VRRP birth Background
When gateway router RouterA failure, the network segment can not be performed in the host device is a gateway to the Internet communication
multiple gateway may be some problems: a gateway between IP address conflicts; host frequent switching network exit
VRRP works
VRRP can, without changing the networking of multiple virtual routers into a virtual router, configure the virtual router's IP address as the default gateway, backup gateway
Protocol version: VRRPv2 (common) and VRRPv3 VRRPv2 only in IPv4 network, VRRPv3 applies to both IPv4 and IPv6 networks.
VRRP packets: Only one message: Advertisement packet destination IP address 224.0.0.18, the destination MAC address is 00-00-5e-00-01-XX, protocol number is 112, VRRP is the network layer
The basic concept of VRRP
virtual router (Virtual Router): consists of a Master device and multiple Backup equipment components, is treated as a shared LAN default gateway hosts. Such as RouterA and RouterB together to form a virtual router.
Master router (Virtual Router Master): for forwarding packets of VRRP devices, such as RouterA.
Backup router (Virtual Router Backup): do not forward a set of VRRP device, when the Master device fails, they will become the new Master device through the campaign, such as RouterB.
Priority: priority of the device in the VRRP group, in the range from 0 to 255.
0 indicates that the device is stopped participating in VRRP backup group for the backup device as soon as possible to become Master device, without having to wait until the timer expires; 255 reserved for the IP address owner, you can not manually configured; the device default priority value is 100.
vrid: vrid virtual router identifier of the virtual router, as shown in RouterA and RouterB consisting of 1, to be specified manually, 1-255.
virtual IP address (Virtual IP Address): IP address of virtual router, a virtual router can have one or more IP addresses configured by the user. Such as the Virtual IP address of the virtual router RouterA and RouterB consisting of 10.1.1.254/24.
IP address owner (IP Address Owner): It is a VRRP device will be the actual interface IP address configuration for the virtual router IP address, the device is called IP address owner. If the IP address owner is available, it will always be the Master.
virtual MAC address (Virtual MAC Address): vrid virtual router MAC address generated based. A virtual router has a virtual MAC address in the format: 00-00-5E-00-01- {vrid}. When the virtual router responds to ARP requests, using the virtual MAC address, rather than the actual MAC address of the interface. The virtual router vrid RouterA RouterB consisting of 1, so the MAC address of the VRRP backup group is 00-00-5E-00-01-01.
VRRP protocol state machine has three states: Initialize (initial state), Master (active state), Backup (standby state)
VRRP master and backup process
The first step: elected Master
VRRP backup group, the Master of the device according to the priority election. Master by sending gratuitous ARP packets, the virtual MAC address notification given device or host connected to it, so assume packet forwarding tasks.
election rules: To compare the size of priorities, a higher priority is elected as the Master device. When two devices have the same priority, if it already exists Master, the Master to maintain its identity, no need to continue the election; if the Master does not exist, continue to compare the size of the interface IP address, interface IP address of the device was elected Master of the larger equipment.
Step: Master device state advertisement (VRRP backup group is maintained)
