Shulou(Shulou.com)06/01 Report--

Virtual Router redundancy Protocol (VRRP)

5.1 principle of VRRP protocol

VRRP protocol (Virtual Router Redundancy Protocol, virtual router redundancy protocol), which is similar to HSRP, can improve the stability and reliability of the network, which is defined by the IETF standard RFC2338. Because the principle of VRRP is similar to that of HSRP, except that there are slight differences in terminology and functionality, this section briefly introduces the principles of VRRP.

1. The working principle of VRRP

As shown in figure 5.1, the VRRP protocol uses two or more routers on the LAN segment as a "virtual" router to provide services through the same virtual IP address and virtual MAC address. If one of them fails, the other can replace it and continue to complete the routing function.

Figure 5.1 VRRP creates a virtual router with its own MAC address and IP address

The VRRP protocol group consists of a primary router, a backup router, and a virtual router. The active router in the VRRP protocol is called the primary router, and it forwards packets sent to the virtual router. Routers that are not primary routers in other VRRP groups are in a backup state. A virtual router is a router that represents to the end user that it can work continuously.

VRRP, like HSRP, selects the primary router according to the priority size, and the router with the highest priority in the same VRRP group becomes the primary router with a status of Master. The other routers in the group are in a backup state and detect the status of the primary router. The primary router sends an VRRP advertisement at regular intervals announcing that it is working properly. If the backup router in the VRRP group does not receive an advertisement from the primary router for a long time, it changes itself to the Master state. There may be multiple backup routers in the VRRP group that think of themselves as the primary router at the same time, and each primary router compares the priority in the VRRP advertisements received with the local priority. If the local priority is less than the priority advertised by VRRP, its router status is backup, otherwise the Master status remains unchanged. Eventually, the router with the highest priority in a VRRP group becomes the new primary router.

2. Virtual MAC address

The MAC address format of the virtual router in the VRRP group is 0000.5e00.01xx, where xx is the VRRP group number.

For example: VRRP group 47, the MAC address of the virtual router is 0000.5e00.012f.

3. VRRP announcement

Only one kind of message, VRRP advertisement, is defined in VRRP protocol, which uses IP protocol number 112 and the destination address is multicast address 224.0.0.18.

4. Status of VRRP

The VRRP protocol defines three states: Master (master state), Backup (backup state), and Initialize (initial state).

N initial state: all routers start from the initial state, that is, when the process starts, it enters this state.

N backup status: receives VRRP multicast advertisements sent by the main router, thus judging the status of the main router; discards packets sent to the MAC address and IP address of the virtual router; does not respond to the ARP request for the virtual IP address.

N master status: periodically send VRRP multicast advertisements; respond to ARP requests for virtual IP addresses, and send free ARP messages to let hosts in the network know the corresponding relationship between virtual IP addresses and virtual MAC addresses; forward IP packets whose destination address is virtual MAC address.

The transition relationship between the three states of VRRP, as shown in figure 5.2.

Figure 5.2 transition relationship between the three states of VRRP

In the initial state, if a startup message is received and the priority is 255 (priority range 0,255), the router state changes to the primary state; if the priority is less than 255, the router state changes to the backup state.

In the backup state, if the interface receives a shutdown message, the router state changes to the initial state; if the Master_Down_Interval time expires, the router transitions to the primary state.

In the primary state, if the interface receives a shutdown message, the router state changes to the initial state; if the priority in the received VRRP multicast advertisement is higher than the local priority, the router state changes to the backup state.

Name explanation:

1. Master_Down_Interval is equivalent to the hold time in HSRP, that is, if the backup router does not receive an VRRP advertisement from the primary router for a period of time, it is considered that the primary router is abnormal and becomes the primary router itself.

2. The VRRP priority is the same as the HSRP priority, with a range of 0mm 255, a configurable range of 1x 254, and a default of 100. If the virtual IP address configured by VRRP is the same as the actual physical interface address of the router, the VRRP router is called the owner of the IP address, and the VRRP priority of the router is 255.

5. VRRP timer

By default, the sending time of VRRP advertisements is 1s, while the sending time of VRRP advertisements on the main router is 3 times the Master_Down_Interval time, plus an offset time. For details of the calculation formula, please see RFC2338.

6. VRRP certification

VRRP protocol provides three authentication methods (no authentication, simple word authentication and MD5 authentication). Different authentication methods can be used according to different network environments. No authentication can be used in a secure network, and MD5 authentication can be used in a very insecure network.

5.2 configuration of VRRP protocol

The previous simple explanation of the principle of the VRRP protocol, this section introduces the relevant configuration of the VRRP protocol.

5.2.1 configuration commands for VRRP

1. Configure the router as a member of the VRRP group

Configure the router or layer 3 switch as a member of the VRRP group and specify a virtual IP address:

Switch (config-if) # vrrp group-number ip virtual-ip-address

Where:

N group-number: indicates the VRRP group to which the port belongs. The configurable range is 1x255.

N virtual-ip-address: the IP address of the virtual VRRP router, that is, the gateway address of the network segment. If the virtual IP address is the same as the physical IP address of the interface, the local router in this VRRP group has a priority of 255.

2. Configure VRRP priority

Users can specify the priority of the port within the group. In this way, the user has the flexibility to specify the port order in the event of a failure. Those with a high priority value will become the primary router, and the following command can be used to specify the priority:

Switch (config-if) # vrrp group-number priority priority-value

Where the priority-value range is 0mm 255, the configurable range is 1x 254, and the default value is 100.

It is important to note that if the router is the owner of the IP address, the priority is 255 and cannot be configured.

3. Allocation preemption

The meaning of preemption is the same as that of HSRP, but preemption in VRRP is turned on by default.

The command to turn off VRRP preemption is:

Switch (config-if) # no vrrp group-number preempt

You can use the vrrp group-number preempt command to turn on VRRP preemption.

4. Configure VRRP timer

The command to configure the sending time of VRRP advertisements on the VRRP router is:

Switch (config-if) # vrrp 1 timers advertise [msec] interval

Where the interval configured with the msec parameter is millisecond in the range of 50-999, and the interval configured without the msec parameter is seconds with a range of 1-255.

The command vrrp group-number timers learn calculates the time of the Master_Down_Interval by learning the VRRP advertisement interval from the master router.

5. Configure VRRP authentication

The command for VRRP to configure plaintext authentication is:

Switch (config-if) # vrrp 1 authentication word

The command for VRRP to configure MD5 authentication is:

Switch (config-if) # vrrp 1 authentication md5 key- string word

6. Configure VRRP port tracking

The way VRRP configures port tracking is slightly different from that of HSRP. When VRRP configures port tracking, first of all, you need to define the following port commands for tracking:

Switch (config-if) # track number interface type mod/mun line-protocol

Where number is the number, and the range of 1: 00 / 500 is used to represent the interface link layer state.

Then, configure VRRP port tracking in interface mode with the command:

Switch (config-if) # vrrp group-number track number decrement interface-priority

Where:

N group-number: the VRRP group number of the port with trace function

N number: tracks the ports defined by track number

N interface-priority: the value by which the hot backup priority of the router is reduced when the port fails, and is added to the priority of the router when the port becomes available.

You can use the no standby group-number track command when you want to turn off port tracking.

It is important to note that if the router is the owner of the IP address, the priority is 255 and port tracking cannot be configured.

7. Check the status of VRRP router

To display the status of the VRRP router, enter the following command in privileged mode:

Switch#show vrrp [interface type mod/mun] [group group-number] [brief]

Where:

N interface type mod/mun: Port type and serial number to display

N group group-number: the specific VRRP group to display

N brief: displays summary information, with one line of output for each backup group summary

If these optional port parameters are not specified, the show vrrp command can display VRRP information for all ports.

