Association Between Direct Routes and a VRRP Group

Background

A VRRP group is configured on Device1 and Device2 on the network shown in Figure 1. Device1 is a master device, whereas Device2 is a backup device. The VRRP group serves as a gateway for users. User-to-network traffic travels through Device1. However, network-to-user traffic may travel through Device1, Device2, or both of them over a path determined by a dynamic routing protocol. Therefore, user-to-network traffic and network-to-user traffic may travel along different paths, which interrupts services if firewalls are attached to devices in the VRRP group, complicates traffic monitoring or statistics collection, and increases costs.

To address the preceding problems, the routing protocol is expected to select a route passing through the master device so that the user-to-network and network-to-user traffic travels along the same path. Association between direct routes and a VRRP group can meet expectations by allowing the dynamic routing protocol to select a route based on the VRRP status.

Figure 1 Association between direct routes and a VRRP group

Related Concepts

Direct route: a 32-bit host route or a network segment route that is generated after a device interface is assigned an IP address and its protocol status is Up. A device automatically generates direct routes without using a routing algorithm.

Implementation

Association between direct routes and a VRRP group allows VRRP interfaces to adjust the costs of direct network segment routes based on the VRRP status. The direct route with the master device as the next hop has the lowest cost. A dynamic routing protocol imports the direct routes and selects the direct route with the lowest cost. For example, VRRP interfaces on Device1 and Device2 on the network shown in Figure 1 are configured with association between direct routes and the VRRP group. The implementation is as follows:

  • Device1 in the Master state sets the cost of its route to the directly connected virtual IP network segment to 0 (default value).

  • Device2 in the Backup state increases the cost of its route to the directly connected virtual IP network segment.

A dynamic routing protocol selects the route with Device1 as the next hop because this route costs less than the other route. Therefore, both user-to-network traffic and network-to-user traffic travel through Device1.

Usage Scenario

When a data center is used, firewalls are attached to devices in a VRRP group to improve network security. Network-to-user traffic cannot pass through a firewall if it travels over a path different than the one used by user-to-network traffic.

When an IP radio access network (RAN) is configured, VRRP is configured to set the master/backup status of aggregation site gateways (ASGs) and radio service gateways (RSGs). Network-to-user and user-to-network traffic may pass through different paths, complicating network operation and management.

Association between direct routes and a VRRP group can address the preceding problems by ensuring the user-to-network and network-to-user traffic travels along the same path.

Parent Topic: Understanding VRRP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >