Virtual Router Redundancy Protocol (VRRP) (RFC 2338) provides another layer of resiliency to your network design by providing default gateway redundancy for end users. VRRP eliminates the single point of failure that can occur when the single static default gateway router for an end station is lost. A loss of the default gateway router causes a loss of connectivity to the remote networks. If a VRRP-enabled router that connects to the default gateway fails, failover to the VRRP backup router ensures no interruption for end users who attempt to route from their local subnet.
VRRP shares a virtual IP address (transparent to users) between two or more routers that connect the common subnet to the enterprise network. With the virtual IP address as the default gateway on end hosts, VRRP provides dynamic default gateway redundancy in the event of failover.
The VRRP router that controls the IP addresses associated with a virtual router is the primary router and it forwards packets to these IP addresses. The election process provides a dynamic transition of forwarding responsibility if the primary router becomes unavailable. (The primary router is sometimes referred to as the master.)
Note
The first virtual IP configured on a VRRP interface is the primary virtual IP. This primary address is the equivalent of IPv6 VRRP link-local address and must be in the same subnet as the primary IP of the interface. The address owner of a VRRP interface is determined by the primary virtual IP.
In the following figure, the first three hosts install a default route to the R1 (virtual router 1) IP address and the other three hosts install a default route to the R2 (virtual router 2) IP address. This configuration not only shares the load of the outgoing traffic, but it also provides full redundancy. If either router fails, the other router assumes responsibility for both addresses.
For information about the number of supported VRRP interfaces, see the scaling information in Fabric Engine Release Notes.
The following terms are specific to VRRP:
When a VRRP router is initialized it sends a VRRP advertisement. The VRRP router also broadcasts a gratuitous ARP request that contains the virtual router MAC address for each IP address associated with the virtual router. The VRRP router then transitions to the controlling state.
In the controlling state, the VRRP router functions as the forwarding router for the IP addresses associated with the virtual router. The VRRP router responds to ARP requests for these IP addresses, forwards packets with a destination MAC address equal to the virtual router MAC address, and accepts packets addressed to IP addresses associated with the virtual router.
In the backup state, a VRRP router monitors the availability and state of the primary router. The backup router does not respond to ARP requests and must discard packets with a MAC address equal to the virtual router MAC address. The backup router does not accept packets addressed to IP addresses associated with the virtual router. If a shutdown occurs, the backup router transitions back to the initialize state. If the primary router goes down, the backup router sends the VRRP advertisement and ARP request described in the preceding paragraph and transitions to the controlling state.
The router transitions to the backup state in the following situations:
If the priority is greater than the local priority
If the priority is the same as the local priority and the primary IP address of the sender is greater than the local primary IP address
Otherwise, the router discards the advertisement. If a shutdown occurs, the primary router sends a VRRP advertisement with a priority of 0 and transitions to the initialize state.