Implementation of Virtual Router Redundancy Protocol 

EECS 801 - Directed Graduate Reading
Divya Mukundan (divi@ku.edu)
  Muthuvelan  KP  (kpm@ku.edu)
Directed by Dr. Joseph B. Evans
Department of Electrical Engineering and Computer Science
The University of Kansas
Lawrence, KS 66045

Spring 2002

Download code.
See Real Video.
See PPT slides.

Tables of Contents

  1. Proposal
  2. Schedule
  3. Introduction
  4. Design
  5. Detailed Design
  6. Implementation
  7. Testing
  8. References
  9. Acknowledgements

1. Proposal

Virtual Router Redundancy Protocol (VRRP) is an election protocol to dynamically configure the network's default router. Our VRRP implementation will be done at the user level using system calls on Linux kernel 2.2.16 and will be tested on it. Our implementation will be based on the IETF draft. The following lists where our implementation will differ.
  1. We will implement a single virtual router per machine. I.e. the VRRP router software will only be able to participate in one virtual router election process. This can be changed once the basic functionality has been implemented.
  2. The virtual router will backup a single IP address only. This can be changed once the basic functionality has been implemented.
  3. Note that as a result of (1) and (2), load balancing will not be possible.
  4. Among the authentication methods, IP Authentication Header will not be supported.


2. Schedule

February 23 - March 3 Study of VRRP (see VRRP Working Group).
March 4 - March 31 Design of VRRP implementation.
April 1 - April 30 Implementation of VRRP.
May 1 - May 10 Testing our implementation.


3. Introduction to Virtual Router Redundancy Protocol

See References to learn about VRRP.


4. Design

Configuration

The implementation will allow the following parameters to be configured. These parameters need to be defined in a file provided to the VRRP process through command line.
  1. vrid - Virtual Router ID (any number between 1 and 255).
  2. vrip - Virtual Router IP Address (an IP address of the form x.y.z.w/n).
  3. preempt - Should be set to "no" to prevent a higher priority backup router to pre-empt the master.
  4. priority - Priority (any number between 1 and 254) of this virtual router that will be used in the election process.
  5. advertise_interval - Time (any number between 1 and 255) between VRRP ADVERTISEMENT.
  6. auth - Indicates the authentication type (can be either "none" or "simple").
  7. passwd - Password for simple authentication (any string less than 8 characters).

Defaults Parameters

The implementation will set the following default value if configuration for that parameter is not available. Other parameters SHOULD be configured.
  1. preempt - Will be set to "no" by default.
  2. priority - The priority of the virtual router will be set to 255 if the virtual router is the owner of the IP address specified as vrip otherwise 100.
  3. auth - Will be set to "none".
  4. advertise_interval - Will be set to 1 second.

Data Structures

The implementation will need the following data structures to implement the virtual router functionality.
  1. VRID - Virtual Router Identifier (Note: Only a single instance of this will exist as we support only one virtual router per machine.)
  2. VRIP - Virtual Router IP address (Note: This implementation does not handle a set of IP addresses for a single virtual router.)
  3. VRMAC - Virtual Router MAC Address (derived from the VRID).
  4. Priority - Priority of this virtual router.
  5. Advertise_Interval - Time between ADVERTISEMENTS sent by Master.
  6. Auth_Type - Authentication Type used by this virtual router.
  7. Auth_Data - Password for "simple" authentication method.
  8. Skew_Time - This is calculated using the formula = (256 - Priority)/256.
  9. Master_Down_Interval - This is calculated using the formula = (3 * Advertise_Interval) + Skew_Time.
  10. Preempt_Mode - Specifies whether a Backup router with higher priority can become Master during normal operation of the current Master.
  11. Current_State - Can be Initialize (1), Backup (2) or Master (3)

Timers

  1. Master_Down_Timer - This timer fires when an ADVERTISEMENT has not be received for Master_Down_Interval.
  2. Adver_Timer - This timer is used to trigger the transmission of ADVERTISEMENTS every Advertise_Interval seconds.

Initializing VRRP

When VRRP is started, the following actions need to be performed.

VRRP_Init()

  1. Check the parameters in the configuration file and copy them to their respective data structures.
  2. Set Current_State = Initialize.

Packet Transmission

The following identifies rules during construction and transmission of ADVERTISEMENTS. This is sent by the Master only.

