VRRP Working Group Rob Montgomery INTERNET DRAFT (Cabletron Systems) draft-montgomery-vrrp-nam-00.txt Virtual Router Redundancy Protocol Natural Address Mode Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of [RFC2026]. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This internet draft expires on February 29, 2000. Abstract The Virtual Router Redundancy Protocol (VRRP) [1] has been shown to function erratically over networks that do not support rapid MAC Address mobility. Examples of these types of networks include ATM networks using LAN Emulation, and Source Route Bridged networks. draft-ietf-vrrp-nam-01.txt [Page 1] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 While VRRP, in it's traditional form, is intended to support the greatest possible number of devices, the purpose of this memo is to provide extensions to that protocol that will support operations in networks that are not otherwise supported. Table of Contents 1. Introduction...............................................2 1.1 Scope...................................................3 1.2 Definitions.............................................3 2. Natural Address Mode Overview..............................3 3. Interoperability with Virtual Address Mode.................3 4. Natural Address Mode State Machine.........................4 4.1 Parameters per Virtual Router...........................4 4.2 Timers..................................................6 4.3 State Transition Diagram................................6 4.4 State Descriptions......................................6 5. Natural Address Mode Packet Formats.......................11 5.1 Gratuitous ARP Response...............................12 5.2 Gratuitous ARP Request................................12 5.3 VRRP-NAM Advertisements...............................13 6. Operational Issues........................................13 6.1 RFC 826 Compliance....................................13 6.3 Proxy ARP.............................................13 7. Sending and Receiving VRRP Packets........................14 7.1 Receiving VRRP Packets................................14 7.2 Transmitting Packets..................................14 7.3 Virtual MAC Address...................................15 8. Security Considerations....................................15 9. Acknowledgments............................................15 10. References................................................15 11. Authors' Addresses........................................16 1. Introduction VRRP, in it's original form, provides excellent fault tolerance support for networks consisting only of Ethernet, FDDI and other technologies which support the use of 'MAC Address mobility.' However, technologies that do not readily support MAC Address mobility are not sufficiently supported. In order to provide support for technologies, such as ATM LANE and Source Route Bridging, this document describes an alternative to the use of a Virtual MAC Address. It is worth noting that this approach does result in the addition of several restrictions and limitations, and is, therefore, only intended as an extension to the existing protocol, and not as a replacement. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119]. draft-ietf-vrrp-nam-01.txt [Page 2] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 1.1 Scope The remainder of this document describes those portions of the VRRP protocol which are different between the operations of VRRP's 'Virtual Address Mode' and the 'Natural Address Mode.' VRRP Routers supporting Natural Address Mode MUST also support the more traditional 'Virtual Address Mode'. In instances where it is probable to believe that the router will be connected to a network that does not support MAC Address Mobility, the router MAY default to 'Natural Address Mode.' However, other routers SHOULD default to 'Virtual Address Mode'. All routers MUST support 'Virtual Address Mode.' 1.2 Definitions All definitions used in this document adhere to those described under the Virtual Router Redundancy Protocol [1]. 2.0 Natural Address Mode Overview VRRP's Natural Address Mode functions very much like the traditional 'Virtual Address Mode' as defined by the Virtual Router Redundancy Protocol' specification (Version 2) [1], except without the Virtual MAC Address. In order to ensure high availability routing, without the requirement of any special or uncommon support by an end station, or interconnection device other than the router, VRRP-NAM takes advantage of the 'Address Resolution Protocol' for the resolution of MAC Address to IP Address binding issues. Specifically, while in the process of transitioning to the Master State, a VRRP-NAM Router will transmit a series of broadcast 'Gratuitous ARP' packets, which will serve to update the IP Address to MAC Address bindings of all 'Address Resolution Protocol' [2] compliant end hosts. This process will be repeated for each IP Address associated with the VRID in question. Due to the potential for dropped packets, and the requirement that the Gratuitous ARP packets be delivered, it is necessary that they be transmitted several times. This has resulted in the introduction of the CLAIM state. During the CLAIM state, the router which is asserting itself as Master will, repeatedly (default four times) and at a decreasing rate, transmit the required ARP messages. 