FREE TECHNICAL PAPER DOWNLOAD –www.Newtechpapers.

com

VIRTUAL ROUTER REDUNDANCY PROTOCOL

INTRODUCTION

The Explosive growth of the internet has resulted in a strategic shift in every organization’s
communication needs. Internet connectivity is a minimal requirement for almost every organization.
There are networks which an outage will cause collapse of a business or loss of considerable amount of
money. Such networks are willing or have to invest into redundancy solutions. There are many ways of
minimizing network outages and every alternative has its pros and cons. A better choice is to use the
Virtual Router Redundancy Protocol (VRRP), which eliminates the single point of failure while maintaining
a single router’s ease of administration. In the, network running VRRP all edge switches are “dualhomed.”

HARDWARE COMPONENTS

The basic hardware components of a network includes

• Transmission facilities
• Access devices
• Devices that repeat transmitted signals

Transmission Facilities

Transmission facilities are the media used to transport a network’s signals to their destinations.
Media Types can include coaxial cables, twisted pair and optics cabling.

Access Devices

An access device is Responsible for formatting data so that it can be accepted in the network,
placing that data on the network, accepting transmitted data that’s addressed to it. LAN the access device
is network interface card. In WAN the access device is Router.
Routers operate at Layer 3 and include two types of protocol: Routable and Routing.

VIRTUAL ROUTER REDUNDANCY PROTOCOL

One option is simply to add a second router. This would provide redundancy, but also complicate device
and address management. Typically, network managers configure hosts such as PCs and servers with a
single static route – the default gateway. It is technically possible for hosts to use dynamic routing
protocols, and doing so would allow hosts to recognize a secondary router upon the failure of the primary
router. However, this option is difficult to manage and is seldom used in practice.

A better choice is to use the Virtual Router Redundancy Protocol (VRRP), which eliminates
the single point of failure while maintaining a single router’s ease of administration. Let’s look at the same
network running VRRP. In the figure below, all edge switches are now “dualhomed.” meaning each
connects to two routers. As before, the original router normally forwards traffic, but now there is a backup
router standing by. The primary router may fail, or the network may face the more common problem of
the failure of a link to the primary router. Either way, VRRP helps ensure that the backup router will
automatically take over forwarding responsibilities, with no interruption in connectivity.

1 –www.Newtechpapers.com
FREE TECHNICAL PAPER DOWNLOAD
 FREE TECHNICAL PAPER DOWNLOAD –www.Newtechpapers.com

FUNCTION OF VRRP

VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router
to one of the VRRP routers on a LAN. The VRRP router controlling the IP address (es) associated with a
virtual router is called the Master, and forwards packets sent to these IP addresses. The election process
provides dynamic fail over in the forwarding responsibility should be the Master become unavailable

Virtual Router Redundancy Protocol (VRRP) specifies an election protocol that dynamically
assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling
the IP address (es) associated with a virtual router is called the Master, and forwards packets sent to
these IP addresses.

The election process provides dynamic fail over over in the forwarding responsibility should
be the Master become unavailable. This allows any of the virtual routers IP addresses on the LAN to be
used as the default first hop router by end –hosts. The advantage of using VRRP is a higher availability
default path without requiring configuration of dynamic routing or router discovery protocols on every
end-host. VRRP packets are sent encapsulated in IP packets.

Using VRRP, a virtual IP address can be specified manually or with Dynamic Host Configuration Protocol
(DHCP) as a default. A virtual IP address is shared among the routers, with one designed as the master
router and the others are backups. In case, the master fails, the virtual IP address is mapped to a backup
router’s IP address. (This backup becomes the master router.) VRRP can also be used for load balancing.
VRRP is part of both IPv 4 and IPv6.

The Virtual Router Redundancy Protocol (VRRP) transfers the responsibility of routing from
one router to another if the original router goes down. In other words, it provides backup for a router
connecting a network to the outside world.

Routers are smart machines that are capable of making routing decisions (assuming that
some type of Dynamic Routing is enabled) if there are any changes in the topology. On the other hand,
hosts cannot make routing decisions on their own, even if there are such changes.

Hosts have a default gateway router configured, and that router is the configured, and that
router is the world. Hosts on one network can communicate with hosts on any other network, provided
there is a route between them. Everything seems to work well as long as default gateway for the hosts on
the LAN is up and running. But what happens if the default gateway goes down? All hosts that have this
router configured as the default gateway lose connectivity to the outside world. There is a possibility that
there is another router that has a connection to this LAN and to the rest of the network. Can this working
router take the responsibilities of the router that went down?

It can, but only if you change the default gateway on the hosts. When a host needs to
communicate with a host on a different LAN, it sends the information to the default gateway address. If
that address is down, then the connection is lost. To transfer the responsibilities of this router to the
working router, you need to point the traffic to the IP address of the working router. This means that you
need to change the default gateway on the hosts and the connection will be resumed. You need to keep in
mind that it will take a long time to reconfigure the default gateway on a large number of hosts.

When a router is defined as a static default gateway and no other dynamic

routing protocol or router discovery protocol is used, the gateway becomes a critical point on the network.
If that router fails, that critical link would be broken and the LAN would be disconnected from the other

2 –www.Newtechpapers.com
FREE TECHNICAL PAPER DOWNLOAD
 FREE TECHNICAL PAPER DOWNLOAD –www.Newtechpapers.com

networks. The standard network consists of LAN, Router and WAN. If this router is down connection
cannot be established between the LAN and WAN.

Therefore, it is necessary to setup other routers as backups that can serve as the static
default gateway.

The Virtual Router Redundancy Protocol (VRRP), as defined in RFC 2338, allows other IP
routers in a LAN to provide immediate and automatic backup to failed IP router. VRRP is a Protocol that
defines how backup routers monitor the status of a master router and take over its function if it fails. The
new master router adopts the IP and MAC address of the original master, so that the hosts configured
with the single default gateway maintain their network connection.

By using VRRP, the backup router can take over as the gateway if the master router
fails.
There are two Passport routing switches: A and B. Once VRRP is enabled on these Passport
switches, they go through the process of deciding who will be the master first; both the passport routing
switches will look at the virtual router’s IP address, and the one that owns it becomes the master. Thus if,
the network administrator wants A to be the master, one way to accomplish this is to define the virtual
router’s IP address to be the same as the IP address owned by Passport A. If the virtual router’s IP
address is not owned by any of the VRRP routing switches, then the routing switches compare their
priorities and the higher priority owner becomes the master. If the priorities are identical, then the higher
IP address wins.

Detailed description of VRRP

There are different cases where VRRP routers go through the process of deciding their roles
as masters and backups. Let there are multiple hosts on a LAN and the LAN is connected to two passport
routing switches, RS1 and RS2. These passport routing switches connect to router R, which allows them to
go to the Internet. It is up to the network manager to decide which one of these two routing switches
should be the default gateway for these hosts. In other words which route should be taken up by the
traffic going out of the LAN? Assume that in this case the network manager decides that RSI will be the
default gateway for the hosts on LAN 200.1.1.0/24. Thus, all the hosts on LAN 200.1.1.0/24 have RSI
configured as the default gateway. Once RSI is configured for VRRP, it looks at the IP address of the
virtual router and compares it with the IP addresses of its own interface that is configured for VRRP.

