rfc9568.original   rfc9568.txt 
Network Working Group A. Lindem Internet Engineering Task Force (IETF) A. Lindem
Internet-Draft LabN Consulting, L.L.C. Request for Comments: 9568 LabN Consulting, L.L.C.
Obsoletes: 5798 (if approved) A. Dogra Obsoletes: 5798 A. Dogra
Intended status: Standards Track Cisco Systems Category: Standards Track Cisco Systems
Expires: 7 July 2024 4 January 2024 ISSN: 2070-1721 April 2024
Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6 Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6
draft-ietf-rtgwg-vrrp-rfc5798bis-18
Abstract Abstract
This document defines version 3 of the Virtual Router Redundancy This document defines version 3 of the Virtual Router Redundancy
Protocol (VRRP) for IPv4 and IPv6. It obsoletes RFC 5798 which Protocol (VRRP) for IPv4 and IPv6. It obsoletes RFC 5798, which
previously specified VRRP (version 3). RFC 5798 obsoleted RFC 3768 previously specified VRRP (version 3). RFC 5798 obsoleted RFC 3768,
which specified VRRP (version 2) for IPv4. VRRP specifies an which specified VRRP (version 2) for IPv4. VRRP specifies an
election protocol that dynamically assigns responsibility for a election protocol that dynamically assigns responsibility for a
Virtual Router to one of the VRRP Routers on a LAN. The VRRP Router Virtual Router to one of the VRRP Routers on a LAN. The VRRP Router
controlling the IPv4 or IPv6 address(es) associated with a Virtual controlling the IPv4 or IPv6 address(es) associated with a Virtual
Router is called the Active Router, and it forwards packets routed to Router is called the Active Router, and it forwards packets routed to
these IPv4 or IPv6 addresses. Active Routers are configured with these IPv4 or IPv6 addresses. Active Routers are configured with
virtual IPv4 or IPv6 addresses, and Backup Routers infer the address virtual IPv4 or IPv6 addresses, and Backup Routers infer the address
family of the virtual addresses being advertised based on the IP family of the virtual addresses being advertised based on the IP
protocol version. Within a VRRP Router, the Virtual Routers in each protocol version. Within a VRRP Router, the Virtual Routers in each
of the IPv4 and IPv6 address families are independent of one another of the IPv4 and IPv6 address families are independent of one another
skipping to change at page 1, line 39 skipping to change at line 37
responsibility should the Active Router become unavailable. For responsibility should the Active Router become unavailable. For
IPv4, the advantage gained from using VRRP is a higher-availability IPv4, the advantage gained from using VRRP is a higher-availability
default path without requiring configuration of dynamic routing or default path without requiring configuration of dynamic routing or
router discovery protocols on every end-host. For IPv6, the router discovery protocols on every end-host. For IPv6, the
advantage gained from using VRRP for IPv6 is a quicker switchover to advantage gained from using VRRP for IPv6 is a quicker switchover to
Backup Routers than can be obtained with standard IPv6 Neighbor Backup Routers than can be obtained with standard IPv6 Neighbor
Discovery mechanisms. Discovery mechanisms.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 7 July 2024. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9568.
Copyright Notice Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction
1.1. RFC 5798 Differences . . . . . . . . . . . . . . . . . . 4 1.1. Differences from RFC 5798
1.2. A Note on Terminology . . . . . . . . . . . . . . . . . . 5 1.2. A Note on Terminology
1.3. IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.3. IPv4
1.4. IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.4. IPv6
1.5. Requirements Language . . . . . . . . . . . . . . . . . . 7 1.5. Requirements Language
1.6. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.6. Scope
1.7. Definitions . . . . . . . . . . . . . . . . . . . . . . . 8 1.7. Definitions
2. Required Features . . . . . . . . . . . . . . . . . . . . . . 9 2. Required Features
2.1. IPvX Address Backup . . . . . . . . . . . . . . . . . . . 9 2.1. IPvX Address Backup
2.2. Preferred Path Indication . . . . . . . . . . . . . . . . 10 2.2. Preferred Path Indication
2.3. Minimization of Unnecessary Service Disruptions . . . . . 10 2.3. Minimization of Unnecessary Service Disruptions
2.4. Efficient Operation over Extended LANs . . . . . . . . . 10 2.4. Efficient Operation over Extended LANs
2.5. Sub-Second Operation for IPv4 and IPv6 . . . . . . . . . 11 2.5. Sub-second Operation for IPv4 and IPv6
3. VRRP Overview . . . . . . . . . . . . . . . . . . . . . . . . 11 3. VRRP Overview
4. Sample Configurations . . . . . . . . . . . . . . . . . . . . 12 4. Sample VRRP Networks
4.1. Sample Configuration 1 . . . . . . . . . . . . . . . . . 12 4.1. Sample VRRP Network 1
4.2. Sample Configuration 2 . . . . . . . . . . . . . . . . . 14 4.2. Sample VRRP Network 2
5. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 16 5. Protocol
5.1. VRRP Packet Format . . . . . . . . . . . . . . . . . . . 16 5.1. VRRP Packet Format
5.1.1. IPv4 Field Descriptions . . . . . . . . . . . . . . . 17 5.1.1. IPv4 Field Descriptions
5.1.1.1. Source Address . . . . . . . . . . . . . . . . . 17 5.1.1.1. Source Address
5.1.1.2. Destination Address . . . . . . . . . . . . . . . 17 5.1.1.2. Destination Address
5.1.1.3. TTL . . . . . . . . . . . . . . . . . . . . . . . 17 5.1.1.3. TTL
5.1.1.4. Protocol . . . . . . . . . . . . . . . . . . . . 18 5.1.1.4. Protocol
5.1.2. IPv6 Field Descriptions
5.1.2. IPv6 Field Descriptions . . . . . . . . . . . . . . . 18 5.1.2.1. Source Address
5.1.2.1. Source Address . . . . . . . . . . . . . . . . . 18 5.1.2.2. Destination Address
5.1.2.2. Destination Address . . . . . . . . . . . . . . . 18 5.1.2.3. Hop Limit
5.1.2.3. Hop Limit . . . . . . . . . . . . . . . . . . . . 18 5.1.2.4. Next Header
5.1.2.4. Next Header . . . . . . . . . . . . . . . . . . . 18 5.2. VRRP Field Descriptions
5.2. VRRP Field Descriptions . . . . . . . . . . . . . . . . . 18 5.2.1. Version
5.2.1. Version . . . . . . . . . . . . . . . . . . . . . . . 18 5.2.2. Type
5.2.2. Type . . . . . . . . . . . . . . . . . . . . . . . . 18 5.2.3. Virtual Rtr ID (VRID)
5.2.3. Virtual Rtr ID (VRID) . . . . . . . . . . . . . . . . 19 5.2.4. Priority
5.2.4. Priority . . . . . . . . . . . . . . . . . . . . . . 19 5.2.5. IPvX Addr Count
5.2.5. IPvX Addr Count . . . . . . . . . . . . . . . . . . . 19 5.2.6. Reserve
5.2.6. Reserve . . . . . . . . . . . . . . . . . . . . . . . 19 5.2.7. Maximum Advertisement Interval (Max Advertise Interval)
5.2.7. Maximum Advertisement Interval (Max Advertise 5.2.8. Checksum
Interval) . . . . . . . . . . . . . . . . . . . . . . 19 5.2.9. IPvX Address(es)
5.2.8. Checksum . . . . . . . . . . . . . . . . . . . . . . 20 6. Protocol State Machine
5.2.9. IPvX Address(es) . . . . . . . . . . . . . . . . . . 20 6.1. Parameters per Virtual Router
6. Protocol State Machine . . . . . . . . . . . . . . . . . . . 21 6.2. Timers
6.1. Parameters Per Virtual Router . . . . . . . . . . . . . . 21 6.3. State Transition Diagram
6.2. Timers . . . . . . . . . . . . . . . . . . . . . . . . . 23 6.4. State Descriptions
6.3. State Transition Diagram . . . . . . . . . . . . . . . . 23 6.4.1. Initialize
6.4. State Descriptions . . . . . . . . . . . . . . . . . . . 23 6.4.2. Backup
6.4.1. Initialize . . . . . . . . . . . . . . . . . . . . . 23 6.4.3. Active
6.4.2. Backup . . . . . . . . . . . . . . . . . . . . . . . 24 7. Sending and Receiving VRRP Packets
6.4.3. Active . . . . . . . . . . . . . . . . . . . . . . . 27 7.1. Receiving VRRP Packets
7. Sending and Receiving VRRP Packets . . . . . . . . . . . . . 29 7.2. Transmitting VRRP Packets
7.1. Receiving VRRP Packets . . . . . . . . . . . . . . . . . 29 7.3. Virtual Router MAC Address
7.2. Transmitting VRRP Packets . . . . . . . . . . . . . . . . 30 7.4. IPv6 Interface Identifiers
7.3. Virtual Router MAC Address . . . . . . . . . . . . . . . 31 8. Operational Issues
7.4. IPv6 Interface Identifiers . . . . . . . . . . . . . . . 32 8.1. IPv4
8. Operational Issues . . . . . . . . . . . . . . . . . . . . . 32 8.1.1. ICMP Redirects
8.1. IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 8.1.2. Host ARP Requests
8.1.1. ICMP Redirects . . . . . . . . . . . . . . . . . . . 32 8.1.3. Proxy ARP
8.1.2. Host ARP Requests . . . . . . . . . . . . . . . . . . 33 8.2. IPv6
8.1.3. Proxy ARP . . . . . . . . . . . . . . . . . . . . . . 33 8.2.1. ICMPv6 Redirects
8.2. IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . 33 8.2.2. ND Neighbor Solicitation
8.2.1. ICMPv6 Redirects . . . . . . . . . . . . . . . . . . 33 8.2.3. Router Advertisements
8.2.2. ND Neighbor Solicitation . . . . . . . . . . . . . . 34 8.2.4. Unsolicited Neighbor Advertisements
8.2.3. Router Advertisements . . . . . . . . . . . . . . . . 35 8.3. IPvX
8.2.4. Unsolicited Neighbor Advertisements . . . . . . . . . 35 8.3.1. Potential Forwarding Loop
8.3. IPvX . . . . . . . . . . . . . . . . . . . . . . . . . . 35 8.3.2. Recommendations Regarding Setting Priority Values
8.3.1. Potential Forwarding Loop . . . . . . . . . . . . . . 35 8.4. VRRPv3 and VRRPv2 Interoperation
8.3.2. Recommendations Regarding Setting Priority Values . . 36 8.4.1. Assumptions
8.4. VRRPv3 and VRRPv2 Interoperation . . . . . . . . . . . . 36 8.4.2. VRRPv3 Support of VRRPv2 Interoperation
8.4.1. Assumptions . . . . . . . . . . . . . . . . . . . . . 36 8.4.2.1. Interoperation Considerations
8.4.2. VRRPv3 Support of VRRPv2 Interoperation . . . . . . . 36 9. Security Considerations
8.4.2.1. Interoperation Considerations . . . . . . . . . . 37 10. IANA Considerations
9. Security Considerations . . . . . . . . . . . . . . . . . . . 37 11. References
10. Contributors and Acknowledgments . . . . . . . . . . . . . . 39 11.1. Normative References
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 11.2. Informative References
12. Normative References . . . . . . . . . . . . . . . . . . . . 40 Acknowledgments
13. Informative References . . . . . . . . . . . . . . . . . . . 41 Authors' Addresses
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 43
1. Introduction 1. Introduction
This document defines version 3 of the Virtual Router Redundancy This document defines version 3 of the Virtual Router Redundancy
Protocol (VRRP) for IPv4 and IPv6. It obsoletes RFC 5798 [RFC5798] Protocol (VRRP) for IPv4 and IPv6. It obsoletes [RFC5798], which
which previously specified VRRP (version 3). RFC 5798 obsoleted RFC previously specified VRRP (version 3). [RFC5798] obsoleted
3768 [RFC3768] which specified VRRP (version 2) for IPv4. VRRP [RFC3768], which specified VRRP (version 2) for IPv4. VRRP specifies
specifies an election protocol that dynamically assigns an election protocol that dynamically assigns responsibility for a
responsibility for a Virtual Router (refer to Section 1.7) to one of Virtual Router (refer to Section 1.7) to one of the VRRP Routers on a
the VRRP routers on a LAN. The VRRP Router controlling the IPv4 or LAN. The VRRP Router controlling the IPv4 or IPv6 address(es)
IPv6 address(es) associated with a Virtual Router is called the associated with a Virtual Router is called the Active Router, and it
Active Router, and it forwards packets routed to these IPv4 or IPv6 forwards packets routed to these IPv4 or IPv6 addresses (except for
addresses (except for packets addressed to these addresses as packets addressed to these addresses as described in Section 8.3.1).
decribed in Section 8.3.1). VRRP Active Routers are configured with VRRP Active Routers are configured with virtual IPv4 or IPv6
virtual IPv4 or IPv6 addresses, and Backup Routers infer the address addresses, and Backup Routers infer the address family of the virtual
family of the virtual addresses being advertised based on the IP addresses being advertised based on the IP protocol version. Within
protocol version. Within a VRRP Router, the Virtual Routers in each a VRRP Router, the Virtual Routers in each of the IPv4 and IPv6
of the IPv4 and IPv6 address families are independent of one another address families are independent of one another and always treated as
and always treated as separate Virtual Router instances. The separate Virtual Router instances. The election process provides
election process provides dynamic failover in the forwarding dynamic failover in the forwarding responsibility should the Active
responsibility should the Active Router become unavailable. Router become unavailable.
VRRP provides a function similar to the proprietary protocols "Hot VRRP provides a function similar to the proprietary protocols Hot
Standby Router Protocol (HSRP)" [RFC2281] and "IP Standby Protocol" Standby Router Protocol (HSRP) [RFC2281] and IP Standby Protocol
[IPSTB]. [IPSTB].
1.1. RFC 5798 Differences 1.1. Differences from RFC 5798
The following changes have been made from RFC 5798: The following changes have been made from [RFC5798]:
1. The VRRP terminology has been updated to conform to inclusive 1. The VRRP terminology has been updated to conform to inclusive
language guidelines for IETF technologies. The IETF has language guidelines for IETF technologies. The IETF has
designated National Institute of Standards and Technology (NIST) designated the National Institute of Standards and Technology
"Guidance for NIST Staff on Using Inclusive Language in (NIST) document "Guidance for NIST Staff on Using Inclusive
Documentary Standards" [NISTIR8366] for its inclusive language Language in Documentary Standards" [NISTIR8366] for its
guidelines. inclusive language guidelines.
