draft-ietf-vrrp-spec-v2-10.txt   rfc3768.txt 
INTERNET-DRAFT R. Hinden, Editor Network Working Group R. Hinden, Ed.
February 4, 2004 Nokia Request for Comments: 3768 Nokia
Obsoletes: 2338 April 2004
Virtual Router Redundancy Protocol Category: Standards Track
<draft-ietf-vrrp-spec-v2-10.txt> Virtual Router Redundancy Protocol (VRRP)
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document specifies an Internet standards track protocol for the
all provisions of Section 10 of [RFC2026]. Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Internet-Drafts are working documents of the Internet Engineering Official Protocol Standards" (STD 1) for the standardization state
Task Force (IETF), its areas, and its working groups. Note that and status of this protocol. Distribution of this memo is unlimited.
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
To view the list Internet-Draft Shadow Directories, see Copyright Notice
http://www.ietf.org/shadow.html.
This internet draft expires on August 9, 2004. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
This memo defines the Virtual Router Redundancy Protocol (VRRP). This memo defines the Virtual Router Redundancy Protocol (VRRP).
VRRP specifies an election protocol that dynamically assigns VRRP specifies an election protocol that dynamically assigns
responsibility for a virtual router to one of the VRRP routers on a responsibility for a virtual router to one of the VRRP routers on a
LAN. The VRRP router controlling the IP address(es) associated with LAN. The VRRP router controlling the IP address(es) associated with
a virtual router is called the Master, and forwards packets sent to a virtual router is called the Master, and forwards packets sent to
these IP addresses. The election process provides dynamic fail over these IP addresses. The election process provides dynamic fail over
in the forwarding responsibility should the Master become in the forwarding responsibility should the Master become
unavailable. This allows any of the virtual router IP addresses on unavailable. This allows any of the virtual router IP addresses on
the LAN to be used as the default first hop router by end-hosts. The the LAN to be used as the default first hop router by end-hosts. The
advantage gained from using VRRP is a higher availability default advantage gained from using VRRP is a higher availability default
path without requiring configuration of dynamic routing or router path without requiring configuration of dynamic routing or router
discovery protocols on every end-host. discovery protocols on every end-host.
This document replaces RFC2338 "Virtual Router Redundancy Protocol".
Table of Contents Table of Contents
1. Introduction...............................................3 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Required Features..........................................5 1.1. Contributors. . . . . . . . . . . . . . . . . . . . . . 3
3. VRRP Overview..............................................6 1.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Sample Configurations......................................8 1.3. Definitions . . . . . . . . . . . . . . . . . . . . . . 4
5. Protocol..................................................11 2. Required Features . . . . . . . . . . . . . . . . . . . . . . 5
5.1 VRRP Packet Format....................................11 2.1. IP Address Backup . . . . . . . . . . . . . . . . . . . 5
5.2 IP Field Descriptions.................................11 2.2. Preferred Path Indication . . . . . . . . . . . . . . . 5
5.3 VRRP Field Descriptions...............................12 2.3. Minimization of Unnecessary Service Disruptions . . . . 5
6. Protocol State Machine....................................15 2.4. Efficient Operation over Extended LANs. . . . . . . . . 6
6.1 Parameters per Virtual Router.........................15 3. VRRP Overview . . . . . . . . . . . . . . . . . . . . . . . . 6
6.2 Timers................................................16 4. Sample Configurations . . . . . . . . . . . . . . . . . . . . 7
6.3 State Transition Diagram..............................16 4.1. Sample Configuration 1. . . . . . . . . . . . . . . . . 7
6.4 State Descriptions....................................16 4.2. Sample Configuration 2. . . . . . . . . . . . . . . . . 9
7. Sending and Receiving VRRP Packets........................20 5. Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7.1 Receiving VRRP Packets................................20 5.1. VRRP Packet Format. . . . . . . . . . . . . . . . . . . 10
7.2 Transmitting Packets..................................20 5.2. IP Field Descriptions . . . . . . . . . . . . . . . . . 10
7.3 Virtual MAC Address...................................21 5.3. VRRP Field Descriptions . . . . . . . . . . . . . . . . 11
8. Operational Issues........................................22 6. Protocol State Machine. . . . . . . . . . . . . . . . . . . . 13
8.1 ICMP Redirects........................................22 6.1. Parameters per Virtual Router . . . . . . . . . . . . . 13
8.2 Host ARP Requests.....................................22 6.2. Timers. . . . . . . . . . . . . . . . . . . . . . . . . 14
8.3 Proxy ARP.............................................22 6.3. State Transition Diagram. . . . . . . . . . . . . . . . 15
8.4 Potential Forwarding Loop.............................23 6.4. State Descriptions. . . . . . . . . . . . . . . . . . . 15
9. Operation over FDDI, Token Ring, and ATM LANE.............23 7. Sending and Receiving VRRP Packets. . . . . . . . . . . . . . 18
9.1 Operation over FDDI...................................23 7.1. Receiving VRRP Packets. . . . . . . . . . . . . . . . . 18
9.2 Operation over Token Ring.............................23 7.2. Transmitting Packets. . . . . . . . . . . . . . . . . . 19
9.3 Operation over ATM LANE...............................25 7.3. Virtual MAC Address . . . . . . . . . . . . . . . . . . 19
10. Security Considerations...................................26 8. Operational Issues. . . . . . . . . . . . . . . . . . . . . . 20
11. Intellectual Property.....................................26 8.1. ICMP Redirects. . . . . . . . . . . . . . . . . . . . . 20
12. Acknowledgments...........................................27 8.2. Host ARP Requests . . . . . . . . . . . . . . . . . . . 20
13. Normative References......................................27 8.3. Proxy ARP . . . . . . . . . . . . . . . . . . . . . . . 20
14. Informative References....................................28 8.4. Potential Forwarding Loop . . . . . . . . . . . . . . . 21
15. Editors' Address..........................................28 9. Operation over FDDI, Token Ring, and ATM LANE . . . . . . . . 21
16. Changes from RFC2338......................................29 9.1. Operation over FDDI . . . . . . . . . . . . . . . . . . 21
9.2. Operation over Token Ring . . . . . . . . . . . . . . . 21
9.3. Operation over ATM LANE . . . . . . . . . . . . . . . . 23
10. Security Considerations . . . . . . . . . . . . . . . . . . . 23
11. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . 24
12. References. . . . . . . . . . . . . . . . . . . . . . . . . . 24
12.1. Normative References. . . . . . . . . . . . . . . . . . 24
12.2. Informative References. . . . . . . . . . . . . . . . . 25
13. Changes from RFC2338. . . . . . . . . . . . . . . . . . . . . 25
14. Editor's Address. . . . . . . . . . . . . . . . . . . . . . . 26
15. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 27
1. Introduction 1. Introduction
There are a number of methods that an end-host can use to determine There are a number of methods that an end-host can use to determine
its first hop router towards a particular IP destination. These its first hop router towards a particular IP destination. These
include running (or snooping) a dynamic routing protocol such as include running (or snooping) a dynamic routing protocol such as
Routing Information Protocol [RIP] or OSPF version 2 [OSPF], running Routing Information Protocol [RIP] or OSPF version 2 [OSPF], running
an ICMP router discovery client [DISC] or using a statically an ICMP router discovery client [DISC] or using a statically
configured default route. configured default route.
skipping to change at page 4, line 5 skipping to change at page 3, line 38
by end-hosts. The advantage gained from using VRRP is a higher by end-hosts. The advantage gained from using VRRP is a higher
availability default path without requiring configuration of dynamic availability default path without requiring configuration of dynamic
routing or router discovery protocols on every end-host. routing or router discovery protocols on every end-host.
VRRP provides a function similar to the proprietary protocols "Hot VRRP provides a function similar to the proprietary protocols "Hot
Standby Router Protocol (HSRP)" [HSRP] and "IP Standby Protocol" Standby Router Protocol (HSRP)" [HSRP] and "IP Standby Protocol"
[IPSTB]. [IPSTB].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119]. document are to be interpreted as described in [RFC2119].
1.1 Contributors 1.1. Contributors
The following people, who are the authors of the RFC2338 that this The following people, who are the authors of the RFC 2338 that this
document is based on and replaces, contributed to the text in this document is based on and replaces, contributed to the text in this
document. They are P. Higginson, R. Hinden, P. Hunt, S. Knight, A. document. They are P. Higginson, R. Hinden, P. Hunt, S. Knight, A.
Lindem, D. Mitzel, M. Shand, D. Weaver, and D. Whipple. They are not Lindem, D. Mitzel, M. Shand, D. Weaver, and D. Whipple. They are not
listed as authors of the document due to current RFC-Editor policies. listed as authors of the document due to current RFC-Editor policies.