3.0 Interoperability With 'Virtual Address Mode' VRRP-NAM Routers will transmit VRRP Advertisements that are readily identifiable as being transmitted from a VRRP-NAM router. These advertisements MUST be ignored by all VRRP-VAM routers. The process of ignoring these packets is defined in the VRRP specification [1]. draft-ietf-vrrp-nam-01.txt [Page 3] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 VRRP-NAM Routers, upon receipt of a VRRP Advertisement from a router operating in VRRP Virtual Address Mode, may act in one of two possible manners. The router SHOULD log an error, and immediately transition to the 'Virtual Address Mode.' However, the router MAY trigger a shutdown event, which will terminate the VRRP process on the router. In either case, the router MUST transmit one or more Gratuitous ARP packets, mapping each IP Address to the well-known 'Virtual MAC Address' associated with that VRID, and cease operating in the Natural Address Mode. When choosing between the above options, the implementor should carefully consider what will happen if the IP Address owning VRRP router is operating in Natural Address Mode, while another router servicing the same VRID is operating in Virtual Address Mode. This situation may result in the appearance of a duplicate IP address situation. 4.0 Protocol State Machine 4.1 Parameters per Virtual Router VRID Virtual Router Identifier. Configured item in the range 1-255 (decimal). There is no default. Priority Priority value to be used by this VRRP router in Master election for this virtual router. The value of 255 (decimal) is reserved for the router that owns the IP addresses associated with the virtual router. The value of 0 (zero) is reserved for Master router to indicate it is releasing responsibility for the virtual router. The range 1-254 (decimal) is available for VRRP routers backing up the virtual router. The default value is 100 (decimal). IP_Addresses One or more IP addresses associated with this virtual router. Configured item. No default. Advertisement_Interval Time interval between ADVERTISEMENTS (seconds). Default is 1 second. Skew_Time Time to skew Master_Down_Interval in seconds. Calculated as: (256 - Priority) / 256 draft-ietf-vrrp-nam-01.txt [Page 4] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 Master_Down_Interval Time interval for Backup to declare Master down (seconds). Calculated as: (3 * Advertisement_Interval) + Skew_time Preempt_Mode Controls whether a higher priority Backup router preempts a lower priority Master. Values are True to allow preemption and False to prohibit preemption. Default for Natural Address Mode routers is False. Note 1: This difference from the 'VRRP' [1] specification has been made due to the higher 'cost' associated with the reconvergence of of VRRP networks when they operate in the Virtual Address Mode. Note 2: Exception is that the router that owns the IP address(es) associated with the virtual router always pre-empts independent of the setting of this flag. Authentication_Type Type of authentication being used. Values are defined in the VRRP Specification [1]. Authentication_Data Authentication data specific to the Authentication_Type being used. Claim_Interval Time interval, in seconds, used to calculate the duration of time between Gratuitous ARP Responses while in the (Claim) state. Default is 1 second. Claim_Multiplier Multiplier used to decrease the frequency of the Gratuitous ARP Responses while in the (Claim) state. Start Point is 1. Max_Claim_Multiplier The Maximum value for the Claim_Multiplier. Upon reaching this value, the VRRP Router will transition to the MASTER state. Default is 4. Claim_Type Type of ARP packets used to dynamically update client ARP Cache's. Default is 2. 