BFD for VRRP
Context
A VRRP group uses VRRP Advertisement packets to negotiate the master/backup VRRP status, implementing device backup. If the link between devices in a VRRP group fails, VRRP Advertisement packets cannot be exchanged to negotiate the master/backup status. A backup device attempts to preempt the master role after a period that is three times the interval at which VRRP Advertisement packets are sent. During this period, user traffic is still forwarded to the master device, which results in user traffic loss.
Bidirectional Forwarding Detection (BFD) is used to rapidly detect faults in links or IP routes. BFD for VRRP enables a master/backup VRRP switchover to be completed within 1 second, thereby preventing traffic loss. A BFD session is established between the master and backup devices in a VRRP group and is bound to the VRRP group. BFD immediately detects communication faults in the VRRP group and instructs the VRRP group to perform a master/backup switchover, minimizing service interruptions.
VRRP and BFD association modes
Association between VRRP and BFD can be implemented in the following modes. Table 1 lists their differences.
Association Mode |
Usage Scenario |
Type of Associated BFD Session |
Impact Mode |
BFD Support |
|---|---|---|---|---|
Association between a VRRP group and a common BFD session |
A backup device monitors the status of the master device in a VRRP group. A common BFD session is used to monitor the link between the master and backup devices. |
Static BFD sessions or static BFD sessions with automatically negotiated discriminators |
The VRRP group adjusts priorities according to the BFD session status and determines whether to perform a master/backup switchover according to the adjusted priorities. |
VRRP-enabled devices must support BFD. |
Association between a VRRP group and link and peer BFD sessions |
The master and backup devices monitor the link and peer BFD sessions simultaneously. A link BFD session is established between the master and backup devices. A peer BFD session is established between a downstream switch and each VRRP device. BFD helps determine whether the fault occurs between the master device and downstream switch or between the backup device and downstream switch. |
Static BFD sessions or static BFD sessions with automatically negotiated discriminators |
If the link or peer BFD session goes down, BFD notifies the VRRP group of the fault. After receiving the notification, the VRRP group immediately performs a master/backup VRRP switchover. |
VRRP-enabled devices must support BFD. |
Association Between a VRRP Group and a Common BFD Session
In Figure 1, a BFD session is established between Figure 1A (master) and Figure 1B (backup) and is bound to a VRRP group. If BFD detects a fault on the link between Figure 1A and Figure 1B, BFD notifies Figure 1B to increase its VRRP priority so that it assumes the master role and forwards service traffic.
VRRP device configurations are as follows:
- DeviceA (master) works in delayed preemption mode and its VRRP priority is 120.
- DeviceB works in immediate preemption mode and functions as the backup in the VRRP group with a priority of 100.
- DeviceB in the VRRP group is configured to monitor a common BFD session. If BFD detects a fault and the BFD session goes down, DeviceB increases its VRRP priority by 40.
The implementation is as follows:
- Normally, DeviceA periodically sends VRRP Advertisement packets to notify DeviceB that it is working properly. DeviceB monitors the status of DeviceA and the BFD session.
- If BFD detects a fault, the BFD session goes down. DeviceB increases its VRRP priority to 140 (100 + 40 = 140), making it higher than DeviceA's VRRP priority. DeviceB then immediately preempts the master role and sends gratuitous ARP packets to allow DeviceE to update address entries.
The BFD session goes up after the fault is rectified. In this case:
DeviceB restores its VRPP priority to 100 (140 – 40 = 100). DeviceB remains in the Master state and continue to send VRRP6 Advertisement packets.
After receiving these packets, DeviceA checks that the VRRP priority carried in them is lower than the local VRRP priority and preempts the master role after the specified VRRP status recovery delay expires. DeviceA then sends VRRP Advertisement and gratuitous ARP packets.
After receiving a VRRP Advertisement packet that carries a priority higher than the local priority, DeviceB enters the Backup state.
- Both DeviceA and DeviceB are restored to their original states. As such, DeviceA forwards user-to-network traffic again.
The preceding process shows that association between VRRP and BFD differs from VRRP. Specifically, after a VRRP group is associated with a BFD session and a fault occurs, the backup device immediately preempts the master role by increasing its VRRP priority, and it does not wait for a period three times the interval at which VRRP Advertisement packets are sent. This means that a master/backup VRRP switchover can be performed in milliseconds.
Association Between a VRRP Group and Link and Peer BFD Sessions
In Figure 2, the master and backup devices monitor the status of link and peer BFD sessions. The BFD sessions help determine whether a link fault is a local or remote fault.
DeviceA and DeviceB run VRRP. A peer BFD session is established between DeviceA and DeviceB to detect link and device faults. A link BFD session is established between DeviceA and DeviceE and between DeviceB and DeviceE to detect link and device faults. After DeviceB detects that the peer BFD session goes down and the link BFD session between DeviceE and DeviceB goes up, DeviceB switches to the Master state and forwards user-to-network traffic.
VRRP device configurations are as follows:
- DeviceA and DeviceB run VRRP.
- A peer BFD session is established between DeviceA and DeviceB to detect link and device faults between them.
- Link 1 and link 2 BFD sessions are established between DeviceE and DeviceA and between DeviceE and DeviceB, respectively.
The implementation is as follows:
- Normally, DeviceA periodically sends VRRP Advertisement packets to inform DeviceB that it is working properly and monitors the BFD session status. DeviceB monitors the status of DeviceA and the BFD session.
- The BFD session goes down if BFD detects either of the following faults:
Link 1 or DeviceE fails. In this case, link 1 BFD session and the peer BFD session go down. Link 2 BFD session is up.
DeviceA's VRRP state switches to Initialize.
DeviceB's VRRP state switches to Master.
DeviceA fails. In this case, link 1 BFD session and the peer BFD session go down. Link 2 BFD session is up. DeviceB's VRRP state switches to Master.
- After the fault is rectified, all the BFD sessions go up. If DeviceA works in preemption mode, DeviceA and DeviceB are restored to their original VRRP states after VRRP negotiation is complete.
In normal cases, DeviceA's VRRP status is not impacted by a link 2 fault, instead, DeviceA continues to forward user-to-network traffic. However, Device's VRRP status switches to Master if both the peer BFD session and link 2 BFD session go down, and DeviceB detects the peer BFD session down event before detecting the link 2 BFD session down event. After DeviceB detects the link 2 BFD session down event, DeviceB's VRRP status switches to Initialize.
Figure 3 shows the state machine for association between a VRRP group and link and peer BFD sessions.
The preceding process shows that after link BFD for VRRP and peer BFD for VRRP are configured, the backup device can immediately switch to the Master state if a fault occurs, without waiting for a period three times the interval at which VRRP Advertisement packets are sent or changing its VRRP priority. This means that a master/backup VRRP switchover can be performed in milliseconds.
Benefits
BFD for VRRP speeds up master/backup VRRP switchovers if faults occur.