INTERNET-DRAFT                                                 S. KnightJanuary 5, 2000                                                D. Weaver                                             Ascend Communications, Inc.                                                              D. Whipple                                                         Microsoft, Inc.                                                               R. Hinden                                                               D. Mitzel                                                                 P. Hunt                                                                   Nokia                                                            P. Higginson                                                                M. Shand                                                 Digital Equipment Corp.                                                               A. Lindem                                                         IBM Corporation                   Virtual Router Redundancy Protocol                    <draft-ietf-vrrp-spec-v2-05.txt>Status of this Memo   This document is an Internet-Draft and is in full conformance with   all provisions of Section 10 of [RFC2026].   Internet-Drafts are working documents of the Internet Engineering   Task Force (IETF), its areas, and its working groups.  Note that   other groups may also distribute working documents as Internet-   Drafts.   Internet-Drafts are draft documents valid for a maximum of six months   and may be updated, replaced, or obsoleted by other documents at any   time.  It is inappropriate to use Internet-Drafts as reference   material or to cite them other than as "work in progress."     The list of current Internet-Drafts can be accessed at     http://www.ietf.org/ietf/1id-abstracts.txt     The list of Internet-Draft Shadow Directories can be accessed at     http://www.ietf.org/shadow.html.   This internet draft expires on July 5, 2000.Abstract   This memo defines the Virtual Router Redundancy Protocol (VRRP).   VRRP specifies an election protocol that dynamically assigns   responsibility for a virtual router to one of the VRRP routers on a   LAN.  The VRRP router controlling the IP address(es) associated withdraft-ietf-vrrp-spec-v2-05.txt                                  [Page 1]INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000   a virtual router is called the Master, and forwards packets sent to   these IP addresses.  The election process provides dynamic fail over   in the forwarding responsibility should the Master become   unavailable.  This allows any of the virtual router IP addresses on   the LAN to be used as the default first hop router by end-hosts.  The   advantage gained from using VRRP is a higher availability default   path without requiring configuration of dynamic routing or router   discovery protocols on every end-host.Table of Contents   1.  Introduction...............................................3   2.  Required Features..........................................5   3.  VRRP Overview..............................................7   4.  Sample Configurations......................................8   5.  Protocol..................................................11      5.1  VRRP Packet Format....................................11      5.2  IP Field Descriptions.................................11      5.3  VRRP Field Descriptions...............................12   6.  Protocol State Machine....................................15      6.1  Parameters per Virtual Router.........................15      6.2  Timers................................................16      6.3  State Transition Diagram..............................16      6.4  State Descriptions....................................16   7.  Sending and Receiving VRRP Packets........................20      7.1  Receiving VRRP Packets................................20      7.2  Transmitting Packets..................................20      7.3  Virtual MAC Address...................................21   8.  Operational Issues........................................22      8.1  ICMP Redirects........................................22      8.2  Host ARP Requests.....................................22      8.3  Proxy ARP.............................................22      8.4  Potential Forwarding Loop.............................23   9.  Operation over FDDI, Token Ring, and ATM LANE.............23      9.1  Operation over FDDI...................................23      9.2  Operation over Token Ring.............................23      9.3  Operation over ATM LANE...............................25   10. Security Considerations...................................26      10.1  No Authentication....................................26      10.2  Simple Text Password.................................26      10.3  IP Authentication Header.............................27   11. Intellectual Property.....................................28   12. Acknowledgments...........................................28   13. References................................................28   14. Authors' Addresses........................................29   15. Changes from RFC2338......................................32draft-ietf-vrrp-spec-v2-05.txt                                  [Page 2]INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 20001.  