📄 rfc2338.txt
字号:
(seconds). Default is 1 second. Skew_Time Time to skew Master_Down_Interval in seconds. Calculated as: ( (256 - Priority) / 256 ) Master_Down_Interval Time interval for Backup to declare Master down (seconds). Calculated as: (3 * Advertisement_Interval) + Skew_time Preempt_Mode Controls whether a higher priority Backup router preempts a lower priority Master. Values are True to allow preemption and False to not prohibit preemption. Default is True. Note: Exception is that the router that owns the IP address(es) associated with the virtual router always pre-empts independent of the setting of this flag.Knight, et. al. Standards Track [Page 14]
RFC 2338 VRRP April 19986.2 Timers Master_Down_Timer Timer that fires when ADVERTISEMENT has not been heard for Master_Down_Interval. Adver_Timer Timer that fires to trigger sending of ADVERTISEMENT based on Advertisement_Interval.6.3 State Transition Diagram +---------------+ +--------->| |<-------------+ | | Initialize | | | +------| |----------+ | | | +---------------+ | | | | | | | V V | +---------------+ +---------------+ | |---------------------->| | | Master | | Backup | | |<----------------------| | +---------------+ +---------------+6.4 State Descriptions In the state descriptions below, the state names are identified by {state-name}, and the packets are identified by all upper case characters. A VRRP router implements an instance of the state machine for each virtual router election it is participating in.6.4.1 Initialize The purpose of this state is to wait for a Startup event. If a Startup event is received, then: - If the Priority = 255 (i.e., the router owns the IP address(es) associated with the virtual router) o Send an ADVERTISEMENT o Broadcast a gratuitous ARP request containing the virtual router MAC address for each IP address associated with the virtual router. o Set the Adver_Timer to Advertisement_Interval o Transition to the {Master} stateKnight, et. al. Standards Track [Page 15]
RFC 2338 VRRP April 1998 else o Set the Master_Down_Timer to Master_Down_Interval o Transition to the {Backup} state endif6.4.2 Backup The purpose of the {Backup} state is to monitor the availability and state of the Master Router. While in this state, a VRRP router MUST do the following: - MUST NOT respond to ARP requests for the IP address(s) associated with the virtual router. - MUST discard packets with a destination link layer MAC address equal to the virtual router MAC address. - MUST NOT accept packets addressed to the IP address(es) associated with the virtual router. - If a Shutdown event is received, then: o Cancel the Master_Down_Timer o Transition to the {Initialize} state endif - If the Master_Down_Timer fires, then: o Send an ADVERTISEMENT o Broadcast a gratuitous ARP request containing the virtual router MAC address for each IP address associated with the virtual router o Set the Adver_Timer to Advertisement_Interval o Transition to the {Master} state endif - If an ADVERTISEMENT is received, then: If the Priority in the ADVERTISEMENT is Zero, then: o Set the Master_Down_Timer to Skew_Time else:Knight, et. al. Standards Track [Page 16]
RFC 2338 VRRP April 1998 If Preempt_Mode is False, or If the Priority in the ADVERTISEMENT is greater than or equal to the local Priority, then: o Reset the Master_Down_Timer to Master_Down_Interval else: o Discard the ADVERTISEMENT endif endif endif6.4.3 Master While in the {Master} state the router functions as the forwarding router for the IP address(es) associated with the virtual router. While in this state, a VRRP router MUST do the following: - MUST respond to ARP requests for the IP address(es) associated with the virtual router. - MUST forward packets with a destination link layer MAC address equal to the virtual router MAC address. - MUST NOT accept packets addressed to the IP address(es) associated with the virtual router if it is not the IP address owner. - MUST accept packets addressed to the IP address(es) associated with the virtual router if it is the IP address owner. - If a Shutdown event is received, then: o Cancel the Adver_Timer o Send an ADVERTISEMENT with Priority = 0 o Transition to the {Initialize} state endif - If the Adver_Timer fires, then: o Send an ADVERTISEMENT o Reset the Adver_Timer to Advertisement_Interval endifKnight, et. al. Standards Track [Page 17]
RFC 2338 VRRP April 1998 - If an ADVERTISEMENT is received, then: If the Priority in the ADVERTISEMENT is Zero, then: o Send an ADVERTISEMENT o Reset the Adver_Timer to Advertisement_Interval else: If the Priority in the ADVERTISEMENT is greater than the local Priority, or If the Priority in the ADVERTISEMENT is equal to the local Priority and the primary IP Address of the sender is greater than the local primary IP Address, then: o Cancel Adver_Timer o Set Master_Down_Timer to Master_Down_Interval o Transition to the {Backup} state else: o Discard ADVERTISEMENT endif endif endif7. Sending and Receiving VRRP Packets7.1 Receiving VRRP Packets Performed the following functions when a VRRP packet is received: - MUST verify that the IP TTL is 255. - MUST verify the VRRP version - MUST verify that the received packet length is greater than or equal to the VRRP header - MUST verify the VRRP checksum - MUST perform authentication specified by Auth Type If any one of the above checks fails, the receiver MUST discard the packet, SHOULD log the event and MAY indicate via network management that an error occurred. - MUST verify that the VRID is valid on the receiving interface If the above check fails, the receiver MUST discard the packet.Knight, et. al. Standards Track [Page 18]