0 - Hybrid Mode (Both Request and Response) 1 - Request Only 2 - Response Only draft-ietf-vrrp-nam-01.txt [Page 5] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 4.2 Timers Master_Down_Timer Timer that fires when ADVERTISEMENT has not been heard for Master_Down_Interval. Adver_Timer Timer that fires to trigger sending of ADVERTISEMENT based on Advertisement_Interval. Claim_Timer Timer that fires to trigger sending of GRATUITOUS_ARP_RESPONSE based on the Claim_Interval and the Claim_Multiplier 4.3 State Transition Diagram +---------------+ +--------->| |<-------------+ | | Initialize | | | +------| |----------+ | | V +---------------+ | | | +----------+ | | | | Claim |<-----+ | | | +----------+ | | | | | | | | | V | V | +---------------+ | +---------------+ | | +-----------| | | Master | | Backup | | |---------------------->| | +---------------+ +---------------+ 4.4 State Descriptions In the state descriptions below, the state names are identified by {state-name}, and the packets are identified by all upper case characters. A VRRP router implements an instance of the state machine for each virtual router election it is participating in. 4.4.1 Initialize The purpose of this state is to wait for a Startup event. If a Startup event is received, then: - If the Priority = 255 (i.e., the router owns the IP address(es) associated with the virtual router) draft-ietf-vrrp-nam-01.txt [Page 6] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 o Set the Master_Down_Timer to Master_Down_Interval o Transition to the {Backup} state endif o Send an ADVERTISEMENT o Broadcast a gratuitous ARP-Response for IP_Addresses. o Set the Adver_Timer to Advertisement_Interval o Set the Claim_Multiplier to 1. o Set the Claim_Timer to (Claim_Interval * Claim_Multiplier) o Transition to the {Claim} state else 4.4.2 Backup The purpose of the {Backup} state is to monitor the availability and state of the Master Router. While in this state, a VRRP router MUST do the following: - MUST NOT respond to ARP requests for the IP address(es) associated with the virtual router. - MUST NOT accept packets addressed to the IP address(es) associated with the virtual router. - If a Shutdown event is received, then: o Cancel the Master_Down_Timer o Transition to the {Initialize} state endif - If the Master_Down_Timer fires, then: o Send an ADVERTISEMENT o Broadcast a gratuitous ARP Response for all IP_Addresses. o Set the Adver_Timer to Advertisement_Interval o Set the Claim_Multiplier to 1. o Set the Claim_Timer to (Claim_Interval * Claim_Multiplier) o Transition to the {Claim} state endif - If an ADVERTISEMENT is received, then: If the Priority in the ADVERTISEMENT is Zero, then: o Set the Master_Down_Timer to Skew_Time else: If Preempt_Mode is False, or If the Priority in the ADVERTISEMENT is greater than or equal to the local Priority, then: draft-ietf-vrrp-nam-01.txt [Page 7] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 o Reset the Master_Down_Timer to Master_Down_Interval else: o Discard the ADVERTISEMENT endif 4.4.3 Master While in the {Master} state the router functions as the forwarding router for the IP address(es) associated with the virtual router. While in this state, a VRRP router MUST do the following: - MUST respond to ARP requests for the IP address(es) associated with the virtual router. - MUST NOT accept packets addressed to the IP address(es) associated with the virtual router if it is not the IP address owner. - MUST accept packets addressed to the IP address(es) associated with the virtual router if it is the IP address owner. - If a Shutdown event is received, then: o Cancel the Adver_Timer o Send an ADVERTISEMENT with Priority = 0 o Transition to the {Initialize} state endif - If the Adver_Timer fires, then: o Send an ADVERTISEMENT o Reset the Adver_Timer to Advertisement_Interval endif - If an ADVERTISEMENT is received, then: If the Packet Type in the ADVERTISEMENT is One, then: o Broadcast a Gratuitous ARP Response for all IP_Addresses. This Gratuitous ARP must bind all IP_Addresses to the Virtual MAC Address (7.3). o Trigger a shutdown event. o Cancel the Master_Down_Timer. o Transition to the {Initialize} state. (NOTE: The router SHOULD then reinitialize in the 'Virtual Address Mode.') draft-ietf-vrrp-nam-01.txt [Page 8] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 else: If the Priority in the ADVERTISEMENT is Zero, then: o Send an ADVERTISEMENT o Generate a gratuitous ARP-Response for all IP_Addresses. o Set the Claim_Multiplier to One. o Set the Claim_Timer to (Claim_Multiplier * Claim_Interval) o Transition to the {Claim} state. else: If the Priority in the ADVERTISEMENT is greater than the local Priority, or If the Priority in the ADVERTISEMENT is equal to the local Priority and the primary IP Address of the sender is greater than the local primary IP Address, then: o Cancel Adver_Timer o Set Master_Down_Timer to Master_Down_Interval o Transition to the {Backup} state else: o Discard ADVERTISEMENT endif 4.4.4 Claim While in the {Claim} state, the router functions as the forwarding router for the IP address(es) associated with the virtual router. While in this state, a VRRP router MUST do the following: - MUST respond to ARP requests for the IP address(es) associated with the virtual router. - MUST NOT accept packets addressed to the IP address(es) associated with the virtual router if it is not the IP address owner. - MUST accept packets addressed to the IP address(es) associated