Introduction   There are a number of methods that an end-host can use to determine   its first hop router towards a particular IP destination.  These   include running (or snooping) a dynamic routing protocol such as   Routing Information Protocol [RIP] or OSPF version 2 [OSPF], running   an ICMP router discovery client [DISC] or using a statically   configured default route.   Running a dynamic routing protocol on every end-host may be   infeasible for a number of reasons, including administrative   overhead, processing overhead, security issues, or lack of a protocol   implementation for some platforms.  Neighbor or router discovery   protocols may require active participation by all hosts on a network,   leading to large timer values to reduce protocol overhead in the face   of large numbers of hosts.  This can result in a significant delay in   the detection of a lost (i.e., dead) neighbor, that may introduce   unacceptably long "black hole" periods.   The use of a statically configured default route is quite popular; it   minimizes configuration and processing overhead on the end-host and   is supported by virtually every IP implementation.  This mode of   operation is likely to persist as dynamic host configuration   protocols [DHCP] are deployed, which typically provide configuration   for an end-host IP address and default gateway.  However, this   creates a single point of failure.  Loss of the default router   results in a catastrophic event, isolating all end-hosts that are   unable to detect any alternate path that may be available.   The Virtual Router Redundancy Protocol (VRRP) is designed to   eliminate the single point of failure inherent in the static default   routed environment.  VRRP specifies an election protocol that   dynamically assigns responsibility for a virtual router to one of the   VRRP routers on a LAN.  The VRRP router controlling the IP   address(es) associated with a virtual router is called the Master,   and forwards packets sent to these IP addresses.  The election   process provides dynamic fail-over in the forwarding responsibility   should the Master become unavailable.  Any of the virtual router's IP   addresses on a LAN can then be used as the default first hop router   by end-hosts.  The advantage gained from using VRRP is a higher   availability default path without requiring configuration of dynamic   routing or router discovery protocols on every end-host.   VRRP provides a function similar to a Cisco Systems, Inc. proprietary   protocol named Hot Standby Router Protocol (HSRP) [HSRP] and to a   Digital Equipment Corporation, Inc. proprietary protocol named IP   Standby Protocol [IPSTB].draft-ietf-vrrp-spec-v2-05.txt                                  [Page 3]INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this   document are to be interpreted as described in [RFC 2119].   The IESG/IETF take no position regarding the validity or scope of any   intellectual property right or other rights that might be claimed to   pertain to the implementation or use of the technology, or the extent   to which any license under such rights might or might not be   available.  See the IETF IPR web page at http://www.ietf.org/ipr.html   for additional information.1.1  Scope   The remainder of this document describes the features, design goals,   and theory of operation of VRRP.  The message formats, protocol   processing rules and state machine that guarantee convergence to a   single Virtual Router Master are presented.  Finally, operational   issues related to MAC address mapping, handling of ARP requests,   generation of ICMP redirect messages, and security issues are   addressed.   This protocol is intended for use with IPv4 routers only.  A separate   specification will be produced if it is decided that similar   functionality is desirable in an IPv6 environment.1.2  Definitions   VRRP Router            A router running the Virtual Router Redundancy                          Protocol.  It may participate in one or more                          virtual routers.   Virtual Router         An abstract object managed by VRRP that acts                          as a default router for hosts on a shared LAN.                          It consists of a Virtual Router Identifier and                          a set of associated IP address(es) across a                          common LAN.  A VRRP Router may backup one or                          more virtual routers.   IP Address Owner       The VRRP router that has the virtual router's                          IP address(es) as real interface address(es).                          This is the router that, when up, will respond                          to packets addressed to one of these IP                          addresses for ICMP pings, TCP connections,                          etc.   Primary IP Address     An IP address selected from the set of realdraft-ietf-vrrp-spec-v2-05.txt                                  [Page 4]INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000                          interface addresses.  One possible selection                          algorithm is to always select the first                          address.  VRRP advertisements are always sent                          using the primary IP address as the source of                          the IP packet.   