The output using the show vrrp brief command is as follows:

SW1#show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr

Vl2 2 150 3414 Y Master 192.168.2.1 192.168.2.254

This output shows that the VLAN2 port participates in the VRRP 2 group with a priority of 150, has preemption enabled, is not the owner of the IP address, and the router is in the Master state. The IP address of the primary router in the group is 192.168.2.1. The virtual IP address of the group is 192.168.2.254.

Use show vrrp to view the details of VRRP, as shown below:

SW1#show vrrp

Vlan2-Group 2 / / VRRP group number

State is Master / / status is Master

Virtual IP address of Virtual IP address is 192.168.2.254 / / VRRP group

Virtual MAC address of the Virtual MAC address is 0000.5e00.0102 / / VRRP group

Advertisement interval is 1.000 sec / / VRRP advertisement sending interval

Preemption enabled / / preemption is started

Priority is 150 / / priority is 150

Track object 1 state Up decrement 100 / / port tracking, lowering priority by 100

Master Router is 192.168.2.1 (local), priority is 150 / / information of the master router

Master Advertisement interval is 1.000 sec / / VRRP advertisement interval for the primary router

Master Down interval is 3.414 sec / / Down interval time of the primary router

Vlan3-Group 3

State is Backup

Virtual IP address is 192.168.3.254

Virtual MAC address is 0000.5e00.0103

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 100

Master Router is 192.168.3.2, priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.609 sec (expires in 3.217 sec) Learning

/ / learned Down interval time of the master router

5.2.2 configuration example of VRRP

Like HSRP, to achieve load balancing of network traffic, you need to configure VRRP and spanning tree.

The following is a configuration example to illustrate how to configure the load balancer of VRRP.

BENET Company sets up a network as shown in figure 5.3, which requires the use of SW1 and SW2 to enhance network stability using VRRP, and the realization of VLAN load balancing in order to make full use of network resources. The VRRP parameter planning is shown in Table 5.1.

Table 5.1 VRRP parameter planning table

VRRP parameter

Primary router

Backup router

Priority

one hundred and fifty

one hundred

Preemptive right

Yes (default)

Yes (default)

timer

Default

Default

Group number

VLAN-ID

Note:

U is the primary router for VLAN2:SW1 and the backup router for SW2

U is the backup router and SW2 primary router for VLAN3:SW1

Other network plans are as follows:

N physical IP address of the VLAN virtual interface on the SW1 switch:

L VLAN 2:192.168.2.1/24

L VLAN 3:192.168.3.1/24

N physical IP address of the VLAN virtual interface on the SW2 switch:

L VLAN 2:192.168.2.2/24

L VLAN 3:192.168.3.2/24

The IP address of n PC1 is 192.168.2.10 PC1 24, and the virtual gateway is 192.168.2.254 Universe 24. The IP address of PC2 is 192.168.3.10 Compact 24, and the virtual gateway is 192.168.3.254 Universe 24.

The interconnection address between n SW1 and R1 is 192.168.0. The interconnection address between SW2 and R1 is 192.168.1.0.

N configure the Loopback interface address of the R1 router 192.168.100.1 to 24 analog public network address

The links between n switches are all trunk links, and static routes are used to realize network interworking.

Figure 5.3 VRRP case network topology diagram

Configure the network according to the network plan.

1. Configure the basic information of the device (interface IP, VLAN, TRUNK, routing, etc.), omitting the configuration

When configuring, you need to pay attention to the configuration such as layer 3 switch enabling routing function, VLAN virtual port enabling layer 3 function, layer 3 switch port enabling layer 3 function, and the physical IP address of the interface configuration.

