draft-ietf-vrrp-spec-05.txt   rfc2338.txt 
INTERNET-DRAFT S. Knight Network Working Group S. Knight
February 2, 1998 D. Weaver Request for Comments: 2338 D. Weaver
Ascend Communications, Inc. Category: Standards Track Ascend Communications, Inc.
D. Whipple D. Whipple
Microsoft, Inc. Microsoft, Inc.
R. Hinden R. Hinden
D. Mitzel D. Mitzel
P. Hunt P. Hunt
Nokia Nokia
P. Higginson P. Higginson
M. Shand M. Shand
Digital Equipment Corp. Digital Equipment Corp.
Acee Lindem A. Lindem
IBM Corporation IBM Corporation
April 1998
Virtual Router Redundancy Protocol Virtual Router Redundancy Protocol
<draft-ietf-vrrp-spec-05.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document specifies an Internet standards track protocol for the
documents of the Internet Engineering Task Force (IETF), its areas, Internet community, and requests discussion and suggestions for
and its working groups. Note that other groups may also distribute improvements. Please refer to the current edition of the "Internet
working documents as Internet-Drafts. Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
To learn the current status of any Internet-Draft, please check the Copyright Notice
"1id-abstracts.txt" listing contained in the Internet- Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim).
This internet draft expires on August 2, 1998. Copyright (C) The Internet Society (1998). All Rights Reserved.
Abstract Abstract
This memo defines the Virtual Router Redundancy Protocol (VRRP). This memo defines the Virtual Router Redundancy Protocol (VRRP).
VRRP specifies an election protocol that dynamically assigns VRRP specifies an election protocol that dynamically assigns
responsibility for a virtual router to one of the VRRP routers on a responsibility for a virtual router to one of the VRRP routers on a
LAN. The VRRP router controlling the IP address(es) associated with LAN. The VRRP router controlling the IP address(es) associated with
a virtual router is called the Master, and forwards packets sent to a virtual router is called the Master, and forwards packets sent to
these IP addresses. The election process provides dynamic fail over these IP addresses. The election process provides dynamic fail over
in the forwarding responsibility should the Master become in the forwarding responsibility should the Master become
unavailable. This allows any of the virtual router IP addresses on unavailable. This allows any of the virtual router IP addresses on
the LAN to be used as the default first hop router by end-hosts. The the LAN to be used as the default first hop router by end-hosts. The
advantage gained from using VRRP is a higher availability default advantage gained from using VRRP is a higher availability default
path without requiring configuration of dynamic routing or router path without requiring configuration of dynamic routing or router
discovery protocols on every end-host. discovery protocols on every end-host.
Table of Contents Table of Contents
1. Introduction...............................................3 1. Introduction...............................................2
2. Required Features..........................................5 2. Required Features..........................................5
3. VRRP Overview..............................................6 3. VRRP Overview..............................................6
4. Sample Configurations......................................8 4. Sample Configurations......................................8
5. Protocol..................................................10 5. Protocol...................................................9
5.1 VRRP Packet Format....................................10 5.1 VRRP Packet Format....................................10
5.2 IP Field Descriptions.................................10 5.2 IP Field Descriptions.................................10
5.3 VRRP Field Descriptions...............................11 5.3 VRRP Field Descriptions...............................11
6. Protocol State Machine....................................14 6. Protocol State Machine....................................13
6.1 Parameters............................................14 6.1 Parameters............................................13
6.2 Timers................................................15 6.2 Timers................................................15
6.3 State Transition Diagram..............................15 6.3 State Transition Diagram..............................15
6.4 State Descriptions....................................15 6.4 State Descriptions....................................15
7. Sending and Receiving VRRP Packets........................19 7. Sending and Receiving VRRP Packets........................18
7.1 Receiving VRRP Packets................................19 7.1 Receiving VRRP Packets................................18
7.2 Transmitting Packets..................................19 7.2 Transmitting Packets..................................19
7.3 Virtual MAC Address...................................20 7.3 Virtual MAC Address...................................19
8. Operational Issues........................................20 8. Operational Issues........................................20
8.1 ICMP Redirects........................................20 8.1 ICMP Redirects........................................20
8.2 Host ARP Requests.....................................20 8.2 Host ARP Requests.....................................20
8.3 Proxy ARP.............................................21 8.3 Proxy ARP.............................................20
9. Operation over FDDI and Token Ring........................21 9. Operation over FDDI and Token Ring........................21
9.1 Operation over FDDI...................................21 9.1 Operation over FDDI...................................21
9.2 Operation over Token Ring.............................22 9.2 Operation over Token Ring.............................21
10. Security Considerations...................................24 10. Security Considerations...................................23
10.1 No Authentication....................................24 10.1 No Authentication....................................23
10.2 Simple Text Password.................................24 10.2 Simple Text Password.................................23
10.3 IP Authentication Header.............................25 10.3 IP Authentication Header.............................24
11. Acknowledgments...........................................25 11. Acknowledgments...........................................24
12. References................................................26 12. References................................................24
13. Authors' Addresses........................................27 13. Authors' Addresses........................................25
14. Changes from Previous Drafts..............................29 14. Full Copyright Statement..................................27
1. Introduction 1. Introduction
There are a number of methods that an end-host can use to determine There are a number of methods that an end-host can use to determine
its first hop router towards a particular IP destination. These its first hop router towards a particular IP destination. These
include running (or snooping) a dynamic routing protocol such as include running (or snooping) a dynamic routing protocol such as
Routing Information Protocol [RIP] or OSPF version 2 [OSPF], running Routing Information Protocol [RIP] or OSPF version 2 [OSPF], running
an ICMP router discovery client [DISC] or using a statically an ICMP router discovery client [DISC] or using a statically
configured default route. configured default route.