1.2 Scope 1.2. Scope
The remainder of this document describes the features, design goals, The remainder of this document describes the features, design goals,
and theory of operation of VRRP. The message formats, protocol and theory of operation of VRRP. The message formats, protocol
processing rules and state machine that guarantee convergence to a processing rules and state machine that guarantee convergence to a
single Virtual Router Master are presented. Finally, operational single Virtual Router Master are presented. Finally, operational
issues related to MAC address mapping, handling of ARP requests, issues related to MAC address mapping, handling of ARP requests,
generation of ICMP redirect messages, and security issues are generation of ICMP redirect messages, and security issues are
addressed. addressed.
This protocol is intended for use with IPv4 routers only. A separate This protocol is intended for use with IPv4 routers only. A separate
specification will be produced if it is decided that similar specification will be produced if it is decided that similar
functionality is desirable in an IPv6 environment. functionality is desirable in an IPv6 environment.
1.3 Definitions 1.3. Definitions
VRRP Router A router running the Virtual Router Redundancy VRRP Router A router running the Virtual Router Redundancy
Protocol. It may participate in one or more Protocol. It may participate in one or more
virtual routers. virtual routers.
Virtual Router An abstract object managed by VRRP that acts Virtual Router An abstract object managed by VRRP that acts
as a default router for hosts on a shared LAN. as a default router for hosts on a shared LAN.
It consists of a Virtual Router Identifier and It consists of a Virtual Router Identifier and
a set of associated IP address(es) across a a set of associated IP address(es) across a
common LAN. A VRRP Router may backup one or common LAN. A VRRP Router may backup one or
skipping to change at page 5, line 24 skipping to change at page 5, line 9
the IP address(es) associated with the virtual the IP address(es) associated with the virtual
router, and answering ARP requests for these router, and answering ARP requests for these
IP addresses. Note that if the IP address IP addresses. Note that if the IP address
owner is available, then it will always become owner is available, then it will always become
the Master. the Master.
Virtual Router Backup The set of VRRP routers available to assume Virtual Router Backup The set of VRRP routers available to assume
forwarding responsibility for a virtual router forwarding responsibility for a virtual router
should the current Master fail. should the current Master fail.
2.0 Required Features 2. Required Features
This section outlines the set of features that were considered This section outlines the set of features that were considered
mandatory and that guided the design of VRRP. mandatory and that guided the design of VRRP.
2.1 IP Address Backup 2.1. IP Address Backup
Backup of IP addresses is the primary function of the Virtual Router Backup of IP addresses is the primary function of the Virtual Router
Redundancy Protocol. While providing election of a Virtual Router Redundancy Protocol. While providing election of a Virtual Router
Master and the additional functionality described below, the protocol Master and the additional functionality described below, the protocol
should strive to: should strive to:
- Minimize the duration of black holes. - Minimize the duration of black holes.
- Minimize the steady state bandwidth overhead and processing - Minimize the steady state bandwidth overhead and processing
complexity. complexity.
- Function over a wide variety of multiaccess LAN technologies - Function over a wide variety of multiaccess LAN technologies
capable of supporting IP traffic. capable of supporting IP traffic.
- Provide for election of multiple virtual routers on a network for - Provide for election of multiple virtual routers on a network for
load balancing load balancing.
- Support of multiple logical IP subnets on a single LAN segment. - Support of multiple logical IP subnets on a single LAN segment.
2.2 Preferred Path Indication 2.2. Preferred Path Indication
A simple model of Master election among a set of redundant routers is A simple model of Master election among a set of redundant routers is
to treat each router with equal preference and claim victory after to treat each router with equal preference and claim victory after
converging to any router as Master. However, there are likely to be converging to any router as Master. However, there are likely to be
many environments where there is a distinct preference (or range of many environments where there is a distinct preference (or range of
preferences) among the set of redundant routers. For example, this preferences) among the set of redundant routers. For example, this
preference may be based upon access link cost or speed, router preference may be based upon access link cost or speed, router
performance or reliability, or other policy considerations. The performance or reliability, or other policy considerations. The
protocol should allow the expression of this relative path preference protocol should allow the expression of this relative path preference
in an intuitive manner, and guarantee Master convergence to the most in an intuitive manner, and guarantee Master convergence to the most
preferential router currently available. preferential router currently available.
2.3 Minimization of Unnecessary Service Disruptions 2.3. Minimization of Unnecessary Service Disruptions
Once Master election has been performed then any unnecessary Once Master election has been performed then any unnecessary
transitions between Master and Backup routers can result in a transitions between Master and Backup routers can result in a
disruption in service. The protocol should ensure after Master disruption in service. The protocol should ensure after Master
election that no state transition is triggered by any Backup router election that no state transition is triggered by any Backup router
of equal or lower preference as long as the Master continues to of equal or lower preference as long as the Master continues to
function properly. function properly.
Some environments may find it beneficial to avoid the state Some environments may find it beneficial to avoid the state
transition triggered when a router becomes available that is transition triggered when a router becomes available that is
preferred over the current Master. It may be useful to support an preferred over the current Master. It may be useful to support an
override of the immediate convergence to the preferred path. override of the immediate convergence to the preferred path.
2.4 Efficient Operation over Extended LANs 2.4. Efficient Operation over Extended LANs
Sending IP packets on a multiaccess LAN requires mapping from an IP Sending IP packets on a multiaccess LAN requires mapping from an IP
address to a MAC address. The use of the virtual router MAC address address to a MAC address. The use of the virtual router MAC address
in an extended LAN employing learning bridges can have a significant in an extended LAN employing learning bridges can have a significant
effect on the bandwidth overhead of packets sent to the virtual effect on the bandwidth overhead of packets sent to the virtual
router. If the virtual router MAC address is never used as the router. If the virtual router MAC address is never used as the
source address in a link level frame then the station location is source address in a link level frame then the station location is
never learned, resulting in flooding of all packets sent to the never learned, resulting in flooding of all packets sent to the
virtual router. To improve the efficiency in this environment the virtual router. To improve the efficiency in this environment the
protocol should: 1) use the virtual router MAC as the source in a protocol should: 1) use the virtual router MAC as the source in a
packet sent by the Master to trigger station learning; 2) trigger a packet sent by the Master to trigger station learning; 2) trigger a
message immediately after transitioning to Master to update the message immediately after transitioning to Master to update the
station learning; and 3) trigger periodic messages from the Master to station learning; and 3) trigger periodic messages from the Master to
maintain the station learning cache. maintain the station learning cache.
3.0 VRRP Overview 3. VRRP Overview
VRRP specifies an election protocol to provide the virtual router VRRP specifies an election protocol to provide the virtual router
function described earlier. All protocol messaging is performed function described earlier. All protocol messaging is performed
using IP multicast datagrams, thus the protocol can operate over a using IP multicast datagrams, thus the protocol can operate over a
variety of multiaccess LAN technologies supporting IP multicast. variety of multiaccess LAN technologies supporting IP multicast.
Each VRRP virtual router has a single well-known MAC address Each VRRP virtual router has a single well-known MAC address
allocated to it. This document currently only details the mapping to allocated to it. This document currently only details the mapping to
networks using the IEEE 802 48-bit MAC address. The virtual router networks using the IEEE 802 48-bit MAC address. The virtual router
MAC address is used as the source in all periodic VRRP messages sent MAC address is used as the source in all periodic VRRP messages sent
by the Master router to enable bridge learning in an extended LAN. by the Master router to enable bridge learning in an extended LAN.
skipping to change at page 7, line 21 skipping to change at page 6, line 50
router with its real addresses on an interface, and may also be router with its real addresses on an interface, and may also be
configured with additional virtual router mappings and priority for configured with additional virtual router mappings and priority for
virtual routers it is willing to backup. The mapping between VRID virtual routers it is willing to backup. The mapping between VRID
and addresses must be coordinated among all VRRP routers on a LAN. and addresses must be coordinated among all VRRP routers on a LAN.
However, there is no restriction against reusing a VRID with a However, there is no restriction against reusing a VRID with a
different address mapping on different LANs. The scope of each different address mapping on different LANs. The scope of each
virtual router is restricted to a single LAN. virtual router is restricted to a single LAN.
To minimize network traffic, only the Master for each virtual router To minimize network traffic, only the Master for each virtual router
sends periodic VRRP Advertisement messages. A Backup router will not sends periodic VRRP Advertisement messages. A Backup router will not
attempt to pre-empt the Master unless it has higher priority. This attempt to preempt the Master unless it has higher priority. This
eliminates service disruption unless a more preferred path becomes eliminates service disruption unless a more preferred path becomes
available. It's also possible to administratively prohibit all pre- available. It's also possible to administratively prohibit all
emption attempts. The only exception is that a VRRP router will preemption attempts. The only exception is that a VRRP router will
always become Master of any virtual router associated with addresses always become Master of any virtual router associated with addresses
it owns. If the Master becomes unavailable then the highest priority it owns. If the Master becomes unavailable then the highest priority
Backup will transition to Master after a short delay, providing a Backup will transition to Master after a short delay, providing a
controlled transition of the virtual router responsibility with controlled transition of the virtual router responsibility with
minimal service interruption. minimal service interruption.