2. The term for the VRRP Router assuming forwarding responsibility 2. The term for the VRRP Router assuming forwarding responsibility
has been changed to "Active Router" to be consistent with IETF has been changed to "Active Router" to be consistent with IETF
inclusive terminology. Additionally, inconsistencies in RFC inclusive terminology. Additionally, inconsistencies in the
5798 terminology for both "Active Router" and "Backup Router" terminology of [RFC5798] for both "Active Router" and "Backup
were corrected. Additionally, the undesirable term for Router" were corrected. Additionally, the undesirable term for
attracting and dropping unreachable packets has been changed. attracting and dropping unreachable packets has been changed.
3. Errata pertaining to the state machines in Section 6 were 3. Errata pertaining to the state machines in Section 6 were
corrected. corrected.
4. The checksum calculation in Section 5.2.8 has been clarified to 4. The checksum calculation in Section 5.2.8 has been clarified to
specify precisely what is included and that it does not include specify precisely what is included and that it does not include
the pseudo-header for IPv4. the pseudo-header for IPv4.
5. When a VRRP advertisement is received from a lower priority VRRP 5. When a VRRP advertisement is received from a lower priority VRRP
router, the Active VRRP router will immediately send a VRRP Router, the Active VRRP Router will immediately send a VRRP
advertisement to assure learning bridges will bridge the packets advertisement to assure learning bridges will bridge the packets
to the correct Ethernet segment (refer to Section 6.4.3). to the correct Ethernet segment (refer to Section 6.4.3).
6. Appendices describing operation over legacy technologies (FDDI, 6. Appendices describing operation over legacy technologies (Fiber
Token Ring, and ATM LAN Emulation) were removed. Distributed Data Interface (FDDI), Token Ring, and ATM LAN
Emulation) were removed.
7. A recommendation was added indicating that IPv6 Unsolicited 7. A recommendation was added indicating that IPv6 Unsolicited
Neighbor Advertisements SHOULD be accepted by the Active and Neighbor Advertisements SHOULD be accepted by the Active and
Backup Routers Section 8.2.4. Backup Routers (Section 8.2.4).
8. Checking that the Maximum Advertisement Intervals match is 8. Checking that the Maximum Advertisement Intervals match is
recommended although this will not result in the VRRP packet recommended, although this will not result in the VRRP packet
being dropped Section 7.1. being dropped (Section 7.1).
9. Miscellaneous editorial changes were made for readability. 9. Miscellaneous editorial changes were made for readability.
10. The IANA Considerations section was augmented to include all the 10. The IANA Considerations section was augmented to include all the
IPv4/IPv6 multicast address allocations and Ethernet MAC address IPv4/IPv6 multicast address allocations and Ethernet Media
allocations. Access Control (MAC) address allocations.
1.2. A Note on Terminology 1.2. A Note on Terminology
This document discusses both IPv4 and IPv6 operations, and with This document discusses both IPv4 and IPv6 operations, and with
respect to the VRRP protocol, many of the descriptions and procedures respect to the VRRP protocol, many of the descriptions and procedures
are common. In this document, it would be less verbose to be able to are common. In this document, it would be less verbose to be able to
refer to "IP" to mean either "IPv4 or IPv6". However, historically, refer to "IP" to mean either "IPv4 or IPv6". However, historically,
the term "IP" often refers to IPv4. For this reason, in this the term "IP" often refers to IPv4. For this reason, in this
specification, the term "IPvX" (where X is 4 or 6) is introduced to specification, the term "IPvX" (where X is 4 or 6) is introduced to
mean either "IPv4" or "IPv6". In this text, where the IP version mean either "IPv4" or "IPv6". In this text, where the IP version
matters, the appropriate term is used, and the use of the term "IP" matters, the appropriate term is used, and the use of the term "IP"
is avoided. is avoided.
1.3. IPv4 1.3. IPv4
There are a number of methods that an IPv4 end-host can use to There are a number of methods that an IPv4 end-host can use to
determine its first-hop router for a particular IPv4 destination. determine its first-hop router for a particular IPv4 destination.
These include running (or snooping) a dynamic routing protocol such These include running (or snooping) a dynamic routing protocol such
as Routing Information Protocol (RIP) [RFC2453] or OSPF version 2 as Routing Information Protocol (RIP) [RFC2453] or OSPF version 2
[RFC2328], running an ICMP router discovery client [RFC1256], DHCPv4 [RFC2328], running an ICMP router discovery client [RFC1256], running
[RFC2131], or using a statically configured default route. DHCPv4 [RFC2131], or using a statically configured default route.
Running a dynamic routing protocol on every end-host may not be Running a dynamic routing protocol on every end-host may not be
feasible for a number of reasons, including administrative overhead, feasible for a number of reasons, including administrative overhead,
processing overhead, security issues, or the lack of an processing overhead, security issues, or the lack of an
implementation for a particular platform. Neighbor or router implementation for a particular platform. Neighbor or router
discovery protocols may require active participation by all hosts on discovery protocols may require active participation by all hosts on
a network, requiring large timer values to reduce protocol overhead a network, requiring large timer values to reduce protocol overhead
associated with the protocol packet processing for each host. This associated with the protocol packet processing for each host. This
can result in a significant delay in the detection of an unreachable can result in a significant delay in the detection of an unreachable
router and, such a delay may introduce unacceptably long periods of router, and such a delay may introduce unacceptably long periods of
unreachability for the default route. unreachability for the default route.
The use of a manually configured default route (either via a static The use of a manually configured default route (either via a static
route or DHCPv4) is quite popular since it minimizes configuration route or DHCPv4) is quite popular since it minimizes configuration
and processing overhead on the end-host and is supported by virtually and processing overhead on the end-host and is supported by virtually
every IPv4 implementation. However, this creates a single point of every IPv4 implementation. However, this creates a single point of
failure. Loss of the default router results in a catastrophic event, failure. Loss of the default router results in a catastrophic event,
isolating all end-hosts that are unable to detect an available isolating all end-hosts that are unable to detect an available
alternate path. alternate path.
The Virtual Router Redundancy Protocol (VRRP) is designed to The Virtual Router Redundancy Protocol (VRRP) is designed to
eliminate the single point of failure inherent in a network utilizing eliminate the single point of failure inherent in a network utilizing
default routing. VRRP specifies an election protocol that default routing. VRRP specifies an election protocol that
dynamically assigns responsibility for a Virtual Router to one of the dynamically assigns responsibility for a Virtual Router to one of the
VRRP Routers on a LAN. The VRRP Router controlling the IPv4 VRRP Routers on a LAN. The VRRP Router controlling the IPv4
address(es) associated with a Virtual Router is called the Active address(es) associated with a Virtual Router is called the Active
Router and forwards packets sent to these IPv4 addresses. The Router and forwards packets sent to these IPv4 addresses. The
election process provides dynamic failover of the forwarding election process provides dynamic failover of the forwarding
responsibility should the Active Router become unavailable. Any of responsibility should the Active Router become unavailable. Any of
the Virtual Router's IPv4 addresses on a LAN can then be used as the the Virtual Router's IPv4 addresses on a LAN can then be used as the
default first hop router by end-hosts. The advantage gained from default first-hop router by end-hosts. The advantage gained from
using VRRP is a higher availability default path without requiring using VRRP is a higher availability default path without requiring
configuration of dynamic routing or a router discovery protocol on configuration of dynamic routing or a router discovery protocol on
every end-host. every end-host.
1.4. IPv6 1.4. IPv6
IPv6 hosts on a LAN will usually learn about one or more default IPv6 hosts on a LAN will usually learn about one or more default
routers by receiving Router Advertisements sent using the IPv6 routers by receiving Router Advertisements sent using the IPv6
Neighbor Discovery (ND) protocol [RFC4861]. The Router Neighbor Discovery (ND) protocol [RFC4861]. The Router
Advertisements are periodically multicast at a rate such that the Advertisements are periodically multicast at a rate such that the
skipping to change at page 7, line 28 skipping to change at line 295
unicast ND Neighbor Solicitation messages to the neighbor node. To unicast ND Neighbor Solicitation messages to the neighbor node. To
reduce the overhead of sending Neighbor Solicitations, they are only reduce the overhead of sending Neighbor Solicitations, they are only
sent to neighbors to which the node is actively sending traffic and sent to neighbors to which the node is actively sending traffic and
only after there has been no positive indication that the router is only after there has been no positive indication that the router is
up for a period of time. Using the default parameters in ND, it can up for a period of time. Using the default parameters in ND, it can
take a host more than 10 seconds to learn that a router is take a host more than 10 seconds to learn that a router is
unreachable before it will switch to another default router. This unreachable before it will switch to another default router. This
delay would be very noticeable to users and cause some transport delay would be very noticeable to users and cause some transport
protocol implementations to time out. protocol implementations to time out.
While the ND unreachability detection could be made quicker by While the Neighbor Unreachability Detection could be made quicker by
configuring the timer intervals to be more aggressive (note that the configuring the timer intervals to be more aggressive (note that the
current lower limit for this is 5 seconds), this would have the current lower limit for this is 5 seconds), this would have the
downside of significantly increasing the overhead of ND traffic, downside of significantly increasing the overhead of ND traffic,
especially when there are many hosts all trying to determine the especially when there are many hosts all trying to determine the
reachability of one or more routers. reachability of one or more routers.
The Virtual Router Redundancy Protocol for IPv6 provides a much The Virtual Router Redundancy Protocol for IPv6 provides a much
faster switchover to an alternate default router than can be obtained faster switchover to an alternate default router than can be obtained
using standard ND procedures. Using VRRP, a Backup Router can take using standard ND procedures. Using VRRP, a Backup Router can take
over for a failed default router in around three seconds (using VRRP over for a failed default router in around three seconds (using VRRP
default parameters). This is done without any interaction with the default parameters). This is done without any interaction with the
hosts and a minimum amount of VRRP traffic. hosts and a minimum amount of VRRP traffic.
1.5. Requirements Language 1.5. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
1.6. Scope 1.6. Scope
The remainder of this document describes the features, design goals, The remainder of this document describes the features, design goals,
and theory of operation of VRRP. The message formats, protocol and theory of operation of VRRP. The message formats, protocol
processing rules, and state machine that guarantee convergence to a processing rules, and state machine that guarantee convergence to a
single Active Router are presented. Finally, operational issues single Active Router are presented. Finally, operational issues
related to MAC address mapping, handling of ARP messages, generation related to MAC address mapping, handling of ARP messages, generation
of ICMP redirect messages, and security issues are addressed. of ICMP redirect messages, and security issues are addressed.
skipping to change at page 9, line 9 skipping to change at line 370
advertisements are always sent using the advertisements are always sent using the
primary IPv4 address as the source of the primary IPv4 address as the source of the
IPv4 packet. In IPv6, the link-local address IPv4 packet. In IPv6, the link-local address
of the interface over which the packet is of the interface over which the packet is
transmitted is used. transmitted is used.
Forwarding Responsibility The responsibility for forwarding packets Forwarding Responsibility The responsibility for forwarding packets
sent to the IPvX address(es) associated with sent to the IPvX address(es) associated with
the Virtual Router. This includes receiving the Virtual Router. This includes receiving
packets sent to the Virtual Router MAC packets sent to the Virtual Router MAC
Address, forwarding these packets based on address, forwarding these packets based on
the local RIB (Routing Information Base)/FIB the local Routing Information Base (RIB) /
(Forwarding Information Base), answering ARP Forwarding Information Base (FIB), answering
requests for the IPv4 address(es), and ARP requests for the IPv4 address(es), and
answering ND requests for the IPv6 answering ND requests for the IPv6
address(es). address(es).
Active Router The VRRP Router that is assuming the Active Router The VRRP Router that is assuming the
responsibility of forwarding packets sent to responsibility of forwarding packets sent to
the IPvX address(es) associated with the the IPvX address(es) associated with the
Virtual Router, answering ARP requests for Virtual Router, answering ARP requests for
the IPv4 address(es), and answering ND the IPv4 address(es), and answering ND
requests for the IPv6 address(es). Note that requests for the IPv6 address(es). Note that
if the IPvX address owner is available, then if the IPvX address owner is available, then
it will always be the Active Router. it will always be the Active Router.
Backup Router(s) The set of VRRP Routers available to assume Backup Router(s) The set of VRRP Routers available to assume
forwarding responsibility for a Virtual forwarding responsibility for a Virtual
Router should the current Active Router fail. Router should the current Active Router fail.
Drop Route A route installed in the RIB (Routing Drop Route A route installed in the Routing Information
Information Base) that will result in traffic Base (RIB) that will result in traffic with a
with a destination address that matches the destination address that matches the route to
route to be dropped. be dropped.
2. Required Features 2. Required Features
This section describes the set of features that were considered This section describes the set of features that were considered
mandatory and that guided the design of VRRP. mandatory and that guided the design of VRRP.
2.1. IPvX Address Backup 2.1. IPvX Address Backup
Backup of an IPvX address or addresses is the primary function of Backup of an IPvX address or addresses is the primary function of
VRRP. When providing election of an Active Router and the additional VRRP. When providing election of an Active Router and the additional
functionality described below; the protocol should strive to: functionality described below, the protocol should strive to:
* Minimize the duration of unreachability. * minimize the duration of unreachability,
* Minimize the steady-state bandwidth overhead and processing * minimize the steady-state bandwidth overhead and processing
complexity. complexity,
* Function over a wide variety of multiaccess LAN technologies * function over a wide variety of multiaccess LAN technologies
capable of supporting IPvX traffic. capable of supporting IPvX traffic,
* Allow multiple Virtual Routers on a network for load-balancing. * allow multiple Virtual Routers on a network for load-balancing,
and
* Support multiple logical IPvX subnets on a single LAN segment. * support multiple logical IPvX subnets on a single LAN segment.
2.2. Preferred Path Indication 2.2. Preferred Path Indication
A simple model of Active Router election among a set of redundant A simple model of Active Router election among a set of redundant
routers is to treat each router with equal preference and claim routers is to treat each router with equal preference and claim
victory after converging to any router as Active Router. However, victory after converging to any router as the Active Router.
there are likely to be many environments where there is a distinct However, there are likely to be many environments where there is a
preference (or range of preferences) among the set of redundant distinct preference (or range of preferences) among the set of
routers. For example, this preference may be based upon access link redundant routers. For example, this preference may be based upon
cost or speed, router performance or reliability, or other policy access link cost or speed, router performance or reliability, or
considerations. The protocol should allow the expression of this other policy considerations. The protocol should allow the
relative path preference in an intuitive manner and guarantee Active expression of this relative path preference in an intuitive manner
Router convergence to the most preferred Virtual Router currently and guarantee Active Router convergence to the most preferred Virtual
available. Router currently available.
2.3. Minimization of Unnecessary Service Disruptions 2.3. Minimization of Unnecessary Service Disruptions
Once Active Router election has been performed, any unnecessary Once Active Router election has been performed, any unnecessary
transition between Active and Backup Routers can result in a transition between Active and Backup Routers can result in a
disruption in service. The protocol should ensure that, after Active disruption of service. The protocol should ensure that, after Active
Router election, no state transition is triggered by any Backup Router election, no state transition is triggered by any Backup
Router of equal or lower preference as long as the Active Router Router of equal or lower preference as long as the Active Router
continues to function properly. continues to function properly.
