INTERNET-DRAFT S. Knight March 25, 1997 Ascend Communications, Inc. D. Weaver Ascend Communications, Inc. D. Whipple Microsoft, Inc. R. Hinden Ipsilon Networks, Inc. Virtual Router Redundancy Protocol Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). This draft originally published March 1997. It expires in October 1997. Abstract The memo documents the Virtual Router Redundancy Protocol. This is a protocol which allows several routers to utilize the same virtual IP address. One router will be elected as a master, with X routers acting as backups in case of failure of the master router. The primary advantage to utilizing this protocol, is that host systems may be configured with a single default gateway, rather than running draft-hinden-vrrp-01.txt [Page 1] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 an active routing protocol. Each interface on each router within a VRRP cluster, will be configured with a real IP address, and the virtual IP address for the particular cluster. Overall, this protocol adds to the options for providing fault redundancy for router networks. TABLE OF CONTENTS 1 Introduction 3 2 Scope 3 2.1 Terminology 4 3 Definitions 4 4 Sample Configurations 5 4.1 Sample Configuration 1 5 4.2 Sample Configuration 2 6 5 Protocol 6 5.1 VRRP Packet Format 7 5.2 IP Field Descriptions 7 5.3 VRRP Field Descriptions 8 6 Protocol State Machine 10 6.1 Parameters 10 6.2 Timers 10 6.3 State Transition Diagram 10 6.4 State Descriptions 10 6.5 State Table 10 7 Sending and Receiving VRRP Packets 14 7.1 Receiving VRRP Packets 14 7.2 Transmitting Packets 14 7.3 Virtual MAC Address 14 8 Client Interaction 15 8.1 Client ARP Requests 15 9 References 15 10 Security Considerations 15 11 Authors' Addresses 15 12 Acknowledgments 16 draft-hinden-vrrp-01.txt [Page 2] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 1 Introduction The reason for the development of VRRP is to create a standard protocol, with multi-vendor support to resolve the problem of router failure. Specifically, when a single router is utilized as a default gateway, and all hosts are statically configured to this default gateway, a failure is catastrophic. VRRP resolves this problem by creating virtual clusters, where each cluster is configured with a set of member routers. Each member router is either a master router for the cluster or a backup router for the cluster, but not both simultaneously. In addition, there MUST only be a single master router per cluster, at any given time. All member routers are configured to be part of a cluster, with a given virtual IP address. This virtual IP address is utilized as the default gateway on all of the host systems. Given a failure on the current master router, the next appropriate backup router will become the master router for the given cluster. Of course this problem could be solved by running a standard routing protocol such as OSPF, RIP, or RIPv2 on the hosts. However, this is not always feasible due to either security issues, when hosts are multihomed, or in some cases implementations of these routing protocols simply do not exist. 2 Scope This memo describes the Master Router Redundancy Protocol. This protocol is intended for IPv4 only, with extensions for IPv6 to be added at a later time. Within the scope of this memo are: 1. Packet format and header contents. 2. State Diagrams and Descriptions 3. Network Design Samples Outside of the scope are 1. Network management 2. Host internal optimizations draft-hinden-vrrp-01.txt [Page 3] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 2.1 Terminology The following language conventions are used in the items of specification in this document: "Must," "Shall," or "Mandatory"--the item is an absolute requirement of the specification. "Should" or "Recommended"--the item should generally be followed for all but exceptional circumstances. "May" or "Optional"--the item is truly optional and may be followed or ignored according to the needs of the implementor. 3 Definitions Cluster Used to describe a set of routers who all have membership to the set of routers S, where S contains all routers configured with the same virtual IP address. Master Router Used to describe the currently active router, for a particular cluster, with a particular virtual IP address. Their can only be one master router in a particular cluster. Backup Router Used to describe a router which is configured to act as a backup for a particular cluster. There can be several backup routers in a single cluster. draft-hinden-vrrp-01.txt [Page 4] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 4 Sample Configurations 4.1 Sample Configuration 1 The following figure shows a simple VRRP network. +--------------------------+ | Cluster X | | | | +-----+ +-----+ | | | MRX | | BRX | | | +-----+ +-----+ | Real IP 1 ---------->* *<---------- Real IP 2 | | * | | +-------------^------------+ | | | -------------------+------|-----+-----+-------------+------ | ^ ^ Virtual IP --(VIPX)-+ (VIPX) (VIPX) | | +--+--+ +--+--+ | H1 | | H2 | +-----+ +-----+ The above configuration shows the most likely utilization of the VRRP protocol. In this configuration, the hosts simply point their default routes at the virtual IP address X (VIPX), and the routers run