Introduction to the Cisco Virtual Router Redundancy Protocol (VRRP)

Arya MirNetworking and Communications

Oct 12, 2013 (4 years and 1 month ago)

175 views

In this article, networking consultant Sean Wilkins looks at the Virtual Router Redundancy Protocol (VRRP), which is a standards-based version of Cisco’s Hot Standby Redundancy Protocol (HSRP). Wilkins specifically looks at VRRP and how it operates, along with the main concepts that should be known before attempting to configure it.

13-10-12 2:13 AM
Articles
Page 1 of 2
http://www.ciscopress.com/articles/printerfriendly.asp?p=2141274
Introduction to the Cisco Virtual Router
Redundancy Protocol (VRRP)
Date: Sep 25, 2013 By
Sean Wilkins
.
Article is provided courtesy of
Cisco Press
.
In this article, networking consultant Sean Wilkins looks at the Virtual Router Redundancy
Protocol (VRRP), which is a standards-based version of Cisco’s Hot Standby
Redundancy Protocol (HSRP). Wilkins specifically looks at VRRP and how it operates,
along with the main concepts that should be known before attempting to configure it.
Often one of the least redundant parts of a network is the first
hop between a host and the
rest of the network. This is because they are
typically configured with a default gateway IP
address that links to a single
device. Should this device fail, then all of the users on a
specific segment
who are using it as their default gateway will be unable to reach any other
subnet including the Internet.
There are a number of different solutions to this problem; most of
these are all grouped
together and referred to as
First Hop Redundancy Protocols
(FHRP). This article looks at the
Virtual Router Redundancy Protocol
(VRRP), which is a standards-based version of Cisco’s
Hot Standby Redundancy
Protocol (HSRP). This article specifically looks at VRRP, how it
operates,
along with the main concepts that should be known before attempting to
configure
it.
Another VRRP
configuration article
follows with the details of how to configure
VRRP.
How Does VRRP Work?
The basic concepts behind both HSRP and VRRP are very similar, and
are intended to deal
with a basic redundancy problem that exists on many local
area networks (LAN) that are
used everyday—that is, the single point of failure
that is inherent when using a single default
gateway for hosts on the network.
In many common networks, the hosts that exist on the
LAN are configured with a
default gateway to access devices that are not located on the
local network (in
a different subnet); this gateway that is used is another name that is used
to
refer to a router. This router has a list of its known networks, and is further
configured with
a routing table that enables it to handle traffic to and from
multiple sources and destinations.
However, if this router were to go down or
be taken offline, then all of those devices that use
it as their default
gateway will be unable to access outside networks.
FHRPs deal with this problem by offering redundancy solutions; VRRP
and HSRP offer
similar solutions with a few major differences. VRRP is a
standards-based solution, whereas
HSRP is Cisco proprietary and is (for the most
part) only supported on Cisco devices. VRRP
offers the ability use multiple
(more than 2) routers for redundancy; HSRP is limited to a
single active
(forwards traffic) and standby (waits to forward traffic when the active device
goes down). VRRP also differs in some of its default settings, namely that
master (active)
device preemption is enabled by default.
VRRP communicates with the other configured VRRP routers (within
the same group) by
sending an advertisement out every second (by default); this
advertisement provides these
devices with a state of the current master router
as well as its priority. VRRP uses the IPv4
multicast address 224.0.0.18 for
these advertisements.
VRRP (like HSRP) also supports the ability to configure multiple
VRRP virtual router
instances on a single physical interface (up to 255); this
enables a device to be configured
into load sharing configurations.
VRRP Priority and Preemption
When VRRP is configured on a network, the concepts of priority and
preemption are
13-10-12 2:13 AM
Articles
Page 2 of 2
http://www.ciscopress.com/articles/printerfriendly.asp?p=2141274
important to understand for VRRP to work as expected. By
default, the
priority
of a VRRP
router is 100 out of a priority range that goes from 1 through 254; the higher
the priority, the
higher the chance the device will become the master
(forwarding) VRRP device. If there is a
tie in the VRRP priority, then the
device with the higher IP addresses of the devices will be
used as a tiebreak.
Preemption
(as it is
enabled by default) allows any new device that comes onto a network
with other
VRRP configured routers to become the master router immediately, should it have
a higher priority. Without preemption enabled, this device would need to wait
until the master
device failed for it to take over as the master.
VRRP Authentication
VRRP offers a number of authentication options as well to ensure
that the infrastructure
running VRRP is protected from malicious attacks. By
default, VRRP is configured with no
authentication, and any device configured
onto the same VRRP group can affect the
behavior of VRRP. There are two further
authentication options:
plaintext
authentication
and
MD5 authentication
(using a MD5 key string or MD5 key chain). The MD5 choice is the only
real
option on a production network.
VRRP Object Tracking
Like HSRP, VRRP supports the ability to alter device priority,
depending on the state of a
currently configured track object. At its most
basic, this object can track the line protocol
state or IP configuration state
of an interface and go up or down depending on these states
(specific states can
be tracked using Cisco’s IP SLA feature). Once configured, the VRRP
group
process will continue to pool the track object for its status. If it is down,
it can be
configured to alter the priority of a specific VRRP device, which can
affect the current device
that is being selected as the master router.
Summary
If the reader has come off reading
an HSRP article
or has some experience with HSRP, it
should be obvious that both HSRP and VRRP
are very similar and follow the same general
rules. There are two big
differences that affect the selection of one over the other: whether
all of the
implemented devices are Cisco, and whether more than two devices are ever going
to be configured onto a single LAN segment.
If all of the current (or future) devices are not Cisco, then the
selection of VRRP is easy, as
(for the most part) HSRP is only widely supported
on Cisco equipment, whereas VRRP is a
standards-based solution and is supported
by many different vendors. The other difference
may not be that big of a deal
on many networks because most don’t have multiple routers
that are connected to
a single LAN segment. HSRP supports an active and standby device,
which is
typically enough to satisfy the requirements of obtaining enough redundancy.
However, VRRP does support more than two devices, and this can be helpful in
those
situations where multiple (more than two) are connected to the same LAN
segment.
Ultimately, the use of one of the FHRPs (generally) is a good
common practice on LAN
segments that require high uptime and where outages can
be costly. I hope that this article
will
help in making the selection of which one to select when the decision needs to
be made
(or helps those trying to understand the VRRP concepts for testing
purposes).
© 2013 Pearson Education, Inc. Informit. All rights reserved.
800 East 96th Street Indianapolis, Indiana 46240