The VRRP protocol design provides rapid transition from Backup to The VRRP protocol design provides rapid transition from Backup to
Master to minimize service interruption, and incorporates Master to minimize service interruption, and incorporates
optimizations that reduce protocol complexity while guaranteeing optimizations that reduce protocol complexity while guaranteeing
controlled Master transition for typical operational scenarios. The controlled Master transition for typical operational scenarios. The
skipping to change at page 8, line 7 skipping to change at page 7, line 32
Master election. However, the typical scenario assumptions are Master election. However, the typical scenario assumptions are
likely to cover the vast majority of deployments, loss of the Master likely to cover the vast majority of deployments, loss of the Master
router is infrequent, and the expected duration in Master election router is infrequent, and the expected duration in Master election
convergence is quite small ( << 1 second ). Thus the VRRP convergence is quite small ( << 1 second ). Thus the VRRP
optimizations represent significant simplifications in the protocol optimizations represent significant simplifications in the protocol
design while incurring an insignificant probability of brief network design while incurring an insignificant probability of brief network
degradation. degradation.
4. Sample Configurations 4. Sample Configurations
4.1 Sample Configuration 1 4.1. Sample Configuration 1
The following figure shows a simple network with two VRRP routers The following figure shows a simple network with two VRRP routers
implementing one virtual router. Note that this example is provided implementing one virtual router. Note that this example is provided
to help understand the protocol, but is not expected to occur in to help understand the protocol, but is not expected to occur in
actual practice. actual practice.
+-----------+ +-----------+ +-----------+ +-----------+
| Rtr1 | | Rtr2 | | Rtr1 | | Rtr2 |
|(MR VRID=1)| |(BR VRID=1)| |(MR VRID=1)| |(BR VRID=1)|
| | | | | | | |
VRID=1 +-----------+ +-----------+ VRID=1 +-----------+ +-----------+
IP A ---------->* *<--------- IP B IP A ---------->* *<--------- IP B
| | | |
| | | |
------------------+------------+-----+--------+--------+--------+-- ------------------+------------+-----+--------+--------+--------+--
^ ^ ^ ^ ^ ^ ^ ^
| | | | | | | |
(IP A) (IP A) (IP A) (IP A) (IP A) (IP A) (IP A) (IP A)
| | | | | | | |
+--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+
| H1 | | H2 | | H3 | | H4 | | H1 | | H2 | | H3 | | H4 |
+-----+ +-----+ +--+--+ +--+--+ +-----+ +-----+ +--+--+ +--+--+
Legend: Legend:
---+---+---+-- = Ethernet, Token Ring, or FDDI ---+---+---+-- = Ethernet, Token Ring, or FDDI
H = Host computer H = Host computer
MR = Master Router MR = Master Router
BR = Backup Router BR = Backup Router
* = IP Address * = IP Address
(IP) = default router for hosts (IP) = default router for hosts
Eliminating all mention of VRRP (VRID=1) from the figure above leaves Eliminating all mention of VRRP (VRID=1) from the figure above leaves
it as a typical IP deployment. Each router is permanently assigned it as a typical IP deployment. Each router is permanently assigned
an IP address on the LAN interface (Rtr1 is assigned IP A and Rtr2 is an IP address on the LAN interface (Rtr1 is assigned IP A and Rtr2 is
assigned IP B), and each host installs a static default route through assigned IP B), and each host installs a static default route through
one of the routers (in this example they all use Rtr1's IP A). one of the routers (in this example they all use Rtr1's IP A).
Moving to the VRRP environment, each router has the exact same Moving to the VRRP environment, each router has the exact same
permanently assigned IP address. Rtr1 is said to be the IP address permanently assigned IP address. Rtr1 is said to be the IP address
owner of IP A, and Rtr2 is the IP address owner of IP B. A virtual owner of IP A, and Rtr2 is the IP address owner of IP B. A virtual
skipping to change at page 9, line 17 skipping to change at page 9, line 10
with priority=100, since it is not the IP address owner. If Rtr1 with priority=100, since it is not the IP address owner. If Rtr1
should fail then the VRRP protocol will transition Rtr2 to Master, should fail then the VRRP protocol will transition Rtr2 to Master,
temporarily taking over forwarding responsibility for IP A to provide temporarily taking over forwarding responsibility for IP A to provide
uninterrupted service to the hosts. uninterrupted service to the hosts.
Note that in this example IP B is not backed up, it is only used by Note that in this example IP B is not backed up, it is only used by
Rtr2 as its interface address. In order to backup IP B, a second Rtr2 as its interface address. In order to backup IP B, a second
virtual router must be configured. This is shown in the next virtual router must be configured. This is shown in the next
section. section.
4.2 Sample Configuration 2 4.2. Sample Configuration 2
The following figure shows a configuration with two virtual routers The following figure shows a configuration with two virtual routers
with the hosts spitting their traffic between them. This example is with the hosts spitting their traffic between them. This example is
expected to be very common in actual practice. expected to be very common in actual practice.
+-----------+ +-----------+ +-----------+ +-----------+
| Rtr1 | | Rtr2 | | Rtr1 | | Rtr2 |
|(MR VRID=1)| |(BR VRID=1)| |(MR VRID=1)| |(BR VRID=1)|
|(BR VRID=2)| |(MR VRID=2)| |(BR VRID=2)| |(MR VRID=2)|
VRID=1 +-----------+ +-----------+ VRID=2 VRID=1 +-----------+ +-----------+ VRID=2
IP A ---------->* *<---------- IP B IP A ---------->* *<---------- IP B
| | | |
| | | |
------------------+------------+-----+--------+--------+--------+-- ------------------+------------+-----+--------+--------+--------+--
^ ^ ^ ^ ^ ^ ^ ^
| | | | | | | |
(IP A) (IP A) (IP B) (IP B) (IP A) (IP A) (IP B) (IP B)
| | | | | | | |
+--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+
| H1 | | H2 | | H3 | | H4 | | H1 | | H2 | | H3 | | H4 |
+-----+ +-----+ +--+--+ +--+--+ +-----+ +-----+ +--+--+ +--+--+
Legend: Legend:
---+---+---+-- = Ethernet, Token Ring, or FDDI ---+---+---+-- = Ethernet, Token Ring, or FDDI
H = Host computer H = Host computer
MR = Master Router MR = Master Router
BR = Backup Router BR = Backup Router
* = IP Address * = IP Address
(IP) = default router for hosts (IP) = default router for hosts
In the example above, half of the hosts have configured a static In the example above, half of the hosts have configured a static
route through Rtr1's IP A and half are using Rtr2's IP B. The route through Rtr1's IP A and half are using Rtr2's IP B. The
configuration of virtual router VRID=1 is exactly the same as in the configuration of virtual router VRID=1 is exactly the same as in the
first example (see section 4.1), and a second virtual router has been first example (see section 4.1), and a second virtual router has been
added to cover the IP address owned by Rtr2 (VRID=2, IP_Address=B). added to cover the IP address owned by Rtr2 (VRID=2, IP_Address=B).
In this case Rtr2 will assert itself as Master for VRID=2 while Rtr1 In this case Rtr2 will assert itself as Master for VRID=2 while Rtr1
will act as a backup. This scenario demonstrates a deployment will act as a backup. This scenario demonstrates a deployment
providing load splitting when both routers are available while providing load splitting when both routers are available while
providing full redundancy for robustness. providing full redundancy for robustness.
5.0 Protocol 5. Protocol
The purpose of the VRRP packet is to communicate to all VRRP routers The purpose of the VRRP packet is to communicate to all VRRP routers
the priority and the state of the Master router associated with the the priority and the state of the Master router associated with the
Virtual Router ID. Virtual Router ID.
VRRP packets are sent encapsulated in IP packets. They are sent to VRRP packets are sent encapsulated in IP packets. They are sent to
the IPv4 multicast address assigned to VRRP. the IPv4 multicast address assigned to VRRP.
5.1 VRRP Packet Format 5.1. VRRP Packet Format
This section defines the format of the VRRP packet and the relevant This section defines the format of the VRRP packet and the relevant
fields in the IP header. fields in the IP header.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Type | Virtual Rtr ID| Priority | Count IP Addrs| |Version| Type | Virtual Rtr ID| Priority | Count IP Addrs|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Auth Type | Adver Int | Checksum | | Auth Type | Adver Int | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address (1) | | IP Address (1) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| . | | . |
| . | | . |
| . | | . |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address (n) | | IP Address (n) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication Data (1) | | Authentication Data (1) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication Data (2) | | Authentication Data (2) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
5.2 IP Field Descriptions 5.2. IP Field Descriptions
5.2.1 Source Address 5.2.1. Source Address
The primary IP address of the interface the packet is being sent The primary IP address of the interface the packet is being sent
from. from.