Some environments may find it beneficial to avoid the state Some environments may find it beneficial to avoid the state
transition triggered when a router that is preferred over the current transition triggered when a router that is preferred over the current
Active Router becomes available. It may be useful to support an Active Router becomes available. It may be useful to support an
override of the immediate restoration to the preferred path. override of the immediate restoration to the preferred path.
2.4. Efficient Operation over Extended LANs 2.4. Efficient Operation over Extended LANs
skipping to change at page 11, line 11 skipping to change at line 469
1. Use the Virtual Router MAC address as the source in a packet sent 1. Use the Virtual Router MAC address as the source in a packet sent
by the Active Router to trigger MAC learning. by the Active Router to trigger MAC learning.
2. Trigger a message immediately after transitioning to the Active 2. Trigger a message immediately after transitioning to the Active
Router to update MAC learning. Router to update MAC learning.
3. Trigger periodic messages from the Active Router to maintain the 3. Trigger periodic messages from the Active Router to maintain the
MAC address cache. MAC address cache.
2.5. Sub-Second Operation for IPv4 and IPv6 2.5. Sub-second Operation for IPv4 and IPv6
Sub-second detection of Active Router failure is needed in both IPv4 Sub-second detection of Active Router failure is needed in both IPv4
and IPv6 environments. Earlier work proposed that sub-second and IPv6 environments. Earlier work proposed that sub-second
operation was for IPv6 and this specification leverages that earlier operation was for IPv6, and this specification leverages that earlier
approach for both IPv4 and IPv6. approach for both IPv4 and IPv6.
One possible problematic scenario that may occur when using a small One possible problematic scenario that may occur when using a small
Advertisement_Interval (refer to Section 6.1) is when a VRRP Router Advertisement_Interval (refer to Section 6.1) is when a VRRP Router
is generating more packets than it can transmit, and a queue builds is generating more packets than it can transmit, and a queue builds
up on the VRRP Router. When this occurs, it is possible that packets up on the VRRP Router. When this occurs, it is possible that packets
being transmitted onto the VRRP-protected LAN could see a larger being transmitted onto the VRRP-protected LAN could see a larger
queueing delay than the smallest Advertisement_Interval. In this queueing delay than the smallest Advertisement_Interval. In this
case, the Active_Down_Interval (refer to Section 6.1) may be small case, the Active_Down_Interval (refer to Section 6.1) may be small
enough that normal queuing delays might cause a Backup Router to enough that normal queuing delays might cause a Backup Router to
conclude that the Active Router is down, and, hence, promote itself conclude that the Active Router is down and, hence, promote itself to
to Active Router. Very shortly afterwards, the delayed VRRP packets Active Router. Very shortly afterwards, the delayed VRRP packets
from the original Active Router cause a switch back to Backup Router. from the original Active Router cause the VRRP Router to switch back
Furthermore, this process can repeat many times per second, causing a to Backup Router. Furthermore, this process can repeat many times
significant disruption of traffic. To mitigate this problem, giving per second, causing a significant disruption of traffic. To mitigate
VRRP packets priority on egress interface queues should be this problem, giving VRRP packets priority on egress interface queues
considered. If the Active Router observes that this is occurring, it should be considered. If the Active Router observes that this is
SHOULD log the problem (subject to rate-limiting). occurring, it SHOULD log the problem (subject to rate-limiting).
3. VRRP Overview 3. VRRP Overview
VRRP specifies an election protocol to provide the Virtual Router VRRP specifies an election protocol to provide the Virtual Router
function described earlier. All protocol messaging is performed function described earlier. All protocol messaging is performed
using either IPv4 or IPv6 multicast datagrams. Thus, the protocol using either IPv4 or IPv6 multicast datagrams. Thus, the protocol
can operate over a variety of multiaccess LAN technologies supporting can operate over a variety of multiaccess LAN technologies supporting
IPvX multicast. Each link of a VRRP Virtual Router has a single IPvX multicast. Each link of a VRRP Virtual Router has a single
well-known MAC address allocated to it. This document currently only well-known MAC address allocated to it. This document currently only
details the mapping to networks using an IEEE 802 48-bit MAC address. details the mapping to networks using an IEEE 802 48-bit MAC address.
The Virtual Router MAC address is used as the source in all periodic The Virtual Router MAC address is used as the source in all periodic
VRRP messages sent by the Active Router to enable MAC learning by VRRP messages sent by the Active Router to enable MAC learning by
layer-2 bridges on an extended LAN. Layer 2 (L2) bridges on an extended LAN.
A Virtual Router is defined by its Virtual Router Identifier (VRID) A Virtual Router is defined by its Virtual Router Identifier (VRID)
and a set of either IPv4 or IPv6 address(es). A VRRP Router may and a set of either IPv4 or IPv6 address(es). A VRRP Router may
associate a Virtual Router with its real address on an interface. associate a Virtual Router with its real address on an interface.
The scope of each Virtual Router is restricted to a single LAN. A The scope of each Virtual Router is restricted to a single LAN. A
VRRP Router may be configured with additional Virtual Router mappings VRRP Router may be configured with additional Virtual Router mappings
and priority for Virtual Routers it is willing to back up. The and priority for Virtual Routers it is willing to back up. The
mapping between the VRID and its IPvX address(es) must be coordinated mapping between the VRID and its IPvX address(es) must be coordinated
among all VRRP Routers on a LAN. among all VRRP Routers on a LAN.
skipping to change at page 12, line 22 skipping to change at line 529
To minimize network traffic, only the Active Router for each Virtual To minimize network traffic, only the Active Router for each Virtual
Router sends periodic VRRP Advertisement messages. A Backup Router Router sends periodic VRRP Advertisement messages. A Backup Router
will not attempt to preempt the Active Router unless the Backup will not attempt to preempt the Active Router unless the Backup
Router has a higher priority. This eliminates service disruption Router has a higher priority. This eliminates service disruption
unless a more preferred path becomes available. It's also possible unless a more preferred path becomes available. It's also possible
to administratively prohibit Active Router preemption attempts. The to administratively prohibit Active Router preemption attempts. The
only exception is that a VRRP Router will always become the Active only exception is that a VRRP Router will always become the Active
Router for any Virtual Router associated with address(es) it owns. Router for any Virtual Router associated with address(es) it owns.
If the Active Router becomes unavailable, then the highest-priority If the Active Router becomes unavailable, then the highest-priority
Backup Router will transition to Active Router after a short delay, Backup Router will transition to the Active Router after a short
providing a controlled transition of Virtual Router responsibility delay, providing a controlled transition of Virtual Router
with minimal service interruption. responsibility with minimal service interruption.
The VRRP protocol design provides rapid transition from Backup Router The VRRP protocol design provides rapid transition from the Backup
to Active Router to minimize service interruption and incorporates Router to the Active Router to minimize service interruption and
optimizations that reduce protocol complexity while guaranteeing incorporates optimizations that reduce protocol complexity while
controlled Active Router transition for typical operational guaranteeing controlled Active Router transition for typical
scenarios. These optimizations result in an election protocol with operational scenarios. These optimizations result in an election
minimal runtime state requirements, minimal active protocol states, protocol with minimal runtime state requirements, minimal active
and a single message type and sender. The typical operational protocol states, and a single message type and sender. The typical
scenarios are defined to be two redundant routers and/or distinct operational scenarios are defined to be two redundant routers and/or
path preferences for each router. A side effect when these distinct path preferences for each router. A side effect when these
assumptions are violated, i.e., more than two redundant paths with assumptions are violated, i.e., more than two redundant paths with
equal preference, is that duplicate packets may be forwarded for a equal preference, is that duplicate packets may be forwarded for a
brief period during Active Router election. However, the typical brief period during Active Router election. However, the typical
scenario assumptions are likely to cover the vast majority of scenario assumptions are likely to cover the vast majority of
deployments, loss of the Active Router is infrequent, and the deployments, loss of the Active Router is infrequent, and the
expected duration for Active Router election convergence is quite expected duration for Active Router election convergence is quite
small (< 4 seconds when using the default Advertisement_Interval and small (< 4 seconds when using the default Advertisement_Interval and
configurable to < 1/25 second). Thus, the VRRP optimizations configurable to < 1/25 second). Thus, the VRRP optimizations
represent significant simplifications in the protocol design while represent significant simplifications in the protocol design while
incurring an insignificant probability of brief network disruption. incurring an insignificant probability of brief network disruption.
4. Sample Configurations 4. Sample VRRP Networks
4.1. Sample Configuration 1 4.1. Sample VRRP Network 1
The following figure shows a simple network with two VRRP Routers The following figure shows a simple network with two VRRP Routers
implementing one Virtual Router. implementing one Virtual Router.
+-----------+ +-----------+ +-----------+ +-----------+
| Router-1 | | Router-2 | | Router-1 | | Router-2 |
|(AR VRID=1)| |(BR VRID=1)| |(AR VRID=1)| |(BR VRID=1)|
| | | | | | | |
VRID=1 +-----------+ +-----------+ VRID=1 +-----------+ +-----------+
IPvX A------>* *<---------IPvX B IPvX A------>* *<---------IPvX B
| | | |
| | | |
-------------+------------+--+-----------+-----------+-----------+ -------------+------------+--+-----------+-----------+-----------+
^ ^ ^ ^ ^ ^ ^ ^
| | | | | | | |
Default Router | | | | Default Router | | | |
IPvX addresses ---> (IPvX A) (IPvX A) (IPvX A) (IPvX A) IPvX Addresses ---> (IPvX A) (IPvX A) (IPvX A) (IPvX A)
| | | | | | | |
IPvX H1->* IPvX H2->* IPvX H3->* IPvX H4->* IPvX H1->* IPvX H2->* IPvX H3->* IPvX H4->*
+--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+
| H1 | | H2 | | H3 | | H4 | | H1 | | H2 | | H3 | | H4 |
+-----+ +-----+ +--+--+ +--+--+ +-----+ +-----+ +--+--+ +--+--+
Legend: Legend:
--+---+---+-- = Ethernet --+---+---+-- = Ethernet
H = Host computer H = Host computer
AR = Active Router AR = Active Router
BR = Backup Router BR = Backup Router
* = IPvX Address: X is 4 everywhere in IPv4 case * = IPvX Address: X is 4 everywhere in IPv4 case
X is 6 everywhere in IPv6 case X is 6 everywhere in IPv6 case
(IPvX) = Default Router for hosts (IPvX) = Default Router for hosts
Figure 1: Sample VRRP Network 1
In the IPv4 case, i.e., IPvX is IPv4 everywhere in the figure, each In the IPv4 case, i.e., IPvX is IPv4 everywhere in the figure, each
router is permanently assigned an IPv4 address on the LAN interface router is permanently assigned an IPv4 address on the LAN interface
(Router-1 is assigned IPv4 A and Router-2 is assigned IPv4 B), and (Router-1 is assigned IPv4 A and Router-2 is assigned IPv4 B), and
each host installs a default route (learned through DHCPv4 or via a each host installs a default route (learned through DHCPv4 or via a
configured static route) through one of the routers (in this example, configured static route) through one of the routers (in this example,
they all use Router-1's IPv4 A). they all use Router-1's IPv4 A).
In the IPv6 case, i.e., IPvX is IPv6 everywhere in the figure, each In the IPv6 case, i.e., IPvX is IPv6 everywhere in the figure, each
router has its own Link-Local IPv6 address on the LAN interface, and router has its own link-local IPv6 address on the LAN interface and a
a link-local IPv6 address per VRID that is shared with the other link-local IPv6 address per VRID that is shared with the other
routers that serve the same VRID. Each host learns a default route routers that serve the same VRID. Each host learns a default route
from Router Advertisements through one of the routers (in this from Router Advertisements through one of the routers (in this
example, they all use Router-1's IPv6 Link-Local A). example, they all use Router-1's IPv6 Link-Local A).
In an IPv4 VRRP environment, each router supports reception and In an IPv4 VRRP environment, each router supports reception and
transmission for the exact same IPv4 address. Router-1 is said to be transmission for the exact same IPv4 address. Router-1 is said to be
the IPv4 address owner of IPv4 A, and Router-2 is the IPv4 address the IPv4 address owner of IPv4 A, and Router-2 is the IPv4 address
owner of IPv4 B. A Virtual Router is then defined by associating a owner of IPv4 B. A Virtual Router is then defined by associating a
unique identifier (the VRID) with the address owned by Router-1. unique identifier (the VRID) with the address owned by Router-1.
skipping to change at page 14, line 23 skipping to change at line 621
Router-1 is said to be the IPv6 address owner of IPv6 A, and Router-2 Router-1 is said to be the IPv6 address owner of IPv6 A, and Router-2
is the IPv6 address owner of IPv6 B. A Virtual Router is then is the IPv6 address owner of IPv6 B. A Virtual Router is then
defined by associating a unique identifier (the VRID) with the defined by associating a unique identifier (the VRID) with the
address owned by Router-1. address owned by Router-1.
Finally, in both the IPv4 and IPv6 cases, the VRRP protocol manages Finally, in both the IPv4 and IPv6 cases, the VRRP protocol manages
Virtual Router failover to a Backup Router. Virtual Router failover to a Backup Router.
The IPvX example above shows a Virtual Router configured to cover the The IPvX example above shows a Virtual Router configured to cover the
IPvX address owned by Router-1 (VRID=1, IPvX_Address=A). When VRRP IPvX address owned by Router-1 (VRID=1, IPvX_Address=A). When VRRP
is enabled on Router-1 for VRID=1, it will assert itself as Active is enabled on Router-1 for VRID=1, it will assert itself as the
Router, with priority = 255, since it is the IPvX address owner for Active Router, with priority = 255, since it is the IPvX address
the Virtual Router IPvX address. When VRRP is enabled on Router-2 owner for the Virtual Router IPvX address. When VRRP is enabled on
for VRID=1, it will transition to Backup Router, with priority = 100 Router-2 for VRID=1, it will transition to the Backup Router, with
(the default priority is 100), since it is not the IPvX address priority = 100 (the default priority is 100), since it is not the
owner. If Router-1 should fail, then the VRRP protocol will IPvX address owner. If Router-1 should fail, then the VRRP protocol
transition Router-2 to Active Router, temporarily taking over will transition Router-2 to the Active Router, temporarily taking
forwarding responsibility for IPvX A to provide uninterrupted service over forwarding responsibility for IPvX A to provide uninterrupted
to the hosts. service to the hosts.
Note that in both cases in this example, IPvX B is not backed up and Note that in both cases in this example, IPvX B is not backed up and
it is only used by Router-2 as its interface address. In order to it is only used by Router-2 as its interface address. In order to
back up IPvX B, a second Virtual Router must be configured. This is back up IPvX B, a second Virtual Router must be configured. This is
shown in the next section. shown in the next section.
