The Virtual Router Redundancy Protocol (VRRP) is a simple but robust method that can provide additional availability in your network. VRRP can be implemented in using Red Heat Enterprise Linux and / or open source implementations VRRP
VRRP provides redundancy at the gateway allowing each router to share a virtual Ethernet MAC address and a virtual IP address. When virtual addresses are active on a particular router, the router is said master. Routers without control virtual address are for the backup.
VRRP works over the Internet as its own protocol (that does not use either TCP or UDP) and transmits the signal through a multicast address so that they can be “heard” by external VRRP router. If a backup does not receive anything from the master, the backup will be initiated through an election process that involves the router with the highest priority of VRRP routers.
Generally, VRRP is a protocol used in enterprise environments where routing redundancy is necessary for hosts, especially in end-user workstations. In this article, we propose an overview of the uses of VRRP and some suggestions for effective use of this methodology.
Availability and potential points of failure
Faults that may occur at a workstation are accepted as parts of the calculation, thus is usually spent very little to provide additional resilience to computers, such as redundancy in the hard drives, processors and other components. In addition, network redundancy is not necessary for the individual workstation. Connectivity is typically provided through a single Ethernet port that connects to a switch or router.
Redundancy for fault in the connections between switches is provided through additional links and use the Virtual Trunking Protocol so that a switch that oversees the link to other switch does not turn into a potential single point of failure for many users. This does not solve the problem of resilience necessary to default gateway (router) used by the workstations.
Before the widespread use of the Internet for the router (default gateway and other gateways) redundancy was provided by the RIP and RIP2. In most cases, these protocols are not implemented at the workstation due to using Internet Protocol.
Not running a routing protocol, a workstation will not know the presence of a redundant gateway that redirects traffic during a primary router failure. This means that failure will bring the workstation to be unable to communicate with computers outside the local network is attached. In terms of availability, this is acceptable for a single workstation. However, if any fault of the router becomes a potential point of failure for the entire network, in a large network can have an impact on hundreds of users.
Transparent redundancy
If you run a routing protocol on your workstation, you need a transparent method to provide gateway redundancy without requiring any change on the workstation itself. Ideally, this should not have any effect on your workstation.
Various vendors have tried to remedy these problems by allowing certain types of sharing via IP routers that provide the functionality of the gateway redundancy. In this sense, technology has been the most successful Hot Standby Router Protocol (HSRP), developed by Cisco in the early 90’s. By virtue of the popularity of Cisco routers, the protocol is still commonly in use. Initially, Cisco will not provide the specifics. Although the algorithms used were fairly easy to detect using network sniffers, it was unclear to other vendors like Cisco would react to reverse-engineer other platforms to create interoperability with HSRP.
The Internet Engineering Task Force (IETF) has created a working group and then, more recently, has requested the additional (RFC) to define the protocol (most of the founders of the working group began operating in 1997).
VRRP on Linux
VRRP is often implemented on Linux using VRRPd . Red Hat provides VRRPd as part of its Cluster Suite, but the example we will use employs VRRPd to maintain exactly the test configuration.
Once VRRPd is installed on your system, the master VRRP router can be started with
vrrpd - i eth0 - p 25 - v 1 192.168.1.1
- The-i parameter tells VRRPd which interface should be used to bind the virtual IP 192.168.1.1 and interface to use for statements vrrp.
- The-p tells VRRPd what priority to assign to this instance of the virtual router. The instance of the virtual router with the highest priority becomes master.
- The last parameter,-v, which tells the virtual router instance (virtual router) is part of. The process identifies and associates this particular instance with other virtual routers on the local network.
The backup VRRP router can be started with:
vrrp - i eth0 - p 24 - v 1 192.168.1.1
We stress that the only difference is with a p-value of 24. Since it is less than 25, which is the value of the master, this instance will be used as backup routers.
Looking VRRP
A VRRP protocol has been assigned 112 number by the Internet Engineering Task Force.Per example, the following tcpdump only shows a router that advertises its virtual router ID to other routers that are running VRRPd:
[Root @ red ~] # tcpdump-vv proto 112
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
00:07:02.643224 IP (tos 0x0, ttl 255, id 58441, offset 0, flags [none], proto 112, length: 40) 192.168.1.5> VRRP.MCAST.NET: VRRPv2, Advertisement, VRID 1 priority 25 , AuthType none, intvl 1s, length 20, addrs: 192.168.1.1
00:07:03.649142 IP (tos 0x0, ttl 255, id 58697, offset 0, flags [none], proto 112, length: 40) 192.168.1.5> VRRP.MCAST.NET: VRRPv2, Advertisement, VRID 1 priority 25 , AuthType none, intvl 1s, length 20, addrs: 192.168.1.1
This tcpdump was run on the system where he was shooting VRRPd, so the lack of protocol messages from other routers VRRP VRRP suggests that a network is not working. Unfortunately, ifconfig can not be used to control the VRRP virtual interface. Therefore, the ps command should be used to determine any virtual IP address:
[Root @ red ~] # ps aux | grep vrrp
root 11403 0.0 0.1 1708 464 pts / 1 S 00:22 0:00 vrrpd-n-i eth0-p 25-v 1 192.168.1.1
Routing through VRPP
To direct traffic through the router VRRP, DHCP possible for workstations must be configured to distribute the virtual IP address as a gateway by default.
For workstations that are configured with static IP addresses, the gateway must be changed manually. For RHEL 5, the file / etc / sysconfig / network must be edited so that the parameter specifying the virtual IP GATEWAY, as the following example:
[Root @ ~ blue] # cat / etc / sysconfig / NetWare rk
NETWORKING = yes
HOSTNAME = blue.mcwrite.net
GATEWAY = 192.168.1.1.