VRRP between themselves. The router on the left is the default master router (MRX), and the router on the right is the backup router (BRX). Legend: ---+---+---+-- = 802 network, Ethernet or FDDI H = Host computer MR = Master Router BR = Backup Router * = IP Address VIP = default gateway for hosts (Virtual IP) draft-hinden-vrrp-01.txt [Page 5] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 4.2 Sample Configuration 2 The following figure shows a more interesting VRRP network. +--------------------------+ | Cluster X and Cluster Y | | | | +-----+ +-----+ | | | MRX | | BRX | | | | & | | & | | | | BRY | | MRY | | | +-----+ +-----+ | Real IP 1 ---------->* *<---------- Real IP 2 | | * * | | +---------^------^---------+ | | | | ------------------+--|------|--+-----+--------+--------+--------+-- | | ^ ^ ^ ^ Virtual IP --(VIPX)-+ | (VIPX) (VIPY) (VIPX) (VIPY) | | | | | Virtual IP --(VIPY)--------+ +--+--+ +--+--+ +--+--+ +--+--+ | H1 | | H2 | | H3 | | H4 | +-----+ +-----+ +--+--+ +--+--+ In the above configuration, half of the hosts point their default gateway at cluster X's virtual IP address (VIPX), and half the hosts point their default gateway at cluster Y's virtual IP address (VIPY). This has the effect of load balancing the outgoing traffic, while also providing full redundancy. Legend: ---+---+---+-- = 802 network, Ethernet or FDDI H = Host computer MR = Master Router BR = Backup Router * = IP Address VIP = default gateway for hosts (Virtual IP) 5 Protocol The purpose of the VRRP packet is to communicate to all other VRRP routers both the priority and the state of the master's associated interface. VRRP packets are sent encapsulated in IP packets. They are sent to an IPv4 multicast address assigned for VRRP. draft-hinden-vrrp-01.txt [Page 6] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 5.1 VRRP Packet Format This section defines the format of the VRRP packet and the relevant fields in the IP header. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Version | VRRP Cluster | Priority | Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1 | Auth Type | (zero) | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2 | Virtual IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3 | Authentication Data | +---------------------------------------------------------------+ 4 | | +---------------------------------------------------------------+ 5.2 IP Field Descriptions 5.2.1 Source Address The IP address of the interface that the packet is being sent from. 5.2.2 Destination Address The IP multicast address assigned to VRRP by the IANA. It is defined to be: 224.0.0.(TBD) Routers should not forward a datagram with this destination addresses regardless of its TTL. 5.2.3 TTL The TTL should be set to 255. A node receiving a VRRP packet with the TTL not equal to 255 MUST discard the packet. 5.2.4 Protocol The protocol field should be set to (TBD) which has been assigned by the IANA to VRRP. draft-hinden-vrrp-01.txt [Page 7] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 5.3 VRRP Field Descriptions 5.3.1 Version The version field specifies the version of this VRRP protocol packet. The initial version described in this paper is version 1. 5.3.2 VRRP Cluster The VRRP Cluster field specifies the cluster for which this interface is in the reported state, with the reported priority. Note: The interface may be in more than one VRRP cluster simultaneously, perhaps serving as master in one cluster, while simultaneously serving as backup in other clusters. 5.3.3 Priority The priority field specifies the currently configured VRRP priority value for this interface and cluster. Higher values equal higher priority. This field is an 8 bit unsigned field, giving 1 as the minimum priority, and 255 as the maximum priority. The default priority is 100. Priority value of zero (0) has a special meaning. It means that the current master had decided to stop running VRRP. This is used to cause other backup routers to quickly become master with out having to timeout the current master. In the event that two or more routers within a cluster have equal priority, and that priority is the highest priority in the cluster, the router with the higher real interface IP address (interpreted as a 32 bit unsigned integer) will become master. 5.3.4 Type The type field specifies the type of this VRRP packet. The only packet type defined in this version of the protocol is: 1 (00000001): ADVERTISEMENT All other values are currently unknown, and if a packet is received with a value not listed, it should be discarded. 5.3.5 Authentication Type The authentication type field identifies the authentication method being utilized. The current supported authentications are listed below: draft-hinden-vrrp-01.txt [Page 8] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 0 - No authentication 1 - Simple text authentication 2 - IP Security Option Authentication For simple text authentication any VRRP packet with an authentication string that does not match its configured authentication string should be discarded. The authentication type field is an 8 bit number and must be one of the above listed values. 