4.2. Sample Configuration 2 4.2. Sample VRRP Network 2
The following figure shows a configuration with two Virtual Routers The following figure shows a configuration with two Virtual Routers
with the hosts splitting their traffic between them. with the hosts splitting their traffic between them.
+-----------+ +-----------+ +-----------+ +-----------+
| Router-1 | | Router-2 | | Router-1 | | Router-2 |
|(AR VRID=1)| |(BR VRID=1)| |(AR VRID=1)| |(BR VRID=1)|
|(BR VRID=2)| |(AR VRID=2)| |(BR VRID=2)| |(AR VRID=2)|
VRID=1 +-----------+ +-----------+ VRID=2 VRID=1 +-----------+ +-----------+ VRID=2
IPvX A ----->* *<---------- IPvX B IPvX A ----->* *<---------- IPvX B
| | | |
| | | |
----------+-------------+-+-----------+-----------+-----------+ ----------+-------------+-+-----------+-----------+-----------+
^ ^ ^ ^ ^ ^ ^ ^
| | | | | | | |
Default Router | | | | Default Router | | | |
IPvX addresses ---> (IPvX A) (IPvX A) (IPvX B) (IPvX B) IPvX Addresses ---> (IPvX A) (IPvX A) (IPvX B) (IPvX B)
| | | | | | | |
IPvX H1->* IPvX H2->* IPvX H3->* IPvX H4->* IPvX H1->* IPvX H2->* IPvX H3->* IPvX H4->*
+--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+
| H1 | | H2 | | H3 | | H4 | | H1 | | H2 | | H3 | | H4 |
+-----+ +-----+ +--+--+ +--+--+ +-----+ +-----+ +--+--+ +--+--+
Legend: Legend:
---+---+---+-- = Ethernet ---+---+---+-- = Ethernet
H = Host computer H = Host computer
AR = Active Router AR = Active Router
BR = Backup Router BR = Backup Router
* = IPvX Address: X is 4 everywhere in IPv4 case * = IPvX Address: X is 4 everywhere in IPv4 case
X is 6 everywhere in IPv6 case X is 6 everywhere in IPv6 case
(IPvX) = Default Router for hosts (IPvX) = Default Router for hosts
Figure 2: Sample VRRP Network 2
In the IPv4 example above, i.e., IPvX is IPv4 everywhere in the In the IPv4 example above, i.e., IPvX is IPv4 everywhere in the
figure, half of the hosts have configured a static default route figure, half of the hosts have configured a static default route
through Router-1's IPv4 A, and half are using Router-2's IPv4 B. The through Router-1's IPv4 A, and half are using Router-2's IPv4 B. The
configuration of Virtual Router VRID=1 is exactly the same as in the configuration of Virtual Router VRID=1 is exactly the same as in the
first example (see Section 4.1), and a second Virtual Router has been first example (see Section 4.1), and a second Virtual Router has been
added to cover the IPv4 address owned by Router-2 (VRID=2, added to cover the IPv4 address owned by Router-2 (VRID=2,
IPv4_Address=B). In this case, Router-2 will assert itself as Active IPv4_Address=B). In this case, Router-2 will assert itself as the
Router for VRID=2 while Router-1 will act as a Backup Router. This Active Router for VRID=2, while Router-1 will act as a Backup Router.
scenario demonstrates a deployment providing load-splitting when both This scenario demonstrates a deployment providing load-splitting when
routers are available, while providing full redundancy for both routers are available, while providing full redundancy for
robustness. robustness.
In the IPv6 example above, i.e., IPvX is IPv6 everywhere in the In the IPv6 example above, i.e., IPvX is IPv6 everywhere in the
figure, half of the hosts are using a default route through Router- figure, half of the hosts are using a default route through Router-
1's IPv6 A, and half are using Router-2's IPv6 B. The configuration 1's IPv6 A, and half are using Router-2's IPv6 B. The configuration
of Virtual Router VRID=1 is exactly the same as in the first example of Virtual Router VRID=1 is exactly the same as in the first example
(see Section 4.1), and a second Virtual Router has been added to (see Section 4.1), and a second Virtual Router has been added to
cover the IPv6 address owned by Router-2 (VRID=2, IPv6_Address=B). cover the IPv6 address owned by Router-2 (VRID=2, IPv6_Address=B).
In this case, Router-2 will assert itself as the Active Router for
In this case, Router-2 will assert itself as Active Router for VRID=2 VRID=2, while Router-1 will act as a Backup Router. This scenario
while Router-1 will act as a Backup Router. This scenario
demonstrates a deployment providing load-splitting when both routers demonstrates a deployment providing load-splitting when both routers
are available, while providing full redundancy for robustness. are available while providing full redundancy for robustness.
Note that the details of load-balancing are out of scope of this Note that the details of load-balancing are out of scope of this
document. However, in a case where the servers need different document. However, in a case where the servers need different
weights, it may not make sense to rely on router advertisements alone weights, it may not make sense to rely on Router Advertisements alone
to balance the host traffic between the routers [RFC4311]. to balance the host traffic between the routers [RFC4311].
5. Protocol 5. Protocol
The purpose of the VRRP Advertisement is to communicate to all VRRP The purpose of the VRRP Advertisement is to communicate to all VRRP
Routers the priority, Max Advertisement Interval, and IPvX addresses Routers the priority, Maximum Advertisement Interval, and IPvX
of the Active Router associated with the VRID. addresses of the Active Router associated with the VRID.
When VRRP is protecting an IPv4 address, VRRP packets are sent When VRRP is protecting an IPv4 address, VRRP packets are sent
encapsulated in IPv4 packets. They are sent to the IPv4 multicast encapsulated in IPv4 packets. They are sent to the IPv4 multicast
address assigned to VRRP. address assigned to VRRP.
When VRRP is protecting an IPv6 address, VRRP packets are sent When VRRP is protecting an IPv6 address, VRRP packets are sent
encapsulated in IPv6 packets. They are sent to the IPv6 multicast encapsulated in IPv6 packets. They are sent to the IPv6 multicast
address assigned to VRRP. address assigned to VRRP.
5.1. VRRP Packet Format 5.1. VRRP Packet Format
skipping to change at page 17, line 28 skipping to change at line 741
| IPvX Address(es) | | IPvX Address(es) |
+ + + +
+ + + +
+ + + +
+ + + +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IPv4/IPv6 VRRP Advertisement Packet Format Figure 3: IPv4/IPv6 VRRP Advertisement Packet Format
5.1.1. IPv4 Field Descriptions 5.1.1. IPv4 Field Descriptions
5.1.1.1. Source Address 5.1.1.1. Source Address
This is the primary IPv4 address of the interface from which the This is the primary IPv4 address of the interface from which the
packet is being sent. packet is being sent.
5.1.1.2. Destination Address 5.1.1.2. Destination Address
skipping to change at page 18, line 42 skipping to change at line 802
5.1.2.4. Next Header 5.1.2.4. Next Header
The IPv6 Next Header protocol assigned by the IANA for VRRP is 112 The IPv6 Next Header protocol assigned by the IANA for VRRP is 112
(decimal). (decimal).
5.2. VRRP Field Descriptions 5.2. VRRP Field Descriptions
5.2.1. Version 5.2.1. Version
The version field specifies the VRRP protocol version of this packet. The Version field specifies the VRRP protocol version of this packet.
This document defines version 3. This document defines version 3.
5.2.2. Type 5.2.2. Type
The Type field specifies the type of this VRRP packet. The only The Type field specifies the type of this VRRP packet. The only
packet type defined in this version of the protocol is: packet type defined in this version of the protocol is:
1 - ADVERTISEMENT 1 - ADVERTISEMENT
A packet with unknown type MUST be discarded. A packet with unknown type MUST be discarded.
5.2.3. Virtual Rtr ID (VRID) 5.2.3. Virtual Rtr ID (VRID)
The Virtual Rtr ID field identifies the Virtual Router for which this The Virtual Rtr ID field identifies the Virtual Router for which this
packet is reporting status. packet is reporting status.
5.2.4. Priority 5.2.4. Priority
The priority field specifies the sending VRRP Router's priority for The Priority field specifies sending the VRRP Router's priority for
the Virtual Router. Higher values indicate higher priority. This the Virtual Router. Higher values indicate higher priority. This
field is an 8-bit unsigned integer field. field is an 8-bit unsigned integer field.
The priority value for the VRRP Router that owns the IPvX address The priority value for the VRRP Router that owns the IPvX address
associated with the Virtual Router MUST be 255 (decimal). associated with the Virtual Router MUST be 255 (decimal).
VRRP Routers backing up a Virtual Router MUST use priority values VRRP Routers backing up a Virtual Router MUST use priority values
between 1-254 (decimal). The default priority value for VRRP Routers between 1-254 (decimal). The default priority value for VRRP Routers
backing up a Virtual Router is 100 (decimal). Refer to Section 8.3.2 backing up a Virtual Router is 100 (decimal). Refer to Section 8.3.2
for recommendations on setting the priority. for recommendations on setting the priority.
The priority value zero (0) has special meaning, indicating that the The priority value zero (0) has special meaning, indicating that the
current Active Router has stopped participating in VRRP. This is current Active Router has stopped participating in VRRP. This is
used to trigger Backup Routers to quickly transition to Active Router used to trigger Backup Routers to quickly transition to the Active
without having to wait for the current Active_Down_Interval (refer to Router without having to wait for the current Active_Down_Interval
Section 6.1). (refer to Section 6.1).
5.2.5. IPvX Addr Count 5.2.5. IPvX Addr Count
This is the number of either IPv4 addresses or IPv6 addresses The IPvX Addr Count field is the number of either IPv4 addresses or
contained in this VRRP advertisement. The minimum value is 1. If IPv6 addresses contained in this VRRP advertisement. The minimum
the received count is 0, the VRRP advertisement MUST be ignored. value is 1. If the received count is 0, the VRRP advertisement MUST
be ignored.
5.2.6. Reserve 5.2.6. Reserve
This reserved field MUST be set to zero on transmission and ignored The Reserve field MUST be set to zero on transmission and ignored on
on reception. reception.
5.2.7. Maximum Advertisement Interval (Max Advertise Interval) 5.2.7. Maximum Advertisement Interval (Max Advertise Interval)
The Maximum Advertisement Interval is a 12-bit field that indicates The Max Advertise Interval is a 12-bit field that indicates the time
the time interval (in centiseconds) between advertisements. The interval (in centiseconds) between advertisements. The default is
default is 100 centiseconds (1 second). 100 centiseconds (1 second).
Note that higher-priority Active Routers with slower transmission Note that higher-priority Active Routers with slower transmission
rates than their Backup Routers are unstable. This is because lower- rates than their Backup Routers are unstable. This is because lower-
priority Backup Routers configured to faster rates could join the LAN priority Backup Routers configured to faster rates could join the LAN
and decide they should be Active Routers before they have heard and decide they should be Active Routers before they have heard
anything from the higher-priority Active Router with a slower rate. anything from the higher-priority Active Router with a slower rate.
When this happens, it is temporary, once the lower-priority node does When this happens, it is temporary, i.e., once the lower-priority
hear from the higher-priority Active Router, it will relinquish node does hear from the higher-priority Active Router, it will
Active Router status. relinquish Active Router status.
5.2.8. Checksum 5.2.8. Checksum
The checksum field is used to detect data corruption in the VRRP The Checksum field is used to detect data corruption in the VRRP
message. message.
For both the IPv4 and IPv6 address families, the checksum is the For both the IPv4 and IPv6 address families, the checksum is the
16-bit one's complement of the one's complement sum of the VRRP 16-bit one's complement of the one's complement sum of the VRRP
message. For computing the checksum, the checksum field is set to message. For computing the checksum, the Checksum field is set to
zero. See RFC1071 for more detail [RFC1071]. zero. See [RFC1071] for more details.
For the IPv4 address family, the checksum calculation only includes For the IPv4 address family, the checksum calculation only includes
the VRRP message starting with the Version field and ending after the the VRRP message starting with the Version field and ending after the
last IPv4 address (refer to Section 5.2). last IPv4 address (refer to Section 5.2).
For the IPv6 address family, the checksum calculation also includes a For the IPv6 address family, the checksum calculation also includes a
prepended "pseudo-header" as defined in Section 8.1 of [RFC8200]. prepended "pseudo-header", as defined in Section 8.1 of [RFC8200].
The next header field in the "pseudo-header" should be set to 112 The Next Header field in the "pseudo-header" should be set to 112
(decimal) for VRRP. (decimal) for VRRP.
5.2.9. IPvX Address(es) 5.2.9. IPvX Address(es)
This refers to one or more IPvX addresses associated with the Virtual This refers to one or more IPvX addresses associated with the Virtual
Router. The number of addresses included is specified in the "IPvX Router. The number of addresses included is specified in the IPvX
Addr Count" field. These fields are used for troubleshooting Addr Count field. These fields are used for troubleshooting
misconfigured routers. If more than one address is sent, it is misconfigured routers. If more than one address is sent, it is
recommended that all routers be configured to send these addresses in recommended that all routers be configured to send these addresses in
the same order to simplify comparisons. the same order to simplify comparisons.
For IPv4 addresses, this refers to one or more IPv4 addresses that For IPv4 addresses, this refers to one or more IPv4 addresses that
are backed up by the Virtual Router. are backed up by the Virtual Router.
For IPv6, the first address MUST be the IPv6 link-local address For IPv6, the first address MUST be the IPv6 link-local address
associated with the Virtual Router. associated with the Virtual Router.
This field contains either one or more IPv4 addresses, or one or more This field contains either one or more IPv4 addresses or one or more
IPv6 addresses. The address family of the addresses, IPv4 or IPv6 IPv6 addresses. The address family of the addresses, IPv4 or IPv6
but not both, MUST be the same as the VRRP packet's IPvX header but not both, MUST be the same as the VRRP packet's IPvX header
address family. address family.
6. Protocol State Machine 6. Protocol State Machine
6.1. Parameters Per Virtual Router 6.1. Parameters per Virtual Router
VRID Virtual Router Identifier. Configurable VRID Virtual Router Identifier. Configurable
value in the range 1-255 (decimal). value in the range 1-255 (decimal).
There is no default. There is no default.
Priority Priority value to be used by this VRRP Priority Priority value to be used by this VRRP
router in Active Router election for this Router in Active Router election for this
Virtual Router. The value of 255 Virtual Router. The value of 255
(decimal) is reserved for the router that (decimal) is reserved for the router that
owns the IPvX address associated with the owns the IPvX address associated with the
Virtual Router. The value of 0 (zero) is Virtual Router. The value of 0 (zero) is
reserved for the Active Router to reserved for the Active Router to
indicate it is relinquishing indicate it is relinquishing
responsibility for the Virtual Router. responsibility for the Virtual Router.
