the host to use a single router, and promptly in the case of actual first hop router failure still able to maintain connectivity between routers.
2. The fault-tolerant protocol
VRRP is a fault-tolerant routing protocol, also called Standby Routing Protocol. All hosts in a local area network are set to the default route, when the destination address of the internal host network segment is not sent, the packet is default route to the external router, enabling communication with an external network host.
3. Select the protocol
VRRP is a protocol, it can be the responsibility of a virtual router dynamically allocated to one of the VRRP routers on the LAN.
工作原理
路由器开启VRRP功能后,会根据优先级确定自己在备份组中的角色。优先级高的路由器成为主用路由器,优先级低的成为备用路由器。主用路由器定期发送VRRP通告报文,通知备份组内的其他路由器自己工作正常;备用路由器则启动定时器等待通告报文的到来。
VRRP在不同的主用抢占方式下,主用角色的替换方式不同:在抢占方式下,当备用路由器收到VRRP通告报文后,会将自己的优先级与通告报文中的优先级进行比较。如果大于通告报文中的优先级,则成为主用路由器否则将保持备用状态。
在非抢占方式下,只要主用路由器没有出现故障,备份组中的路由器始终保持主用或备用状态,备份组中的路由器即使随后被配置了更高的优先级也不会成为主用路由器。
如果备用路由器的定时器超时后仍未收到主用路由器发送来的VRRP通告报文,则认为主用路由器已经无法正常工作,此时备用路由器会认为自己是主用路由器,并对外发送VRRP通告报文。备份组内的路由器根据优先级选举出主用路由器,承担报文的转发功能。
1. having a unique identity of
the router performance of the external unique virtual MAC address of the master router is responsible for answering ARP requests to do with the MAC address to ensure that terminal equipment is the only consistent IP and MAC addresses, reducing the switching terminal the impact of the device.
A control packets
VRRP advertisement using multicast IP packets are encapsulated, the range is limited to release the same LAN. VRID ensures that can be reused in different networks. In order to reduce network bandwidth consumption only the master router can periodically It sends VRRP advertisements.
3. priority
configuration can be based on the principle of priority of speed and cost of the link, router performance and reliability as well as other management strategies set. election master router, high-priority virtual router win. VRRP protocol priority range is 0-255.
4. Security
To ensure the security of the VRRP provides simple authentication and IP header authentication two security authentication measures. Plaintext authentication: When you join a group VRRP router, you must also provide the same VRID and clear text passwords, avoid configuration errors in the LAN. IP header authentication provides greater security to prevent message replay and modify ***.