As routing switch 1 owns the virtual router’s IP address, it declares itself the master and
sends out an advertisement to all the other VRRP routers.
It is not necessary for the virtual IP address to be owned by one of the routing switches
connecting the LAN to the outside world. The routing switches can backup a different virtual router’s IP
address as well. In this case, however, the process of the process of deciding which the master is is
different. As mentioned earlier, this process involves comparing two things. First, the priority; the higher
priority wins. If the priority is the same, then the higher IP address wins. In the previous example, we
assumed that the network administrator decided to configure the IP address of the interface of routing
switch 1 as the virtual router’s IP address. This way, when routing switch 1 looks at the virtual router’s IP
address, it realizes that it is the owner of this address, and declares itself as the master. If neither of the
two own the virtual router’s IP address, then they compare the priorities, and if the priorities are the
same, then the IP addresses are compared.

Technology Background

3 –www.Newtechpapers.com
FREE TECHNICAL PAPER DOWNLOAD
 FREE TECHNICAL PAPER DOWNLOAD –www.Newtechpapers.com

The Internet Engineering Task Force (IETF) defined VRRP introduces the concept of a “virtual
router,” an abstract object consisting of a virtual router identifier (VRID) and one or more IP addresses.
Hosts use the virtual router’s IP address(es) as their default gateway(s), just as they would with a single
router. The virtual router also has a virtual MAC address; the virtual router’s responses to address
resolution protocol (ARP) requests use this virtual MAC address. VRRP requires a “master router” and one
or more “backup routers.” Typical deployments use only one backup router.

Routers running VRRP dynamically elect master and backup routers. The master router will
always be the router with IP address(es) on its real interface(s) matching those of the virtual router, and
others will be elected as backup routers.

Network managers also can force assignment of master and backup routers using priorities
from 1 to 255, with 255 being the highest priority. The value of 255 is reserved for use by the master
router in cases where its real interface address(es) match those of the virtual router’s address(es). In
VRRP operation, the master router sends advertisements to backup routers at regular intervals. The
default interval is 1 second. If a backup router does not receive an advertisement for a set period (the
default is slightly longer than 3 seconds), the backup router with the next highest priority takes over as
master and begins forwarding packets. The time to “fail over” to the new master router is very short. RFC
2338 (Virtual Router Redundancy Protocol) describes a typical failover interval of less than 1 second. If
the original router comes back online, there are two methods to handle recovery. First, the original router
can resume its role as master; this is the default if the original router has a higher priority than the
backup router(s). Second, the original router may continue to function as a backup router. The second
method may be more desirable, since it allows network managers to investigate an outage without
disrupting service. Through the use of a VRRP feature called preemption, network managers can prevent
the transition back to a higher-priority router.

PROTOCOL

VRRP specifies an election protocol to provide the virtual router function described earlier. All
protocol messaging is performed using IP multicast datagrams. Each VRRP virtual router has a single well
known MAC address allocated to it. The virtual router MAC address is used as the source in all periodic
VRRP messages sent by the Master router to enable bridge learning in an extended LAN. The virtual router
MAC address associated with a virtual router is an IEEE 802 MAC Address in the following format.

00-00-5E-00-01-{VRID} (in hex in internet standard bit-order) the first three octets are
derived from the IANA’s OUI. The next two octets (00-01) indicate the address block assigned to the VRRP
protocol. {VRID} is the VRRP Virtual Router Identifier. This mapping provides for up to 255 VRRP routers
on a network

A virtual router is defined by its virtual router identifier (VRID) and a set of IP addresses. A VRRP
router may associate a virtual router with its real addresses on an interface, and may also be configured
with additional virtual router mappings and priority for virtual routers it is willing to backup. The mapping
between VRID and addresses must be coordinated among all VRRP routers on a LAN.

4 –www.Newtechpapers.com
FREE TECHNICAL PAPER DOWNLOAD
 FREE TECHNICAL PAPER DOWNLOAD –www.Newtechpapers.com

To minimize network traffic, only the Master for each virtual router sends periodic VRRP
Advertisement messages. A backup router will not attempt to pre- empt the Master unless it has higher
priority. This eliminates service disruption unless a more preferred path becomes available. It’s also
possible to administratively prohibit all preemption attempts. The only exception is that a VRRP router will
always become master of any virtual router associated with addresses it owns. If the master becomes
unavailable then the highest priority Backup will transition to Master after a short delay, providing a
controlled transition of the virtual router responsibility with minimal service interruption.