The range 1-254 (decimal) is available The range 1-254 (decimal) is available
for VRRP Routers backing up the Virtual for VRRP Routers backing up the Virtual
Router. Higher values indicate higher Router. Higher values indicate higher
skipping to change at page 21, line 43 skipping to change at line 943
with this Virtual Router. Configured with this Virtual Router. Configured
list of addresses with no default. The list of addresses with no default. The
first address MUST be the Link-Local first address MUST be the Link-Local
address associated with the Virtual address associated with the Virtual
Router. Router.
IPvX_Addresses Refer to either the IPv4 or IPv6 address IPvX_Addresses Refer to either the IPv4 or IPv6 address
associated with this Virtual Router (see associated with this Virtual Router (see
IPv4_Addresses and IPv6_Addresses above). IPv4_Addresses and IPv6_Addresses above).
Advertisement_Interval Time interval between ADVERTISEMENTS Advertisement_Interval Time interval between VRRP Advertisements
(centiseconds) sent by this Virtual (centiseconds) sent by this Virtual
Router. Default is 100 centiseconds (1 Router. Default is 100 centiseconds (1
second). second).
Active_Adver_Interval Advertisement interval contained in Active_Adver_Interval Advertisement interval contained in VRRP
ADVERTISEMENTS received from the Active Advertisements received from the Active
Router (in centiseconds). This value is Router (in centiseconds). This value is
saved by Virtual Routers in the Backup saved by Virtual Routers in the Backup
state and used to compute Skew_Time (as state and used to compute Skew_Time (as
specfied in Section 8.3.2) and specified in Section 8.3.2) and
Active_Down_Interval. The initial value Active_Down_Interval. The initial value
is the same as Advertisement_Interval. is the same as Advertisement_Interval.
Skew_Time Time to skew Active_Down_Interval in Skew_Time Time to skew Active_Down_Interval in
centiseconds. Calculated as: centiseconds. Calculated as:
(((256 - Priority) * (((256 - Priority) *
Active_Adver_Interval) / 256) Active_Adver_Interval) / 256)
Active_Down_Interval Time interval for the Backup Router to Active_Down_Interval Time interval for the Backup Router to
skipping to change at page 23, line 31 skipping to change at line 1027
| +------| |----------+ | | +------| |----------+ |
| | +---------------+ | | | | +---------------+ | |
| | | | | | | |
| V V | | V V |
+---------------+ +---------------+ +---------------+ +---------------+
| |---------------------->| | | |---------------------->| |
| Active | | Backup | | Active | | Backup |
| |<----------------------| | | |<----------------------| |
+---------------+ +---------------+ +---------------+ +---------------+
Figure 4: State Transition Diagram
6.4. State Descriptions 6.4. State Descriptions
In the state descriptions below, the state names are identified by In the state descriptions below, the state names are identified by
{state-name}, and the packets are identified by all-uppercase {state-name}, and the packets are identified by all-uppercase
characters. characters.
A VRRP Router implements an instance of the state machine for each A VRRP Router implements an instance of the state machine for each
Virtual Router in which it is participating. Virtual Router in which it is participating.
6.4.1. Initialize 6.4.1. Initialize
The purpose of this state is to wait for a Startup event, that is, an The purpose of this state is to wait for a Startup event, that is, an
implementation-defined mechanism that initiates the protocol once it implementation-defined mechanism that initiates the protocol once it
has been configured. The configuration mechanism is out of scope for has been configured. The configuration mechanism is out of scope for
this specification. this specification.
If a Startup event is received, then: If a Startup event is received, then:
- If the Priority = 255, i.e., the router owns the IPvX * If the Priority = 255, i.e., the router owns the IPvX address(es)
address(es) associated with the Virtual Router, then: associated with the Virtual Router, then:
+ Send an ADVERTISEMENT - Send an ADVERTISEMENT
+ If the protected IPvX address is an IPv4 address, then: - If the protected IPvX address is an IPv4 address, then:
* For each IPv4 address associated with the Virtual o For each IPv4 address associated with the Virtual Router,
Router, broadcast a gratuitous ARP message broadcast a gratuitous ARP message containing the Virtual
containing the Virtual Router MAC address and Router MAC address and with the target link-layer address
with the target link-layer address set to the set to the Virtual Router MAC address.
Virtual Router MAC address.
+ else // IPv6 - else // IPv6
* For each IPv6 address associated with the Virtual o For each IPv6 address associated with the Virtual Router,
Router, send an unsolicited ND Neighbor send an unsolicited ND Neighbor Advertisement with the
Advertisement with the Router Flag (R) set, the Router Flag (R) set, the Solicited Flag (S) clear, the
Solicited Flag (S) clear, the Override flag (O) Override flag (O) set, the target address set to the IPv6
set, the target address set to the IPv6 address address of the Virtual Router, and the target link-layer
of the Virtual Router, and the target link-layer address set to the Virtual Router MAC address.
address set to the Virtual Router MAC address.
+ endif // was protected address IPv4? - endif // was protected address IPv4?
+ Set the Adver_Timer to Advertisement_Interval - Set the Adver_Timer to Advertisement_Interval
+ Transition to the {Active} state - Transition to the {Active} state
- else // Router is not the address owner * else // Router is not the address owner
+ Set Active_Adver_Interval to Advertisement_Interval - Set the Active_Adver_Interval to Advertisement_Interval
+ Set the Active_Down_Timer to Active_Down_Interval - Set the Active_Down_Timer to Active_Down_Interval
+ Transition to the {Backup} state - Transition to the {Backup} state
- endif // was priority 255? * endif // was priority 255?
endif // Startup event was received endif // Startup event was received
6.4.2. Backup 6.4.2. Backup
The purpose of the {Backup} state is to monitor the availability and The purpose of the {Backup} state is to monitor the availability and
state of the Active Router. The Solicited-Node multicast address state of the Active Router. The Solicited-Node multicast address
[RFC4291] is referenced in the pseudo-code below. [RFC4291] is referenced in the pseudocode below.
While in Backup state, a VRRP Router MUST do the following: While in the {Backup} state, a VRRP Router MUST do the following:
- If the protected IPvX address is an IPv4 address, * If the protected IPvX address is an IPv4 address, then:
then:
+ It MUST NOT respond to ARP requests for the IPv4 - It MUST NOT respond to ARP requests for the IPv4 address(es)
address(es) associated with the Virtual Router. associated with the Virtual Router.
- else // protected address is IPv6 * else // protected address is IPv6
+ It MUST NOT respond to ND Neighbor Solicitation messages - It MUST NOT respond to ND Neighbor Solicitation messages for
for the IPv6 address(es) associated with the Virtual Router. the IPv6 address(es) associated with the Virtual Router.
+ It MUST NOT send ND Router Advertisement messages - It MUST NOT send ND Router Advertisement messages for the
for the Virtual Router. Virtual Router.
- endif // was protected address IPv4? * endif // was protected address IPv4?
- It MUST discard packets with a destination link-layer * It MUST discard packets with a destination link-layer MAC address
MAC address equal to the Virtual Router MAC address. equal to the Virtual Router MAC address.
- It MUST NOT accept packets addressed to the IPvX * It MUST NOT accept packets addressed to the IPvX address(es)
address(es) associated with the Virtual Router. associated with the Virtual Router.
- If a Shutdown event is received, then: * If a Shutdown event is received, then:
+ Cancel the Active_Down_Timer - Cancel the Active_Down_Timer
+ Transition to the {Initialize} state - Transition to the {Initialize} state
- endif // Shutdown event received * endif // Shutdown event received
- If the Active_Down_Timer fires, then: * If the Active_Down_Timer fires, then:
+ Send an ADVERTISEMENT - Send an ADVERTISEMENT
+ If the protected IPvX address is an IPv4 address, then: - If the protected IPvX address is an IPv4 address, then:
* For each IPv4 address associated with the Virtual o For each IPv4 address associated with the Virtual Router,
Router, broadcast a gratuitous ARP message broadcast a gratuitous ARP message containing the Virtual
containing the Virtual Router MAC address and Router MAC address and with the target link-layer address
with the target link-layer address set to the set to the Virtual Router MAC address.
Virtual Router MAC address.
+ else // IPv6 - else // IPv6
* Compute and join the Solicited-Node multicast o Compute and join the Solicited-Node multicast address
address [RFC4291] for the IPv6 address(es) [RFC4291] for the IPv6 address(es) associated with the
associated with the Virtual Router. Virtual Router.
* For each IPv6 address associated with the o For each IPv6 address associated with the Virtual Router,
Virtual Router, send an unsolicited ND Neighbor send an unsolicited ND Neighbor Advertisement with the
Advertisement with the Router Flag (R) set, the Router Flag (R) set, the Solicited Flag (S) clear, the
Solicited Flag (S) clear, the Override flag (O) Override flag (O) set, the target address set to the IPv6
set, the target address set to the IPv6 address address of the Virtual Router, and the target link-layer
of the Virtual Router, and the target link-layer address set to the Virtual Router MAC address.
address set to the Virtual Router MAC address.
+ endif // was protected address IPv4? - endif // was protected address IPv4?
+ Set the Adver_Timer to Advertisement_Interval - Set the Adver_Timer to Advertisement_Interval
+ Transition to the {Active} state - Transition to the {Active} state
- endif // Active_Down_Timer fired * endif // Active_Down_Timer fired
- If an ADVERTISEMENT is received, then: * If an ADVERTISEMENT is received, then:
+ If the Priority in the ADVERTISEMENT is 0, then: - If the Priority in the ADVERTISEMENT is 0, then:
* Set the Active_Down_Timer to Skew_Time o Set the Active_Down_Timer to Skew_Time
+ else // priority non-zero - else // priority non-zero
* If Preempt_Mode is False, or if the Priority in o If Preempt_Mode is False, or if the Priority in the
the ADVERTISEMENT is greater than or equal to the ADVERTISEMENT is greater than or equal to the local
local Priority, then: Priority, then:
@ Set Active_Adver_Interval to Max Advertise + Set the Active_Adver_Interval to the Max Advertise
Interval contained in the ADVERTISEMENT Interval contained in the ADVERTISEMENT
@ Recompute the Skew_Time + Recompute the Skew_Time
@ Recompute the Active_Down_Interval, + Recompute the Active_Down_Interval
@ Set the Active_Down_Timer to Active_Down_Interval + Set the Active_Down_Timer to Active_Down_Interval
* else // preempt was true and priority was less o else // preempt was true and priority was less than the
than the local priority local priority
@ Discard the ADVERTISEMENT + Discard the ADVERTISEMENT
* endif // preempt test o endif // preempt test
+ endif // was priority 0? - endif // was priority 0?
- endif // was advertisement received? * endif // was advertisement received?
endwhile // Backup state endwhile // {Backup} state
6.4.3. Active 6.4.3. Active
While in the {Active} state, the router functions as the forwarding While in the {Active} state, the router functions as the forwarding
router for the IPvX address(es) associated with the Virtual Router. router for the IPvX address(es) associated with the Virtual Router.
Note that in the Active state, the Preempt_Mode Flag is not Note that in the {Active} state, the Preempt_Mode Flag is not
considered. considered.
While in Active state, a VRRP Router MUST do the following: While in the {Active} state, a VRRP Router MUST do the following:
- If the protected IPvX address is an IPv4 address, then: * If the protected IPvX address is an IPv4 address, then:
+ It MUST respond to ARP requests for the IPv4 - It MUST respond to ARP requests for the IPv4 address(es)
address(es) associated with the Virtual Router. associated with the Virtual Router.
- else // IPv6 * else // IPv6
+ It MUST be a member of the Solicited-Node multicast - It MUST be a member of the Solicited-Node multicast address for
address for the IPv6 address(es) associated with the the IPv6 address(es) associated with the Virtual Router.
Virtual Router.
+ It MUST respond to ND Neighbor Solicitation messages (with - It MUST respond to ND Neighbor Solicitation messages (with the
the Router Flag (R) set) for the IPv6 address(es) associated Router Flag (R) set) for the IPv6 address(es) associated with
with the Virtual Router. the Virtual Router.
+ It MUST send ND Router Advertisements for the Virtual - It MUST send ND Router Advertisements for the Virtual Router.
Router.
+ If Accept_Mode is False: MUST NOT drop IPv6 - If Accept_Mode is False:
Neighbor Solicitations and Neighbor Advertisements.
- endif // IPv4? o It MUST NOT drop IPv6 Neighbor Solicitations and Neighbor
Advertisements.
- It MUST forward packets with a destination link-layer MAC * endif // IPv4?
address equal to the Virtual Router MAC address.
- It MUST accept packets addressed to the IPvX address(es) * It MUST forward packets with a destination link-layer MAC address
associated with the Virtual Router if it is the IPvX equal to the Virtual Router MAC address.
address owner or if Accept_Mode is True. Otherwise,
MUST NOT accept these packets.
- If a Shutdown event is received, then: * It MUST accept packets addressed to the IPvX address(es)
associated with the Virtual Router if it is the IPvX address owner
or if Accept_Mode is True. Otherwise, it MUST NOT accept these
packets.
+ Cancel the Adver_Timer * If a Shutdown event is received, then:
+ Send an ADVERTISEMENT with Priority = 0
+ Transition to the {Initialize} state - Cancel the Adver_Timer
- endif // shutdown received - Send an ADVERTISEMENT with Priority = 0
- If the Adver_Timer fires, then: - Transition to the {Initialize} state
+ Send an ADVERTISEMENT * endif // shutdown received
+ Reset the Adver_Timer to Advertisement_Interval * If the Adver_Timer fires, then:
- endif // advertisement timer fired - Send an ADVERTISEMENT
- If an ADVERTISEMENT is received, then: - Reset the Adver_Timer to Advertisement_Interval
+ If the Priority in the ADVERTISEMENT is 0, then: * endif // advertisement timer fired
* Send an ADVERTISEMENT * If an ADVERTISEMENT is received, then:
* Reset the Adver_Timer to Advertisement_Interval - If the Priority in the ADVERTISEMENT is 0, then:
+ else // priority was non-zero o Send an ADVERTISEMENT
* If the Priority in the ADVERTISEMENT is greater o Reset the Adver_Timer to Advertisement_Interval
than the local Priority or the Priority in the
ADVERTISEMENT is equal to the local Priority and
the primary IPvX Address of the sender is greater
than the local primary IPvX Address (based on an
unsigned integer comparison of the IPvX addresses in
network-byte order), then:
@ Cancel Adver_Timer - else // priority was non-zero
@ Set Active_Adver_Interval to Max Advertise o If the Priority in the ADVERTISEMENT is greater than the
Interval contained in the ADVERTISEMENT local Priority or the Priority in the ADVERTISEMENT is equal
to the local Priority and the primary IPvX address of the
sender is greater than the local primary IPvX address (based
on an unsigned integer comparison of the IPvX addresses in
network byte order), then:
@ Recompute the Skew_Time + Cancel Adver_Timer
@ Recompute the Active_Down_Interval + Set the Active_Adver_Interval to the Max Advertise
Interval contained in the ADVERTISEMENT
@ Set Active_Down_Timer to Active_Down_Interval + Recompute the Skew_Time
@ Transition to the {Backup} state + Recompute the Active_Down_Interval
* else // new Active Router logic + Set the Active_Down_Timer to Active_Down_Interval
@ Discard the ADVERTISEMENT + Transition to the {Backup} state
@ Send an ADVERTISEMENT immediately to assert
Active state to the sending VRRP Router and
to update any learning bridges with the correct
Active VRRP Router path.
