Table of Contents
The FB9000 supports VRRP (Virtual Router Redundancy Protocol), which is a system that provides routing redundancy, by enabling more than one hardware device on a network to act as a gateway for routing traffic. Hardware redundancy means VRRP can provide resilience in the event of device failure, by allowing a backup device to automatically assume the role of actively routing traffic.
VRRP abstracts a group of routers using the concept of a virtual router, which has a virtual IP address. The IP address is virtual in the sense that it is associated with more than one hardware device, and can 'move' between devices automatically.
The virtual IP address normally differs from the real IP address of any of the group members, but it can be the real address of the master router if you prefer (e.g. if short of IP addresses).
You can have multiple virtual routers on the same LAN at the same time, so there is a Virtual Router Identifier (VRID) that is used to distinguish them.
The default VRID used by the FB9000 is 42
. You must set all devices that are part of the same group (virtual router) to the same VRID, and this VRID must
differ from that used by any other virtual routers on the same LAN. Typically you would only have one virtual router on any given LAN, so the default of
42
does not normally need changing.
At any one time, one physical device is the master and is handling all the traffic sent to the virtual IP address. If the master fails, a backup takes over, and this process is transparent to other devices, which do not need to be aware of the change.
The members of the group communicate with each other using multicast IP packets.
The transparency to device failure is implemented by having group members all capable of receiving traffic addressed to the same single MAC address.
A special MAC address is used, 00-00-5E-00-01-XX
, where XX
is the VRID or VRRPv2, and 00-00-5E-00-02-XX
for VRRPv3.
The master device will reply with this MAC address when an ARP request is sent for the virtual router's IP address.
Since the MAC address associated with the virtual IP address does not change, ARP cache entries in other devices remain valid throughout the master / backup switch-over, and other devices are not even aware that the switch has happened, apart from a short 'black-hole' period until the backup starts routing.
When there is a switch-over, the VRRP packets that are multicast are sent from this special MAC, so network switches will automatically modify internal MAC forwarding tables, and start switching traffic to the appropriate physical ports for the physical router that is taking up the active routing role.
You can disable the use of the special MAC if you wish, and use a normal FireBrick MAC. However, this can lead to problems in some cases.