2. Configure VRRP

Configure VRRP on SW1 and SW2, respectively, as follows:

SW1 configuration

SW1 (config) # track 1 interface FastEthernet0/1 line-protocol / / defines the port to trace

SW1 (config) # interface Vlan2

SW1 (config-if) # ip address 192.168.2.1 255.255.255.0

SW1 (config-if) # vrrp 2 ip 192.168.2.254 / / configure the virtual IP address

SW1 (config-if) # vrrp 2 timers learn

SW1 (config-if) # vrrp 2 priority 150 / / configure priority 150

SW1 (config-if) # vrrp 2 track 1 decrement 100 / / configure port tracking

SW1 (config-if) # exit

SW1 (config) # interface Vlan3 / / priority uses the default configuration of 100and does not need to trace ports

SW1 (config-if) # ip address 192.168.3.1 255.255.255.0

SW1 (config-if) # vrrp 3 ip 192.168.3.254

SW1 (config-if) # vrrp 3 timers learn / / configure to learn the VRRP advertisement time from the master router

SW1 (config-if) # exit

SW2 configuration

SW2 (config) # track 1 interface FastEthernet0/1 line-protocol

SW2 (config) # interface Vlan2

SW2 (config-if) # ip address 192.168.2.2 255.255.255.0

SW2 (config-if) # vrrp 2 ip 192.168.2.254

SW2 (config-if) # vrrp 2 timers learn

SW2 (config-if) # exit

SW2 (config) # interface Vlan3

SW2 (config-if) # ip address 192.168.3.2 255.255.255.0

SW2 (config-if) # vrrp 3 ip 192.168.3.254

SW2 (config-if) # vrrp 3 timers learn

SW2 (config-if) # vrrp 3 priority 150

SW2 (config-if) # vrrp 3 track 1 decrement 100

SW2 (config-if) # exit

3. Configure STP to realize VLAN load balancing.

The configuration information for SW1 is as follows:

SW1 (config) # spanning-tree vlan 2 root primary

SW1 (config) # spanning-tree vlan 3 root secondary

The configuration information for SW2 is as follows:

SW2 (config) # spanning-tree vlan 2 root secondary

SW2 (config) # spanning-tree vlan 3 root primary

This ensures that the port blocked by the STP instance of VLAN2 is one of the SW2 and SW3 connection ports, while the STP instance of VLAN3 is blocking one of the SW1 and SW3 connection ports. This ensures that the link from the SW3 to the main router of different VLAN will not be blocked.

4. Verify VRRP

Use the show vrrp command to view VRRP details as follows:

SW1#show vrrp

Vlan2-Group 2

State is Master

Virtual IP address is 192.168.2.254

Virtual MAC address is 0000.5e00.0102

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 150

Track object 1 state Up decrement 100

Master Router is 192.168.2.1 (local), priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec

Vlan3-Group 3

State is Backup

Virtual IP address is 192.168.3.254

Virtual MAC address is 0000.5e00.0103

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 100

Master Router is 192.168.3.2, priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.609 sec (expires in 3.225 sec) Learning

You can also use the show vrrp brief command to view brief information about VRRP, as shown below:

SW1#show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr

Vl2 2 150 3414 Y Master 192.168.2.1 192.168.2.254

Vl3 3 100 3609 Y Backup 192.168.3.2 192.168.3.254

Using the ping command on PC1 and PC2 (the gateway is the virtual IP address), you can communicate with R1 (192.168.100.1) normally.

Verify the hot backup, disconnect the link between the SW1 switch and R1, and then use the show vrrp brief command to view the VRRP status on the switch, as follows:

SW1#show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr

Vl2 2 50 3414 Y Backup 192.168.2.2 192.168.2.254

Vl3 3 100 3609 Y Backup 192.168.3.2 192.168.3.254

SW2#show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr

Vl2 2 100 3609 Y Master 192.168.2.2 192.168.2.254

Vl3 3 150 3414 Y Master 192.168.3.2 192.168.3.254

The priority of the primary switch decreases, the backup switch becomes the primary switch, and PC1 and PC2 communicate normally with router R1.

Then restore the link between the SW1 switch and R1, then disconnect the link between the SW2 switch and SW3, and verify the hot backup. Similarly, the priority of the primary switch decreases, the backup switch becomes the primary switch, and PC1 and PC2 communicate normally with router R1.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.