Packet Construction

  1. The source IP address of the packet should be the primary IP address of the router.
  2. The destination IP address of the packet should be the multicast address 224.0.0.18.
  3. The source MAC address of the packet should be the virtual router MAC address (VRMAC).
  4. The destination MAC address of the packet should be ***.
  5. The TTL field of the IP header should be set to 255.
  6. The Protocol field of the IP header should be set to 112 (VRRP).
  7. TheVersion field of the VRRP header should be set to 2.
  8. The Type field of the VRRP header should be set to 1 (ADVERTISEMENT).
  9. The Virtual Rtr ID field of the VRRP header should be set to VRID.
  10. The Priority field of the VRRP header should be set to Priority.
  11. The Count IP Addrs field of the VRRP header should be set to 1 (Note: we support only one virtual IP address per router.).
  12. The Authentication Type field of the VRRP header should be set to Auth_Type.
  13. The Advertisement Interval should be set to Advertise_Interval.
  14. The Checksum field of the VRRP header is calculated same as IP checksum.
  15. Add the VRIP to the IP Addresses field of the VRRP header.
  16. The Authentication Data field should be filled with all zeros for no authentication option. Otherwise, copy Auth_Data (zero-filled if password length is less than 8 bytes).

Packet Reception

The received ADVERTISEMENT packet should be subjected to the following checks.
  1. Discard if TTL of the IP header is not 255.
  2. Confirm that packet length is not less than MIN_VRRP_PKT_SIZE (20 Bytes) and not greater than MAX_VRRP_PKT_SIZE (1036 Bytes).
  3. Discard if Version of the VRRP header is not 2.
  4. Discard if Type of the VRRP header is not 1 (ADVERTISEMENT).
  5. Discard if Virtual Rtr ID field does not match the VRID on this machine.
  6. Confirm that Count IP Addrs field is equal to 1.
  7. Confirm that the IP Address field matches the VRIP configured on this machine. The IP address should not be this router's real IP address.
  8. Discard if Authentication Type field of the VRRP header is not supported or does not match local configuration.
  9. If Authentication is none, the Authentication Data field can be ignored.
  10. If Authentication is simple, the Authentication Data field should match Auth_Data.
  11. Confirm that Adver Int field matches the locally configured value.
  12. Verify VRRP checksum.

State Event Machine

See the State Transition Diagram.
The Action to be taken when a certain Event is received in a certain State is shown in this table below.
 
Event                        State Initialize Backup Master
Start ACTION_1 NONE NONE
Shutdown NONE ACTION_2 ACTION_4
Master Down Timer NONE ACTION_1 NONE
Receive ADVERTISEMENT NONE ACTION_3 ACTION_6
Advertise Timer NONE NONE ACTION_5

ACTION_1

If Priority = 255

Else Endif

ACTION_2

ACTION_3

If the Priority Field in the ADVERTISEMENT = 0

Else Endif

ACTION_4
 

ACTION_5 ACTION_6

If Priority field in the ADVERTISEMENT = 0

Else Endif

5. Detailed Design

Configuration

The parameters that MUST be configured are :-
  1. Virtual router ID
  2. Virtual router IP address
  3. VR's physical interface

Defaults

The parameters that need not necessarily be configured and to which default values shall be applied are :-
  1. Priority
  2. Preempt mode
  3. Advertisement interval
  4. Authentication Type

Data structures

The following are some important data structures and constants used in the implementation.
#define VRRP_MAX_EVENTS 5
#define VRRP_MAX_STATES 3

#define VRRP_INIT_STATE 0
#define VRRP_BACKUP_STATE 1
#define VRRP_MASTER_STATE 2

#define VRRP_ACTION_NONE 0
#define VRRP_ACTION_1  1
#define VRRP_ACTION_2  2
#define VRRP_ACTION_3  3
#define VRRP_ACTION_4  4
#define VRRP_ACTION_5  5
#define VRRP_ACTION_6  6
#define VRRP_ACTION_7  7

#define VRRP_START_EVENT 0
#define VRRP_SHUTDOWN_EVENT 1
#define VRRP_MASTER_DOWN_EVENT 2
#define VRRP_RCV_ADVERTISEMENT_EVENT 3
#define VRRP_ADVERTISE_EVENT 4