5.3.5.1 IP Security Option Authentication When authentication is performed by using the IP Authentication Header as specified in [1], the Authentication type should be set to "2". If packet is received with the Authentication type set to "2" indicating IP security option authentication and no authentication header is present in the packet, the packet should be discarded. 5.3.6 Checksum The checksum field is used to detect data corruption in the VRRP message. The checksum is the 16-bit one's complement of the one's complement sum of the entire VRRP message starting with the version field. For computing the checksum, the checksum field is set to zero. 5.3.7 Virtual IP address The virtual IP address field specifies the Virtual IP (VIP) address associated with the particular cluster. This field is particularly useful for troubleshooting misconfigured routers. The VIP should be an IP address assigned from the subnet that the interface is attached. 5.3.8 Authentication Data The authentication string is currently utilized for simple text authentication, similar to the simple text authentication found in OSPF. It is up to 8 characters of plain text. If the configured authentication string is shorter than 8 bytes, the remaining space MUST be zero-filled. Any VRRP packet with an authentication string that does not match its configured authentication string should be discarded. The authentication string is unique on a per cluster basis. draft-hinden-vrrp-01.txt [Page 9] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 6 Protocol State Machine 6.1 Parameters Cluster_ID Cluster identifier. Configured item. Priority Priority value for this cluster. Configured item. Default is 100. Virtual_IP Virtual IP Address for this cluster. Configured item. Advertisement_Interval Time interval for Master to Send ADVERTISEMENTS. Default is 1 second. Master_Down_Interval Time interval for Backup to declare Master down. Defined to be (3 * Advertisement_Interval) + ( (256 - Priority) / 256 ) seconds. 6.2 Timers Master_Down_Timer Timer which fires when Master has not been heard for Master_Down_Interval. Adver_Timer Timer which fires when time to send next ADVERTISEMENT based on Advertisement_Interval. 6.3 State Transition Diagram +---------------+ | |<-------------+ +--------->| Initialize | | | | |----------+ | | +---------------+ | | | | | | V | +---------------+ +---------------+ | |---------------------->| | | Master | | Backup | | |<----------------------| | +---------------+ +---------------+ draft-hinden-vrrp-01.txt [Page 10] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 6.4 State Descriptions In the below state descriptions, the state names will be identified as follows {state-name}, and the packets will be identified by utilizing all upper case characters. 6.4.1 Initialize {Initialize} is the initial state an interface takes after when VRRP is enabled or disabled. The basic function of the state is to wait for a startup event. When that is received it: - Set the Master_Down_Timer to Master_Down_Interval - Set state to {Backup} state. 6.4.2 Backup The main purpose of {Backup} state is for an interface to wait for the current master to stop sending ADVERTISEMENT packets. While in this state, an interface should do the following: - Should not respond to ARP request for the interface VIP router address - Should discard packets with destination link layer MAC address equal to virtual router MAC. - Should discard packets addressed to the interface VIP address. - If Master_Down_Timer fires, Send ADVERTISEMENT, set Adver_Timer to Advertisement_Interval, and set state to {Master} state - If ADVERTISEMENT received, If Priority of the received ADVERTISEMENT is Zero, then cancel Master_Down_Timer, set Adver_Timer, and set state to {Master}. If Priority of the received ADVERTISEMENT is higher than this interfaces Priority, then reset Master_Down_Timer. If Priority of the received ADVERTISEMENT is lower than this interfaces Priority, then discard ADVERTISEMENT. draft-hinden-vrrp-01.txt [Page 11] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 6.4.3 Master In {Master} state an interface is functioning as the actual physical router for the virtual router IP and MAC address. While in this state, an interface should do the following: - Accept and forward traffic for the virtual router MAC address. - Respond to ARP requests for the VIP address with the virtual router MAC address. - Respond to packets addressed to the VIP address. - If Adver_Timer fires, send a ADVERTISEMENT and reset Adver_Timer. - If ADVERTISEMENT received, If Priority of the received ADVERTISEMENT is higher than this interfaces Priority, then cancel Adver_Timer, Set Master_Down_Timer, and set state to {Backup}. If Priority of the received ADVERTISEMENT is lower than this interfaces Priority, then send ADVERTISEMENT. draft-hinden-vrrp-01.txt [Page 12] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 6.5 State Table +---------------+---------------+---------------+---------------+ |Current State->| {Initialize} | {Backup} | {Master} | | | | | | | Event | | | | | | | | | | | V | | | | +---------------+---------------+---------------+---------------+ | | Set Master_ | | | | Startup | Down_Timer | | | | | State = | | | | | Backup | | | +---------------+---------------+---------------+---------------+ | | | Cancel