VRRP defines three types of authentication providing simple deployment in insecure

environments, added protection against misconfiguration and strong sender authentication in security
conscious environments. VRRP packets are sent encapsulated in IP packets. They are sent to the IPv4
multicast address assigned to VRRP.

VRRP Field Descriptions

Version
The version field specifies the VRRP protocol version of this packet.

Virtual Rtr ID (VRID)

The Virtual Router Identifier (VRID) field identifies the virtual router this packet is reporting status for.

Priority

The priority field specifies the sending VRRP router’s priority for the virtual router. Higher values equal
priority. This field is a virtual router. Higher values equal higher priority. This field is a virtual router.

Authentication Type

The authentication type field identifies the authentication method being utilized. Authentication type is
unique on a per interface basis. The authentication type field is an 8 bit unsigned integer. A packet with
unknown authentication type or that does not match the locally configured authentication method. MUST
be discarded. The authentication method currently defines are:
0- No Authentication
1- Simple Text Password
2- IP Authentication Header

VRRP Protocol States

There are 3 states defined for a VRRP protocol:

1. Initialize state (where device detects its state according to advertisement packets received)
2. Master state (state where device sends out advertisement packets)
3. Backup state (device listens to advertisements comparing its priority with priority advertised)

VRRP IMLEMENTATION

The master sends out an advertisement with the destination address as the multicast IP
address, declaring itself the master. As mentioned earlier, the multicast group has the IP address 224 .

5 –www.Newtechpapers.com
FREE TECHNICAL PAPER DOWNLOAD
 FREE TECHNICAL PAPER DOWNLOAD –www.Newtechpapers.com

0.0.18, and the Passport routing switches that have VRRP running will receive this multicast packet.
Passport switches with the same VRID will accept the packet, and the others will drop it. The MAC address
associated with the 224.0.0.18 is 01-00-5e-00-12, So all the packets for multicast IP are sent to this MAC
address. Once the passport routing switches receive the multicast, they will stay in backup state and
monitor advertisements from the master to ensure that the master is functioning. The backup routing
switch has Master_Advertisements_Timer, which starts after it receives an advertisement. This timer helps
the backup routing switches to calculate if the master has gone down; if so, it declares itself as the
master. The master on the other hand has its own timer-called Advertisement Timer- that starts after the
advertisement is sent out. Once the timer reaches the Advertisement interval, it sends another
advertisement. The advertisement interval is one second by default, but is configurable. If the backup
passport routing switches do not receive the Advertisement before the master –down-interval times out, it
declares itself to be the master. The master- down-interval is calculated as follows.

From the above information, you can see that the master gets 3 chances to send an advertisement before
the backup take over as master. This means that VRRP (by default) will converge in 3 seconds. Following
are the 3 situations were a backup router takes over as master:

CASE 1: The master goes down due to a problem. The main thing is to realize that here is
that the master routing switch interface just dies. In a case like this, the backup routing switches will wait
until the Master _Down_Timer times out, and letters assume that RSI goes down for some reason. The
advertisement interval is set to 3 seconds. How long will take for RS2 to take over as the master?

The backup will give the master little more than 9 seconds, which give the master 3 chances to send an
advertisement. before it takes over, RS2 declares itself to be the master.

CASE 2: This is a situation where the network manager either shuts down the interface
connecting to the LAN, or turns off VRRP on the master routing switch. In a case like this, the master
sends out an advertisement with priority equal to 0. This is a message for the backup routing switches –
one need to take up the role of the master, and not wait until the Master_Down_Timer times out. In this
case, VRRP is turned off on RS1. Therefore, RS1 sends an advertisement to the multicast advertisement
address with the priority equal to the backup RS needs to take over as the master. In this e.g.:, it would

be RS2 that becomes the new master, and sends out an advertisement to the multicast address declaring
itself as the master. Now, consider a slightly different scenario. What if there is more than one backup
routing switch?