State Event Machine

int SEM[VRRP_MAX_EVENTS][VRRP_MAX_STATES] =
{
 { VRRP_ACTION_1,  VRRP_ACTION_NONE,  VRRP_ACTION_NONE },
 { VRRP_ACTION_7,  VRRP_ACTION_2,   VRRP_ACTION_4 },
 { VRRP_ACTION_NONE, VRRP_ACTION_1,   VRRP_ACTION_NONE },
 { VRRP_ACTION_NONE, VRRP_ACTION_3,   VRRP_ACTION_6 },
 { VRRP_ACTION_NONE, VRRP_ACTION_NONE,  VRRP_ACTION_5 }
};

Virtual Router Structure

struct VR {
uint8_t  VRId;                   /* Virtual Router Identifier           */
uint8_t  N;                      /* Number of virtual IP addresses.     */
uint32_t  *VRIp;                 /* List of VR Ip Addresses             */
char  *VRMac[MAC_ADDR_SIZE];     /* 00-00-5E-00-01-<VRID>               */
uint8_t  Priority;               /* Priority of VRRP Router             */
uint8_t  AdvertInt;              /* Advertisement Internval             */
uint8_t  AuthType;               /* Authuntication Type                 */
uint8_t  AuthData[VRRP_AUTH_SIZE];
uint8_t  PreemptMode;            /* To Enable Preempt Mode              */
uint8_t  CurrentState;           /* Current State of VRRP Router        */
int   SockFd, McastSockFd;       /* To Send/Receive VRRP Messages       */
struct VRIF VRIf;
};

struct VRIF {
uint32_t Ip;
char   Mac[MAC_ADDR_SIZE];
char   *IfName;
};
 
 

Functions

The VRRP router process starts by reading the configuration file, initializes itself and transitions to INIT state. Our implementation uses signals to generate the start-up and the shutdown event. The start-up event is used to bring a VRRP router from INIT state into the BACKUP/MASTER state. The shutdown event will be used to gracefully terminate the VRRP router process regardless of the state that it is in. Once in the BACKUP/MASTER state, it can receive timer events through SIGALRM and packet reception is handled using SIGIO.

main()
{
 /* Fork the process and exit parent. */
 /* Child process runs VRRP */
 /* Disassociate from virtual terminal. */

 VRRP_Init();
 while (1) {
  /* Do nothing. Wait for signal reception. */
 }
}
void VRRP_CallSEM(int Event)
{
 int Action;

 Action = SEM[Event][VRRtr.CurrentState];

 /* Block signals. */
 switch(Action) {

 case VRRP_ACTION_1: /* START event in INIT state */
   /* Create raw socket. */
   /* Add to multicast group to receive VRRP advertisements. */
   /* Set SIGIO */
   /* Set priority to 255 if you own VR IP address. */
   /* If VRRtr.Priority == 255 */
    /* Send an ADVERTISEMENT. */
    /* Broadcast ARP. */
    /* Start AdvertTimer. */
    /* If not the owner of the VR IP address, create it on the interface. */
    /* CurrentState = VRRP_MASTER_STATE */
   /* Else */
    /* Start MasterDownTimer. */
    /* CurrentState = VRRP_BACKUP_STATE */
   /* Endif */
   break;

  case VRRP_ACTION_2: /* SHUTDOWN event in BACKUP state */
   /* Stop MasterDownTimer. */
   /* CurrentState = VRRP_INIT_STATE */
   /* De-initialize */
   break;
  case VRRP_ACTION_3: /* RECV ADVERTISEMENT in BACKUP state */
   /* Read Advertisement from socket. */
   /* If Priority in Advertisement == 0 */
    /* Start MasterDownTimer with interval = SkewTime */
   /* Else */
    /* If PreemptMode == VRRP_PREEMPT_FALSE OR Priority in Advertisement >= VRRtr.Priority */
     /* Restart MasterDownTimer with interval =
      * MasterDownInterval. */
    /* Else */
     /* If PreemptMode == VRRP_PREEMPT_TRUE AND VRRtr.Priority > RemotePriority */
      /* Become Master. */
     /* Endif */
    /* Endif */
   /* Endif */
   break;

  case VRRP_ACTION_4: /* SHUTDOWN event in MASTER state */
   /* Stop AdvertTimer. */
   /* Send an ADVERTISEMENT with Priority field set to 0. */
   /* Remove VR IP address */
   /* CurrentState = VRRP_INIT_STATE */
   break;

