VRRP Fundamentals

Virtual Router Redundancy Protocol (VRRP) (RFC 2338) provides another layer of resiliency to your network design by providing default gateway redundancy for end users. VRRP eliminates the single point of failure that can occur when the single static default gateway router for an end station is lost. A loss of the default gateway router causes a loss of connectivity to the remote networks. If a VRRP-enabled router that connects to the default gateway fails, failover to the VRRP backup router ensures no interruption for end users who attempt to route from their local subnet.

VRRP shares a virtual IP address (transparent to users) between two or more routers that connect the common subnet to the enterprise network. With the virtual IP address as the default gateway on end hosts, VRRP provides dynamic default gateway redundancy in the event of failover.

The VRRP router that controls the IP addresses associated with a virtual router is the primary router and it forwards packets to these IP addresses. The election process provides a dynamic transition of forwarding responsibility if the primary router becomes unavailable. (The primary router is sometimes referred to as the master.)

Note

Note

The first virtual IP configured on a VRRP interface is the primary virtual IP. This primary address is the equivalent of IPv6 VRRP link-local address and must be in the same subnet as the primary IP of the interface. The address owner of a VRRP interface is determined by the primary virtual IP.

In the following figure, the first three hosts install a default route to the R1 (virtual router 1) IP address and the other three hosts install a default route to the R2 (virtual router 2) IP address. This configuration not only shares the load of the outgoing traffic, but it also provides full redundancy. If either router fails, the other router assumes responsibility for both addresses.

Click to expand in new window
Virtual Router Redundancy Protocol configuration

For information about the number of supported VRRP interfaces, see the scaling information in Fabric Engine Release Notes.

The following terms are specific to VRRP:

VRRP router
a router running the VRRP protocol
Virtual router
an abstract object acting as the default router for one or more hosts, consisting of a virtual router ID and a set of addresses
Primary IP address of the interface
the real IP address of the interface. This IP address is used as the source of the VRRP advertisement. In the case of multinetting, this is the primary IP address of the interface.
Primary IP VRRP address
a virtual IP address that is in the same subnet as the primary IP address of the interface. This address is mandatory for the creation of the VRRP instance. The primary VRRP router performs the following actions:
  • adds this IP address to the VRRP advertisement
  • responds to ARP requests for this IP address
  • routes traffic destined to this IP address
Secondary IP VRRP address / Associated IP VRRP address
an IP address that is in the same subnet as the secondary IP address of the interface. If the primary VRRP address is the same subnet as the primary IP address of the interface, the secondary IP VRRP address also needs to be the same subnet as the secondary IP address of the interface. This IP address is not mandatory for VRRP instance creation.
Virtual primary router
the router that assumes responsibility to forward packets sent to the IP address associated with the virtual router and answer ARP requests for these IP addresses. Only the VRRP Master router forwards traffic for a given subnet. (The primary router is sometimes referred to as the master.)
Virtual router backup
the virtual router that becomes the primary router if the current primary router fails. The backup VRRP router does not route traffic destined for the default gateway.

When a VRRP router is initialized it sends a VRRP advertisement. The VRRP router also broadcasts a gratuitous ARP request that contains the virtual router MAC address for each IP address associated with the virtual router. The VRRP router then transitions to the controlling state.

In the controlling state, the VRRP router functions as the forwarding router for the IP addresses associated with the virtual router. The VRRP router responds to ARP requests for these IP addresses, forwards packets with a destination MAC address equal to the virtual router MAC address, and accepts packets addressed to IP addresses associated with the virtual router.

In the backup state, a VRRP router monitors the availability and state of the primary router. The backup router does not respond to ARP requests and must discard packets with a MAC address equal to the virtual router MAC address. The backup router does not accept packets addressed to IP addresses associated with the virtual router. If a shutdown occurs, the backup router transitions back to the initialize state. If the primary router goes down, the backup router sends the VRRP advertisement and ARP request described in the preceding paragraph and transitions to the controlling state.

The router transitions to the backup state in the following situations:

Otherwise, the router discards the advertisement. If a shutdown occurs, the primary router sends a VRRP advertisement with a priority of 0 and transitions to the initialize state.