with the virtual router if it is the IP address owner. draft-ietf-vrrp-nam-01.txt [Page 9] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 - If a Shutdown event is received, then: o Cancel the Adver_Timer o Cancel the Claim_Timer o Cancel the Claim_Multiplier o Send an ADVERTISEMENT with Priority = 0 o Transition to the {Initialize} state endif - If the Adver_Timer fires, then: o Send an ADVERTISEMENT o Reset the Adver_Timer to Advertisement_Interval endif - If an ADVERTISEMENT is received, then: If the Packet Type in the ADVERTISEMENT is One, then: o Broadcast a Gratuitous ARP Response for all IP_Addresses. This Gratuitous ARP must bind all IP_Addresses to the Virtual MAC Address (7.3). o Trigger a shutdown event. o Cancel the Master_Down_Timer. o Transition to the {Initialize} state. (NOTE: The router SHOULD then reinitialize in the 'Virtual Address Mode.') else: If the Priority in the ADVERTISEMENT is Zero, then: o Send an ADVERTISEMENT. o Generate a Gratuitous ARP-Response for all IP_Addresses. o Set the Claim_Multiplier to One. o Set the Claim_Timer to (Claim_Multiplier * Claim_Interval) else: If the Priority in the ADVERTISEMENT is greater than the local Priority, or If the Priority in the ADVERTISEMENT is equal to the local Priority and the primary IP Address of the sender is greater than the local primary IP Address, then: draft-ietf-vrrp-nam-01.txt [Page 10] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 o Cancel Adver_Timer o Set Master_Down_Timer to Master_Down_Interval o Transition to the {Backup} state else: o Discard ADVERTISEMENT endif - If the Claim_Timer fires, then: If the Claim_Type = 0 (Response Mode) o Broadcast a gratuitous ARP Response for all IP_Addresses. elseif the Claim_Type = 1 (Request Mode) o Broadcast a gratuitous ARP Request for all IP_Addresses. elseif the Claim_Type = 2 (Hybrid Mode) o Broadcast a gratuitous ARP Response for all IP_Addresses. o Broadcast a gratuitous ARP Request for all IP_Addresses. endif o Increment the Claim_Multiplier counter by one. If the Claim_Multiplier = Max_Claim_Multiplier: o Transition to the {Master} state. else o Reset the Claim_Timer to (Claim_Multiplier * Claim_Interval) endif endif 5.0 Natural Address Mode Packet Formats All packets transmitted by Routers operating in 'Natural Address Mode' MUST be transmitted from the MAC address associated with the transmitting interface of the transmitting router. draft-ietf-vrrp-nam-01.txt [Page 11] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 5.1 Gratuitous ARP Response The Gratuitous ARP Response is intended to permit the re-binding of each IP address associated with the VRID to the MAC address of the Master Router. To accomplish this goal, Gratuitous ARP Response packets MUST be assembled as followed: ar$hrd (Hardware Type) - Set as appropriate. ar$pro (Protocol Type) - 0x0800 (Internet Protocol) ar$hln (Hardware Address Length) - Set as appropriate. ar$pln (Protocol Address Length) - 0x04 (4 octets) ar$op (Operation Code) - ares_op$REPLY ar$sha (Source Hardware Address) - The MAC Address associated With the transmitting interface of the router sending this packet. ar$spa (Source Protocol Address) - The IP Address, associated with this VRID, for which MAC information is being updated. ar$tha (Target Hardware Address) - No value specified. ar$tpa (Target Protocol Address) - 255.255.255.255 NOTE: The above fields are defined in the 'Address Resolution Protocol' specification [2]. 5.2 Gratuitous ARP Request The Gratuitous ARP Request is intended to permit the re-binding of each IP address associated with the VRID to the MAC address of the Master Router. To accomplish this goal, Gratuitous ARP Request packets MUST be assembled as followed: ar$hrd (Hardware Type) - Set as appropriate. ar$pro (Protocol Type) - 0x0800 (Internet Protocol) ar$hln (Hardware Address Length) - Set as appropriate. ar$pln (Protocol Address Length) - 0x04 (4 octets) ar$op (Operation Code) - ares_op$REQUEST ar$sha (Source Hardware Address) - The MAC Address associated with the transmitting interface of the router sending this packet. draft-ietf-vrrp-nam-01.txt [Page 12] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 ar$spa (Source Protocol Address) - The IP Address, associated with this VRID, for which MAC information is being updated. ar$tha (Target Hardware Address) - No value specified. ar$tpa (Target Protocol Address) - The IP Address, associated with this VRID, for which MAC information is being updated. NOTE: The above fields are defined in the 'Address Resolution Protocol' specification [2]. 