  case VRRP_ACTION_5: /* ADVERTISE TIMER in MASTER state */
   /* Send an ADVERTISEMENT. */
   /* Reset AdvertTimer with interval AdvertInt. */
   break;

  case VRRP_ACTION_6: /* RCV ADVERTISEMENT in MASTER */
   /* Read Advertisement from socket. */
   /* If Priority in Advertisement == 0 */
    /* Same as ACTION_5 i.e. */
    /* Send an ADVERTISEMENT. */
    /* Reset AdvertTimer with interval AdvertInt. */
   /* Else */
    /* If Priority in Advertisement > VRRtr.Priority OR (Priority in Advertisement = VRRtr.Priority AND
     * SrcIPAddr in Advertisement > LocPriAddr. */
      /* Stop AdvertTimer. */
      /* Start MasterDownTimer with interval = MasterDownInterval. */
     /* CurrentState = VRRP_BACKUP_STATE */
     /* Remove VR IP address */
    /* Endif */
   /* Endif */
   break;

  case VRRP_ACTION_7:
   exit() after cleaning all allocated resources.
   break;

  case VRRP_ACTION_NONE:
   /* Invalid event in this state. */
   break;
 }

 /* Unblock signals. */
}

VRRP_Init()
{
  /* Set defaults to VR structure. */
  /* Read config file, check parameter values and copy to VR structure. */
  /* Exit if MUST configs are not set in the confile file. */
  /* Check if the virtual router IP address is the same as the real IP
    * addresses of the machine's interfaces. i.e. other than the configured
    * interface. */
  /* Create pidfile vrrp.<vrid> for VRRP. */
  /* Set state to VRRP_INIT_STATE. */
  /* Set signal for SIGUSR2. */
  /* SIGUSR2 - This signal will be used to shutdown VRRP gracefully. */
  /* Set signal for SIGUSR1. */
  /* SIGUSR1 - This signal will be used to generate the start-up event for
      * VRRP. */
}

VRRP_DeInit() /* To be called in backup and master states to shutdown VRRP */
{
 /* Remove from multicast address. */
 /* Close VRRP socket. */
 /* Release all allocated memory in the VR structure. */
 /* Remove pid file. */
}

Catch_SIGUSR1() /* Start-Up Event */
{
 /* Stop signal handling for SIGUSR1. */
 VRRP_CallSEM(VRRP_START_EVENT);
}

Catch_SIGUSR2() /* Shutdown-Event */
{
 /* Stop signal handling for SIGUSR2. */
 VRRP_CallSEM(VRRP_SHUTDOWN_EVENT);
 VRRP_DeInit();
 exit();
}

Catch_SIGALRM() /* Timer Event */
{
 /* If CurrentState == VRRP_MASTER_STATE */
  VRRP_CallSEM(VRRP_ADVERTISE_EVENT);
 /* Elseif CurrentState == VRRP_BACKUP_STATE */
  VRRP_CallSEM(VRRP_MASTER_DOWN_EVENT);
 /* Else*/
  /* Invalid */
 /* Endif */
}

Catch_SIGIO() /* Packet Reception Event */
{
 VRRP_CallSEM(VRRP_RCV_ADVERTISEMENT_EVENT);
}


6. Implementation

VRRP was implemented on the latest Linux 2.4.x kernels (with backward compatibility with 2.2.x kernels). It is a user-level implementation making use of the socket API provided by the Linux kernel.

Many kernel interface functions that were added are listed below. The following functions makes use of ioctl calls, setsockopt, getsockopt and other systems calls.

IsRealIPAddress(VRIp, IfName, Option);   /* To check for ip address on the Interface */

SetVirtualMACAddress( VRId, Mac);        /* Set The Virtual MAC Address                */

GetHwAddress(IfName,Mac);                    /* Get The MAC Address on a Interface    */

SetHwAddress(IfName, Mac);               /* Get The MAC Address on a Interface    */

GetPrimaryIPAddress(IfName, IPAddr);     /* Get IP Address of an Interface               */

AddToMulticast(SockFd, IpAddr, MCastAddr);              /* Add socket to Multicast Address          */

RemoveFromMulticast(SockFd, IpAddr, MCastAddr);    /* Remove socket from Multicast Address */

AddAliasInterface(AliasIp, IfName, AliasNo);                  /* Add Alias to a Interface                         */

RemoveAliasInterface(IfName, AliasNo);                        /* Remove Alias from a Interface                 */

CalculateIPChecksum(Buffer);                                        /* Calculate IP Checksum                            */

VerifyChecksum(Buffer, Size);                                        /* Verify the Checksum Field                       */

CreateAsyncRawSocket(SockFd, IpAddr);                    /* Asynchronous Socket for Receiving         */

Function to send Gratuitous ARP is defined using the SOCK_PACKET interface provided by the Linux kernel.