In this case, there are 2 backup passport routing switches, with IP addresses. 200.1.1.2/24 and
200.1.1.10 / 24. The master determination ( when the original master is alive ) is done in the same way
as mentioned earlier. The difference is that now there are 2 backup routers, RS2 and RS3. when the
master routing switch RS1 goes down,

Master _Down_Timers of the backup routing switches time out and declare themselves as
master. Both RS2 and RS3 send out advertisements to the multicast address assuming that they are the
masters. But there can be only one master. To determine who will be the master, both passport routing
switches compare their priorities; the routing switch with the higher priorities becomes the master. If the
priorities are the same, then the higher IP address (RS3 in this case) becomes the master routing switch.
Because the IP addresses have to be different, there cannot be a problem in determining the master; one
IP address is going to be the other if the original master routing switch RS1 – comes up again, it sends

6 –www.Newtechpapers.com
FREE TECHNICAL PAPER DOWNLOAD
 FREE TECHNICAL PAPER DOWNLOAD –www.Newtechpapers.com

out an advertisement with priority equal to 255.When the virtual master routing switch looks at the
advertisement, it compares the priority with its own. Since its own priority is lower than 255, it goes back
to the backup state.

THE BACK UP STATE

In the backup state, the VRRP router monitors the master routing switch to confirm that it
alive.while it does that, it has the following responsibilities:

• Must not respond to ARP requisites or accept packets for the IP address(s)
• Must discard packets distained for the virtual routers MAC address
• Start the Master_ Down_Timer and set the Master_ Down interval if an advertisement is received
that has P equal to 0, or if the Master_ Down Interval times out, then the VRRP router:
• Sends an advertisement declaring itself as the master
• Broadcasts a gratuitous ARP with the virtual routers MAC address ( 00-00-5E - 00-01 -<VRID> )
to all the IP addresses associated with the virtual routers IP
• Starts the advertisement timer

• Transitions to master state

If an advertisement is received that has a higher priority, or a higher
IP address (if the priority is the same,) then the VRRP router goes back to the backup state. If an
advertisement is received that as a lower priority or lower IP addresss. If the priority is the same,
then the VRRP router discards the advertisement and stays in the master state.

THE MASTER STATE

In the master state, the VRRP router must:

• Respond to ARP requisites, or accept packets for the IP address associated with the
virtual router
• Not accept packets addressed to the IP address associated with the virtual router if it is
not the owner of the IP address.
• Forward packets destined for the virtual router’s MAC address if a shutdown event is
received, then the VRRP router sends out an advertisement with 0 priorities. If an
advertisement with a greater priority or

• higher IP address( if the priority is the same ) is received by the virtual master, it goes
through the following process

• Transition to backup state

• Cancel advertisement timer.
• Start the Master_ Down_Timer if an advertisement is with the priority lower than local
priority, or with a lower IP address .if the priority is the same then the VRRP router
discards the advertisement.

7 –www.Newtechpapers.com
FREE TECHNICAL PAPER DOWNLOAD
 FREE TECHNICAL PAPER DOWNLOAD –www.Newtechpapers.com

BIBLIOGRAPHY
Websites:
www.ittc.ku.edu/subhas hiv/845/vrrp/presentation.ppt
www.seminartopics.info
www.stonesoft.com/products/server
www.radware.com/content/products/index.asp
www.f5.com/f5products/
www.nortelnetworks.com/solutions/lan/collateral/ppvrrp.pdf
www.futsoft.com/pdf/vrrpfs001.pdf
www.iwn.net/20001/features/osl/pdf/vrrppd.pdf
www.protocolsorce.com/download/future_vrp/pdp

8 –www.Newtechpapers.com
FREE TECHNICAL PAPER DOWNLOAD