Explanation of VRRP
What is VRRP?
![Picture](/uploads/1/3/6/1/13614157/5117663.jpg?431)
Virtual Router Redundancy Protocol (VRRP) is used to improve internet connection for high availability network access. VRRP is an Internet protocol that provides a way to have one or more backup routers when using a statically configured router on a local area network (LAN). (Rouse, 2006). Every single host deal always with one default gateway router works as a connection point between the hosts inside the LAN and the internet. In this case the host depends on this router to connect to the internet. When this router breaks down, the internet will be disconnected for all the hosts.
VRRP is considered a solution to face this problem by using two routers or more and make them works as one router as a so-called virtual router (VR). These routers will work together at the same time but will appear to the hosts as one router. Actually inside a virtual router (VR) the host will deal with one router so called Master and the rest of the routers will call Backup. The master router will be the owner of other router because when it's back to work it will be the master directing. Each one of these routers has an IP address and the hosts don’t know about these IP addresses and don’t deal with it.
VRRP is considered a solution to face this problem by using two routers or more and make them works as one router as a so-called virtual router (VR). These routers will work together at the same time but will appear to the hosts as one router. Actually inside a virtual router (VR) the host will deal with one router so called Master and the rest of the routers will call Backup. The master router will be the owner of other router because when it's back to work it will be the master directing. Each one of these routers has an IP address and the hosts don’t know about these IP addresses and don’t deal with it.
Components of VRRP
Virtual router (VR):
A single router image created through the operation of one or more running routers is called a VRRP. Virtual router includes virtual router identifier VRID, virtual router IP addresses, mater router and backup router.
Virtual Router Identifier (VRID):
VRID is a number to identify the virtual router (VR). Must be unique for each virtual router VR.
Virtual Address:
The virtual address is associated with the virtual router. The hosts use it as the IP of the gateway .On the owner router the virtual IP address and the real IP address must be the same. For example the real IP address and the virtual IP address for the owner router will be 192.168.1.1, but the real IP address and the virtual IP address for the backup router will be different. Virtual address and real IP address must be in the same network.
Note: \ Virtual address in MikroTik is not must be the same of real IP address. But both must be in the same network.
Note: \ Virtual address in MikroTik is not must be the same of real IP address. But both must be in the same network.
Owner:
Usually the owner router is the master router and it works as a manager for all subnets which included in the virtual router (VR). The priority is defined the owner router by making it the highest value. In virtual router no owner can be configured.
Note: \ in MikroTik routers the owner cannot be configured because the master router will be the owner.
Note: \ in MikroTik routers the owner cannot be configured because the master router will be the owner.
Master:
Master router is the router that performs the routing operations for the virtual router. Master router is considered the physical gateway for the network. The priority value is decided which will be the master router. The highest router priority will be the master router. When the master router breaks down, the backup router becomes the master router.
Backup:
The idea of designing the VRRP is totally dependent on the backup router because when the master breakdown it will be the master router and complete the work without occurring of any problems in the network. When the virtual router has more than one backup router, in this case the highest backup router priority will do the role of the master router.
VRRP Configuration Types
In virtual router redundancy protocol there are two types of configuration basic setup and load sharing. In basic setup there two types of configuration one backup router and several backup routers.
One Backup Router:
![Picture](/uploads/1/3/6/1/13614157/29025.png?422)
In this figure R1 is the master and has an IP address and R2 is the backup and has an IP address and virtual router has an IP address. All the hosts will deal with virtual router IP as a default gateway. Inside the virtual router the master router will connect the LAN to the internet and provide all the routing information to the backup router. When the master router breaks down, the backup router will take the work and will be the master router. This operation will happen automatically and the hosts will not feel with any changes in the network.
Several Backup routers:
![Picture](/uploads/1/3/6/1/13614157/6241596.png?415)
The VRRP protocol supports more than one backup router. If adding a second backup router will not be any changes to the master work. But the question is when the master breakdown which of two backup routers will be a master router? This operation is based on the priority which will be explained later. By using this idea it provides the ability to extend the backup routers to 255.
Load-Sharing:
![Picture](/uploads/1/3/6/1/13614157/4149216.png?340)
Is a technique used to divide a workload on several routers to achieve the best resource utilization and increase productivity and avoid overload. Load sharing means one can split the traffic from a network to be transported by different routers (paths).
VRRP provides the ability to use Load-Sharing by using the backup router and avoid overload to the master router. To do this technique will be two virtual router VR rather than one in the basic setup and each of them will have an IP address. The hosts will divided between these two IPs to use it as a gateway. By using this technique the two routers will be used in an efficient and effective way. In virtual router one ( VR1 ) the first router will be the master and the second router will be the backup router. In the second virtual router ( VR2 ) the first router will be the backup and the second router will be the master. The advantage of load-sharing is no idle backup router anymore. Each router will be a master in the two of the virtual routers VR1 and VR2. See figure3 to understand it more.
VRRP provides the ability to use Load-Sharing by using the backup router and avoid overload to the master router. To do this technique will be two virtual router VR rather than one in the basic setup and each of them will have an IP address. The hosts will divided between these two IPs to use it as a gateway. By using this technique the two routers will be used in an efficient and effective way. In virtual router one ( VR1 ) the first router will be the master and the second router will be the backup router. In the second virtual router ( VR2 ) the first router will be the backup and the second router will be the master. The advantage of load-sharing is no idle backup router anymore. Each router will be a master in the two of the virtual routers VR1 and VR2. See figure3 to understand it more.
