Page tree
Skip to end of metadata
Go to start of metadata

Successfully pass the free certification exam at IW Academy and become an Infinet Certified Engineer.

To the certification exam

Description

VRRP server is able to keep the network alive in case if main router becomes unavailable, by giving it's "responsibilities" to a backup router. When VRRP server is used additional router automatically comes onto operation, that allows significantly reduce the system administrator duty.

Each backup router should be a part of virtual router (VR). VR has an IP addresses list. At time a router becomes the main, it starts to serve each IP addresses from this list (i.e. replys on ARP requests and takes the host functions with these IP addresses). VR is referred by its identifier in range 1…255  (VRID).

The VRRP server operations logic is following:

  1. VR is operated on several VRRP routers, each of them has identical VRID and identical IP addresses list.
  2. The main router should be selected from the list of VRRP routers (MASTER mode). Other ones get the status of slave routers (BACKUP mode). The main router periodically sends special packets (sweeping). By receiving these packets, BACKUP routers make a decision about MASTER’s availability.
  3. In case of the main router failure (there are no keep-alive-messages from MASTER for a long time) one of a slave routers becomes the main router and starts to process packets addressed to VR.

The main virtual router selecting is implemented automatically: this status gets the router with the highest priority or (in the case their equality) – with the biggest "primary" network interface IP address.

NOTE

Interfaces included in one VRRP router should be able to exchange service information via real IP addresses from the same network. The virtual IP address and real addresses of the interfaces must belong to different subnets. The virtual IP address should be set to all devices.

Syntax:

  Virtual Router Redundancy Protocol (VRRPv2) daemon with
  Virtual Host Support Extension V2.0.
  Usage:
        vrrp start|stop|dump
        vrrp dump IFNAME:VRID
        vrrp IFNAME:VRID [start|stop|clean|flush]
        vrrp IFNAME:VRID [add]|delete IPADDRESS[/(MASK|MASKLEN)]
        vrrp IFNAME:VRID [-priority=[PRIO|own]] [-interval=AINT]
                         [-(password|key)=[PASSWORD]]
                         [-preempt=(on|off)] [-owner=[on|off]] [-learn=(on|off)]
                         [-track=(off|default|IPADDRESS/MASKLEN)]

Parameters

ParameterDescription
start | stopStarts/stops VRRP server.

dump (IFNAME:VRID)

Displays a VRRP server current state. If the "IFNAME:VRID" is specified displays the information for chosen VR, overwise for all routers.

A VRRP server state is displayed in a table consisting of following columns:

  • "VRRP interface:ID" – VR in a "IFNAME:VRID" form.
  • "Prio" – priority of the router in a specified VR. If "owner" mode is enabled, a letter "o" is also shown.
  • "AInterval" – keep-alive messaging interval.
  • "Master IP" – "primary" IP address of MASTER router.
  • "STATE" – router’s current state. If specified router has self-learning mode enabled, the "l" letter is displayed before the state name, for example, "lBACKUP"Following values are available:
    • "MASTER";
    • "BACKUP";
    • "STOP".
  • "Time" – time period during which the route is in "STATE" mode. The period is represented in  DAYS/HOURS:MINUTES:SECONDS:000 form.
  • "Stop reason" – the router stops operating in VR in cases specified below - for a VR router it changes its state to "STOP". This column displays the reason. Possible cases are:
    • "Configuration conflict" – different VR’s with the same interface have the crossovering IP addresses lists.
    • "IP Address list is empty" – no IP addresses are specified.
    • "Interface has no primary IP address" –  interface does not have primary IP address or it has been deleted.
    • "Interface is down" – the interface assigned to VR is in the down state
IFNAME:VRID

The argument determines VR on the network interface to which the parameter should be applied. Consists of the following elements:

  • "IFNAME" – an interface on which the VR should be created.
  • "VRID" – VR identifier in range 1...255.

