Virtual Router Redundancy Protocol

Read this article to learn the implementation and the process to select the Master in a redundant router configuration. Notice HSRP and CARP. What makes VRRP different from both HSRP and CARP?

The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.

The protocol achieves this by creation of virtual routers, which are an abstract representation of multiple routers, i.e. Primary/Active and Secondary/Standby routers, acting as a group. The virtual router is assigned to act as a default gateway of participating hosts, instead of a physical router. If the physical router that is routing packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the Primary/Active router.

VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise IP routes beyond that subnet or affect the routing table in any way. VRRP can be used in Ethernet, MPLS, and Token Ring networks with Internet Protocol Version 4 (IPv4), as well as IPv6.

The protocol is described in Internet Engineering Task Force (IETF) publication RFC 5798, which is an open standard, but Cisco claims that a similar protocol with essentially the same facility is patented and licensed; however, in 2001, in reply to a direct request, Robert Barr of Cisco replied that they will not assert any patent claims unless someone tried to assert a claim against Cisco. IBM also claims covering patents and their statement is readable on the IETF webpage.



A virtual router must use 00-00-5E-00-01-XX as its Media Access Control (MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and it will reply with this MAC address when an ARP request is sent for the virtual router's IP address.

Physical routers within the virtual router must communicate within themselves using packets with multicast IP address and IP protocol number 112.

Routers have a priority of between 1 and 254 and the router with the highest priority will become the Primary/Active. The default priority is 100; for MAC address owner the priority is always 255.


Elections of Primary/Active routers

A failure to receive a multicast packet from the Primary/Active router for a period longer than three times the advertisement timer causes the Secondary/Standby routers to assume that the Primary/Active router is dead. The virtual router then transitions into an unsteady state and an election process is initiated to select the next Primary/Active router from the Secondary/Standby routers. This is fulfilled through the use of multicast packets.

Secondary/Standby router(s) are only supposed to send multicast packets during an election process. One exception to this rule is when a physical router is configured with a higher priority than the current Primary/Active, which means that on connection to the network it will preempt the Primary/Active status. This allows a system administrator to force a physical router to the Primary/Active state immediately after booting, for example when that particular router is more powerful than others within the virtual router. The Secondary/Standby router with the highest priority becomes the Primary/Active router by raising its priority above that of the current Primary/Active. It will then take responsibility for routing packets sent to the virtual gateway's MAC address. In cases where Secondary/Standby routers all have the same priority, the Secondary/Standby router with the highest IP address becomes the Primary/Active router.

All physical routers acting as a virtual router must be in the same local area network (LAN) segment. Communication within the virtual router takes place periodically. This period can be adjusted by changing advertisement interval timers. The shorter the advertisement interval, the shorter the black hole period, though at the expense of more traffic in the network. Security is achieved by responding only to first hop packets, though other mechanisms are provided to reinforce this, particularly against local attacks. Election process is made orderly through the use of skew time, derived from a router's priority, and used to reduce the chance of the thundering herd problem occurring during election. The skew time is given by the formula (256 − Priority)/256 (expressed in milliseconds).

Secondary/Standby router utilization can be improved by load sharing.



VRRP is based on Cisco's proprietary Hot Standby Router Protocol (HSRP) concepts. The protocols, while similar in concept, are not compatible.



Mellanox implements MAGP, a proprietary protocol based on VRRP that allows active-active operation.

Source: Wikipedia,
Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Last modified: Wednesday, April 21, 2021, 2:36 PM