RFC 2338 VRRP April 1998 - MAY verify that the IP address(es) associated with the VRID are valid If the above check fails, the receiver SHOULD log the event and MAY indicate via network management that a misconfiguration was detected. If the packet was not generated by the address owner (Priority does not equal 255 (decimal)), the receiver MUST drop the packet, otherwise continue processing. - MUST verify that the Adver Interval in the packet is the same as the locally configured for this virtual router If the above check fails, the receiver MUST discard the packet, SHOULD log the event and MAY indicate via network management that a misconfiguration was detected.7.2 Transmitting VRRP Packets The following operations MUST be performed when transmitting a VRRP packet. - Fill in the VRRP packet fields with the appropriate virtual router configuration state - Compute the VRRP checksum - Set the source MAC address to Virtual Router MAC Address - Set the source IP address to interface primary IP address - Set the IP protocol to VRRP - Send the VRRP packet to the VRRP IP multicast group Note: VRRP packets are transmitted with the virtual router MAC address as the source MAC address to ensure that learning bridges correctly determine the LAN segment the virtual router is attached to.7.3 Virtual Router MAC Address The virtual router MAC address associated with a virtual router is an IEEE 802 MAC Address in the following format: 00-00-5E-00-01-{VRID} (in hex in internet standard bit-order) The first three octets are derived from the IANA's OUI. The next two octets (00-01) indicate the address block assigned to the VRRP protocol. {VRID} is the VRRP Virtual Router Identifier. This mapping provides for up to 255 VRRP routers on a network.Knight, et. al. Standards Track [Page 19]
RFC 2338 VRRP April 19988. Operational Issues8.1 ICMP Redirects ICMP Redirects may be used normally when VRRP is running between a group of routers. This allows VRRP to be used in environments where the topology is not symmetric. The IP source address of an ICMP redirect should be the address the end host used when making its next hop routing decision. If a VRRP router is acting as Master for virtual router(s) containing addresses it does not own, then it must determine which virtual router the packet was sent to when selecting the redirect source address. One method to deduce the virtual router used is to examine the destination MAC address in the packet that triggered the redirect. It may be useful to disable Redirects for specific cases where VRRP is being used to load share traffic between a number of routers in a symmetric topology.8.2 Host ARP Requests When a host sends an ARP request for one of the virtual router IP addresses, the Master virtual router MUST respond to the ARP request with the virtual MAC address for the virtual router. The Master virtual router MUST NOT respond with its physical MAC address. This allows the client to always use the same MAC address regardless of the current Master router. When a VRRP router restarts or boots, it SHOULD not send any ARP messages with its physical MAC address for the IP address it owns, it should only send ARP messages that include Virtual MAC addresses. This may entail: - When configuring an interface, VRRP routers should broadcast a gratuitous ARP request containing the virtual router MAC address for each IP address on that interface. - At system boot, when initializing interfaces for VRRP operation; delay gratuitous ARP requests and ARP responses until both the IP address and the virtual router MAC address are configured.8.3 Proxy ARP If Proxy ARP is to be used on a VRRP router, then the VRRP router must advertise the Virtual Router MAC address in the Proxy ARP message. Doing otherwise could cause hosts to learn the real MAC address of the VRRP router.Knight, et. al. Standards Track [Page 20]
RFC 2338 VRRP April 19989. Operation over FDDI and Token Ring9.1 Operation over FDDI FDDI interfaces remove from the FDDI ring frames that have a source MAC address matching the device's hardware address. Under some conditions, such as router isolations, ring failures, protocol transitions, etc., VRRP may cause there to be more than one Master router. If a Master router installs the virtual router MAC address as the hardware address on a FDDI device, then other Masters' ADVERTISEMENTS will be removed from the ring during the Master⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -