Contents x
      VRRP (Virtual Router Redundancy Protocol)
      • 17 Mar 2023
      • 4 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      VRRP (Virtual Router Redundancy Protocol)

      • Updated on 17 Mar 2023
      • 4 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Article summary

      The Nodegrid Platform supports embedded Virtual Router Redundancy Protocol (VRRP). This allows Nodegrid to become part of a virtual router interface (provides router redundancy). This is used to provide automatic failover support for default gateways. By default, VRRP is not configured. To enable support, the service must first be configured by an administrator using the shell.

      NOTE
      VRRP can only be used with network interfaces directly exposed to the Nodegrid OS. Individual switch ports on a Nodegrid Service Router card cannot be used.

      With VRRP, if there are two Nodegrid SR devices, one can be configured to be the VRRP master, and the other to be the VRRP backup. One SR is connected to the other and assigned a virtual IP address in keepalived configuration. The connection uses one SR (configured as master). If that SR goes down, VRRP assigns the virtual IP to the backup SR – and traffic continues on the second SR.

      VRRP support is implemented through keepalived services. Official documentation for the service is available on the Keep Alived web site.

      CLI Procedure

      The service configuration files are located in /etc/keepalived/. At a minimum, the keepalived.conf must be a valid configuration. The service is started with this command.

      /etc/init.d/keepalived start

      To automatically start keepalived on the next system start, run this command:

      update-rc.d -s keepalived defaults 90

      Example Configuration

      The following configuration uses IPv6 for the above topology, but IPv4 is also supported and configured in a similar process.

      Router Configuration

      Example:

      sw1$ ip link add name br0 type bridge vlan_filtering 1 mcast_snooping 0
sw1$ ip link set dev swp3 master br0
sw1$ ip link set dev swp11 master br0
sw1$ ip link set dev br0 up
sw1$ ip -6 address add 2001:db8:1::2/64 dev br0
sw1$ ip link set dev swp3 up
sw1$ ip link set dev swp11 up
sw1$ ip link set dev swp7 up
sw1$ ip -6 address add 2001:db8:2::2/64 dev swp7
sw1$ ip -6 route add 2001:db8:4::/64 via 2001:db8:2::1

sw1$ cat /etc/keepalived/keepalived.conf
global_defs {
 vrrp_garp_master_refresh 60
}

vrrp_instance vrrp_test {
 state MASTER
 interface br0
 virtual_router_id 5
 priority 200
 version 3
 advert_int 0.1
 use_vmac
 vmac_xmit_base
 virtual_ipaddress {
  2001:db8:1::100
 }
 notify_master "/usr/local/bin/vmac.sh true br0 00:00:5e:00:02:05 1"
 notify_backup "/usr/local/bin/vmac.sh false br0 00:00:5e:00:02:05 1"
 notify_stop "/usr/local/bin/vmac.sh false br0 00:00:5e:00:02:05 1"
}
sw2$ ip link add name br0 type bridge vlan_filtering 1 mcast_snooping 0
sw2$ ip link set dev swp55 master br0
sw2$ ip link set dev swp54 master br0
sw2$ ip link set dev br0 up
sw2$ ip -6 address add 2001:db8:1::3/64 dev br0
sw2$ ip link set dev swp55 up
sw2$ ip link set dev swp54 up
sw2$ ip link set dev swp56 up
sw2$ ip -6 address add 2001:db8:3::2/64 dev swp56
sw2$ ip -6 route add 2001:db8:4::/64 via 2001:db8:3::1

sw2$ cat /etc/keepalived/keepalived.conf
global_defs {
 vrrp_garp_master_refresh 60
}

vrrp_instance vrrp_test {
 state BACKUP
 interface br0
 virtual_router_id 5
 priority 150
 version 3
 advert_int 0.1
 use_vmac
 vmac_xmit_base
 virtual_ipaddress {
  2001:db8:1::100
 }
 notify_master "/usr/local/bin/vmac.sh true br0 00:00:5e:00:02:05 1"
 notify_backup "/usr/local/bin/vmac.sh false br0 00:00:5e:00:02:05 1"
 notify_stop "/usr/local/bin/vmac.sh false br0 00:00:5e:00:02:05 1"
}

      In the above configuration, the virtual router uses an advertisement interval of 0.1 seconds. A longer interval can be used – but increases the failover time. This is because the Backup router waits for three times the advertisement interval before declaring the Master as down.

      The vmac_xmit_base option causes VRRP packets to be sent with the MAC of the underlying interface (br0 in the example) instead of the virtual MAC. (This does not conform to the VRRP specification, but is recommended in practice.)

      On both switches, vmac.sh is the file described below. The file ensures packets whose destination MAC is the virtual MAC are locally received by the Master router. An FDB entry is configured with the virtual MAC and the local flag.

      Example:

      sw1$ cat /usr/local/bin/vmac.sh
#!/bin/bash

master=$1
bridge=$2
vmac=$3

if [[ "$#" -eq 4 ]]; then
        vlan="vlan $4"
fi

if [[ $master == "true" ]]; then
        bridge fdb replace $vmac dev $bridge self local $vlan
else
        bridge fdb del $vmac dev $bridge self local $vlan
fi

      Host Configuration

      Example:

      host$ ip link add name bond0 type bond mode active-backup miimon 100 use_carrier 1
host$ ip link set dev ens6 master bond0
host$ ip link set dev ens7 master bond0
host$ ip link set dev ens6 up
host$ ip link set dev ens7 up
host$ ip link set dev bond0 up
host$ ip -6 address add 2001:db8:1::1/64 dev bond0
host$ ip -6 route add 2001:db8:4::/64 via 2001:db8:1::100
host$ ip link set dev bond0 type bond primary ens6

      To avoid duplicate packets, the host uses an active-backup LAG to connect both switches. The virtual router (2001:db8:1::100) is the gateway to the 2001:db8:4::/64 network (although in actual deployments this usually is the default gateway).

      The MAC address of the virtual router is the virtual router MAC (VMAC):

      host$ ip -6 neighbour show 2001:db8:1::100
2001:db8:1::100 dev bond0 lladdr 00:00:5e:00:02:05 router REACHABLE

      The LSB indicates that the virtual router ID is 5 (in accordance with the virtual router configuration above).


      Was this article helpful?
      What's Next
      ESC

      Eddy, a generative AI, facilitating knowledge discovery through conversational intelligence