Master_| Cancel Adver_ | | Shutdown | Ignore | Down_Timer | Timer | | | Event | State = | Send ADVER w/ | | | | Initialize | Priority=0 | | | | | State = Init. | +---------------+---------------+---------------+---------------+ | | Cancel | Send | Cancel | | Master_Down_ | Master_Down_ | ADVERTISEMENT| Master_Down_ | | Timer fires | Timer | Set Adver_ | Timer | | | | Timer | | | | | State = Master| | +---------------+---------------+---------------+---------------+ | Adver_Timer | Cancel | Cancel | Send ADVER. | | fires | Adver_Timer | Adver_Timer | Reset Adver_ | | | | | Timer | +---------------+---------------+---------------+---------------+ | Receive VRRP | | Cancel Master_| Send ADVER. | | ADVERTISEMENT | Discard | Down_Timer | Reset Adver_ | | with Priority | Packet | Send ADVER. | Timer | | equal Zero | | Set Adver_ | | | | | Timer | | | | | State = Master| | +---------------+---------------+---------------+---------------+ | Receive VRRP | | | Cancel Adver_ | | ADVERTISEMENT | Discard | Reset | Timer | | with Higher | Packet | Master_Down_ | Set Master__ | | Priority | | Timer | Down_Timer | | | | | State = Backup| +---------------+---------------+---------------+---------------+ | Receive VRRP | | | Send | | ADVERTISEMENT | Discard | Discard | ADVERTISEMENT| | with Lower | Packet | Packet | Reset Adver_ | | Priority | | | Timer | draft-hinden-vrrp-01.txt [Page 13] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 +---------------+---------------+---------------+---------------+ | Receive ARP | | | Send ARP | | Request for | Discard | Discard | Reply w/ | | VIP address | Packet | Packet | VMAC | +---------------+---------------+---------------+---------------+ | Receive IP | | | Process as | | packet w/ | Discard | Discard | Normal IP | | Destination | Packet | Packet | Packet sent | | = VIP | | | to Router | +---------------+---------------+---------------+---------------+ | Receive IP | | | Process and | | packet w/ | Discard | Discard | Forward as | | Dest. MAC | Packet | Packet | Normal IP | | = VMAC | | | Packet | +---------------+---------------+---------------+---------------+ | Unknown VRRP | Discard | Discard | Discard | | packet | Packet | Packet | Packet | +---------------+---------------+---------------+---------------+ 7 Sending and Receiving VRRP Packets 7.1 Receiving VRRP Packets The following rules must be performed when a VRRP packet is received: - Verify TTL = 255. - Check if received packet length is greater or equal to VRRP header length. - Verify checksum in packet - Verify version - If IP Source address equals interface IP address, discard packet. - Check if Cluster identifier valid on received interface - Perform indicated authentication - Check if VIP in packet is same as configured VIP for this cluster. 7.2 Transmitting Packets The following operations must be performed prior to transmitting a VRRP packet. - Fill in packet fields with appropriate interface and cluster information - Compute Checksum - Send to IP VRRP Multicast Group draft-hinden-vrrp-01.txt [Page 14] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 7.3 Virtual MAC Address The virtual MAC address associated with the virtual IP address is a IEEE 802 MAC Address of the following format: 02-00-5E-00-00-{cluster id} (in hex in internet standard bit-order) The initial 02: of the address sets the local flag (the 02: bit), and clears the Multicast flag (the 01: bit) in the IEEE MAC address. The remainder of the first three bytes is the IANA's OUI. {cluster id} is the VRRP cluster identifier. This mapping allows for up to 255 VRRP clusters per interface. 8 Client Interaction 8.1 Client ARP Requests When a client sends a ARP request for the virtual IP address, the appropriate master router should respond to the ARP request with the above reserved MAC address for the appropriate cluster. This allows the client to always use the same MAC address regardless of the current master router. The request should be handled as a standard ARP reply. 9 References [1] Atkinson, R., "IP Authentication Header", RFC 1826, Naval Research Laboratory, August 1995. 10 Security Considerations The protocol design supports no authentication, simple text authentication, and integrity/authentication/integrity using the IP Security options. 11 Author's Addresses Steven Knight Ascend Communications High Performance Network Division 10250 Valley View Road, Suite 113 Eden Prairie, MN USA 55344 Phone: (612) 943-8990 EMail: Steven.Knight@ascend.com Douglas Weaver draft-hinden-vrrp-01.txt [Page 15] INTERNET-DRAFT Virtual Router Redundancy Protocol 25 March 97 Ascend Communications High Performance Network Division 10250 Valley View Road, Suite 113 Eden Prairie, MN USA 55344 Phone: (612) 943-8990 EMail: Doug.Weaver@ascend.com David Whipple Microsoft Corporation One Microsoft Way Redmond, WA USA 98052-6399 Phone: (206) 703-3876 EMail: dwhipple@microsoft.com Robert M. Hinden Ipsilon Networks, Inc. 232 Java Drive Sunnyvale, CA 94089 Phone: 1 408 990-2004 EMail: hinden@ipsilon.com 12 Acknowledgments The authors would like to thank Glen Zorn (Microsoft), and Michael Lane (Microsoft), Clark Bremer (Ascend), Hal Peterson (Ascend), Danny Mitzel (Ipsilon), and Peter Hunt (Ipsilon). draft-hinden-vrrp-01.txt [Page 16]