General operation
VRRP supports router redundancy through a prioritized election process among routers configured as members of the same virtual router (VR.)
On a given VLAN, a VR includes two or more member routers configured with a VIP that is also configured as a real IP address on one of the routers, plus a virtual router MAC address. The router that owns the IP address is configured to operate as the owner of the VR for traffic-forwarding purposes and by default has the highest VRRP priority in the VR. The other routers in the VR have a lower priority and are configured to operate as backups in case the owner router becomes unavailable.
The owner normally operates as the master for a VR. But if it becomes unavailable, then a failover to a backup router belonging to the same VR occurs, and this backup becomes the current master. If the owner recovers, a failback occurs and "master" status reverts to the owner. (Using more than one backup provides additional redundancy" if both the owner and the highest-priority backup fail, another, lower-priority backup can take over as master.)
The VIP used by all VRRP routers in a VR instance is a real IP address that is also configured on the applicable VLAN interface on the VR's owner router.
The same MAC and VIPs are included in the VRRP configuration for the owner and all backup routers belonging to the same VR and are used as the source addresses for all traffic forwarded by the VR.
The following example shows a VR on VLAN 100 supported by Router 1 (R1) and Router 2 (R2.)
VR parameter |
Router 1 VR configuration |
Router 2 VR configuration |
Operation |
---|---|---|---|
VRID (Virtual Router ID) |
1 |
1 |
All routers in the same VR have the same VRID. |
Status |
owner |
backup |
One owner and one or more backups are allowed in a given VR. |
Virtual IP Address |
10.10.100.1 |
10.10.100.1 |
The IP address configured for VLAN 100 in R1 (the owner) is also configured as the VIP for VRRP in both R1 and R2. |
VR Source MAC Address |
00-00-5E-00-01-01 |
For any VR in any VLAN, this is always defined as 00-00-5E-00-01- VRID and is not configurable. |
|
Priority |
255 (Default) |
100 (Default) |
The router configured as owner in any VR is automatically assigned the highest priority (255.) backup routers are assigned a default priority of 100, which can be reconfigured. |
- Host "A" uses 10.10.100.1 as its next-hop gateway out of the subnet, as represented by the VR (VR 1.)
- Router 1 (the configured owner) advertises itself as the master in the VR supporting the gateway and:
"Owns" the VR's (virtual) IP address
Transmits ARP responses that associate the VR's VIP with the (shared) source MAC address for VR 1.
During normal operation, Router 1 forwards the routed traffic for host "A."
- If Router 1 fails or otherwise becomes unavailable:
Router 1 advertisements of its master status for VR 1 fail to reach Router 2 (which is the only configured backup.)
After the time-out period for receiving master advertisements expires on Router 2, the VR initiates a failover to Router 2 and it becomes the new master of the VR.
- Router 2 advertises itself as the master of the VR supporting the gateway and:
Takes control of the VR's (virtual) IP address
Begins transmitting ARP responses that associate the VR's VIP with the (shared) source MAC address for VR 1
Host "A" routed traffic then moves through Router 2.
- If Router 1 again becomes available:
Router 1 resumes advertising itself as the master for the VR and sends ARP responses that associate the VR's VIP with the (shared) source MAC address for VR 1.
Router 2 receives the advertisement from Router 1 and ceases to operate as the VR's master, and halts further transmission of its own VRRP advertisements and ARP responses related to VR 1.
The VR executes a failback to Router 1 as master, and Host "A" traffic again moves through Router 1.