draft-ietf-vrrp-spec-v2-05.txt

VRRP双机热备份协议源吗

   virtual router is restricted to a single LAN.

   To minimize network traffic, only the Master for each virtual router
   sends periodic VRRP Advertisement messages.  A Backup router will not
   attempt to pre-empt the Master unless it has higher priority.  This
   eliminates service disruption unless a more preferred path becomes
   available.  It's also possible to administratively prohibit all pre-
   emption attempts.  The only exception is that a VRRP router will
   always become Master of any virtual router associated with addresses
   it owns.  If the Master becomes unavailable then the highest priority
   Backup will transition to Master after a short delay, providing a
   controlled transition of the virtual router responsibility with
   minimal service interruption.

   VRRP defines three types of authentication providing simple
   deployment in insecure environments, added protection against
   misconfiguration, and strong sender authentication in security
   conscious environments.  Analysis of the protection provided and
   vulnerability of each mechanism is deferred to Section 10.0 Security
   Considerations.  In addition new authentication types and data can be
   defined in the future without affecting the format of the fixed
   portion of the protocol packet, thus preserving backward compatible
   operation.

   The VRRP protocol design provides rapid transition from Backup to
   Master to minimize service interruption, and incorporates
   optimizations that reduce protocol complexity while guaranteeing
   controlled Master transition for typical operational scenarios.  The



draft-ietf-vrrp-spec-v2-05.txt                                  [Page 7]


INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000


   optimizations result in an election protocol with minimal runtime
   state requirements, minimal active protocol states, and a single
   message type and sender.  The typical operational scenarios are
   defined to be two redundant routers and/or distinct path preferences
   among each router.  A side effect when these assumptions are violated
   (i.e., more than two redundant paths all with equal preference) is
   that duplicate packets may be forwarded for a brief period during
   Master election.  However, the typical scenario assumptions are
   likely to cover the vast majority of deployments, loss of the Master
   router is infrequent, and the expected duration in Master election
   convergence is quite small ( << 1 second ).  Thus the VRRP
   optimizations represent significant simplifications in the protocol
   design while incurring an insignificant probability of brief network
   degradation.


4.  Sample Configurations

4.1  Sample Configuration 1

   The following figure shows a simple network with two VRRP routers
   implementing one virtual router.  Note that this example is provided
   to help understand the protocol, but is not expected to occur in
   actual practice.

             +-----------+      +-----------+
             |   Rtr1    |      |   Rtr2    |
             |(MR VRID=1)|      |(BR VRID=1)|
             |           |      |           |
     VRID=1  +-----------+      +-----------+
     IP A ---------->*            *<--------- IP B
                     |            |
                     |            |
   ------------------+------------+-----+--------+--------+--------+--
                                        ^        ^        ^        ^
                                        |        |        |        |
                                      (IP A)   (IP A)   (IP A)   (IP A)
                                        |        |        |        |
                                     +--+--+  +--+--+  +--+--+  +--+--+
                                     |  H1 |  |  H2 |  |  H3 |  |  H4 |
                                     +-----+  +-----+  +--+--+  +--+--+
      Legend:
               ---+---+---+--  =  Ethernet, Token Ring, or FDDI
                            H  =  Host computer
                           MR  =  Master Router
                           BR  =  Backup Router
                            *  =  IP Address
                         (IP)  =  default router for hosts



draft-ietf-vrrp-spec-v2-05.txt                                  [Page 8]


INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000


   Eliminating all mention of VRRP (VRID=1) from the figure above leaves
   it as a typical IP deployment.  Each router is permanently assigned
   an IP address on the LAN interface (Rtr1 is assigned IP A and Rtr2 is
   assigned IP B), and each host installs a static default route through
   one of the routers (in this example they all use Rtr1's IP A).

   Moving to the VRRP environment, each router has the exact same
   permanently assigned IP address.  Rtr1 is said to be the IP address
   owner of IP A, and Rtr2 is the IP address owner of IP B.  A virtual
   router is then defined by associating a unique identifier (the
   virtual router ID) with the address owned by a router.  Finally, the
   VRRP protocol manages virtual router failover to a backup router.

   The example above shows a virtual router configured to cover the IP
   address owned by Rtr1 (VRID=1,IP_Address=A).  When VRRP is enabled on
   Rtr1 for VRID=1 it will assert itself as Master, with priority=255,
   since it is the IP address owner for the virtual router IP address.
   When VRRP is enabled on Rtr2 for VRID=1 it will transition to Backup,
   with priority=100, since it is not the IP address owner.  If Rtr1
   should fail then the VRRP protocol will transition Rtr2 to Master,
   temporarily taking over forwarding responsibility for IP A to provide
   uninterrupted service to the hosts.

   Note that in this example IP B is not backed up, it is only used by
   Rtr2 as its interface address.  In order to backup IP B, a second
   virtual router must be configured.  This is shown in the next
   section.
























draft-ietf-vrrp-spec-v2-05.txt                                  [Page 9]


INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000


4.2  Sample Configuration 2

   The following figure shows a configuration with two virtual routers
   with the hosts spitting their traffic between them.  This example is
   expected to be very common in actual practice.