VRRP state:
![Picture](/uploads/1/3/6/1/13614157/9485552.png?403)
As in this figure, the VRRP contain these three states: initialization state, master state and backup state.
Initialization State:
The purpose of this state is to wait for a Startup event. When this event is received, the following actions will occur:
· The router with highest priority:
o Send advertisement packets
o Send broadcast an ARP request.
o Set advertisement timer for the advertisement interval.
o Transition to the master state.
· The router with highest priority:
o Send advertisement packets
o Send broadcast an ARP request.
o Set advertisement timer for the advertisement interval.
o Transition to the master state.
Backup State:
The main function of backup router is to receive ADVERTISEMENT and check: Is the master router working or not? After that when the master router not working the backup router will transit itself to master state in the following case:
· If the priority in the ADVERTISEMENT packet is zero.
· If the priority in the ADVERTISEMENT packet is zero.
Master State:
The master router responds to ARP requests for the IP address associated with virtual router VR.
If ADVERTISEMENT packets are received by the master router:
· If the Priority is zero, send ADVERTISEMENT directly.
· If the priority in ADVERTISEMENT packet is greater than the priority of this router, then this router is transit to backup router.
When a shutdown event is received, send advertisement packet with priority=0 and transit to initialization state.
If ADVERTISEMENT packets are received by the master router:
· If the Priority is zero, send ADVERTISEMENT directly.
· If the priority in ADVERTISEMENT packet is greater than the priority of this router, then this router is transit to backup router.
When a shutdown event is received, send advertisement packet with priority=0 and transit to initialization state.
VRRP Advertisements:
VRRP advertisements are the information included in the VRRP IP header. Advertisement has the following information priority, authentication, advertisement interval and IP addresses. In addition, the fields of an IP source address and an IP destination address have a special meaning.
Priority:
Priority is a number define which router is the master. Also define which router will take the role of the master when it breaks down. Priority is a decimal number from 0 to 250. However 0 and 255 has a special meaning. The zero value means when the master router exits from participating in VRRP and 255 for the owner router. The default priority value of backup router is 100. A higher number means higher priority.
Authentication:
In authentication there are three cases :
· No authentication.
· Simple clear text password.
· Strong authentication.
· No authentication.
· Simple clear text password.
· Strong authentication.
No Authentication:
The use of this type of authentication means the VRRP protocol exchanges without any protection. This type should be used in environments where there is minimal security risk and little chance for configuration errors.
Simple Clear Text Password:
The sue of this type of authentication means the VRRP protocol exchanges by simple clear text password. This type is useful for protection against misconfiguration for routers on the LAN. The new router must configure with a correct password before it can run the VRRP protocol with another router. This type doesn't protect against hostile attacks where the password can be known by special programs. This type is recommended there is a few configuration errors of routers on the LAN.
Strong Authentication:
This type of authentication provides a strong protection against configuration errors, replay attacks and packet corruption. This type is recommended when there is limited control over the administration of nodes on a LAN.
IP addresses:
The IP addresses protected from the virtual router.
IP source address:
IP of the master router that sending the packets.
IP destination address
Is always 224.0.0.18, the multicast address assigned to VRRP packets.
Advertisement interval:
VRRP update interval in seconds. Defines how often master sends advertisement packets to the backup routers in the virtual router VR. The default is 1 second.
Advertisement Process
Failover:
The master router sends an advertisement to backup routers in the virtual router contains its priority. The backup routers receive and analyze this advertisement. If no advertisement has been sent from the master router to the backup routers in three seconds, this means the master router has broken down. Each backup router prepares itself to send an advertisement to the other backup routers telling them it will take the role of the master router. However, this operation depends on the priority of the router. Higher priority means fastest sending the advertisement. When the backup router highest priority sends an advertisement it will take the role of the master and the other backup routers stop sending an advertisement.
Another case of failover when the master router sends an advertisement with zero priority. That means that the master router stops participating in the VRRP protocol.
Another case of failover when the master router sends an advertisement with zero priority. That means that the master router stops participating in the VRRP protocol.
Recovery:
When the main master router of the virtual router returns to service, in the beginning it starts as a backup router and receives advertisements from the current master router. When it receives the first advertisement it will compare with the priority value of this advertisement and his own priority value and define that it must be the master router. After that the main router will send a broadcast advertisement to all other routers and the current master router will give up the master for the master router.
Benefit of using VRRP:
1. Allows redundant routers at the client side when connecting to the service provider without using a dynamic routing protocol.
2. Reduce failover time and bandwidth overhead when the router breaks down.
3. Ensure continuity of service.
4. Support more than one virtual router (load sharing) to use all routers and reduce overload for the master router.
5. Avoiding the needs of making reconfiguration for hosts when the gateway breakdown.
6. Eliminates the need for the router discovery protocol to support the failover operation.
2. Reduce failover time and bandwidth overhead when the router breaks down.
3. Ensure continuity of service.
4. Support more than one virtual router (load sharing) to use all routers and reduce overload for the master router.
5. Avoiding the needs of making reconfiguration for hosts when the gateway breakdown.
6. Eliminates the need for the router discovery protocol to support the failover operation.