7. Testing

The VRRP Implementation was tested under various scenarios. The logical topology for the following test scenarios is below.

The various various test cases and the corresponding results are discussed below.
 

  1. Unequal Priority Without Preemption
VRRP Router 1
 VRRP Router 2
Configuration File Configuration File
vrrp.log  vrrp.log
          Results:
Router 1 is configured with lower priority than Router 2. Router 2 is started first and it becomes the MASTER of the configured VR. Router 2 is started later and since both routers are configured with n-preemption the Router 1 continues to be the MASTER, ven when a higher priroty router is available. This is mainly used to prevent unnecessary service distruptions.
    2.   Unequal Priority With Preemption
VRRP Router 1
 VRRP Router 2
Configuration File Configuration File 
vrrp.log vrrp.log
          Results:
Router 1 is configured with lower priority than router 2. Router 2 is started first and it becomes the MASTER of the configured VR. Router 2 is started later. Since its configured with preemption it would be sending the VRRP Advertisement packet and becomes the MASTER. It is used to have preference over particular path when available.
    3.    Equal Priority Without Preemption
 
VRRP Router 1
 VRRP Router 2
Configuration File Configuration File
vrrp.log  vrrp.log
          Results:
Router 1 and Router 2 are configured with equal priority. Since Router 1 is started first and is configured with no-preemption is remains the MASTER, even after Router 2 comes up.
    4.    Equal Priority With Preemption
 
VRRP Router 1
 VRRP Router 2
Configuration File Configuration File 
vrrp.log  vrrp.log
          Results:
Router 1 and Router 2 are configured with equal priority. Since Router 1 is started first is becomes the MASTER. When 2 routers have equal priority the one with the highest primary IP Address wins the election. In the above case, VRRP Router 1 has a IP address of 192.168.1.2 while VRRP Router 2 has a IP address of 192.168.1.1. Hence, Router 1 continues to be the master.
    5.    Unequal Priority Without Preemption, One of the VRRP Routers is IP Address Owner.
 
VRRP Router 1
 VRRP Router 2
Configuration File Configuration File 
vrrp.log  vrrp.log
          Results:
Router 1 is configured with lower priority than Router 2. Router 2 is configured with priority of 255. Router 2 is started first and it becomes the MASTER of the configured VR. Router 2 is started later since Router 1 is configured with no preemption, Router 1 continues to be the master.
    6.    Unequal Priority With Simple Authentication.
 
VRRP Router 1
 VRRP Router 2
Configuration File Configuration File 
vrrp.log  vrrp.log
          Results:
Router 1 is configured with lower priority than Router 2. Router 2 is started first and it becomes the MASTER of the configured VR. Router 2 is started later. Both routers are configured with simple authentication.
Interface configuration of a VRRP Router before and after it becomes the Master of Virtual router.

8. References

  1. Virtual Router Redundancy Protocol - draft-ietf-vrrp-spec-v2-05.txt.
  2. Virtual Router Redundancy Protocol Backup.
  3. Virtual Router Redundancy Protocol - Source: Nortel Networks.
  4. Virtual Router Redundancy Protocol - Source: Cisco.
  5. IP Aliasing Howto.
  6. Packet Headers.
  7. Multicast Over TCP/IP.
  8. Gratuitous ARP.
  9. Man Pages
    1. Linux Central
    2. Linux Man Pages Online
    3. Linux Solutions Research HK
    4. man-pages.net
  10. Linux Journal
  11. Linux Documentation Project

9. Acknowledgements

We would like to thank Dr. Evans for giving us the opportunity to work on a project under his guidance. We greatly appreciate his timely support to all our questions related to implementation and trouble-shooting.

We would like to thank each other :) as we were able to complete our work with ease, only by sharing project responsibilities.

Finally, we would like to thank people all over the Internet and man page writers for providing excellent documentation and the needed resources. These were helpful to understand system calls and kernel interfaces needed to manipulate network devices.