5.2.2 Destination Address 5.2.2. Destination Address
The IP multicast address as assigned by the IANA for VRRP is: The IP multicast address as assigned by the IANA for VRRP is:
224.0.0.18 224.0.0.18
This is a link local scope multicast address. Routers MUST NOT This is a link local scope multicast address. Routers MUST NOT
forward a datagram with this destination address regardless of its forward a datagram with this destination address regardless of its
TTL. TTL.
5.2.3 TTL 5.2.3. TTL
The TTL MUST be set to 255. A VRRP router receiving a packet with The TTL MUST be set to 255. A VRRP router receiving a packet with
the TTL not equal to 255 MUST discard the packet. the TTL not equal to 255 MUST discard the packet.
5.2.4 Protocol 5.2.4. Protocol
The IP protocol number assigned by the IANA for VRRP is 112 The IP protocol number assigned by the IANA for VRRP is 112
(decimal). (decimal).
5.3 VRRP Field Descriptions 5.3. VRRP Field Descriptions
5.3.1 Version 5.3.1. Version
The version field specifies the VRRP protocol version of this packet. The version field specifies the VRRP protocol version of this packet.
This document defines version 2. This document defines version 2.
5.3.2 Type 5.3.2. Type
The type field specifies the type of this VRRP packet. The only The type field specifies the type of this VRRP packet. The only
packet type defined in this version of the protocol is: packet type defined in this version of the protocol is:
1 ADVERTISEMENT 1 ADVERTISEMENT
A packet with unknown type MUST be discarded. A packet with unknown type MUST be discarded.
5.3.3 Virtual Rtr ID (VRID) 5.3.3. Virtual Rtr ID (VRID)
The Virtual Router Identifier (VRID) field identifies the virtual The Virtual Router Identifier (VRID) field identifies the virtual
router this packet is reporting status for. Configurable item in the router this packet is reporting status for. Configurable item in the
range 1-255 (decimal). There is no default. range 1-255 (decimal). There is no default.
5.3.4 Priority 5.3.4. Priority
The priority field specifies the sending VRRP router's priority for The priority field specifies the sending VRRP router's priority for
the virtual router. Higher values equal higher priority. This field the virtual router. Higher values equal higher priority. This field
is an 8 bit unsigned integer field. is an 8 bit unsigned integer field.
The priority value for the VRRP router that owns the IP address(es) The priority value for the VRRP router that owns the IP address(es)
associated with the virtual router MUST be 255 (decimal). associated with the virtual router MUST be 255 (decimal).
VRRP routers backing up a virtual router MUST use priority values VRRP routers backing up a virtual router MUST use priority values
between 1-254 (decimal). The default priority value for VRRP routers between 1-254 (decimal). The default priority value for VRRP routers
backing up a virtual router is 100 (decimal). backing up a virtual router is 100 (decimal).
The priority value zero (0) has special meaning indicating that the The priority value zero (0) has special meaning indicating that the
current Master has stopped participating in VRRP. This is used to current Master has stopped participating in VRRP. This is used to
trigger Backup routers to quickly transition to Master without having trigger Backup routers to quickly transition to Master without having
to wait for the current Master to timeout. to wait for the current Master to timeout.
5.3.5 Count IP Addrs 5.3.5. Count IP Addrs
The number of IP addresses contained in this VRRP advertisement. The number of IP addresses contained in this VRRP advertisement.
5.3.6 Authentication Type 5.3.6. Authentication Type
The authentication type field identifies the authentication method The authentication type field identifies the authentication method
being utilized. Authentication type is unique on a Virtual Router being utilized. Authentication type is unique on a Virtual Router
basis. The authentication type field is an 8 bit unsigned integer. basis. The authentication type field is an 8 bit unsigned integer.
A packet with unknown authentication type or that does not match the A packet with unknown authentication type or that does not match the
locally configured authentication method MUST be discarded. locally configured authentication method MUST be discarded.
Note: Earlier version of the VRRP specification had several defined Note: Earlier version of the VRRP specification had several defined
authentication types [RFC2338]. These were removed in this authentication types [RFC2338]. These were removed in this
specification because operational experience showed that they did not specification because operational experience showed that they did not
provide any real security and would only cause multiple masters to be provide any real security and would only cause multiple masters to be
created. created.
The authentication methods currently defined are: The authentication methods currently defined are:
0 - No Authentication 0 - No Authentication
1 - Reserved 1 - Reserved
2 - Reserved 2 - Reserved
5.3.6.1 Authentication Type 0 - No Authentication 5.3.6.1. Authentication Type 0 - No Authentication
The use of this authentication type means that VRRP protocol The use of this authentication type means that VRRP protocol
exchanges are not authenticated. The contents of the Authentication exchanges are not authenticated. The contents of the Authentication
Data field should be set to zero on transmission and ignored on Data field should be set to zero on transmission and ignored on
reception. reception.
5.3.6.2 Authentication Type 1 - Reserved 5.3.6.2. Authentication Type 1 - Reserved
This authentication type is reserved to maintain backwards This authentication type is reserved to maintain backwards
compatibility with RFC2338. compatibility with RFC 2338.
5.3.6.3 Authentication Type 2 - Reserved 5.3.6.3. Authentication Type 2 - Reserved
This authentication type is reserved to maintain backwards This authentication type is reserved to maintain backwards
compatibility with RFC2338. compatibility with RFC 2338.
5.3.7 Advertisement Interval (Adver Int) 5.3.7. Advertisement Interval (Adver Int)
The Advertisement interval indicates the time interval (in seconds) The Advertisement interval indicates the time interval (in seconds)
between ADVERTISEMENTS. The default is 1 second. This field is used between ADVERTISEMENTS. The default is 1 second. This field is used
for troubleshooting misconfigured routers. for troubleshooting misconfigured routers.
5.3.8 Checksum 5.3.8. Checksum
The checksum field is used to detect data corruption in the VRRP The checksum field is used to detect data corruption in the VRRP
message. message.
The checksum is the 16-bit one's complement of the one's complement The checksum is the 16-bit one's complement of the one's complement
sum of the entire VRRP message starting with the version field. For sum of the entire VRRP message starting with the version field. For
computing the checksum, the checksum field is set to zero. See computing the checksum, the checksum field is set to zero. See RFC
RFC1071 for more detail [CKSM]. 1071 for more detail [CKSM].
5.3.9 IP Address(es) 5.3.9. IP Address(es)
One or more IP addresses that are associated with the virtual router. One or more IP addresses that are associated with the virtual router.
The number of addresses included is specified in the "Count IP Addrs" The number of addresses included is specified in the "Count IP Addrs"
field. These fields are used for troubleshooting misconfigured field. These fields are used for troubleshooting misconfigured
routers. routers.
5.3.10 Authentication Data 5.3.10. Authentication Data
The authentication string is currently only used to maintain The authentication string is currently only used to maintain
backwards compatibility with RFC2338. It SHOULD be set to zero on backwards compatibility with RFC 2338. It SHOULD be set to zero on
transmission and ignored on reception. transmission and ignored on reception.
6. Protocol State Machine 6. Protocol State Machine
6.1 Parameters per Virtual Router 6.1. Parameters per Virtual Router
VRID Virtual Router Identifier. Configurable VRID Virtual Router Identifier. Configurable item
item in the range 1-255 (decimal). There is in the range 1-255 (decimal). There is no
no default. default.
Priority Priority value to be used by this VRRP Priority Priority value to be used by this VRRP router
router in Master election for this virtual in Master election for this virtual router.
router. The value of 255 (decimal) is The value of 255 (decimal) is reserved for
reserved for the router that owns the IP the router that owns the IP addresses
addresses associated with the virtual associated with the virtual router. The
router. The value of 0 (zero) is reserved value of 0 (zero) is reserved for Master
for Master router to indicate it is router to indicate it is releasing
releasing responsibility for the virtual responsibility for the virtual router. The
router. The range 1-254 (decimal) is range 1-254 (decimal) is available for VRRP
available for VRRP routers backing up the routers backing up the virtual router. The
virtual router. The default value is 100 default value is 100 (decimal).
(decimal).
IP_Addresses One or more IP addresses associated with IP_Addresses One or more IP addresses associated with this
this virtual router. Configured item. No virtual router. Configured item. No
default. default.
Advertisement_Interval Time interval between ADVERTISEMENTS Advertisement_Interval Time interval between ADVERTISEMENTS
(seconds). Default is 1 second. (seconds). Default is 1 second.
Skew_Time Time to skew Master_Down_Interval in Skew_Time Time to skew Master_Down_Interval in seconds.
seconds. Calculated as: Calculated as:
( (256 - Priority) / 256 ) ( (256 - Priority) / 256 )
Master_Down_Interval Time interval for Backup to declare Master Master_Down_Interval Time interval for Backup to declare Master
down (seconds). Calculated as: down (seconds). Calculated as:
(3 * Advertisement_Interval) + Skew_time (3 * Advertisement_Interval) + Skew_time
Preempt_Mode Controls whether a higher priority Backup Preempt_Mode Controls whether a higher priority Backup
router preempts a lower priority Master. router preempts a lower priority Master.
Values are True to allow preemption and Values are True to allow preemption and False
False to prohibit preemption. Default is to prohibit preemption. Default is True.
True.
Note: Exception is that the router that owns Note: Exception is that the router that owns
the IP address(es) associated with the the IP address(es) associated with the
virtual router always pre-empts independent virtual router always preempts independent of
of the setting of this flag. the setting of this flag.
Authentication_Type Type of authentication being used. Values Authentication_Type Type of authentication being used. Values
are defined in section 5.3.6. are defined in section 5.3.6.
Authentication_Data Authentication data specific to the Authentication_Data Authentication data specific to the
Authentication_Type being used. Authentication_Type being used.
6.2 Timers 6.2. Timers
Master_Down_Timer Timer that fires when ADVERTISEMENT has not Master_Down_Timer Timer that fires when ADVERTISEMENT has not
been heard for Master_Down_Interval. been heard for Master_Down_Interval.
Adver_Timer Timer that fires to trigger sending of Adver_Timer Timer that fires to trigger sending of
ADVERTISEMENT based on ADVERTISEMENT based on
Advertisement_Interval. Advertisement_Interval.
6.3 State Transition Diagram 6.3. State Transition Diagram
+---------------+ +---------------+
+--------->| |<-------------+ +--------->| |<-------------+
| | Initialize | | | | Initialize | |
| +------| |----------+ | | +------| |----------+ |
| | +---------------+ | | | | +---------------+ | |
| | | | | | | |
| V V | | V V |
+---------------+ +---------------+ +---------------+ +---------------+
| |---------------------->| | | |---------------------->| |
| Master | | Backup | | Master | | Backup |
| |<----------------------| | | |<----------------------| |
+---------------+ +---------------+ +---------------+ +---------------+
6.4 State Descriptions 6.4. State Descriptions
In the state descriptions below, the state names are identified by In the state descriptions below, the state names are identified by
{state-name}, and the packets are identified by all upper case {state-name}, and the packets are identified by all upper case
characters. characters.
A VRRP router implements an instance of the state machine for each A VRRP router implements an instance of the state machine for each
virtual router election it is participating in. virtual router election it is participating in.
6.4.1 Initialize 6.4.1. Initialize
The purpose of this state is to wait for a Startup event. If a The purpose of this state is to wait for a Startup event. If a
Startup event is received, then: Startup event is received, then:
- If the Priority = 255 (i.e., the router owns the IP address(es) - If the Priority = 255 (i.e., the router owns the IP address(es)
associated with the virtual router) associated with the virtual router)
o Send an ADVERTISEMENT o Send an ADVERTISEMENT
o Broadcast a gratuitous ARP request containing the virtual o Broadcast a gratuitous ARP request containing the virtual
router MAC address for each IP address associated with the router MAC address for each IP address associated with the
virtual router. virtual router.
o Set the Adver_Timer to Advertisement_Interval o Set the Adver_Timer to Advertisement_Interval
o Transition to the {Master} state o Transition to the {Master} state
else else
o Set the Master_Down_Timer to Master_Down_Interval o Set the Master_Down_Timer to Master_Down_Interval
o Transition to the {Backup} state o Transition to the {Backup} state
endif endif
6.4.2 Backup 6.4.2. Backup
The purpose of the {Backup} state is to monitor the availability and The purpose of the {Backup} state is to monitor the availability and
state of the Master Router. state of the Master Router.
While in this state, a VRRP router MUST do the following: While in this state, a VRRP router MUST do the following:
- MUST NOT respond to ARP requests for the IP address(s) associated - MUST NOT respond to ARP requests for the IP address(s) associated
with the virtual router. with the virtual router.
- MUST discard packets with a destination link layer MAC address - MUST discard packets with a destination link layer MAC address
equal to the virtual router MAC address. equal to the virtual router MAC address.
- MUST NOT accept packets addressed to the IP address(es) associated - MUST NOT accept packets addressed to the IP address(es) associated
with the virtual router. with the virtual router.
- If a Shutdown event is received, then: - If a Shutdown event is received, then:
o Cancel the Master_Down_Timer o Cancel the Master_Down_Timer
o Transition to the {Initialize} state o Transition to the {Initialize} state
endif endif
- If the Master_Down_Timer fires, then: - If the Master_Down_Timer fires, then:
o Send an ADVERTISEMENT o Send an ADVERTISEMENT
o Broadcast a gratuitous ARP request containing the virtual o Broadcast a gratuitous ARP request containing the virtual
router MAC address for each IP address associated with the router MAC address for each IP address associated with the
virtual router virtual router
o Set the Adver_Timer to Advertisement_Interval o Set the Adver_Timer to Advertisement_Interval
o Transition to the {Master} state o Transition to the {Master} state
endif endif
- If an ADVERTISEMENT is received, then: - If an ADVERTISEMENT is received, then:
If the Priority in the ADVERTISEMENT is Zero, then: If the Priority in the ADVERTISEMENT is Zero, then:
o Set the Master_Down_Timer to Skew_Time o Set the Master_Down_Timer to Skew_Time
else: else:
If Preempt_Mode is False, or If the Priority in the If Preempt_Mode is False, or If the Priority in the
ADVERTISEMENT is greater than or equal to the local ADVERTISEMENT is greater than or equal to the local
Priority, then: Priority, then:
o Reset the Master_Down_Timer to Master_Down_Interval o Reset the Master_Down_Timer to Master_Down_Interval
else: else:
o Discard the ADVERTISEMENT o Discard the ADVERTISEMENT
endif endif
endif endif
endif endif
6.4.3 Master 6.4.3. Master
While in the {Master} state the router functions as the forwarding While in the {Master} state the router functions as the forwarding
router for the IP address(es) associated with the virtual router. router for the IP address(es) associated with the virtual router.
While in this state, a VRRP router MUST do the following: While in this state, a VRRP router MUST do the following:
- MUST respond to ARP requests for the IP address(es) associated - MUST respond to ARP requests for the IP address(es) associated
with the virtual router. with the virtual router.
- MUST forward packets with a destination link layer MAC address - MUST forward packets with a destination link layer MAC address
equal to the virtual router MAC address. equal to the virtual router MAC address.
- MUST NOT accept packets addressed to the IP address(es) associated - MUST NOT accept packets addressed to the IP address(es) associated
with the virtual router if it is not the IP address owner. with the virtual router if it is not the IP address owner.
- MUST accept packets addressed to the IP address(es) associated - MUST accept packets addressed to the IP address(es) associated
with the virtual router if it is the IP address owner. with the virtual router if it is the IP address owner.
- If a Shutdown event is received, then: - If a Shutdown event is received, then:
o Cancel the Adver_Timer o Cancel the Adver_Timer
o Send an ADVERTISEMENT with Priority = 0 o Send an ADVERTISEMENT with Priority = 0
o Transition to the {Initialize} state o Transition to the {Initialize} state
endif endif
- If the Adver_Timer fires, then: - If the Adver_Timer fires, then:
o Send an ADVERTISEMENT o Send an ADVERTISEMENT o Reset the Adver_Timer to
o Reset the Adver_Timer to Advertisement_Interval Advertisement_Interval
endif endif
- If an ADVERTISEMENT is received, then: - If an ADVERTISEMENT is received, then:
If the Priority in the ADVERTISEMENT is Zero, then: If the Priority in the ADVERTISEMENT is Zero, then:
o Send an ADVERTISEMENT o Send an ADVERTISEMENT
o Reset the Adver_Timer to Advertisement_Interval o Reset the Adver_Timer to Advertisement_Interval
else: else:
If the Priority in the ADVERTISEMENT is greater than the If the Priority in the ADVERTISEMENT is greater than the
local Priority, local Priority,
or or
If the Priority in the ADVERTISEMENT is equal to the local If the Priority in the ADVERTISEMENT is equal to the local
Priority and the primary IP Address of the sender is greater Priority and the primary IP Address of the sender is greater
than the local primary IP Address, then: than the local primary IP Address, then:
o Cancel Adver_Timer o Cancel Adver_Timer
skipping to change at page 20, line 7 skipping to change at page 18, line 27
else: else:
o Discard ADVERTISEMENT o Discard ADVERTISEMENT
endif endif
endif endif
endif endif
7. Sending and Receiving VRRP Packets 7. Sending and Receiving VRRP Packets
7.1 Receiving VRRP Packets 7.1. Receiving VRRP Packets
Performed the following functions when a VRRP packet is received: Performed the following functions when a VRRP packet is received:
- MUST verify that the IP TTL is 255. - MUST verify that the IP TTL is 255.
- MUST verify the VRRP version is 2. - MUST verify the VRRP version is 2.
- MUST verify that the received packet contains the complete VRRP - MUST verify that the received packet contains the complete VRRP
packet (including fixed fields, IP Address(es), and packet (including fixed fields, IP Address(es), and Authentication
Authentication Data). Data).