             +-----------+      +-----------+
             |   Rtr1    |      |   Rtr2    |
             |(MR VRID=1)|      |(BR VRID=1)|
             |(BR VRID=2)|      |(MR VRID=2)|
     VRID=1  +-----------+      +-----------+  VRID=2
     IP A ---------->*            *<---------- IP B
                     |            |
                     |            |
   ------------------+------------+-----+--------+--------+--------+--
                                        ^        ^        ^        ^
                                        |        |        |        |
                                      (IP A)   (IP A)   (IP B)   (IP B)
                                        |        |        |        |
                                     +--+--+  +--+--+  +--+--+  +--+--+
                                     |  H1 |  |  H2 |  |  H3 |  |  H4 |
                                     +-----+  +-----+  +--+--+  +--+--+
      Legend:
               ---+---+---+--  =  Ethernet, Token Ring, or FDDI
                            H  =  Host computer
                           MR  =  Master Router
                           BR  =  Backup Router
                            *  =  IP Address
                         (IP)  =  default router for hosts

   In the example above, half of the hosts have configured a static
   route through Rtr1's IP A and half are using Rtr2's IP B.  The
   configuration of virtual router VRID=1 is exactly the same as in the
   first example (see section 4.1), and a second virtual router has been
   added to cover the IP address owned by Rtr2 (VRID=2, IP_Address=B).
   In this case Rtr2 will assert itself as Master for VRID=2 while Rtr1
   will act as a backup.  This scenario demonstrates a deployment
   providing load splitting when both routers are available while
   providing full redundancy for robustness.












draft-ietf-vrrp-spec-v2-05.txt                                 [Page 10]


INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000


5.0  Protocol

   The purpose of the VRRP packet is to communicate to all VRRP routers
   the priority and the state of the Master router associated with the
   Virtual Router ID.

   VRRP packets are sent encapsulated in IP packets.  They are sent to
   the IPv4 multicast address assigned to VRRP.


5.1  VRRP Packet Format

   This section defines the format of the VRRP packet and the relevant
   fields in the IP header.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |Version| Type  | Virtual Rtr ID|   Priority    | Count IP Addrs|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |   Auth Type   |   Adver Int   |          Checksum             |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         IP Address (1)                        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                            .                                  |
      |                            .                                  |
      |                            .                                  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         IP Address (n)                        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                     Authentication Data (1)                   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                     Authentication Data (2)                   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


5.2  IP Field Descriptions

5.2.1  Source Address

   The primary IP address of the interface the packet is being sent
   from.

5.2.2  Destination Address

   The IP multicast address as assigned by the IANA for VRRP is:

       224.0.0.18



draft-ietf-vrrp-spec-v2-05.txt                                 [Page 11]


INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000


   This is a link local scope multicast address.  Routers MUST NOT
   forward a datagram with this destination address regardless of its
   TTL.

5.2.3  TTL

   The TTL MUST be set to 255.  A VRRP router receiving a packet with
   the TTL not equal to 255 MUST discard the packet.

5.2.4  Protocol

   The IP protocol number assigned by the IANA for VRRP is 112
   (decimal).


5.3 VRRP Field Descriptions

5.3.1  Version

   The version field specifies the VRRP protocol version of this packet.
   This document defines version 2.

5.3.2  Type

   The type field specifies the type of this VRRP packet.  The only
   packet type defined in this version of the protocol is:

       1      ADVERTISEMENT

   A packet with unknown type MUST be discarded.

5.3.3  Virtual Rtr ID (VRID)

   The Virtual Router Identifier (VRID) field identifies the virtual
   router this packet is reporting status for.

5.3.4  Priority

   The priority field specifies the sending VRRP router's priority for
   the virtual router.  Higher values equal higher priority.  This field
   is an 8 bit unsigned integer field.

   The priority value for the VRRP router that owns the IP address(es)
   associated with the virtual router MUST be 255 (decimal).

   VRRP routers backing up a virtual router MUST use priority values
   between 1-254 (decimal).  The default priority value for VRRP routers
   backing up a virtual router is 100 (decimal).



draft-ietf-vrrp-spec-v2-05.txt                                 [Page 12]


INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000


   The priority value zero (0) has special meaning indicating that the
   current Master has stopped participating in VRRP.  This is used to
   trigger Backup routers to quickly transition to Master without having
   to wait for the current Master to timeout.

5.3.5  Count IP Addrs

   The number of IP addresses contained in this VRRP advertisement.

5.3.6  Authentication Type

   The authentication type field identifies the authentication method
   being utilized.  Authentication type is unique on a Virtual Router
   basis.  The authentication type field is an 8 bit unsigned integer.
   A packet with unknown authentication type or that does not match the
   locally configured authentication method MUST be discarded.

   The authentication methods currently defined are:

      0 - No Authentication
      1 - Simple Text Password
      2 - IP Authentication Header

5.3.6.1 No Authentication

   The use of this authentication type means that VRRP protocol
   exchanges are not authenticated.  The contents of the Authentication
   Data field should be set to zero on transmission and ignored on
   reception.

5.3.6.2 Simple Text Password

   The use of this authentication type means that VRRP protocol
   exchanges are authenticated by a clear text password.  The contents
   of the Authentication Data field should be set to the locally
   configured password on transmission.  There is no default password.
   The receiver MUST check that the Authentication Data in the packet
   matches its configured authentication string.  Packets that do not
   match MUST be discarded.

   Note that there are security implications to using Simple Text
   password authentication, and one should see the Security
   Consideration section of this document.