* endif // new Active Router detected o else // new Active Router logic
+ endif // was priority zero? + Discard the ADVERTISEMENT
- endif // advert received + Send an ADVERTISEMENT immediately to assert the {Active}
state to the sending VRRP Router and to update any
learning bridges with the correct Active VRRP Router
path.
endwhile // in Active state o endif // new Active Router detected
- endif // was priority zero?
* endif // advert received
endwhile // in {Active} state
Note: VRRP packets are transmitted with the Virtual Router MAC Note: VRRP packets are transmitted with the Virtual Router MAC
Address as the source MAC address to ensure that learning bridges address as the source MAC address to ensure that learning bridges
correctly determine the LAN segment to which the Virtual Router is correctly determine the LAN segment to which the Virtual Router is
attached. attached.
7. Sending and Receiving VRRP Packets 7. Sending and Receiving VRRP Packets
7.1. Receiving VRRP Packets 7.1. Receiving VRRP Packets
The following functions must be performed when a VRRP packet is The following functions must be performed when a VRRP packet is
received: received:
- If the received packet is an IPv4 packet, then: * If the received packet is an IPv4 packet, then:
+ It MUST verify that the IPv4 TTL is 255. - It MUST verify that the IPv4 TTL is 255.
- else // IPv6 VRRP packet received * else // IPv6 VRRP packet received
+ It MUST verify that the IPv6 Hop Limit is 255. - It MUST verify that the IPv6 Hop Limit is 255.
-endif * endif
- It MUST verify that the VRRP Version is 3. * It MUST verify that the VRRP version is 3.
- It MUST verify that the VRRP Packet Type is 1 (ADVERTISEMENT). * It MUST verify that the VRRP packet type is 1 (ADVERTISEMENT).
- It MUST verify that the received packet contains the complete * It MUST verify that the received packet contains the complete VRRP
VRRP packet (including fixed fields, and IPvX address). packet (including fixed fields and the IPvX address).
- It MUST verify the VRRP checksum. * It MUST verify the VRRP checksum.
- It MUST verify that the VRID is configured on the receiving * It MUST verify that the VRID is configured on the receiving
interface and the local router is not the IPvX address interface and the local router is not the IPvX address owner
owner (Priority = 255 (decimal)). (Priority = 255 (decimal)).
If any one of the above checks fails, the receiver MUST discard If any one of the above checks fails, the receiver MUST discard the
the packet, SHOULD log the event (subject to rate-limiting), and packet, SHOULD log the event (subject to rate-limiting), and MAY
MAY indicate via network management that an error occurred. indicate via network management that an error occurred.
A receiver SHOULD also verify that the Max Advertise Interval in the A receiver SHOULD also verify that the Max Advertise Interval in the
received VRRP packet matches the Advertisement_Interval configured received VRRP packet matches the Advertisement_Interval configured
for the VRID. Instability can occur with differing intervals (refer for the VRID. Instability can occur with differing intervals (refer
to Section 5.2.7). If this check fails, the receiver SHOULD log the to Section 5.2.7). If this check fails, the receiver SHOULD log the
event (subject to rate-limiting) and MAY indicate via network event (subject to rate-limiting) and MAY indicate via network
management that a misconfiguration was detected. management that a misconfiguration was detected.
A receiver MAY also verify that "IPvX Addr Count" and the list of A receiver MAY also verify that "IPvX Addr Count" and the list of
IPvX address(es) match the IPvX Address(es) configured for the VRID. IPvX address(es) match the IPvX address(es) configured for the VRID.
If this check fails, the receiver SHOULD log (subject to rate- If this check fails, the receiver SHOULD log (subject to rate-
limiting) the event and MAY indicate via network management that a limiting) the event and MAY indicate via network management that a
misconfiguration was detected. misconfiguration was detected.
7.2. Transmitting VRRP Packets 7.2. Transmitting VRRP Packets
The following operations MUST be performed when transmitting a VRRP The following operations MUST be performed when transmitting a VRRP
packet: packet:
- Fill in the VRRP packet fields with the appropriate Virtual * Fill in the VRRP packet fields with the appropriate Virtual Router
Router configuration state configuration state
- Compute the VRRP checksum * Compute the VRRP checksum
- Set the source MAC address to the Virtual Router MAC Address * Set the source MAC address to the Virtual Router MAC address
- If the protected address is an IPv4 address, then: * If the protected address is an IPv4 address, then:
+ Set the source IPv4 address to the interface's primary IPv4 - Set the source IPv4 address to the interface's primary IPv4
address address
- else // IPv6 * else // IPv6
+ Set the source IPv6 address to the interface's link-local - Set the source IPv6 address to the interface's link-local IPv6
IPv6 address address
- endif * endif
- Set the IPvX protocol to VRRP * Set the IPvX protocol to VRRP
- Send the VRRP packet to the VRRP IPvX multicast group * Send the VRRP packet to the VRRP IPvX multicast group
Note: VRRP packets are transmitted with the Virtual Router MAC Note: VRRP packets are transmitted with the Virtual Router MAC
address as the source MAC address to ensure that learning bridges address as the source MAC address to ensure that learning bridges
correctly determine the LAN segment to which the Virtual Router is correctly determine the LAN segment to which the Virtual Router is
attached. attached.
7.3. Virtual Router MAC Address 7.3. Virtual Router MAC Address
The Virtual Router MAC address associated with a Virtual Router is an The Virtual Router MAC address associated with a Virtual Router is an
IEEE 802 MAC Address [I-D.ietf-intarea-rfc7042bis] in the following IEEE 802 MAC address [RFC9542] in the following format:
format:
IPv4 case: 00-00-5E-00-01-{VRID} (in hex, in Internet-standard bit- IPv4 case: 00-00-5E-00-01-{VRID} (in hex, in network byte order)
order)
The first three octets are derived from the IANA's Organizational The first three octets are derived from the IANA's Organizationally
Unique Identifier (OUI). The next two octets (00-01) indicate the Unique Identifier (OUI). The next two octets (00-01) indicate the
address block assigned to the VRRP protocol for the IPv4 protocol. address block assigned to the VRRP protocol for the IPv4 protocol.
{VRID} is the Virtual Router Identifier. This mapping provides for {VRID} is the Virtual Router Identifier. This mapping provides for
up to 255 IPv4 VRRP Routers on a LAN. up to 255 IPv4 VRRP Routers on a LAN.
IPv6 case: 00-00-5E-00-02-{VRID} (in hex, in Internet-standard bit- IPv6 case: 00-00-5E-00-02-{VRID} (in hex, in network byte order)
order)
The first three octets are derived from the IANA's OUI. The next two The first three octets are derived from the IANA's OUI. The next two
octets (00-02) indicate the address block assigned to the VRRP octets (00-02) indicate the address block assigned to the VRRP
protocol for the IPv6 protocol. {VRID} is the Virtual Router protocol for the IPv6 protocol. {VRID} is the Virtual Router
Identifier. This mapping provides for up to 255 IPv6 VRRP Routers on Identifier. This mapping provides for up to 255 IPv6 VRRP Routers on
a LAN. a LAN.
7.4. IPv6 Interface Identifiers 7.4. IPv6 Interface Identifiers
[RFC8064] specifies that [RFC7217] be used as the default scheme for [RFC8064] specifies that [RFC7217] be used as the default scheme for
generating stable address in IPv6 Stateless Address Autoconfiguration generating a stable address in IPv6 Stateless Address
(SLAAC) [RFC4862]. The Virtual Router MAC MUST NOT be used for the Autoconfiguration (SLAAC) [RFC4862]. The Virtual Router MAC MUST NOT
Net_Iface parameter used in the Interface Identifier (IID) derivation be used for the Net_Iface parameter used in the Interface Identifier
algorithms in [RFC7217] and [RFC8981]. (IID) derivation algorithms in [RFC7217] and [RFC8981].
Similarly, the Virtual Router MAC MUST NOT be used for the Net_Iface
parameter used for the Interface Identifier (IID) derivation
algorithms in [RFC7217] and [RFC8981].
This VRRP specification describes how to advertise and resolve the This VRRP specification describes how to advertise and resolve the
VRRP Router's IPv6 link-local address and other associated IPv6 VRRP Router's IPv6 link-local address and other associated IPv6
addresses into the Virtual Router MAC address. addresses into the Virtual Router MAC address.
8. Operational Issues 8. Operational Issues
8.1. IPv4 8.1. IPv4
8.1.1. ICMP Redirects 8.1.1. ICMP Redirects
ICMP redirects can be used normally when VRRP is running among a ICMP redirects can be used normally when VRRP is running among a
group of routers. This allows VRRP to be used in environments where group of routers. This allows VRRP to be used in environments where
the topology is not symmetric. the topology is not symmetric.
The IPv4 source address of an ICMP redirect should be the address The IPv4 source address of an ICMP redirect should be the address
that the end-host used when making its next-hop routing decision. If that the end-host used when making its next-hop routing decision. If
a VRRP Router is acting as Active Router for Virtual Router(s) a VRRP Router is acting as the Active Router for Virtual Router(s)
containing address(es) it does not own, then it must determine to containing address(es) it does not own, then it must determine to
which Virtual Router the packet was sent when selecting the redirect which Virtual Router the packet was sent when selecting the redirect
source address. One method to deduce the Virtual Router used is to source address. One method to deduce the Virtual Router used is to
examine the destination MAC address in the packet that triggered the examine the destination MAC address in the packet that triggered the
redirect. redirect.
It may be useful to disable redirects for specific cases where VRRP It may be useful to disable redirects for specific cases where VRRP
is being used to load-share traffic among a number of routers in a is being used to load-share traffic among a number of routers in a
symmetric topology. symmetric topology.
8.1.2. Host ARP Requests 8.1.2. Host ARP Requests
When a host sends an ARP request for one of the Virtual Router IPv4 When a host sends an ARP request for one of the Virtual Router IPv4
addresses, the Active Router MUST respond to the ARP request with an addresses, the Active Router MUST respond to the ARP request with an
ARP response that indicates the Virtual Router MAC address for the ARP response that indicates the Virtual Router MAC address for the
Virtual Router. Note that the source address of the Ethernet frame Virtual Router. Note that the source address of the Ethernet frame
of this ARP response is the physical MAC address of the physical of this ARP response is the physical MAC address of the physical
router. The Active Router MUST NOT respond with its physical MAC router. The Active Router MUST NOT respond with its physical MAC
address in the ARP response. This allows the host to always use the address in the ARP response. This allows the host to always use the
same MAC address regardless of the current Active Router. same MAC address, regardless of the current Active Router.
When a VRRP Router restarts or boots, it SHOULD NOT send any ARP When a VRRP Router restarts or boots, it SHOULD NOT send any ARP
messages using its physical MAC address for an IPv4 address for which messages using its physical MAC address for an IPv4 address for which
it is the IPv4 Address Owner (as defined in Section 1.7), and it it is the IPv4 address owner (as defined in Section 1.7), and it
should only send ARP messages that include Virtual Router MAC should only send ARP messages that include Virtual Router MAC
addresses. addresses.
This entails the following: This entails the following:
* When configuring an interface, Active Routers SHOULD broadcast a * When configuring an interface, Active Routers SHOULD broadcast a
gratuitous ARP message containing the Virtual Router MAC address gratuitous ARP message containing the Virtual Router MAC address
for each IPv4 address on that interface. for each IPv4 address on that interface.
* At system boot, when initializing interfaces for VRRP operation, * At system boot, when initializing interfaces for VRRP operation,
gratuitous ARP messages MUST be delayed until both the IPv4 gratuitous ARP messages MUST be delayed until both the IPv4
address and the Virtual Router MAC address are configured. address and the Virtual Router MAC address are configured.
* When, for example, SSH access to a particular VRRP Router is * When, for example, Secure Shell (SSH) access to a particular VRRP
required, an IPv4 address known to belong to that router SHOULD be Router is required, an IPv4 address known to belong to that router
used. SHOULD be used.
8.1.3. Proxy ARP 8.1.3. Proxy ARP
If Proxy ARP is to be used on a VRRP Router, then the VRRP Router If Proxy ARP is to be used on a VRRP Router, then the VRRP Router
MUST advertise the Virtual Router MAC address in the Proxy ARP MUST advertise the Virtual Router MAC address in the Proxy ARP
message. Doing otherwise could cause hosts to learn the real MAC message. Doing otherwise could cause hosts to learn the real MAC
address of the VRRP Router. address of the VRRP Router.
8.2. IPv6 8.2. IPv6
8.2.1. ICMPv6 Redirects 8.2.1. ICMPv6 Redirects
ICMPv6 redirects can be used normally when VRRP is running among a ICMPv6 redirects can be used normally when VRRP is running among a
group of routers [RFC4443]. This allows VRRP to be used in group of routers [RFC4443]. This allows VRRP to be used in
environments where the topology is not symmetric, e.g., the VRRP environments where the topology is not symmetric, e.g., the VRRP
routers do not connect to the same destinations. Routers do not connect to the same destinations.
The IPv6 source address of an ICMPv6 redirect SHOULD be the address The IPv6 source address of an ICMPv6 redirect SHOULD be the address
that the end-host used when making its next-hop routing decision. If that the end-host used when making its next-hop routing decision. If
a VRRP Router is acting as Active Router for Virtual Router(s) a VRRP Router is acting as the Active Router for Virtual Router(s)
containing address(es) it does not own, then it has to determine to containing address(es) it does not own, then it has to determine to
which Virtual Router the packet was sent when selecting the redirect which Virtual Router the packet was sent when selecting the redirect
source address. A method to deduce the Virtual Router used is to source address. A method to deduce the Virtual Router used is to
examine the destination MAC address in the packet that triggered the examine the destination MAC address in the packet that triggered the
redirect. redirect.
8.2.2. ND Neighbor Solicitation 8.2.2. ND Neighbor Solicitation
When a host sends an ND Neighbor Solicitation message for a Virtual When a host sends an ND Neighbor Solicitation message for a Virtual
Router IPv6 address, the Active Router MUST respond to the ND Router IPv6 address, the Active Router MUST respond to the ND
Neighbor Solicitation message with the Virtual Router MAC address for Neighbor Solicitation message with the Virtual Router MAC address for
the Virtual Router. The Active Router MUST NOT respond with its the Virtual Router. The Active Router MUST NOT respond with its
physical MAC address. This allows the host to always use the same physical MAC address. This allows the host to always use the same
MAC address regardless of the current Active Router. MAC address, regardless of the current Active Router.