- MUST verify the VRRP checksum. - MUST verify the VRRP checksum.
- MUST verify that the VRID is configured on the receiving - MUST verify that the VRID is configured on the receiving interface
interface and the local router is not the IP Address owner and the local router is not the IP Address owner (Priority equals
(Priority equals 255 (decimal)). 255 (decimal)).
- MUST verify that the Auth Type matches the locally configured - MUST verify that the Auth Type matches the locally configured
authentication method for the virtual router and perform that authentication method for the virtual router and perform that
authentication method. authentication method.
If any one of the above checks fails, the receiver MUST discard the If any one of the above checks fails, the receiver MUST discard the
packet, SHOULD log the event and MAY indicate via network management packet, SHOULD log the event and MAY indicate via network management
that an error occurred. that an error occurred.
- MAY verify that "Count IP Addrs" and the list of IP Address - MAY verify that "Count IP Addrs" and the list of IP Address
matches the IP_Addresses configured for the VRID matches the IP_Addresses configured for the VRID
If the above check fails, the receiver SHOULD log the event and MAY If the above check fails, the receiver SHOULD log the event and MAY
indicate via network management that a misconfiguration was detected. indicate via network management that a misconfiguration was detected.
If the packet was not generated by the address owner (Priority does If the packet was not generated by the address owner (Priority does
not equal 255 (decimal)), the receiver MUST drop the packet, not equal 255 (decimal)), the receiver MUST drop the packet,
otherwise continue processing. otherwise continue processing.
- MUST verify that the Adver Interval in the packet is the same as - MUST verify that the Adver Interval in the packet is the same as
the locally configured for this virtual router the locally configured for this virtual router
If the above check fails, the receiver MUST discard the packet, If the above check fails, the receiver MUST discard the packet,
SHOULD log the event and MAY indicate via network management that a SHOULD log the event and MAY indicate via network management that a
misconfiguration was detected. misconfiguration was detected.
7.2 Transmitting VRRP Packets 7.2. Transmitting VRRP Packets
The following operations MUST be performed when transmitting a VRRP The following operations MUST be performed when transmitting a VRRP
packet. packet.
- Fill in the VRRP packet fields with the appropriate virtual - Fill in the VRRP packet fields with the appropriate virtual router
router configuration state configuration state
- Compute the VRRP checksum - Compute the VRRP checksum
- Set the source MAC address to Virtual Router MAC Address - Set the source MAC address to Virtual Router MAC Address
- Set the source IP address to interface primary IP address - Set the source IP address to interface primary IP address
- Set the IP protocol to VRRP - Set the IP protocol to VRRP
- Send the VRRP packet to the VRRP IP multicast group - Send the VRRP packet to the VRRP IP multicast group
Note: VRRP packets are transmitted with the virtual router MAC Note: VRRP packets are transmitted with the virtual router MAC
address as the source MAC address to ensure that learning bridges address as the source MAC address to ensure that learning bridges
correctly determine the LAN segment the virtual router is attached correctly determine the LAN segment the virtual router is attached
to. to.
7.3 Virtual Router MAC Address 7.3. Virtual Router MAC Address
The virtual router MAC address associated with a virtual router is an The virtual router MAC address associated with a virtual router is an
IEEE 802 MAC Address in the following format: IEEE 802 MAC Address in the following format:
00-00-5E-00-01-{VRID} (in hex in internet standard bit-order) 00-00-5E-00-01-{VRID} (in hex in internet standard bit-order)
The first three octets are derived from the IANA's OUI. The next two The first three octets are derived from the IANA's OUI. The next two
octets (00-01) indicate the address block assigned to the VRRP octets (00-01) indicate the address block assigned to the VRRP
protocol. {VRID} is the VRRP Virtual Router Identifier. This protocol. {VRID} is the VRRP Virtual Router Identifier. This
mapping provides for up to 255 VRRP routers on a network. mapping provides for up to 255 VRRP routers on a network.
8. Operational Issues 8. Operational Issues
8.1 ICMP Redirects 8.1. ICMP Redirects
ICMP Redirects may be used normally when VRRP is running between a ICMP Redirects may be used normally when VRRP is running between a
group of routers. This allows VRRP to be used in environments where group of routers. This allows VRRP to be used in environments where
the topology is not symmetric. the topology is not symmetric.
The IP source address of an ICMP redirect should be the address the The IP source address of an ICMP redirect should be the address the
end host used when making its next hop routing decision. If a VRRP end host used when making its next hop routing decision. If a VRRP
router is acting as Master for virtual router(s) containing addresses router is acting as Master for virtual router(s) containing addresses
it does not own, then it must determine which virtual router the it does not own, then it must determine which virtual router the
packet was sent to when selecting the redirect source address. One packet was sent to when selecting the redirect source address. One
method to deduce the virtual router used is to examine the method to deduce the virtual router used is to examine the
destination MAC address in the packet that triggered the redirect. destination MAC address in the packet that triggered the redirect.
It may be useful to disable Redirects for specific cases where VRRP It may be useful to disable Redirects for specific cases where VRRP
is being used to load share traffic between a number of routers in a is being used to load share traffic between a number of routers in a
symmetric topology. symmetric topology.
8.2 Host ARP Requests 8.2. Host ARP Requests
When a host sends an ARP request for one of the virtual router IP When a host sends an ARP request for one of the virtual router IP
addresses, the Master virtual router MUST respond to the ARP request addresses, the Master virtual router MUST respond to the ARP request
with the virtual MAC address for the virtual router. The Master with the virtual MAC address for the virtual router. The Master
virtual router MUST NOT respond with its physical MAC address. This virtual router MUST NOT respond with its physical MAC address. This
allows the client to always use the same MAC address regardless of allows the client to always use the same MAC address regardless of
the current Master router. the current Master router.
When a VRRP router restarts or boots, it SHOULD not send any ARP When a VRRP router restarts or boots, it SHOULD not send any ARP
messages with its physical MAC address for the IP address it owns, it messages with its physical MAC address for the IP address it owns, it
should only send ARP messages that include Virtual MAC addresses. should only send ARP messages that include Virtual MAC addresses.
This may entail: This may entail:
- When configuring an interface, VRRP routers should broadcast a - When configuring an interface, VRRP routers should broadcast a
gratuitous ARP request containing the virtual router MAC address gratuitous ARP request containing the virtual router MAC address
for each IP address on that interface. for each IP address on that interface.
- At system boot, when initializing interfaces for VRRP operation; - At system boot, when initializing interfaces for VRRP operation;
delay gratuitous ARP requests and ARP responses until both the IP delay gratuitous ARP requests and ARP responses until both the IP
address and the virtual router MAC address are configured. address and the virtual router MAC address are configured.
8.3 Proxy ARP 8.3. Proxy ARP
If Proxy ARP is to be used on a VRRP router, then the VRRP router If Proxy ARP is to be used on a VRRP router, then the VRRP router
must advertise the Virtual Router MAC address in the Proxy ARP must advertise the Virtual Router MAC address in the Proxy ARP
message. Doing otherwise could cause hosts to learn the real MAC message. Doing otherwise could cause hosts to learn the real MAC
address of the VRRP router. address of the VRRP router.
8.4 Potential Forwarding Loop 8.4. Potential Forwarding Loop
A VRRP router SHOULD not forward packets addressed to the IP A VRRP router SHOULD not forward packets addressed to the IP
Address(es) it becomes Master for if it is not the owner. Forwarding Address(es) it becomes Master for if it is not the owner. Forwarding
these packets would result in unnecessary traffic. Also in the case these packets would result in unnecessary traffic. Also in the case
of LANs that receive packets they transmit (e.g., token ring) this of LANs that receive packets they transmit (e.g., token ring) this
can result in a forwarding loop that is only terminated when the IP can result in a forwarding loop that is only terminated when the IP
TTL expires. TTL expires.
One such mechanism for VRRP routers is to add/delete a reject host One such mechanism for VRRP routers is to add/delete a reject host
route for each adopted IP address when transitioning to/from MASTER route for each adopted IP address when transitioning to/from MASTER
state. state.
9. Operation over FDDI, Token Ring, and ATM LANE 9. Operation over FDDI, Token Ring, and ATM LANE
9.1 Operation over FDDI 9.1. Operation over FDDI
FDDI interfaces remove from the FDDI ring frames that have a source FDDI interfaces remove from the FDDI ring frames that have a source
MAC address matching the device's hardware address. Under some MAC address matching the device's hardware address. Under some
conditions, such as router isolations, ring failures, protocol conditions, such as router isolations, ring failures, protocol
transitions, etc., VRRP may cause there to be more than one Master transitions, etc., VRRP may cause there to be more than one Master
router. If a Master router installs the virtual router MAC address router. If a Master router installs the virtual router MAC address
as the hardware address on a FDDI device, then other Masters' as the hardware address on a FDDI device, then other Masters'
ADVERTISEMENTS will be removed from the ring during the Master ADVERTISEMENTS will be removed from the ring during the Master
convergence, and convergence will fail. convergence, and convergence will fail.
