VRRP Implementation
VRRP State Machine
VRRP defines three statuses: Initialize, Master, and Backup. Only the device in Master state can forward packets destined for the virtual IP address.
Status |
Description |
|---|---|
Initialize |
VRRP is unavailable. The device in Initialize state cannot process VRRP Advertisement packets. When VRRP is configured on the device or the device detects a fault, it enters the Initialize state. After receiving an interface Up message, the VRRP-enabled device with priority 255 becomes the master and the VRRP-enabled device with the priority less than 255 switches to the Backup state. |
Master |
The VRRP device in Master state performs the following operations:
|
Backup |
The VRRP device in Backup state performs the following operations:
|
VRRP Working Process
The VRRP working process is as follows:
- Devices in a VRRP group select the master based on their priorities. The master sends gratuitous ARP packets to notify the connected network devices or hosts of the virtual MAC address of the VRRP group.
- The master periodically sends VRRP Advertisement packets to all backups in the VRRP group to advertise its configuration (for example, priority) and running status.
- If the master fails, the backup with the highest priority becomes the new master.
- If the original master is replaced by another device in the group, the new master sends gratuitous ARP packets carrying the virtual MAC address and virtual IP address of the virtual router to update the MAC address entry on the connected network devices or hosts. User traffic is then switched to the new master. This process is transparent to users.
- When the original master recovers and is the IP address owner (with priority 255), the original master switches to the Master state. If the priority of the original master is smaller than 255, the device first switches to the Backup state, and then its priority is restored to the original value before the failure.
If the backup has a higher priority than the master, the working mode of the backup (preemption or non-preemption) determines whether the master is re-selected.
Preemption mode: If the priority of a virtual router backup is higher than the priority of the current virtual router master, the virtual router backup automatically becomes the virtual router master.
Non-preemption mode: As long as the virtual router master is working properly, the backup with a higher priority cannot become the virtual router master.
To ensure that the master and backup work properly, VRRP must be able to select the master and advertise the master status.
The detailed VRRP working process is as follows:
Selecting the master
VRRP determines the device role in the virtual router based on device priorities. The device with a higher priority is more likely to become the master.
The VRRP-enabled device in a VRRP group initially works in Initialize state. After receiving an interface Up message, the VRRP-enabled device with priority 255 directly becomes the master or the VRRP-enabled device with the priority less than 255 first switches to the Backup state and then switches back to the Master state after the Master_Down_Interval timer expires. The device that first switches to the Master state obtains the priorities of other devices in the group by exchanging VRRP Advertisement packets. Then the master is selected.If the master priority in VRRP Advertisement packets is higher than or equal to the priority of the device, the backup remains in Backup state.
If the master priority in VRRP Advertisement packets is lower than the priority of the device, the backup switches to the Master state in preemption mode or retains in Backup state in non-preemption mode.
If multiple devices in the VRRP group switch to the master, the devices with a lower priority switch to the Backup state and the device with the highest priority becomes the master after these devices exchange VRRP Advertisement packets. If multiple devices have the same priority, the device where the interface with the largest IP address resides is the master.
If the device is the IP address owner, it switches to the Master state immediately after receiving an interface Up message.
Advertising the master status
The master periodically sends VRRP Advertisement packets to all backups in the VRRP group to advertise its configuration (for example, priority) and running status. The backup determines whether the master works properly based on the received VRRP Advertisement packets.When the master does not remain in Master state, for example, the master leaves the group, it sends a VRRP Advertisement packet with priority 0. In this manner, a backup can switch to the master immediately without waiting for the Master_Down_Interval timer to time out. The switchover period is called the Skew time and is measured in seconds. The value is calculated using the following formula:
Skew time = (256 - Backup priority)/256
If the master cannot send VRRP Advertisement packets due to network faults, the backups cannot learn the running status of the master immediately. The backups consider the master faulty only after the Master_Down_Interval timer expires. Then a backup switches to the Master state.
Master_Down_Interval = 3 x Advertisement_Interval + Skew_time (in seconds)
If congestion occurs on an unstable network, the backup may not receive VRRP Advertisement packets from the master within the period of Master_Down_Interval. A backup then switches to the Master state. If the VRRP Advertisement packet from the original master reaches the backup (new master), the new master switches to the Backup state. In this case, the VRRP group status changes frequently. To solve the problem, the preemption delay is used. When the Master_Down_Interval timer expires, the backup waits for the preemption delay. If the backup does not receive a VRRP Advertisement packet within the preemption delay, it switches to the Master state.
