The following examples explains the distinction between virtual routers with and without owner.
The following figure shows a simple network with two VRRP routers implementing one virtual router.
The shape in the drawing labeled with VRID V1 (or 37 as an illustration that VRID is an integer) indicates that R1 and R2 are members of the VRRP virtual router V1. Router R1 is the master in virtual router V1 and R2 is the backup. As long as the master is functional, all traffic destined to the external network gets directed to R1. But as soon as R1 fails, R2 takes over as the master and starts handling packets forwarded to the interface associated with IP(R1).
Figure 26.1, “One-sided protection” represents this situation.
Following configuration shows setting parameters of R1:
[16:13:22] ABILIS_CPX_R1:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 MASTER NONE
192.032.005.001 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R2:
[16:13:22] ABILIS_CPX_R2:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 BACKUP NONE
192.032.005.001 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Note that in Figure 26.2, “Load sharing between VRRP routers”, R2 router is completely idle during its backup periods. Its whole purpose in the network consists of being a backup for R1. R2 is a purely redundant device. This may be considered underutilization or waste of a valuable resource.
In such circumstances the network deployer may decide to assign R2 as a default router to some hosts on the LAN (H3 and H4), implementing a loadsharing scheme: the traffic coming from H1 and H2 is handled by R1, and H3-H4 traffic is forwarded to R2.
However, the protection of R2 needs to be explicitly set up. To create this setup, we need to define two virtual routers, V1 and V2, and we need to define the opposite roles to our routers in V1 and V2. Figure 26.2, “Load sharing between VRRP routers” illustrates this setup.
In this setup R1 is defined as the master of the V1 and R2 as the backup. In V2, R2 is the master and R1 acts as the backup. This configuration implements:
a load-sharing arrangement between R1 and R2;
a mutual protection setup by having two routers acting as backups for each other.
Note | |
---|---|
In case of failure of one of the routers, one can suffer some degradation in the network service, unless the network is engineered accordingly. |
Advantages of load sharing:
network managers know when one fails: it is much easier to detect the failure of an active device than of equipment which is in a passive monitoring mode;
an active device is kept in a fully working state (software and hardware upgrades).
Following configuration shows setting parameters of R1:
[16:13:22] ABILIS_CPX_R1:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 MASTER NONE
192.032.005.001 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
1 CPX_V2 1 73 100 YES
1 BACKUP NONE
192.032.005.002 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R2:
[16:13:22] ABILIS_CPX_R2:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 BACKUP NONE
192.032.005.001 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
1 CPX_V2 1 73 100 YES
1 MASTER NONE
192.032.005.002 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
The examples we have introduced so far were of the 1-to-1 cardinality; even in the mutual protection case, we had a pair of 1-to-1 configurations. VRRP supports 1-to-N redundancy cardinalities where N can be greater than 1. Example: the R1 router is backed up by two routers, R2 and R3, without any load sharing. Figure 26.3, “Virtual router with multiple backups” represents such a configuration.
In this configuration R1 is designated as the default router for all the hosts and the master of the virtual router V1. R2, R3 are redundant backups ready to take over the default router role if R1 fails. A mechanism for deciding which one of the routers, R2 or R3, should become the master is needed.
VRRP uses the mechanism of priorities:
priorities range normally between 1 and 255;
the value 0 has a special meaning to indicate that the current master is releasing its mastership responsibility;
the higher the number, the higher the priority.
in case of failover the VRRP elects the router with the highest priority as the master.
If there are more routers having the same priority, VRRP uses a second criterion based on IP address:
each VRRP router is associated with a set of IP addresses identifying its multiple (real) interfaces;
using an algorithm (the smallest one, the first one in the list, etc.) a router selects one of its IP addresses as its primary IP address;
the router with the greater primary IP address becomes the master.
