Virtual Router Redundancy - VRR
Virtual Router Redundancy (VRR) enables hosts to communicate with any redundant router without reconfiguration, running dynamic router protocols, or running router redundancy protocols. This means that redundant routers will respond to Address Resolution Protocol (ARP) requests from hosts. Routers are configured to respond in an identical manner, but if one fails, the other redundant routers will continue to respond, leaving the hosts with the impression that nothing has changed.
The diagram below illustrates a basic VRR-enabled network configuration. The network includes several hosts, and two routers running Cumulus Linux configured with Multi-chassis Link Aggregation (MLAG):
A production implementation will have many more server hosts and network connections than are shown here. However, this basic configuration provides a complete description of the important aspects of the VRR setup.
As the bridges in each of the redundant routers are connected, they will each receive and reply to ARP requests for the virtual router IP address.
Multiple ARP Replies
Each ARP request made by a host will receive replies from each router; these replies will be identical, and so the host receiving the replies will either ignore replies after the first, or accept them and overwrite the previous identical reply, rather than being confused over which response is correct.
Reserved MAC Address Range
A range of MAC addresses is reserved for use with VRR, in order to
prevent MAC address conflicts with other interfaces in the same bridged
network. The reserved range is
Cumulus Networks recommends using MAC addresses from the reserved range when configuring VRR.
The reserved MAC address range for VRR is the same as for the Virtual Router Redundancy Protocol (VRRP), as they serve similar purposes.
Configuring a VRR-enabled Network
Configuring the Routers
The routers implement the layer 2 network interconnecting the hosts and the redundant routers. To configure the routers, add a bridge with the following interfaces to each router:
One bond interface or switch port interface to each host.
For networks using MLAG, use bond interfaces. Otherwise, use switch port interfaces.
One or more interfaces to each peer router.
Multiple inter-peer links are typically bonded interfaces, in order to accomodate higher bandwidth between the routers, and to offer link redundancy.
Example VLAN-aware Bridge Configuration
The example NCLU commands below create a VLAN-aware bridge interface for a VRR-enabled network:
cumulus@switch:~$ net add bridge cumulus@switch:~$ net add vlan 500 ip address 192.168.0.252/24 cumulus@switch:~$ net add vlan 500 ip address-virtual 00:00:5e:00:01:01 192.168.0.254/24 cumulus@switch:~$ net add vlan 500 ipv6 address 2001:aa::1/48 cumulus@switch:~$ net add vlan 500 ipv6 address-virtual 00:00:5e:00:01:01 2001:aa::1/48 cumulus@switch:~$ net pending cumulus@switch:~$ net commit
The NCLU commands above produce the following
auto bridge iface bridge bridge-vids 500 bridge-vlan-aware yes auto vlan500 iface vlan500 address 192.168.0.252/24 address 2001:aa::1/48 address-virtual 00:00:5e:00:01:01 2001:aa::1/48 192.168.0.254/24 vlan-id 500 vlan-raw-device bridge
Configuring the Hosts
Each host should have two network interfaces. The routers configure the interfaces as bonds running LACP; the hosts should also configure its two interfaces using teaming, port aggregation, port group, or EtherChannel running LACP. Configure the hosts, either statically or via DHCP, with a gateway address that is the IP address of the virtual router; this default gateway address never changes.
Configure the links between the hosts and the routers in active-active mode for First Hop Redundancy Protocol.