To avoid this an implementation SHOULD configure the virtual router To avoid this an implementation SHOULD configure the virtual router
MAC address by adding a unicast MAC filter in the FDDI device, rather MAC address by adding a unicast MAC filter in the FDDI device, rather
than changing its hardware MAC address. This will prevent a Master than changing its hardware MAC address. This will prevent a Master
router from removing any ADVERTISEMENTS it did not originate. router from removing any ADVERTISEMENTS it did not originate.
9.2 Operation over Token Ring 9.2. Operation over Token Ring
Token ring has several characteristics that make running VRRP Token ring has several characteristics that make running VRRP
difficult. These include: difficult. These include:
- In order to switch to a new master located on a different bridge - In order to switch to a new master located on a different bridge
token ring segment from the previous master when using source token ring segment from the previous master when using source
route bridges, a mechanism is required to update cached source route bridges, a mechanism is required to update cached source
route information. route information.
- No general multicast mechanism supported across old and new token - No general multicast mechanism supported across old and new token
ring adapter implementations. While many newer token ring adapters ring adapter implementations. While many newer token ring
support group addresses, token ring functional address support is adapters support group addresses, token ring functional address
the only generally available multicast mechanism. Due to the support is the only generally available multicast mechanism. Due
limited number of token ring functional addresses these may to the limited number of token ring functional addresses these may
collide with other usage of the same token ring functional collide with other usage of the same token ring functional
addresses. addresses.
Due to these difficulties, the preferred mode of operation over token Due to these difficulties, the preferred mode of operation over token
ring will be to use a token ring functional address for the VRID ring will be to use a token ring functional address for the VRID
virtual MAC address. Token ring functional addresses have the two virtual MAC address. Token ring functional addresses have the two
high order bits in the first MAC address octet set to B'1'. They high order bits in the first MAC address octet set to B'1'. They
range from 03-00-00-00-00-80 to 03-00-02-00-00-00 (canonical format). range from 03-00-00-00-00-80 to 03-00-02-00-00-00 (canonical format).
However, unlike multicast addresses, there is only one unique However, unlike multicast addresses, there is only one unique
functional address per bit position. The functional addresses functional address per bit position. The functional addresses
03-00-00-10-00-00 through 03-00-02-00-00-00 are reserved by the Token 03-00-00-10-00-00 through 03-00-02-00-00-00 are reserved by the Token
Ring Architecture [TKARCH] for user-defined applications. However, Ring Architecture [TKARCH] for user-defined applications. However,
since there are only 12 user-defined token ring functional addresses, since there are only 12 user-defined token ring functional addresses,
there may be other non-IP protocols using the same functional there may be other non-IP protocols using the same functional
address. Since the Novell IPX [IPX] protocol uses the address. Since the Novell IPX [IPX] protocol uses the
03-00-00-10-00-00 functional address, operation of VRRP over token 03-00-00-10-00-00 functional address, operation of VRRP over token
ring will avoid use of this functional address. In general, token ring will avoid use of this functional address. In general, token
ring VRRP users will be responsible for resolution of other user- ring VRRP users will be responsible for resolution of other user-
defined token ring functional address conflicts. defined token ring functional address conflicts.
VRIDs are mapped directly to token ring functional addresses. In VRIDs are mapped directly to token ring functional addresses. In
order to decrease the likelihood of functional address conflicts, order to decrease the likelihood of functional address conflicts,
allocation will begin with the largest functional address. Most non- allocation will begin with the largest functional address. Most
IP protocols use the first or first couple user-defined functional non-IP protocols use the first or first couple user-defined
addresses and it is expected that VRRP users will choose VRIDs functional addresses and it is expected that VRRP users will choose
sequentially starting with 1. VRIDs sequentially starting with 1.
VRID Token Ring Functional Address VRID Token Ring Functional Address
---- ----------------------------- ---- -----------------------------
1 03-00-02-00-00-00 1 03-00-02-00-00-00
2 03-00-04-00-00-00 2 03-00-04-00-00-00
3 03-00-08-00-00-00 3 03-00-08-00-00-00
4 03-00-10-00-00-00 4 03-00-10-00-00-00
5 03-00-20-00-00-00 5 03-00-20-00-00-00
6 03-00-40-00-00-00 6 03-00-40-00-00-00
7 03-00-80-00-00-00 7 03-00-80-00-00-00
8 03-00-00-01-00-00 8 03-00-00-01-00-00
9 03-00-00-02-00-00 9 03-00-00-02-00-00
10 03-00-00-04-00-00 10 03-00-00-04-00-00
11 03-00-00-08-00-00 11 03-00-00-08-00-00
Or more succinctly, octets 3 and 4 of the functional address are Or more succinctly, octets 3 and 4 of the functional address are
equal to (0x4000 >> (VRID - 1)) in non-canonical format. equal to (0x4000 >> (VRID - 1)) in non-canonical format.
Since a functional address cannot be used used as a MAC level source Since a functional address cannot be used as a MAC level source
address, the real MAC address is used as the MAC source address in address, the real MAC address is used as the MAC source address in
VRRP advertisements. This is not a problem for bridges since packets VRRP advertisements. This is not a problem for bridges since packets
addressed to functional addresses will be sent on the spanning-tree addressed to functional addresses will be sent on the spanning-tree
explorer path [802.1D]. explorer path [802.1D].
The functional address mode of operation MUST be implemented by The functional address mode of operation MUST be implemented by
routers supporting VRRP on token ring. routers supporting VRRP on token ring.
Additionally, routers MAY support unicast mode of operation to take Additionally, routers MAY support unicast mode of operation to take
advantage of newer token ring adapter implementations that support advantage of newer token ring adapter implementations that support
non-promiscuous reception for multiple unicast MAC addresses and to non-promiscuous reception for multiple unicast MAC addresses and to
avoid both the multicast traffic and usage conflicts associated with avoid both the multicast traffic and usage conflicts associated with
the use of token ring functional addresses. Unicast mode uses the the use of token ring functional addresses. Unicast mode uses the
same mapping of VRIDs to virtual MAC addresses as Ethernet. However, same mapping of VRIDs to virtual MAC addresses as Ethernet. However,
one important difference exists. ARP request/reply packets contain one important difference exists. ARP request/reply packets contain
the virtual MAC address as the source MAC address. The reason for the virtual MAC address as the source MAC address. The reason for
this is that some token ring driver implementations keep a cache of this is that some token ring driver implementations keep a cache of
MAC address/source routing information independent of the ARP cache. MAC address/source routing information independent of the ARP cache.
Hence, these implementations need to receive a packet with the Hence, these implementations need to receive a packet with the
virtual MAC address as the source address in order to transmit to virtual MAC address as the source address in order to transmit to
that MAC address in a source-route bridged network. that MAC address in a source-route bridged network.
Unicast mode on token ring has one limitation that should be Unicast mode on token ring has one limitation that should be
considered. If there are VRID routers on different source-route considered. If there are VRID routers on different source-route
bridge segments and there are host implementations that keep their bridge segments and there are host implementations that keep their
source-route information in the ARP cache and do not listen to source-route information in the ARP cache and do not listen to
gratuitous ARPs, these hosts will not update their ARP source-route gratuitous ARPs, these hosts will not update their ARP source-route
information correctly when a switch-over occurs. The only possible information correctly when a switch-over occurs. The only possible
solution is to put all routers with the same VRID on the same source- solution is to put all routers with the same VRID on the same
bridge segment and use techniques to prevent that bridge segment from source-bridge segment and use techniques to prevent that bridge
being a single point of failure. These techniques are beyond the segment from being a single point of failure. These techniques are
scope this document. beyond the scope this document.
For both the multicast and unicast mode of operation, VRRP For both the multicast and unicast mode of operation, VRRP
advertisements sent to 224.0.0.18 should be encapsulated as described advertisements sent to 224.0.0.18 should be encapsulated as described
in [RFC1469]. in [RFC1469].
9.3 Operation over ATM LANE 9.3. Operation over ATM LANE
Operation of VRRP over ATM LANE on routers with ATM LANE interfaces Operation of VRRP over ATM LANE on routers with ATM LANE interfaces
and/or routers behind proxy LEC's are beyond the scope of this and/or routers behind proxy LEC's are beyond the scope of this
document. document.
10. Security Considerations 10. Security Considerations
VRRP does not currently include any type of authentication. Earlier VRRP does not currently include any type of authentication. Earlier
versions of the VRRP specification included several types of versions of the VRRP specification included several types of
authentication ranging from none to strong. Operational experience authentication ranging from none to strong. Operational experience
and further analysis determined that these did not provide any real and further analysis determined that these did not provide any real
measure of security. Due to the nature of the VRRP protocol, even if measure of security. Due to the nature of the VRRP protocol, even if
VRRP messages are cryptographically protected, it does not prevent VRRP messages are cryptographically protected, it does not prevent
hostile routers from behaving as if they are a VRRP master, creating hostile routers from behaving as if they are a VRRP master, creating
multiple masters. Authentication of VRRP messages could have multiple masters. Authentication of VRRP messages could have
prevented a hostile router from causing all properly functioning prevented a hostile router from causing all properly functioning
skipping to change at page 26, line 44 skipping to change at page 24, line 33
Independent of any authentication type VRRP includes a mechanism Independent of any authentication type VRRP includes a mechanism
(setting TTL=255, checking on receipt) that protects against VRRP (setting TTL=255, checking on receipt) that protects against VRRP
packets being injected from another remote network. This limits most packets being injected from another remote network. This limits most
vulnerabilities to local attacks. vulnerabilities to local attacks.
VRRP does not provide any confidentiality. Confidentiality is not VRRP does not provide any confidentiality. Confidentiality is not
necessary for the correct operation of VRRP and there is no necessary for the correct operation of VRRP and there is no
information in the VRRP messages that must be kept secret from other information in the VRRP messages that must be kept secret from other
nodes on the LAN. nodes on the LAN.
11. Intellectual Property 11. Acknowledgements
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat. See the IETF IPR web page at
http://www.ietf.org/ipr.html for additional information.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.
12. Acknowledgments
The authors would like to thank Glen Zorn, and Michael Lane, Clark The authors would like to thank Glen Zorn, and Michael Lane, Clark
Bremer, Hal Peterson, Tony Li, Barbara Denny, Joel Halpern, Steve Bremer, Hal Peterson, Tony Li, Barbara Denny, Joel Halpern, Steve
Bellovin, Thomas Narten, Rob Montgomery, Rob Coltun, Radia Perlman, Bellovin, Thomas Narten, Rob Montgomery, Rob Coltun, Radia Perlman,
Russ Housley, Harald Alvestrand, Steve Bellovin, Ned Freed, Ted Russ Housley, Harald Alvestrand, Steve Bellovin, Ned Freed, Ted
Hardie, Russ Housley, Bert Wijnen, Bill Fenner, and Alex Zinin for Hardie, Russ Housley, Bert Wijnen, Bill Fenner, and Alex Zinin for
their comments and suggestions. their comments and suggestions.
13. Normative References 12. References
12.1. Normative References
[802.1D] International Standard ISO/IEC 10038: 1993, ANSI/IEEE Std [802.1D] International Standard ISO/IEC 10038: 1993, ANSI/IEEE Std
802.1D, 1993 edition. 802.1D, 1993 edition.
[CKSM] Braden, R., D. Borman, C. Partridge, "Computing the [CKSM] Braden, R., Borman, D. and C. Partridge, "Computing the
Internet Checksum", RFC1071, September 1988. Internet checksum", RFC 1071, September 1988.
[HSRP] Li, T., B. Cole, P. Morton, D. Li, "Cisco Hot Standby [HSRP] Li, T., Cole, B., Morton, P. and D. Li, "Cisco Hot Standby
Router Protocol (HSRP)", RFC2281, March 1998. Router Protocol (HSRP)", RFC 2281, March 1998.
[IPSTB] Higginson, P., M. Shand, "Development of Router Clusters to [IPSTB] Higginson, P. and M. Shand, "Development of Router Clusters
Provide Fast Failover in IP Networks", Digital Technical to Provide Fast Failover in IP Networks", Digital Technical
Journal, Volume 9 Number 3, Winter 1997. Journal, Volume 9 Number 3, Winter 1997.
[IPX] Novell Incorporated., "IPX Router Specification", Version [IPX] Novell Incorporated., "IPX Router Specification", Version
1.10, October 1992. 1.10, October 1992.
[RFC1469] Pusateri, T., "IP Multicast over Token Ring Local Area [RFC1469] Pusateri, T., "IP Multicast over Token Ring Local Area
Networks", RFC1469, June 1993. Networks", RFC 1469, June 1993.
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision
3", RFC2026, BCP00009, October 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC2119, BCP0014, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2338] Knight, S., et. al., "Virtual Router Redundancy Protocol", [RFC2338] Knight, S., Weaver, D., Whipple, D., Hinden, R., Mitzel,
RFC2338, April 1998. D., Hunt, P., Higginson, P., Shand, M. and A. Lindem,
"Virtual Router Redundancy Protocol", RFC 2338, April 1998.
[TKARCH] IBM Token-Ring Network, Architecture Reference, Publication [TKARCH] IBM Token-Ring Network, Architecture Reference, Publication
SC30-3374-02, Third Edition, (September, 1989). SC30-3374-02, Third Edition, (September, 1989).
14. Informative References 12.2. Informative References
[DISC] Deering, S., "ICMP Router Discovery Messages", RFC1256, [DISC] Deering, S., Ed., "ICMP Router Discovery Messages", RFC
September 1991. 1256, September 1991.
[DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC2131, [DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997. March 1997.
[OSPF] Moy, J., "OSPF version 2", RFC2328, STD0054, April 1998. [OSPF] Moy, J., "OSPF version 2", STD 54, RFC 2328, April 1998.
[RIP] Malkin, G., "RIP Version 2", RFC2453, STD0056, November [RIP] Malkin, G., "RIP Version 2", STD 56, RFC 2453, November
1998. 1998.
15. Editor's Address 13. Changes from RFC 2338
- Moved authors of RFC 2338 to new Contributers section to comply
with RFC editor policy and listed R. Hinden as Editor.
- Removed authentication methods from VRRP. Changes included:
o Removed the values for password and IPSEC based authentication.
The fields and values are retained to keep backwards
compatibility with RFC 2338.
o Removed section on extensible security
o Updated security consideration section to remove discussion of
different authentication methods and added new text explaining
motivation for change and describe vulnerabilities.
- Revised the section 4 examples text with a clearer description of
mapping of IP address owner, priorities, etc.
- Clarify the section 7.1 text describing address list validation.
- Corrected text in Preempt_Mode definition.
- Changed authentication to be per Virtual Router instead of per
Interface.
- Added new subsection (9.3) stating that VRRP over ATM LANE is
beyond the scope of this document.
- Clarified text describing received packet length check.
- Clarified text describing received authentication check.
- Clarified text describing VRID verification check.
- Added new subsection (8.4) describing need to not forward packets
for adopted IP addresses.
- Added clarification to the security considerations section.
- Added reference for computing the internet checksum.
- Updated references and author information.
- Various small editorial changes.
14. Editor's Address
Robert Hinden Robert Hinden
Nokia Nokia
313 Fairchild Drive 313 Fairchild Drive
Mountain View, CA 94043 Mountain View, CA 94043
US US
Phone: +1 650 625-2004 Phone: +1 650 625-2004
Email: bob.hinden@nokia.com EMail: bob.hinden@nokia.com
16. Changes from RFC2338 15. Full Copyright Statement
- Moved authors of RFC2338 to new Contributers section to comply Copyright (C) The Internet Society (2004). This document is subject
with RFC editor policy and listed R. Hinden as Editor. to the rights, licenses and restrictions contained in BCP 78, and
- Removed authentication methods from VRRP. Changes included: except as set forth therein, the authors retain all their rights.
o Removed the values for password and IPSEC based authentication.
The fields and values are retained to keep backwards This document and the information contained herein are provided on an
compatibility with RFC2338. "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
o Removed section on extensible security REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
o Updated security consideration section to remove discussion of INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
different authentication methods and added new text explaining IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
motivation for change and describe vulnerabilities. THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- Revised the section 4 examples text with a clearer description of WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
mapping of IP address owner, priorities, etc.
- Clarify the section 7.1 text describing address list validation. Intellectual Property
- Corrected text in Preempt_Mode definition.
- Changed authentication to be per Virtual Router instead of per The IETF takes no position regarding the validity or scope of any
Interface. Intellectual Property Rights or other rights that might be claimed
- Added new subsection (9.3) stating that VRRP over ATM LANE is to pertain to the implementation or use of the technology
beyond the scope of this document. described in this document or the extent to which any license
- Clarified text describing received packet length check. under such rights might or might not be available; nor does it
- Clarified text describing received authentication check. represent that it has made any independent effort to identify any
- Clarified text describing VRID verification check. such rights. Information on the procedures with respect to
- Added new subsection (8.4) describing need to not forward packets rights in RFC documents can be found in BCP 78 and BCP 79.
for adopted IP addresses.
- Added clarification to the security considerations section. Copies of IPR disclosures made to the IETF Secretariat and any
- Added reference for computing the internet checksum. assurances of licenses to be made available, or the result of an
- Updated references and author information. attempt made to obtain a general license or permission for the use
- Various small editorial changes. of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other
proprietary rights that may cover technology that may be required
to implement this standard. Please address the information to the
IETF at ietf-ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 154 change blocks. 
387 lines changed or deleted 387 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/