Following configuration shows setting parameters of R1:
[16:13:22] ABILIS_CPX_R1:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 MASTER NONE
192.032.005.001 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R2:
[16:13:22] ABILIS_CPX_R2:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 BACKUP NONE
192.032.005.001 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R3:
[16:13:22] ABILIS_CPX_R3:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 BACKUP NONE
192.032.005.001 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Take the configuration depicted in Figure 26.3, “Virtual router with multiple backups”. In this configuration the IP address protected by the virtual router V1 is the IP address of the router R1, so R1 is at the same time the master and the owner of the virtual router V1. VRRP requires the owner to assume the priority 255 and to become the master at the initialization.
When a owner becomes operational again, it becomes unconditionally master again.
Besides, as long as it is operational, an owner remains master regardless of the status of the other VRRP routers.
When neither the current master nor the router that is in the process of becoming operational is an owner the result depends on the priorities of the routers as well as on the value of preemption mode flag. The preemption flag regulates whether a new operational nonowner can displace the current master based on its priority.
Let us call a master becoming operational after a failure a
new contestant
and use the term
incumbent
for the current master from the perspective
of its bid for a new election.
Since the mastership of an owner is unconditional, a new contestant cannot displace an incumbent owner. By the same token, a new contestant that is also an owner always displaces the incumbent.
If the incumbent and the new contestant are not owners, in such cases the decision depends on the priorities and the preemption mode. If the priority of the incumbent is higher than that of the new contestant, the incumbent stays in its office.
If the priority of the new contestant is higher than that of the incumbent and if the preemption mode is set to true, the new contestant becomes the master. On the other hand, if the preemption mode is defined as false, in such cases the incumbent keeps its office even if it were to have lower priority.
VRRP allows to use at most one owner in a virtual router. So, there can be virtual routers protecting IP addresses that are not owned by any specific router. Figure 26.4, “Virtual router without an owner” shows a virtual router in which none of the group members is an owner of the protected address(es).
The main advantage of having a virtual router without an owner is the flexibility it gives to the network administrator. Since the protected IP address is not the real address of any one of the participant routers, the administrator can change these physical routers or their addresses without any need to reconfigure the virtual router itself or the hosts.
Following configuration shows setting parameters of R1:
[16:13:22] ABILIS_CPX_R1:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 250 YES
1 MASTER NONE
192.032.005.010 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R2:
[16:13:22] ABILIS_CPX_R2:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 BACKUP NONE
192.032.005.010 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R3:
[16:13:22] ABILIS_CPX_R3:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 10 YES
1 BACKUP NONE
192.032.005.010 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
This example explain how to implement an N-to-1 redundancy using VRRP.
Assumption: having three VRRP routers (R1, R2, and R3) into our local networks consisting of two segments.
Goal: R2 is the back up router for both R1 and R3.
Define two different virtual routers, V1 and V2, and designate R1 as the master of V1 and R3 as the master of V2. The VRRP router R2 assumes the role of the backup both in V1 and V3. Figure 26.5, “One backup for two masters” illustrates this configuration.
Disadvantages:
at the failure of R1, R2 assumes the responsibility of handling IP(R1), and if during that period R3 also fails, R2 also starts handling packets forwarded toward IP(R2). This arrangement may lead to unacceptable service degradation unless the network is overengineered and/or R2 is a mighty powerful box.
The two virtual routers in our illustration are associated with two LAN segments. R1 is on A and R3 is on B, whereas R2 is associated with both through its two interfaces: R2.1 and R2.2.
The router backing up two masters is not protected.
In the event of its failure, both R1 and R2 become unprotected.
Advantages:
given the cost considerations for backup lines N-to-1 arrangements may be quite plausible from an economic point of view.
Following configuration shows setting parameters of R1:
[16:13:22] ABILIS_CPX_R1:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 MASTER NONE
192.032.005.001 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R2:
[16:13:22] ABILIS_CPX_R2:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 BACKUP NONE
192.032.005.001 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
1 CPX_V2 1 73 100 YES
1 BACKUP NONE
192.168.205.003 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R3:
[16:13:22] ABILIS_CPX_R3:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V2 1 73 100 YES
1 MASTER NONE
192.032.205.003 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
VRRP may be used to protect multiple IP addresses with a single
virtual router. A physical interface may have multiple IP addresses
which can be on the same or different subnets, the latter being referred
to as multinetting
. Multinetting is used to renumber
a network, that is, assign new addresses with a different subnet
definition.
