Ping VRRP virtual IP address

From: Dave Katz (dkatz@juniper.net)
Date: Thu Apr 05 2001 - 18:53:34 EDT


The spec is reasonably clear on this point:

   While in the {Master} state the router functions as the forwarding
   router for the IP address(es) associated with the virtual router.

   While in this state, a VRRP router MUST do the following:

    - MUST respond to ARP requests for the IP address(es) associated
      with the virtual router.

    - MUST forward packets with a destination link layer MAC address
      equal to the virtual router MAC address.

    - MUST NOT accept packets addressed to the IP address(es) associated
      with the virtual router if it is not the IP address owner.

    - MUST accept packets addressed to the IP address(es) associated
      with the virtual router if it is the IP address owner.

The spec is basically cast as a way of backing up a real interface
address on one box with a fake one on other boxes, thus the concept
of "IP address owner" (the guy with the real address).

                                       Any of the virtual router's IP
   addresses on a LAN can then be used as the default first hop router
   by end-hosts.

The pitfalls of accepting packets if you're not the address owner
in such a scenario are many and varied (starting with routing protocols.)

What the spec does *not* do is to address using a purely virtual address
that is not "owned" by anybody, and which therefore would be safe for
the master to accept traffic to. I'm not competent or willing to
discuss the patent infringement possibilities, but it is worth noting
that this functionality is very much the heart of HSRP.

The upside to spec-ing VRRP this way is that it is purely an ARP/
MAC recognizer hack, making it quite trivial to implement. The downside
is that everybody and his brother expects it to be HSRP, which it's not.

You guys all know the feature request drill...

--Dave



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:42 EDT