When an Active Router sends an ND Neighbor Solicitation message for a When an Active Router sends an ND Neighbor Solicitation message for a
host's IPv6 address, the Active Router MUST include the Virtual host's IPv6 address, the Active Router MUST include the Virtual
Router MAC address for the Virtual Router if it sends a source link- Router MAC address for the Virtual Router if it sends a source link-
layer address option in the neighbor solicitation message. It MUST layer address option in the Neighbor Solicitation message. It MUST
NOT use its physical MAC address in the source link-layer address NOT use its physical MAC address in the source link-layer address
option. option.
When a VRRP Router restarts or boots, it SHOULD NOT send any ND When a VRRP Router restarts or boots, it SHOULD NOT send any ND
messages with its physical MAC address for the IPv6 address it owns messages with its physical MAC address for the IPv6 address it owns
and it should only send ND messages that include Virtual Router MAC and it should only send ND messages that include Virtual Router MAC
addresses. addresses.
This entails the following: This entails the following:
* When configuring an interface, Active Routers SHOULD send an * When configuring an interface, Active Routers SHOULD send an
unsolicited ND Neighbor Advertisement message containing the unsolicited ND Neighbor Advertisement message containing the
Virtual Router MAC address for the IPv6 address on that interface. Virtual Router MAC address for the IPv6 address on that interface.
* At system boot, when initializing interfaces for VRRP operation, * At system boot, when initializing interfaces for VRRP operation,
all ND Router and Neighbor Advertisements and Solicitation all ND Router Advertisements, ND Neighbor Advertisements, and ND
messages MUST be delayed until both the IPv6 address and the Neighbor Solicitation messages MUST be delayed until both the IPv6
Virtual Router MAC address are configured. address and the Virtual Router MAC address are configured.
Note that on a restarting Active Router where the VRRP protected Note that on a restarting Active Router where the VRRP protected
address is an interface address, i.e., the address owner, Duplicate address is an interface address, i.e., the address owner, Duplicate
Address Detection may fail, as the Backup Router MAY answer that it Address Detection may fail, as the Backup Router MAY answer that it
owns the address. One solution is to not run Duplicate Address owns the address. One solution is to not run Duplicate Address
Detection in this case. Detection in this case.
8.2.3. Router Advertisements 8.2.3. Router Advertisements
When a Backup VRRP Router has become Active Router for a Virtual When a Backup VRRP Router has become the Active Router for a Virtual
Router, it is responsible for sending Router Advertisements for the Router, it is responsible for sending Router Advertisements for the
Virtual Router as specified in Section 6.4.3. The Backup Routers Virtual Router, as specified in Section 6.4.3. The Backup Routers
MUST be configured to send the same Router Advertisement options as MUST be configured to send the same Router Advertisement options as
the address owner. the address owner.
Router Advertisement options that advertise special services, e.g., Router Advertisement options that advertise special services, e.g.,
Home Agent Information Option, that are present in the address owner Home Agent Information Option, that are present in the address owner
SHOULD NOT be sent by the address owner unless the Backup Routers are SHOULD NOT be sent by the address owner unless the Backup Routers are
prepared to assume these services in full and have a complete and prepared to assume these services in full and have a complete and
synchronized database for this service. synchronized database for this service.
8.2.4. Unsolicited Neighbor Advertisements 8.2.4. Unsolicited Neighbor Advertisements
A VRRP Router acting as either an IPv6 Active Router or Backup A VRRP Router acting as either an IPv6 Active Router or Backup Router
Router, SHOULD accept Unsolicited Neighbor Advertisements and update SHOULD accept Unsolicited Neighbor Advertisements and update the
the corresponding neighbor cache [RFC4861]. Since these are sent to corresponding neighbor cache [RFC4861]. Since these are sent to the
the IPv6 all-nodes multicast address (ff02::1) [RFC4861] or the IPv6 IPv6 all-nodes multicast address (ff02::1) [RFC4861] or the IPv6 all-
all-routers multicast address (ff02::2), they will be received. routers multicast address (ff02::2), they will be received.
Unsolicited Neighbor Advertisements are sent both in the case where Unsolicited Neighbor Advertisements are sent both in the case where
the link-level addresses change [RFC4861] and for gratuitous neighbor the link-level addresses change [RFC4861] and for gratuitous neighbor
discovery by first hop routers [RFC9131]. Additional configuration discovery by first-hop routers [RFC9131]. Additional configuration
may be required in order for Unsolicited Neighbor Advertisements to may be required in order for Unsolicited Neighbor Advertisements to
update the corresponding neighbor cache. update the corresponding neighbor cache.
8.3. IPvX 8.3. IPvX
8.3.1. Potential Forwarding Loop 8.3.1. Potential Forwarding Loop
If it is not the address owner, a VRRP Router SHOULD NOT forward If it is not the address owner, a VRRP Router SHOULD NOT forward
packets addressed to the IPvX address for which it becomes Active packets addressed to the IPvX address for which it becomes the Active
Router. Forwarding these packets would result in unnecessary Router. Forwarding these packets would result in unnecessary
traffic. Also, in the case of LANs that receive packets they traffic. Also, in the case of LANs that receive packets they
transmit, this can result in a forwarding loop that is only transmit, this can result in a forwarding loop that is only
terminated when the IPvX TTL expires. terminated when the IPvX TTL expires.
One mechanism for VRRP Routers to avoid these forwarding loops is to One mechanism for VRRP Routers to avoid these forwarding loops is to
add/delete a host Drop Route for each non-owned IPvX address when add/delete a host Drop Route for each non-owned IPvX address when
transitioning to/from Active state. transitioning to/from the Active state.
8.3.2. Recommendations Regarding Setting Priority Values 8.3.2. Recommendations Regarding Setting Priority Values
A priority value of 255 designates a particular router as the "IPvX A priority value of 255 designates a particular router as the "IPvX
address owner" for the VRID. VRRP Routers with priority 255 will, as address owner" for the VRID. VRRP Routers with priority 255 will, as
soon as they start up, preempt all lower-priority routers. For a soon as they start up, preempt all lower-priority routers. For a
VRID, only a single VRRP Router on the link SHOULD be configured with VRID, only a single VRRP Router on the link SHOULD be configured with
priority 255. If multiple VRRP Routers advertising priority 255 are priority 255. If multiple VRRP Routers advertising priority 255 are
detected, the condition SHOULD be logged (subject to rate-limiting). detected, the condition SHOULD be logged (subject to rate-limiting).
If no VRRP Router has this priority, and preemption is disabled, then If no VRRP Router has this priority, and preemption is disabled, then
no preemption will occur. no preemption will occur.
In order to avoid two or more Backup Routers simultaneously becoming In order to avoid two or more Backup Routers simultaneously becoming
Active Routers after the previous Active Router fails or is shut Active Routers after the previous Active Router fails or is shut
down, all Virtual Routers SHOULD be configured with different down, all Virtual Routers SHOULD be configured with different
priorities, and with sufficient differences in priority so that lower priorities and with sufficient differences in the priorities so that
priority Backup Routers do not transition to Active state before lower priority Backup Routers do not transition to the Active state
receiving an advertisement from the highest priority Backup Router before receiving an advertisement from the highest priority Backup
following it transitioning to Active Router. If multiple VRRP Router when it transitions to the Active Router. If multiple VRRP
Routers advertising the same priority are detected, this condition Routers advertising the same priority are detected, this condition
MAY be logged as a warning (subject to rate-limiting). MAY be logged as a warning (subject to rate-limiting).
Since the Skew_Time is reduced as priority is increased, faster Since the Skew_Time is reduced as the priority is increased, faster
convergence can be obtained by using a higher priority for the convergence can be obtained by using a higher priority for the
preferred Backup Router. However, with multiple Backup Routers, the preferred Backup Router. However, with multiple Backup Routers, the
priorities should have sufficient differences as previously priorities should have sufficient differences, as previously
recommended. recommended.
8.4. VRRPv3 and VRRPv2 Interoperation 8.4. VRRPv3 and VRRPv2 Interoperation
8.4.1. Assumptions 8.4.1. Assumptions
1. VRRPv2 and VRRPv3 interoperation is optional. 1. VRRPv2 and VRRPv3 interoperation is optional.
2. Mixing VRRPv2 and VRRPv3 should only be done when transitioning 2. Mixing VRRPv2 and VRRPv3 should only be done when transitioning
from VRRPv2 to VRRPv3. Mixing the two versions should not be from VRRPv2 to VRRPv3. Mixing the two versions should not be
skipping to change at page 36, line 51 skipping to change at line 1618
8.4.2. VRRPv3 Support of VRRPv2 Interoperation 8.4.2. VRRPv3 Support of VRRPv2 Interoperation
As mentioned above, this support is intended for upgrade scenarios As mentioned above, this support is intended for upgrade scenarios
and is NOT RECOMMENDED for permanent deployments. and is NOT RECOMMENDED for permanent deployments.
An implementation MAY implement a configuration flag that tells it to An implementation MAY implement a configuration flag that tells it to
listen for and send both VRRPv2 and VRRPv3 advertisements. listen for and send both VRRPv2 and VRRPv3 advertisements.
When a Virtual Router is configured this way and is the Active When a Virtual Router is configured this way and is the Active
Router, it MUST send both types at the configured rate, even if sub- Router, it MUST send both types at the configured rate, even if it is
second. sub-second.
When a Virtual Router is configured this way and is the Backup When a Virtual Router is configured this way and is the Backup
Router, it MUST time out based on the rate advertised by the Active Router, it MUST time out based on the rate advertised by the Active
Router. In the case of a VRRPv2 Active Router, this means it MUST Router. In the case of a VRRPv2 Active Router, this means it MUST
translate the timeout value it receives (in seconds) into translate the timeout value it receives (in seconds) into
centiseconds. Also, a Backup Router SHOULD ignore VRRPv2 centiseconds. Also, a Backup Router SHOULD ignore VRRPv2
advertisements from the current Active Router if it is also receiving advertisements from the current Active Router if it is also receiving
VRRPv3 packets from it. It MAY report when a VRRPv3 Active Router is VRRPv3 packets from it. It MAY report when a VRRPv3 Active Router is
not sending VRRPv2 packets as this suggests they don't agree on not sending VRRPv2 packets, as this suggests they don't agree on
whether they're supporting VRRPv2 interoperation. whether they're supporting VRRPv2 interoperation.
8.4.2.1. Interoperation Considerations 8.4.2.1. Interoperation Considerations
8.4.2.1.1. Slow, High-Priority Active Routers 8.4.2.1.1. Slow, High-Priority Active Routers
See also Section 5.2.7, "Maximum Advertisement Interval (Max See also Section 5.2.7, "Maximum Advertisement Interval (Max
Advertise Interval)". Advertise Interval)".
The VRRPv2 Active Router interacting with a sub-second VRRPv3 Backup The VRRPv2 Active Router interacting with a sub-second VRRPv3 Backup
router is the most important example of this. Router is the most important example of this.
A VRRPv2 implementation SHOULD NOT be given a higher priority than a A VRRPv2 implementation SHOULD NOT be given a higher priority than a
VRRPv2/VRRPv3 implementation with which it is interoperating if the VRRPv2 or VRRPv3 implementation with which it is interoperating if
VRRPv2/VRRPv3 router's advertisement rate is sub-second. the VRRPv2 or VRRPv3 router's advertisement rate is sub-second.
8.4.2.1.2. Overwhelming VRRPv2 Backups 8.4.2.1.2. Overwhelming VRRPv2 Backups
It seems possible that a VRRPv3 Active Router sending at centisecond It seems possible that a VRRPv3 Active Router sending at centisecond
rates could potentially overwhelm a VRRPv2 Backup Router with rates could potentially overwhelm a VRRPv2 Backup Router with
potentially non-deterministic results. potentially non-deterministic results.
In this upgrade case, a deployment should initially run the VRRPv3 In this upgrade case, a deployment should initially run the VRRPv3
Active Routers with lower frequencies, e.g., 100 centiseconds, until Active Routers with lower frequencies, e.g., 100 centiseconds, until
the VRRPv2 routers are upgraded. Then, once the deployment has the VRRPv2 routers are upgraded. Then, once the deployment has
verified that VRRPv3 is working properly, the VRRPv2 support may be verified that VRRPv3 is working properly, the VRRPv2 support may be
disabled and the desired sub-second rates may be configured. disabled and the desired sub-second rates may be configured.
9. Security Considerations 9. Security Considerations
VRRP for IPvX does not currently include any type of authentication. VRRP for IPvX does not currently include any type of authentication.
Earlier versions of the VRRP specification included several types of Earlier versions of the VRRP specification included several types of
authentication ranging from no authentication to strong authentication, ranging from no authentication to strong
authentication. Operational experience and further analysis authentication. Operational experience and further analysis
determined that these did not provide sufficient security to overcome determined that these did not provide sufficient security to overcome
the vulnerability of misconfigured secrets, causing multiple Active the vulnerability of misconfigured secrets, causing multiple Active
Routers to be elected. Due to the nature of the VRRP protocol, even Routers to be elected. Due to the nature of the VRRP protocol, even
if VRRP messages are cryptographically protected, it does not prevent if VRRP messages are cryptographically protected, it does not prevent
hostile nodes from behaving as if they are an Active Router, creating hostile nodes from behaving as if they are an Active Router, creating
multiple Active Routers. Authentication of VRRP messages could have multiple Active Routers. Authentication of VRRP messages could have
prevented a hostile node from causing all properly functioning prevented a hostile node from causing all properly functioning
routers from going into Backup state. However, having multiple routers from going into the Backup state. However, having multiple
Active Routers can cause as much disruption as no routers, which Active Routers can cause as much disruption as no routers, which
authentication cannot prevent. Also, even if a hostile node could authentication cannot prevent. Also, even if a hostile node could
not disrupt VRRP, it can disrupt ARP/ND and create the same effect as not disrupt VRRP, it can disrupt ARP/ND and create the same effect as
having all routers go into Backup state. having all routers go into the Backup state.
Some L2 switches provide the capability to filter out, for example, Some L2 switches provide the capability to filter out, for example,
ARP and/or ND messages from end-hosts on a switch-port basis. This ARP and/or ND messages from end-hosts on a switch-port basis. This
mechanism could also filter VRRP messages from switch ports mechanism could also filter VRRP messages from switch ports
associated with end-hosts and can be considered for deployments with associated with end-hosts and can be considered for deployments with
untrusted hosts. untrusted hosts.