When a VRRP router has more than one address associated with its interface, it can have all its addresses protected by one single virtual router. The router in question qualifies as the owner of all addresses, but only one of those addresses is used as primary for the purposes of VRRP traffic.
These considerations are still true in case of multinetting. Figure 26.6, “Virtual router protecting multiple IP addresses” depicts a virtual router protecting a default router configured for multinetting.
Note that the LAN segment is partitioned into two subnets: 192.32.5.0 and 192.32.205.0. Router R2, the owner of both addresses IP(R2)5 and IP(R2)205, is the master of the virtual router V1.
Router R1 is the backup and is similarly configured. Although the IP addresses are in different subnets, they are associated with the same virtual router V1, and they are both protected by the same virtual router V1. One of the addresses designated via configuration as primary would be picked for V1; in this example, 192.32.5.2 and router R1 would be the backup. The VRRP mechanism and VRRP exchanges will be on this subnet 192.32.5.0, and 192.32.5.2 will be the primary IP address of virtual router V1.
The other address, 192.32.205.2, would simply piggyback on the protection offered by VRRP to the primary address because both of them are on the same interface.
As long as R2 is operational, R1 will stay in the backup status; but when R2 fails, VRRP will detect the failure and R1 will become the master and route on behalf of 192.32.5.2 as well as 192.32.205.2, since R1 is configured accordingly. In other words, all IP addresses in a multinetted interface will switch over to the backup. We do realize that it is possible to have one virtual router, not multiple ones, to protect more than one IP address as long as all physical routers within a virtual router have a multinetted configuration on the same set of subnets.
Following configuration shows setting parameters of R1:
[16:13:22] ABILIS_CPX_R1:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 BACKUP NONE
192.032.005.002 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R2:
[16:13:22] ABILIS_CPX_R2:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 MASTER NONE
192.032.005.002 # # #
NO NO NO NO
NONE
-------------------------------------------------------------------------------
The following Figure 26.7, “Virtual router protecting two-sided IP addresses” shows two simple networks with two VRRP routers implementing two virtual router depending each other.
The shape in the drawing labeled with VRID V1 (or 37 as an illustration that VRID is an integer) indicates that R1 and R2 are members of the VRRP virtual router V1.
Router R1 is the master in virtual router V1 and R2 is the backup.
Each virtual router depends on the status of the other IP network it owns. For example, if IP1 (R1) goes down, it will force also IP2 (R1) going down, allowing R2 to become the virtual master router for both interfaces it owns.
Following configuration shows setting parameters of R1:
[16:13:22] ABILIS_CPX_R1:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 MASTER NONE
192.032.015.001 # # #
NO NO NO NO
Ip-2
-------------------------------------------------------------------------------
1 CPX_V2 2 73 100 YES
1 MASTER NONE
192.032.030.001 # # #
NO NO NO NO
Ip-1
-------------------------------------------------------------------------------
Following configuration shows setting parameters of R2:
[16:13:22] ABILIS_CPX_R2:d vrrp
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
ID: NAME: IPRES: VRID: PRIO: PREEMPT:
ADVER-INT: INIT-STATE: AUTH: AUTH-DATA:
IP1: IP2: IP3: IP4:
HIDE-IP1: HIDE-IP2: HIDE-IP3: HIDE-IP4:
DEP-RES:
-------------------------------------------------------------------------------
0 CPX_V1 1 37 100 YES
1 BACKUP NONE
192.032.015.002 # # #
NO NO NO NO
Ip-2
-------------------------------------------------------------------------------
1 CPX_V2 2 73 100 YES
1 BACKUP NONE
192.032.030.002 # # #
NO NO NO NO
Ip-1
-------------------------------------------------------------------------------