The Virtual Router
Redundancy Protocol (VRRP) feature allows for transparent failover at the
first-hop IP router, enabling a group of routers to form a single virtual
A LAN client can use
a dynamic process or static configuration to determine which router should be
the first hop to a particular remote destination. The client examples of
dynamic router discovery are as follows:
client uses Address Resolution Protocol (ARP) to get the destination it wants
to reach, and a router responds to the ARP request with its own MAC address.
protocol—The client listens to dynamic routing protocol updates (for example,
from Routing Information Protocol [RIP]) and forms its own routing table.
Router Discovery Protocol) client—The client runs an Internet Control Message
Protocol (ICMP) router discovery client.
The drawback to
dynamic discovery protocols is that they incur some configuration and
processing overhead on the LAN client. Also, in the event of a router failure,
the process of switching to another router can be slow.
An alternative to
dynamic discovery protocols is to statically configure a default router on the
client. This approach simplifies client configuration and processing, but
creates a single point of failure. If the default gateway fails, the LAN client
is limited to communicating only on the local IP network segment and is cut off
from the rest of the network.
The Virtual Router
Redundancy Protocol (VRRP) feature can solve the static configuration problem.
VRRP is an IP routing redundancy protocol designed to allow for transparent
failover at the first-hop IP router. VRRP enables a group of routers to form a
. The LAN clients can then be configured with the virtual
router as their default gateway. The virtual router, representing a group of
routers, is also known as a
shows a LAN topology in which VRRP is configured. In this example, Routers A,
B, and C are
(routers running VRRP) that compose a virtual router. The IP address of the
virtual router is the same as that configured for the interface of Router A
Figure 1. Basic VRRP
Because the virtual
router uses the IP address of the physical interface of Router A, Router A
assumes the role of the
and is also known as the
IP address owner.
As the master virtual router, Router A controls the IP address of
the virtual router and is responsible for forwarding packets sent to this IP
address. Clients 1 through 3 are configured with the default gateway IP address
Routers B and C
routers. If the master virtual router fails, the router configured with the
higher priority becomes the master virtual router and provides uninterrupted
service for the LAN hosts. When Router A recovers, it becomes the master
virtual router again.
We recommend that
you disable Spanning Tree Protocol (STP) on switch ports to which the virtual
routers are connected. Enable RSTP or rapid-PVST on the switch interfaces if
the switch supports these protocols.
You can configure up
to 100 virtual routers on a router interface. You can configure up to 256
virtual routers on a router interface. The actual number of virtual routers
that a router interface can support depends on the following factors:
In a topology where
multiple virtual routers are configured on a router interface, the interface
can act as a master for one or more virtual routers and as a backup for one or
more virtual routers.
An important aspect
of the VRRP redundancy scheme is VRRP router priority. Priority determines the
role that each VRRP router plays and what happens if the master virtual router
If a VRRP router
owns the IP address of the virtual router and the IP address of the physical
interface, this router functions as a master virtual router.
If no VRRP router
owns the IP address, the priority of a VRRP router, combined with the reempt
settings, determines if a VRRP router functions as a master or a backup virtual
router. By default, the highest priority VRRP router functions as master, and
all the others function as backups. Priority also determines the order of
ascendancy to becoming a master virtual router if the master virtual router
fails. You can configure the priority of each backup virtual router with a
value of 1 through 254, using the vrrp priority command.
For example, if
Router A, the master virtual router in a LAN topology, fails, an election
process takes place to determine if backup virtual Routers B or C should take
over. If Routers B and C are configured with the priorities of 101 and 100,
respectively, Router B is elected to become master virtual router because it
has the higher priority. If Routers B and C are both configured with the
priority of 100, the backup virtual router with the higher IP address is
elected to become the master virtual router.
By default, a
preemptive scheme is enabled whereby a higher-priority backup virtual router
that becomes available takes over from the current master virtual router. You
can disable this preemptive scheme using the vrrp preempt disable command. If
preemption is disabled, the backup virtual router that is elected to become
master upon the failure of the original higher priority master, remains the
master even if the original master virtual router recovers and becomes
The master virtual
router sends VRRP advertisements to other VRRP routers in the same group. The
advertisements communicate the priority and state of the master virtual router.
The VRRP advertisements are encapsulated in IP packets and sent to the IP
Version 4 multicast address assigned to the VRRP group. The advertisements are
sent every second by default; the interval is configurable.
The benefits of VRRP
are as follows:
enables you to configure multiple routers as the default gateway router, which
reduces the possibility of a single point of failure in a network.
can configure VRRP in such a way that traffic to and from LAN clients can be
shared by multiple routers, thereby sharing the traffic load more equitably
among available routers.
Routers—VRRP supports up to 100 virtual routers (VRRP groups) on a router
interface, subject to the platform supporting multiple MAC addresses. You can
configure up to 256 virtual routers on a router interface. Multiple virtual
router support enables you to implement redundancy and load sharing in your LAN
Addresses—The virtual router can manage multiple IP addresses, including
secondary IP addresses. Therefore, if you have multiple subnets configured on
an Ethernet interface, you can configure VRRP on each subnet.
redundancy scheme of VRRP enables you to preempt a backup virtual router that
has taken over for a failing master virtual router with a higher-priority
backup virtual router that has become available.
Authentication—You can ensure that VRRP messages received from VRRP routers
that comprise a virtual router are authenticated by configuring a simple text
Protocol—VRRP uses a dedicated Internet Assigned Numbers Authority (IANA)
standard multicast address (22.214.171.124) for VRRP advertisements. This
addressing scheme minimizes the number of routers that must service the
multicasts and allows test equipment to accurately identify VRRP packets on a
segment. The IANA assigns VRRP the IP protocol number 112.
Restartability for VRRP
In the event of
failure of a VRRP process in one group, forced failovers in peer VRRP master
router groups should be prevented. Hot restartability supports warm RP failover
without incurring forced failovers to peer VRRP routers.