Virtual Router Master  The VRRP router that is assuming the                          responsibility of forwarding packets sent to                          the IP address(es) associated with the virtual                          router, and answering ARP requests for these                          IP addresses.  Note that if the IP address                          owner is available, then it will always become                          the Master.   Virtual Router Backup  The set of VRRP routers available to assume                          forwarding responsibility for a virtual router                          should the current Master fail.2.0 Required Features   This section outlines the set of features that were considered   mandatory and that guided the design of VRRP.2.1 IP Address Backup   Backup of IP addresses is the primary function of the Virtual Router   Redundancy Protocol.  While providing election of a Virtual Router   Master and the additional functionality described below, the protocol   should strive to:    - Minimize the duration of black holes.    - Minimize the steady state bandwidth overhead and processing      complexity.    - Function over a wide variety of multiaccess LAN technologies      capable of supporting IP traffic.    - Provide for election of multiple virtual routers on a network for      load balancing    - Support of multiple logical IP subnets on a single LAN segment.2.2 Preferred Path Indication   A simple model of Master election among a set of redundant routers is   to treat each router with equal preference and claim victory after   converging to any router as Master.  However, there are likely to be   many environments where there is a distinct preference (or range ofdraft-ietf-vrrp-spec-v2-05.txt                                  [Page 5]INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 2000   preferences) among the set of redundant routers.  For example, this   preference may be based upon access link cost or speed, router   performance or reliability, or other policy considerations.  The   protocol should allow the expression of this relative path preference   in an intuitive manner, and guarantee Master convergence to the most   preferential router currently available.2.3 Minimization of Unnecessary Service Disruptions   Once Master election has been performed then any unnecessary   transitions between Master and Backup routers can result in a   disruption in service.  The protocol should ensure after Master   election that no state transition is triggered by any Backup router   of equal or lower preference as long as the Master continues to   function properly.   Some environments may find it beneficial to avoid the state   transition triggered when a router becomes available that is more   preferential than the current Master.  It may be useful to support an   override of the immediate convergence to the preferred path.2.4 Extensible Security   The virtual router functionality is applicable to a wide range of   internetworking environments that may employ different security   policies.  The protocol should require minimal configuration and   overhead in the insecure operation, provide for strong authentication   when increased security is required, and allow integration of new   security mechanisms without breaking backwards compatible operation.2.5 Efficient Operation over Extended LANs   Sending IP packets on a multiaccess LAN requires mapping from an IP   address to a MAC address.  The use of the virtual router MAC address   in an extended LAN employing learning bridges can have a significant   effect on the bandwidth overhead of packets sent to the virtual   router.  If the virtual router MAC address is never used as the   source address in a link level frame then the station location is   never learned, resulting in flooding of all packets sent to the   virtual router.  To improve the efficiency in this environment the   protocol should: 1) use the virtual router MAC as the source in a   packet sent by the Master to trigger station learning; 2) trigger a   message immediately after transitioning to Master to update the   station learning; and 3) trigger periodic messages from the Master to   maintain the station learning cache.draft-ietf-vrrp-spec-v2-05.txt                                  [Page 6]INTERNET-DRAFT     Virtual Router Redundancy Protocol    January 5, 20003.0 VRRP Overview   VRRP specifies an election protocol to provide the virtual router   function described earlier.  All protocol messaging is performed   using IP multicast datagrams, thus the protocol can operate over a   variety of multiaccess LAN technologies supporting IP multicast.   Each VRRP virtual router has a single well-known MAC address   allocated to it.  This document currently only details the mapping to   networks using the IEEE 802 48-bit MAC address.  The virtual router   MAC address is used as the source in all periodic VRRP messages sent   by the Master router to enable bridge learning in an extended LAN.   A virtual router is defined by its virtual router identifier (VRID)   and a set of IP addresses.  A VRRP router may associate a virtual   router with its real addresses on an interface, and may also be   configured with additional virtual router mappings and priority for   virtual routers it is willing to backup.  The mapping between VRID   and addresses must be coordinated among all VRRP routers on a LAN.   However, there is no restriction against reusing a VRID with a   different address mapping on different LANs.  The scope of each