VRRP (Virtual Router Redundancy Protocol)

19 posts were merged into an existing topic: VRRP (Virtual Router Redundancy Protocol)

Could someone help me to give more details on why we need gratituous ARP in VRRP.What I read so far from various source is there will be a GARP sent immediately after backup router takes master role to update underlying switch MAC table which I felt it can be done with VRRP advertisement(source MAC as virtual MAC) instead of GARP.

Hi Raghu,

It is a good question and to be honest, I can’t really find a good answer. Take a look at this Wireshark capture:

https://www.cloudshark.org/captures/f95de647e6aa

This capture shows how 192.168.1.2 (current master) is taken over by 192.168.1.1 (new master). Both the advertisement and the gratuitous ARP have the same source MAC address (0000.5e00.0101). A switch can update its MAC address table with the source MAC address in the advertisement, we don’t need the gratuitous ARP for that.

The only difference is that the gratuitous ARP is also sent as a broadcast, not just to a multicast destination. Still, I’m having a hard time thinking of a reason why we need anything next to the updated advertisement. The RFC also doesn’t explain why they use the gratuitous ARP. If anything comes to mind, I’ll update my answer here.

Thanks Rene.

I read somewhere in the Internet that Huawei routers use interface MAC as a source MAC for VRRP advertisement with period GARP with source MAC as virtual to update underlying switch table.

RFC talks something about GARP for token ring topology RIF table - I am not sure what was that and how GARP plays a vital role in token ring case though no one is using now a days.

RFC also says VRRP advertisement should use source MAC as virtual MAC

Regards

Raghu.K

Hi Rene

Can you confirm that object tracking means IP SLA tracking?

Also, could you update the table to confirm that VRRP now supports 255 groups per interface?

Thanks

Hello Chris

Object tracking and IP SLA are not the same thing although the concepts are related. For example, an IP SLA can be configured to track objects. In order to understand this further, let’s take a look at HSRP, VRRP and objects.

As far as HSRP and VRRP go, object tracking is an independent process that manages creating, monitoring, and removing tracked objects such as the state of the line protocol of an interface. Clients such as the Hot Standby Router Protocol (HSRP) and VRRP register their interest with specific tracked objects and act when the state of an object changes.

IP SLA on the other hand uses active monitoring of objects by generating traffic to measure network performance. IP SLA operations collects real-time metrics that can be used for network troubleshooting, design, and analysis.

I hope this has been helpful!

Laz

Hi Rene !
Is VRRP need to use IP SLA or interface tracking like HSRP ?

Hello Kuoch

Yes, VRRP is capable of tracking interfaces as well as using IP SLA to determine the currently active gateway. Both of these features are achieved using object tracking. Object tracking can be used to follow both the state of interfaces as well as the results of an IP SLA.

HSRP is capable of using object tracking for this purpose as well and is applied in much the same way.

The following two Cisco links show the method of applying object tracking to VRRP and HSRP respectively.

I hope this has been helpful!

Laz

Hi Rene,
in your VRRP section you mention 16 groups maximum for HSRP.
In your HSRP section https://networklessons.com/cisco/ccnp-switch/hsrp-hot-standby-routing-protocol/ you say 0 – 255 (HSRPv1) and 0 – 4095 (HSRPv2).
It seems that this is an individual number depending on the hardware model. Right ?
When researching further i found following:
3550 - 16 groups
3750 - 32 groups

On following document for 3850

You can configure up to 128 groups at the configuration level but the recommended HSRP group number limit is 64.

Routers seem to be capable of up to 255 (HSRPv1) and 4095 (HSRPv2).
So this doesn’t seem to be fixed value at least not for switches. It seems to be dependent on the platform.

Could you please confirm or correct me ?

Many thanks,
Oliver

Hello Oliver

How many groups can be configured depend on what limiting factor you are looking at. Strictly from a software point of view, the IOS is capable of supporting 256 groups for v1 and 4096 for v2. More precisely, the group ID numbers can be within these ranges. However, various platforms limit this number because of the hardware that is available to support it. Like you said, the 3550 supports 16 groups, the 3750 supports 32 groups and the 3850 can technically support 128 but it is recommended to limit it to 64.

I hope this has been helpful!

Laz

Hi,

thank you for confirming. It’s clear now.

Rgds,
Oliver

Hi Team,

Can you please explain Gratuitous ARP concept

Hello Rene & Team,

Suppose we have configured real IP address 192.168.1.1 as a virtual IP address and SW1 goes down then how SW2 will become MASTER ? does it assign 192.168.1.1 IP to itself ? as we have configured default gateway on host H1 & H2 as 192.168.1.1

Hello Aniket

You can find an excellent description of Gratuitous ARP at this Cisco learning network post:

I hope this has been helpful!

Laz

Hello Aniket

You will not be able to use the same IP address for both the real SW1 and the virtual IP. The Virtual IP address must be unique on the network, as should all IP addresses used, but real and virtual. Suppose we are using the following IP addresses as is the case in the lesson:

• SW1: 192.168.1.1
• SW2: 192.168.1.2
• Virtual: 192.168.1.3

If SW1 is the master, then it “adopts” the 192.168.1.3 address and uses it as its own. All packets destined for 192.168.1.3 go to SW1.

If SW1 goes down, SW2 will detect this and will adopt the 192.168.1.3 address for itself. All packets destined to 192.168.1.3 will now go to SW2.

The hosts keep the same IP address for the default gateway.

I hope this has been helpful!
Laz

Hi Laz,

As per Cisco documentation in VRRP, virtual IP address can be the same as the real IP address of one of the group members. Can you please verify.

Hello Aniket

Yes you are correct, I was thinking about HSRP. VRRP does allow you to use the physical IP address of a particular router as the virtual address that is shared among all devices in the VRRP group.

So to answer your original question:

The simple answer is yes, SW2 will adopt the IP address of SW1. More precisely, it adopts the role of the virtual router. In more detail, what SW2 will do is it will begin responding to ARP requests informing that the IP address 192.168.1.1 now corresponds to a different MAC address, that if itself.

With VRRP, a virtual router must use 00-00-5E-00-01-XX as its Media Access Control (MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and the currently active device that is playing the role of the virtual router will reply with this MAC address when an ARP request is sent for the virtual router’s IP address.

I hope this has been helpful!

Laz

If I had access to a switch lab, I wouldn’t ask this question. Suppose you configure VRRP such that a backup VRRP client learns timers from the master (which has non-default timers set). A failure then occurs so that the backup becomes the new master. Would the new master continue to use the timers it learned from the prior master, or would it revert to use VRRP defaults?

Hi Andrew,

Just tested this, when the backup VRRP becomes the master, it uses its own timer values. Not the ones from the failed master.

Rene

Hello NetworkLessons team,

Maybe there is a little typo in the text below:
“VRRP uses different terminology than HSRP. SW1 has the best priority and will become the master router. SW2 will become a backup router (instead standby).”