It should be noted that these attacks are not worse and are a subset It should be noted that these attacks are not worse and are a subset
of the attacks that any node attached to a LAN can do independently of the attacks that any node attached to a LAN can do independently
of VRRP. The kind of attacks a malicious node on a LAN can perform of VRRP. The kind of attacks a malicious node on a LAN can perform
include: include:
* Promiscuously receiving packets for any router's MAC address. * promiscuously receiving packets for any router's MAC address,
* Sending packets with the router's MAC address as the source MAC * sending packets with the router's MAC address as the source MAC
address in the L2 header to tell the L2 switches to send packets address in the L2 header to tell the L2 switches to send packets
addressed to the router to the malicious node instead of the addressed to the router to the malicious node instead of the
router. router,
* Sending redirects to tell hosts to send their traffic somewhere * sending redirects to tell hosts to send their traffic somewhere
else. else,
* Sending unsolicited ND replies. * sending unsolicited ND replies,
* Answering ND requests, etc. * answering ND requests, etc.
All of these can be done independently of implementing VRRP. VRRP All of these can be done independently of implementing VRRP. VRRP
does not add to these vulnerabilities and most of these does not add to these vulnerabilities, and most of these
vulnerabilities are addressed independently, e.g., SEcure Neighbor vulnerabilities are addressed independently, e.g., SEcure Neighbor
Discovery [RFC3971]. Discovery (SEND) [RFC3971].
VRRP includes a mechanism (setting IPv4 TTL or IPv6 Hop Limit to 255 VRRP includes a mechanism (setting IPv4 TTL or IPv6 Hop Limit to 255
and checking the value on receipt) that protects against VRRP packets and checking the value on receipt) that protects against VRRP packets
being injected from another remote network [RFC5082]. This limits being injected from another remote network [RFC5082]. This limits
most vulnerabilities to attacks on the local network. most vulnerabilities to attacks on the local network.
VRRP does not provide any confidentiality. Confidentiality is not VRRP does not provide any confidentiality. Confidentiality is not
necessary for the correct operation of VRRP, and there is no necessary for the correct operation of VRRP, and there is no
information in the VRRP messages that must be kept secret from other information in the VRRP messages that must be kept secret from other
nodes on the LAN. nodes on the LAN.
In the context of IPv6 operation, if SEcure Neighbor Discovery (SEND) In the context of IPv6 operation, if SEND is deployed, VRRP is
is deployed, VRRP is compatible with the "trust anchor" and "trust compatible with the "trust anchor" and "trust anchor or CGA" modes of
anchor or CGA" modes of SEND [RFC3971]. The SEND configuration needs SEND [RFC3971]. The SEND configuration needs to give the Active and
to give the Active and Backup Routers the same prefix delegation in Backup Routers the same prefix delegation in the certificates so that
the certificates so that Active and Backup Routers advertise the same Active and Backup Routers advertise the same set of subnet prefixes.
set of subnet prefixes. However, the Active and Backup Routers However, the Active and Backup Routers should have their own key
should have their own key pairs to avoid private key sharing. pairs to avoid private key sharing.
Also in the context of IPv6 operation, it is RECOMMENDED that the Also in the context of IPv6 operation, it is RECOMMENDED that the
link-level security guidelines in section 2.3 of [RFC9099] be link-level security guidelines in Section 2.3 of [RFC9099] be
followed. followed.
10. Contributors and Acknowledgments 10. IANA Considerations
The IPv6 text in this specification is based on [RFC2338]. The
authors of RFC2338 are S. Knight, D. Weaver, D. Whipple, R.
Hinden, D. Mitzel, P. Hunt, P. Higginson, M. Shand, and A.
Lindem.
The author of [VRRP-IPv6] would also like to thank Erik Nordmark,
Thomas Narten, Steve Deering, Radia Perlman, Danny Mitzel, Mukesh
Gupta, Don Provan, Mark Hollinger, John Cruz, and Melissa Johnson for
their helpful suggestions.
The IPv4 text in this specification is based on [RFC3768]. The
authors of that specification would like to thank Glen Zorn, Michael
Lane, Clark Bremer, Hal Peterson, Tony Li, Barbara Denny, Joel
Halpern, Steve Bellovin, Thomas Narten, Rob Montgomery, Rob Coltun,
Radia Perlman, Russ Housley, Harald Alvestrand, Steve Bellovin, Ned
Freed, Ted Hardie, Russ Housley, Bert Wijnen, Bill Fenner, and Alex
Zinin for their comments and suggestions.
Thanks to Steve Nadas for his work merging/editing [RFC3768] and
[VRRP-IPv6] into the draft that eventually became RFC 5798 [RFC5798].
Thanks to Stewart Bryant, Sasha Vainshtein, Pascal Thubert, Alexander
Okonnikov, Ben Niven-Jenkins, Tim Chown, Malisa Vucinic, Russ White,
Donald Eastlake, Dave Thaler, Eric Kline, and Vijay Gurbani for
comments on the current document (RFC 5798 BIS). Thanks to Gyan
Mishra, Paul Congdon, and Jon Rosen for discussions related to the
removal of legacy technology appendices. Thanks to Dhruv Dhody and
Donald Eastlake for comments and suggestions for improving the IANA
section. Thanks to Sasha Vainshtein for recommending "Maximum
Advertisement Interval" validation. Thanks to Tim Chown and Fernando
Gont for discussions and updates related to IPv6 SLAAC.
Special thanks to Quentin Armitage for a detailed review and
extensive comments on the current document (RFC 5798 BIS).
11. IANA Considerations
IANA is requested to update all IANA Registry references to [RFC5798] IANA has updated all IANA registry references to [RFC5798] to
to be references to [RFCXXXX], i.e., this document. The individual references to RFC 9568, i.e., this document. The individual IANA
IANA references are listed below. references are listed below.
The value 112 is assigned to VRRP in the Assigned Internet Protocol The value 112 is assigned to VRRP in the "Assigned Internet Protocol
Numbers Registry. Numbers" registry.
In the "Local Network Control Block (224.0.0.0 - 224.0.0.255 In the "Local Network Control Block (224.0.0.0 - 224.0.0.255
(224.0.0/24))" of the "IPv4 Multicast Address Space Registry" (224.0.0/24))" registry of the "IPv4 Multicast Address Space
[RFC5771], IANA has assigned the IPv4 multicast address 224.0.0.18 Registry" [RFC5771], IANA has assigned the IPv4 multicast address
for VRRP. 224.0.0.18 for VRRP.
In the "Link-Local Scope Multicast Addresses" block of the "IPv6 In the "Link-Local Scope Multicast Addresses" registry of the "IPv6
Multicast Address Space Registry" [RFC3307], IANA has assigned the Multicast Address Space Registry" [RFC3307], IANA has assigned the
IPv6 link-local scope multicast address ff02:0:0:0:0:0:0:12 for VRRP IPv6 link-local scope multicast address ff02:0:0:0:0:0:0:12 for VRRP
for IPv6. for IPv6.
In the "IANA MAC ADDRESS BLOCK" registry In the "IANA MAC ADDRESS BLOCK" registry [RFC9542], IANA has assigned
[I-D.ietf-intarea-rfc7042bis], IANA has assigned blocks of Ethernet blocks of Ethernet unicast addresses as follows (in hexadecimal):
unicast addresses as follows (in hexadecimal):
00-01-00 to 00-01-FF VRRP +======================+===========================+===========+
00-02-00 to 00-02-FF VRRP IPv6 | Addresses | Usage | Reference |
+======================+===========================+===========+
| 00-01-00 to 00-01-FF | VRRP (Virtual Router | RFC 9568 |
| | Redundancy Protocol) | |
+----------------------+---------------------------+-----------+
| 00-02-00 to 00-02-FF | VRRP IPv6 (Virtual Router | RFC 9568 |
| | Redundancy Protocol IPv6) | |
+----------------------+---------------------------+-----------+
12. Normative References Table 1
[I-D.ietf-intarea-rfc7042bis] 11. References
Eastlake, D. E., Abley, J., and Y. Li, "IANA
Considerations and IETF Protocol and Documentation Usage 11.1. Normative References
for IEEE 802 Parameters", Work in Progress, Internet-
Draft, draft-ietf-intarea-rfc7042bis-11, 6 November 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-intarea-
rfc7042bis-11>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3307] Haberman, B., "Allocation Guidelines for IPv6 Multicast [RFC3307] Haberman, B., "Allocation Guidelines for IPv6 Multicast
Addresses", RFC 3307, DOI 10.17487/RFC3307, August 2002, Addresses", RFC 3307, DOI 10.17487/RFC3307, August 2002,
<https://www.rfc-editor.org/info/rfc3307>. <https://www.rfc-editor.org/info/rfc3307>.
skipping to change at page 41, line 35 skipping to change at line 1809
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200, (IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017, DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>. <https://www.rfc-editor.org/info/rfc8200>.
13. Informative References [RFC9542] Eastlake 3rd, D., Abley, J., and Y. Li, "IANA
Considerations and IETF Protocol and Documentation Usage
for IEEE 802 Parameters", BCP 141, RFC 9542,
DOI 10.17487/RFC9542, April 2024,
<https://www.rfc-editor.org/info/rfc9542>.
11.2. Informative References
[IPSTB] Higginson, P. and M. Shand, "Development of Router [IPSTB] Higginson, P. and M. Shand, "Development of Router
Clusters to Provide Fast Failover in IP Networks", Digital Clusters to Provide Fast Failover in IP Networks", Digital
Technical Journal, Volume 9 Number 3", 1997. Technical Journal, Volume 9, Number 3, 1997.
[NISTIR8366] [NISTIR8366]
National Institute of Standards and Technology (NIST),
"Guidance for NIST Staff on Using Inclusive Language in "Guidance for NIST Staff on Using Inclusive Language in
Documentary Standards, National Institute of Standards and Documentary Standards,", NISTIR 8366,
Technology (NIST) Interagency or Internal Report 8366", DOI 10.6028/NIST.IR.8366, April 2021,
NISTIR 8366, April 2021,
<https://doi.org/10.6028/NIST.IR.8366>. <https://doi.org/10.6028/NIST.IR.8366>.
[RFC1071] Braden, R., Borman, D., and C. Partridge, "Computing the [RFC1071] Braden, R., Borman, D., and C. Partridge, "Computing the
Internet checksum", RFC 1071, DOI 10.17487/RFC1071, Internet checksum", RFC 1071, DOI 10.17487/RFC1071,
September 1988, <https://www.rfc-editor.org/info/rfc1071>. September 1988, <https://www.rfc-editor.org/info/rfc1071>.
[RFC1256] Deering, S., Ed., "ICMP Router Discovery Messages", [RFC1256] Deering, S., Ed., "ICMP Router Discovery Messages",
RFC 1256, DOI 10.17487/RFC1256, September 1991, RFC 1256, DOI 10.17487/RFC1256, September 1991,
<https://www.rfc-editor.org/info/rfc1256>. <https://www.rfc-editor.org/info/rfc1256>.
skipping to change at page 43, line 39 skipping to change at line 1911
RFC 9099, DOI 10.17487/RFC9099, August 2021, RFC 9099, DOI 10.17487/RFC9099, August 2021,
<https://www.rfc-editor.org/info/rfc9099>. <https://www.rfc-editor.org/info/rfc9099>.
[RFC9131] Linkova, J., "Gratuitous Neighbor Discovery: Creating [RFC9131] Linkova, J., "Gratuitous Neighbor Discovery: Creating
Neighbor Cache Entries on First-Hop Routers", RFC 9131, Neighbor Cache Entries on First-Hop Routers", RFC 9131,
DOI 10.17487/RFC9131, October 2021, DOI 10.17487/RFC9131, October 2021,
<https://www.rfc-editor.org/info/rfc9131>. <https://www.rfc-editor.org/info/rfc9131>.
[VRRP-IPv6] [VRRP-IPv6]
Hinden, R. and J. Cruz, "Virtual Router Redundancy Hinden, R. and J. Cruz, "Virtual Router Redundancy
Protocol for IPv6", Work in Progress, March 2007. Protocol for IPv6", Work in Progress, Internet-Draft,
draft-ietf-vrrp-ipv6-spec-08, 5 March 2007,
<https://datatracker.ietf.org/doc/html/draft-ietf-vrrp-
ipv6-spec-08>.
Acknowledgments
The IPv6 text in this specification is based on [RFC2338]. The
authors of [RFC2338] are S. Knight, D. Weaver, D. Whipple, R. Hinden,
D. Mitzel, P. Hunt, P. Higginson, M. Shand, and A. Lindem.
The authors of [VRRP-IPv6] would also like to thank Erik Nordmark,
Thomas Narten, Steve Deering, Radia Perlman, Danny Mitzel, Mukesh
Gupta, Don Provan, Mark Hollinger, John Cruz, and Melissa Johnson for
their helpful suggestions.
The IPv4 text in this specification is based on [RFC3768]. The
authors of that specification would like to thank Glen Zorn, Michael
Lane, Clark Bremer, Hal Peterson, Tony Li, Barbara Denny, Joel
Halpern, Steve M. Bellovin, Thomas Narten, Rob Montgomery, Rob
Coltun, Radia Perlman, Russ Housley, Harald Alvestrand, Ned Freed,
Ted Hardie, Bert Wijnen, Bill Fenner, and Alex Zinin for their
comments and suggestions.
Thanks to Steve Nadas for his work merging/editing [RFC3768] and
[VRRP-IPv6] into the document that eventually became [RFC5798].
Thanks to Stewart Bryant, Sasha Vainshtein, Pascal Thubert, Alexander
Okonnikov, Ben Niven-Jenkins, Tim Chown, Mališa Vučinić, Russ White,
Donald Eastlake, Dave Thaler, Eric Kline, and Vijay Gurbani for
comments on the current document (RFC 9568). Thanks to Gyan Mishra,
Paul Congdon, and Jon Rosen for discussions related to the removal of
legacy technology appendices. Thanks to Dhruv Dhody and Donald
Eastlake for comments and suggestions for improving the IANA section.
Thanks to Sasha Vainshtein for recommending "Maximum Advertisement
Interval" validation. Thanks to Tim Chown and Fernando Gont for
discussions and updates related to IPv6 SLAAC.
Special thanks to Quentin Armitage for a detailed review and
extensive comments on the current document (RFC 9568).
Authors' Addresses Authors' Addresses
Acee Lindem Acee Lindem
LabN Consulting, L.L.C. LabN Consulting, L.L.C.
301 Midenhall Way 301 Midenhall Way
Cary, NC 27513 Cary, NC 27513
United States of America United States of America
Email: acee.ietf@gmail.com Email: acee.ietf@gmail.com
Aditya Dogra Aditya Dogra
Cisco Systems Cisco Systems
Sarjapur Outer Ring Road Sarjapur Outer Ring Road
Bangalore 560103 Bangalore 560103
Karnataka Karnataka
India India
Email: addogra@cisco.com Email: addogra@cisco.com
 End of changes. 244 change blocks. 
571 lines changed or deleted 576 lines changed or added

This html diff was produced by rfcdiff 1.48.