Association Between Direct Routes and a VRRP Group
Background
A VRRP group is configured on Device1 and Device2 on the network shown in Figure 1. Device1 is a master device, whereas Device2 is a backup device. The VRRP group serves as a gateway for users. User-to-network traffic travels through Device1. However, network-to-user traffic may travel through Device1, Device2, or both of them over a path determined by a dynamic routing protocol. Therefore, user-to-network traffic and network-to-user traffic may travel along different paths, which interrupts services if firewalls are attached to devices in the VRRP group, complicates traffic monitoring or statistics collection, and increases costs.
To address the preceding problems, the routing protocol is expected to select a route passing through the master device so that the user-to-network and network-to-user traffic travels along the same path. Association between direct routes and a VRRP group can meet expectations by allowing the dynamic routing protocol to select a route based on the VRRP status.
Related Concepts
VRRP is a widely used fault-tolerant protocol that groups multiple routing devices into a VRRP group, improving network reliability. A VRRP group consists of a master device and one or more backup devices. If the master device fails, the VRRP group switches services to a backup device to ensure communication continuity and reliability.
A device in a VRRP group operates in one of three states:
- Master: If a network is working correctly, the master device transmits all services.
- Backup: If the master device fails, the VRRP group selects a backup device as the new master device to take over traffic and ensure uninterrupted service transmissions.
- Initialize: A device in the Initialize state is waiting for an interface Startup message to switch its status to Master or Backup.
For details about VRRP, see HUAWEI NetEngine 8000 F Series Router Feature Description - Network Reliability - VRRP.
Implementation
Association between direct routes and a VRRP group allows VRRP interfaces to adjust the costs of direct network segment routes based on the VRRP status. The direct route with the master device as the next hop has the lowest cost. A dynamic routing protocol imports the direct routes and selects the direct route with the lowest cost. For example, VRRP interfaces on Device1 and Device2 on the network shown in Figure 1 are configured with association between direct routes and the VRRP group. The implementation is as follows:
Device1 in the Master state sets the cost of its route to the directly connected virtual IP network segment to 0 (default value).
Device2 in the Backup state increases the cost of its route to the directly connected virtual IP network segment.
A dynamic routing protocol selects the route with Device1 as the next hop because this route costs less than the other route. Therefore, both user-to-network traffic and network-to-user traffic travel through Device1.
Usage Scenario
When a data center is used, firewalls are attached to devices in a VRRP group to improve network security. Network-to-user traffic cannot pass through a firewall if it travels over a path different than the one used by user-to-network traffic.
When an IP radio access network (RAN) is configured, VRRP is configured to set the master/backup status of aggregation site gateways (ASGs) and radio service gateways (RSGs). Network-to-user and user-to-network traffic may pass through different paths, complicating network operation and management.
Association between direct routes and a VRRP group can address the preceding problems by ensuring the user-to-network and network-to-user traffic travels along the same path.