[add]| IPADDRESS[/(MASK|MASKLEN)

Creates Virtual Router.

  • "IPADDRESS[/(MASK|MASKLEN)" – The IP addresses to be added to the VR IP address list. None of VR IP address should coincide with the primary IP address of interface it has been created on. VRRP server allows creating several VRs for one network interface, but their IP addresses lists should not crossover.
delete IPADDRESSDeletes an address from VR IP address list.
start|stop

Starts/stops this router in a specified VR.

cleanDeletes specified IP address from VR list.
flushDeletes all IP addresses from VR list.

-priority=[PRIO|own]

Sets the specified router priority in VR.

  • "PRIO" priority value varies in 2…255 range. Router priority is considered in the main router selecting procedure. The router with greatest priority becomes the main. Priority of 255 means this router will be the main within specified VR. The main router with such a priority owns all of VR’s IP addresses.
  • "own" is equivalent to priority 255.

-owner=[on|off]

Enables/disables an "owner" mode. In owner mode the router owns all VR’s IP addresses regardless its priority. I.e. even if this router is a slave at the moment, VR’s IP addresses are in the lists of network interface on which VR is created. At the same time these addresses stay in a "passive" mode. I.e. the router will not reply on these addresses until it takes main router functions.

"Owner" mode is enabled by default.

-preempt=(on|off)

Enables/disables an inheritance mode. If inheritance mode is disabled, the router (regardless its priority) would never take the functions of the main router while there are other operating routers in VR. Inheritance mode is enabled by default.
-interval=AINTAllows set the required keep-alive messaging interval for the main route. Parameter’s value is set in seconds. Default parameter value is 1 second. If you set another value, keep in mind it has to be equal for all routers of specified VR.

-learn=(on|off)

Allows router to collect the list of VR’s IP addresses while it acts as a BACKUP router. This mode is used to simplify VRRP server configuration. Administrator can make a list of VR’s IP addresses only for one router – the owner of IP addresses (with the priority of 255). For other routers it is enough to create VR with an empty IP addresses list and set up a self-learning mode.

-track=(off|default|IPADDRESS/MASKLEN)

If "Network Prefix Monitoring" mode is enabled the VRRP module checks the availability of a route to the specified network, or the default route. If the routing entries disappear from the system tables the device enters the "BACKUP" mode.

-(password|key)=[PASSWORD]

Sets authorization for additional VR security. The VRRP server supports two authorization modes:

  • "password=[PASSWORD]" simple text password.
  • "key=[PASSWORD]" uses IP Authentication Header scheme, is more reliable, provides protection from errors. For more information see RFC 2338.

Examples

Use the "dump" parameter to display a VRRP server current state.

vrrp dump
VRRP interface:ID  Prio AInterval    Master IP     STATE       Time        Stop reason
================== ==== ========= =============== ======= ===============  ===========
          eth0:010 200o    001    192.168.15.50   BACKUP      0/0:0:3:000

Create VR with "10" VRID on the "eth0" interface and add the "9.8.7.6/24" IP address in VR address list.

vrrp eth0:10 add 9.8.7.6/24

Set 250 priority for VR "eth0:10".

vrrp eth0:10 –priority=250

Configure the VRRP router with a VRID: 10, where the IW device 1 will operate in the "MASTER" mode and the IW device 2 in the "BACKUP" mode.

IW device 1

ifc eth0 10.10.10.1/24
vrrp eth0:10 add 192.168.100.2/24
vrrp eth0:10 -priority=200
vrrp eth0:10 start

IW device 2

ifc eth0 10.10.10.2/24
vrrp eth0:10 add 192.168.100.2/24
vrrp eth0:10 -priority=100
vrrp eth0:10 start

If the 192.168.100.2/24 IP address set on the PC1 as the default gateway, the IW device 1 will perform a router functions. In case of its failure, IW device 2 will take over the routing functions without the intervention of a network administrator.