Master设备周期性地发送VRRP通告报文,在VRRP备份组中公布其配置信息(优先级等)和工作状况。Backup设备通过接收到的VRRP报文来判断Master设备是否工作正常。
当Master设备主动放弃Master地位(如Master设备退出备份组)时,会发送优先级为0的通告报文,用来使Backup设备快速切换成Master设备,而不用等到Master_Down_Interval(默认为3s)定时器超时。这个切换的时间称为Skew_Time(几乎可以堪称0s),计算方式为:(256-Backup设备的优先级)/256,单位为秒。
当Master设备发生网络故障而不能发送通告报文的时候,Backup设备并不能立即知道其工作状况。等到Master_Down_Interval定时器超时后,才会认为Master设备无法正常工作,从而将状态切换为Master。其中,Master_Down_Interval定时器取值为:3×Advertisement_Interval+Skew_Time,单位为秒。其中Advertisement_Interval默认情况下为1S
VRRP主备切换过程
如果Master发生故障,则主备切换的过程
当组内的备份设备一段时间(Master_Down_Interval定时器取值为:3×Advertisement_Interval+Skew_Time,单位为秒)内没有接收到来自Master设备的报文,则将自己转为Master设备。
一个VRRP组里有多台备份设备时,短时间内可能产生多个Master设备,此时,设备将会对收到的VRRP报文中的优先级与本地优先级做比较,从而选取优先级高的设备成为Master。
设备的状态变为Master之后,会立刻发送免费ARP来刷新交换机上的MAC表项,从而把用户的流量引到此设备上来,整个过程对用户完全透明。
如果原Master故障恢复,则主备回切的过程:
抢占模式(Preemption Mode):缺省为抢占模式
控制具有更高优先级的备用路由器是否能够抢占具有较低优先级的Master路由器,使自己成为Master。
注意:存在的例外情况是如果IP地址拥有者是可用的,则它总是处于抢占的状态,并成为Master设备。
抢占延时(Delay Time):抢占延迟时间,默认为0,即立即抢占。
图中RouterA故障恢复后,立即抢占可能会导致流量中断,因为RouterA的上行链路的路由协议可能未完成收敛,这种情况则需要配置Master设备的抢占延时。
另外,在性能不稳定的网络中,网络堵塞可能导致Backup设备在Master_Down_Interval期间没有收到Master设备的报文,Backup设备则会主动切换为Master。如果此时原Master设备的报文又到达了,新Master设备将再次切换回Backup,如此则会出现VRRP备份组成员状态频繁切换的现象。为了缓解这种现象,可以配置抢占延时,使得Backup设备在等待了Master_Down_Interval时间后,再等待抢占延迟时间。如在此期间仍没有收到通告报文,Backup设备才会切换为Master设备。
VRRP故障场景
解决的问题:VRRP无法感知非运行VRRP接口的状态变化,故当上行链路出现故障时,VRRP无法进行感知,不会进行主备切换,从而导致业务中断。
解决方案:利用VRRP的联动功能监视上行接口或链路故障,主动进行主备切换。
VRRP负载分担工作过程
load balancing refers to multiple VRRP groups and to assume forwarding business, the basic principles of VRRP load balancing and VRRP standby backup and packet negotiation process is the same. For each VRRP backup group, and contains a plurality of Backup Master device apparatus.
differs in that the primary backup mode: load balancing approach requires the establishment of multiple VRRP backup groups, Master devices sharing of backup groups on different devices; single backup device can join a plurality of groups, different backup groups play different roles.
The basic configuration of VRRP
Profile as the backup mode
RA profile
#
sysname RA
#
interface GigabitEthernet0/0/0
ip address 13.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.10
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
vrrp vrid 1 track interface GigabitEthernet0/0/0 reduced 30
#RB's profile
#
sysname RB
#
interface GigabitEthernet0/0/1
ip address 10.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.10
#RC's profile
#
sysname RC
interface GigabitEthernet0/0/0
ip address 13.1.1.3 255.255.255.0
#Check:
Check to check on the status of RA
[RA]display vrrp
GigabitEthernet0/0/1 | Virtual Router 1
State : Master
Virtual IP : 10.0.0.10
Master IP : 10.0.0.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet0/0/0 Priority reduced : 30
IF state : UP
Create time : 2019-09-28 09:06:52 UTC-08:00
Last change time : 2019-09-28 09:10:00 UTC-08:00[The RA]
See above VRRP state in RB
[RB]display vrrp
GigabitEthernet0/0/1 | Virtual Router 1
State : Backup
Virtual IP : 10.0.0.10
Master IP : 10.0.0.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2019-09-28 09:08:27 UTC-08:00
Last change time : 2019-09-28 09:10:02 UTC-08:00
[RB]Configuration summary of VRRP master and backup
Master device configuration:
vrrp vrid 1 virtual-ip 10.0.0.10 //配置vrid1中的虚拟IP地址。
vrrp vrid 1 priority 120 //配置在vrid1中的优先级为120,其他设备优先级未手动指定,缺省为100,则本设备为Master。
vrrp vrid 1 preempt-mode timer delay 20 //配置Master设备的抢占时延为20秒。
vrrp vrid 1 track interface GigabitEthernet0/0/0 reduce 30 //跟踪上行接口G0/0/0的状态,如果端口出现故障,则Master设备VRRP优先级降低30。Backup Device Configuration:
vrrp vrid 1 virtual-ip 10.0.0.10 //配置vrid1中的虚拟IP地址。