FHRP (First Hop Redundancy Protocol) - a family of protocols designed to create default gateway redundancy. The general idea for these protocols is to combine several routers into one virtual router with a common IP address. This IP address will be assigned on hosts as the default gateway address. A free implementation of this idea is the VRRP (Virtual Router Redundancy Protocol) protocol. In this article, we will cover the basics of the VRRP protocol.
VRRP routers are combined into one virtual router. All routers in a group share a common virtual IP (VIP) address and a common group number, or VRID (Virtual Router Identifier). One router can be in several groups, each of which must have its own unique VIP/VRID pair.
In the case of Cisco, the virtual router is set on the interface of interest to us with the command:
R1(config-if)# vrrp <group-number> ip <ip-address>All routers are divided into two types: VRRP Master and VRRP Backup.
VRRP Master is the router that forwards packets for this virtual group.
VRRP Backup is the router that is waiting for the packet from the master. If packets from the Master stop coming, Backup tries to switch to the Master state.
The router becomes Master if it has the highest priority. The Master constantly broadcasts messages to the 224.0.0.18 broadcast address to tell the Backup routers that it is running. The Master sends messages according to the Adver Timer, which is 1 second by default.
In this case, the group address 00:00:5E:00:01:xx is used as the sender's MAC address, where xx is the VRID in hexadecimal format. In this example, the first group is used.
If the Backup routers do not receive messages within three Adver Timers (Master Down Timers), then the new Master becomes the router with the highest priority, or the router with the highest IP. In this case, the Backup router with a higher priority will intercept the Master role with a lower priority. However, when Backup has preempt mode disabled, Backup will not take over from Master.
R1(config-if)# no vrrp <group-number> preemptIf the VRRP router is the owner of the VIP address, then it always takes over the Master role.
VRRP priority is set in values ββfrom 1 to 254. The value 0 is reserved for cases when the Master needs take off take responsibility for routing. The value 255 is set to the VIP owner router. The default priority is 100, but can be set administratively:
R1(config-if)#vrrp <group-number> priority <priority 1-254>Here we can see the priority of the router when it is set administratively:
And here is the case when the router is the owner of the VIP:
A VRRP router can have three states: Initialize, Backup, Master. The router sequentially changes these states.
In the Initialize state, the router is waiting to start. If this router is the owner of the VIP address (priority is 255), then the router sends messages that it becomes Master. He also sends , where the source MAC address is equal to the virtual router address. It then transitions to the Master state. If the router is not the owner of the VIP, then it goes into the Backup state.
In the Backup state, the router waits for packets from the Master. The router in this state does not respond to ARP requests from the VIP address. It also does not accept packets that have the MAC address of the virtual router as their destination address.
If the Backup does not receive messages from the Master during the Master Down Timer, then it sends a message to VRRP that it is going to become the Master. It then sends a VRRP broadcast message in which the source MAC address is equal to the address of this virtual router. In this message, the router indicates its priority.
In the Master state, the router processes packets addressed to the virtual router. It also responds to ARP requests to the VIP. Master sends out VRRP messages every Adver Timer to confirm that it is working.
*May 13 19:52:18.531: %VRRP-6-STATECHANGE: Et1/0 Grp 1 state Init -> Backup
*May 13 19:52:21.751: %VRRP-6-STATECHANGE: Et1/0 Grp 1 state Backup -> MasterVRRP also allows load balancing across multiple routers. To do this, two VRRP groups are created on one interface. One group is given higher priority than the other. In this case, on the second router, the priority is set in the opposite way. Those. if on one router the priority of the first group is 100, and the second group is 200, then on the other router the priority of the first group will be 200, and the second 100.
As stated earlier, each group must have its own unique VIP. As a result, we get two ip addresses served by two routers, each of which can serve as a default gateway.
Half of the computers are assigned one default gateway address, half the other. Thus, half of the traffic will go through one router, and half through the other. If one of the routers fails, the second one takes over the work of both VIPs.
Thus, VRRP allows you to organize the fault tolerance of the default gateway, increasing the reliability of the network. And in the case of using several virtual routers, you can also balance the load between real routers. Failure response times can be reduced by reducing the timers.
Source: habr.com