5.3 Natural Address Mode Advertisements Natural Address Mode routers will propagate advertisements in a manner very similar to that of Virtual Address Mode routers. The only difference is that the 'Type' field must be set 0x02 (Natural Address Mode). Virtual Address Mode routers receiving a packet with a Type field of 0x02 will ignore the packet. This is essential for the proper operations of Virtual Address Mode. 6.0 Operational Issues This section deals with operational issues that are unique to the Natural Address Mode of VRRP. Readers are referred to the VRRP specification [1] for further Operational Issues. 6.1 RFC 826 Compliance In order for VRRP NAM to operate properly, it is necessary that all end-stations strictly comply with the 'Address Resolution Protocol' [2]. It is especially important that each station comply with the section entitled "Packet Reception". 6.2 Proxy ARP The use of Proxy-ARP in networks running VRRP-NAM is strongly discouraged due to the inability of the Gratuitous ARP Response algorithm to update proxy entries in the ARP-Cache. Devices relying on Proxy ARP will not be able to utilize VRRP-NAM Redundancy. It is recommended that Network Administrators disable Proxy-ARP on VRRP-NAM routers. This will eliminate the possibility of 'flat' end-stations operating without the knowledge of the administrator. However, this process SHOULD-NOT be automatic. draft-ietf-vrrp-nam-01.txt [Page 13] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 7.0 Transmission and Reception of VRRP Packets 7.1 Receiving VRRP Packets Performed the following functions when a VRRP packet is received: - MUST verify that the IP TTL is 255. - MUST verify the VRRP version. - MUST verify that the received packet contains the complete VRRP packet (including fixed fields, IP Address(es), and Authentication Data). - MUST verify the VRRP checksum. - MUST verify that the VRID is configured on the receiving interface and the local router is not the IP Address owner (Priority equals 255 (decimal)). - MUST verify that the Auth Type matches the locally configured authentication method for the virtual router and perform that authentication method. If any one of the above checks fails, the receiver MUST discard the packet, SHOULD log the event and MAY indicate via network management that an error occurred. - MAY verify that the IP address(es) associated with the VRID are valid. If the above check fails, the receiver SHOULD log the event and MAY indicate via network management that a misconfiguration was detected. If the packet was not generated by the address owner (Priority does not equal 255 (decimal)), the receiver MUST drop the packet, otherwise continue processing. - MUST verify that the Adver Interval in the packet is the same as the locally configured for this virtual router. If the above check fails, the receiver MUST discard the packet, SHOULD log the event and MAY indicate via network management that a misconfiguration was detected. 7.2 Transmitting VRRP Packets The following operations MUST be performed when transmitting a VRRP packet. - Fill in the VRRP packet fields with the appropriate virtual router configuration state. draft-ietf-vrrp-nam-01.txt [Page 14] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 - Compute the VRRP checksum. - Set the source MAC address to interface MAC address. - Set the source IP address to interface primary IP address. - Set the IP protocol to VRRP. - Send the VRRP packet to the VRRP IP multicast group. 7.3 Virtual Router MAC Address Traditional VRRP operations involve the use of a virtual MAC address. In the event that a VRRP packet of type One (1) is received, it will be necessary for the router to broadcast a Gratuitous ARP Response for each address associated with the virtual router, mapping the IP addresses to the virtual MAC address. The virtual MAC address can be calculated as follows: 00-00-5E-00-01-{VRID} (in hex in internet standard bit-order) This address will only be used when transitioning from Natural Address Mode (NAM) to Virtual Address Mode (VAM). 8.0 Security Considerations The use of Authentication headers, and other security apparatus is beyond the scope of this document. 9.0 Acknowledgments The author would like to thank Robert Hinden, Steven Knight, David Whipple, Danny Mitzel, Peter Hunt, P. Higginson, M. Shand, and Acee Lindem for their work on the VRRP specification and their advice, comments and help on this specification. Atul Bansal, Rob Enns, Rob Coltun, Joel Halpern, Peeyush Ranjan, Harry Wood, Chris Denton, Gene Keeler, Steve Henry, and Garry Arbuckle were also extremely helpful in answering dozens of questions, and providing comments and criticisms. 10.0 References [1] Knight, S., et al, "Virtual Router Redundancy Protocol", RFC 2338, April 1998. [2] Plummer, D., "An Ethernet Address Resolution Protocol", STD 37, RFC 826, November 1982. draft-ietf-vrrp-nam-01.txt [Page 15] INTERNET-DRAFT VRRP - Natural Address Mode August 30, 1999 11.0 Authors Addresses Rob Montgomery Tel: +1-603-337-9258 Cabletron Systems Email: rmontgom@cabletron.com Box 5005 Rochester, NH 03801-5005 USA draft-ietf-vrrp-spec-v2-01.txt [Page 16]