skipping to change at page 4, line 9 skipping to change at page 3, line 43
VRRP provides a function similar to a Cisco Systems, Inc. proprietary VRRP provides a function similar to a Cisco Systems, Inc. proprietary
protocol named Hot Standby Router Protocol (HSRP) [HSRP] and to a protocol named Hot Standby Router Protocol (HSRP) [HSRP] and to a
Digital Equipment Corporation, Inc. proprietary protocol named IP Digital Equipment Corporation, Inc. proprietary protocol named IP
Standby Protocol [IPSTB]. Standby Protocol [IPSTB].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119]. document are to be interpreted as described in [RFC 2119].
The IESG/IETF take no position regarding the validity or scope of any
intellectual property right or other rights that might be claimed to
pertain to the implementation or use of the technology, or the extent
to which any license under such rights might or might not be
available. See the IETF IPR web page at http://www.ietf.org/ipr.html
for additional information.
1.1 Scope 1.1 Scope
The remainder of this document describes the features, design goals, The remainder of this document describes the features, design goals,
and theory of operation of VRRP. The message formats, protocol and theory of operation of VRRP. The message formats, protocol
processing rules and state machine that guarantee convergence to a processing rules and state machine that guarantee convergence to a
single Virtual Router Master are presented. Finally, operational single Virtual Router Master are presented. Finally, operational
issues related to MAC address mapping, handling of ARP requests, issues related to MAC address mapping, handling of ARP requests,
generation of ICMP redirect messages, and security issues are generation of ICMP redirect messages, and security issues are
addressed. addressed.
skipping to change at page 8, line 22 skipping to change at page 8, line 14
4. Sample Configurations 4. Sample Configurations
4.1 Sample Configuration 1 4.1 Sample Configuration 1
The following figure shows a simple network with two VRRP routers The following figure shows a simple network with two VRRP routers
implementing one virtual router. Note that this example is provided implementing one virtual router. Note that this example is provided
to help understand the protocol, but is not expected to occur in to help understand the protocol, but is not expected to occur in
actual practice. actual practice.
+-----+ +-----+ +-----+ +-----+
| MR1 | | BR1 | | MR1 | | BR1 |
| | | | | | | |
| | | | | | | |
VRID=1 +-----+ +-----+ VRID=1 +-----+ +-----+
IP A ---------->* *<--------- IP B IP A ---------->* *<--------- IP B
| | | |
| | | |
| | | |
------------------+------------+-----+--------+--------+--------+-- ------------------+------------+-----+--------+--------+--------+--
^ ^ ^ ^ ^ ^ ^ ^
| | | | | | | |
(IP A) (IP A) (IP A) (IP A) (IP A) (IP A) (IP A) (IP A)
| | | | | | | |
+--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+
| H1 | | H2 | | H3 | | H4 | | H1 | | H2 | | H3 | | H4 |
+-----+ +-----+ +--+--+ +--+--+ +-----+ +-----+ +--+--+ +--+--+
Legend: Legend:
---+---+---+-- = Ethernet, Token Ring, or FDDI ---+---+---+-- = Ethernet, Token Ring, or FDDI
H = Host computer H = Host computer
MR = Master Router MR = Master Router
BR = Backup Router BR = Backup Router
* = IP Address * = IP Address
(IP) = default router for hosts (IP) = default router for hosts
The above configuration shows a very simple VRRP scenario. In this The above configuration shows a very simple VRRP scenario. In this
configuration, the end-hosts install a default route to the IP configuration, the end-hosts install a default route to the IP
address of virtual router #1 (IP A) and both routers run VRRP. The address of virtual router #1 (IP A) and both routers run VRRP. The
router on the left becomes the Master for virtual router #1 (VRID=1) router on the left becomes the Master for virtual router #1 (VRID=1)
and the router on the right is the Backup for virtual router #1. If and the router on the right is the Backup for virtual router #1. If
the router on the left should fail, the other router will take over the router on the left should fail, the other router will take over
virtual router #1 and its IP addresses, and provide uninterrupted virtual router #1 and its IP addresses, and provide uninterrupted
service for the hosts. service for the hosts.
skipping to change at page 9, line 22 skipping to change at page 9, line 11
left. IP B is only used by the router on the right as its interface left. IP B is only used by the router on the right as its interface
address. In order to backup IP B, a second virtual router would have address. In order to backup IP B, a second virtual router would have
to be configured. This is shown in the next section. to be configured. This is shown in the next section.
4.2 Sample Configuration 2 4.2 Sample Configuration 2
The following figure shows a configuration with two virtual routers The following figure shows a configuration with two virtual routers
with the hosts spitting their traffic between them. This example is with the hosts spitting their traffic between them. This example is
expected to be very common in actual practice. expected to be very common in actual practice.
+-----+ +-----+ +-----+ +-----+
| MR1 | | MR2 | | MR1 | | MR2 |
| & | | & | | & | | & |
| BR2 | | BR1 | | BR2 | | BR1 |
VRID=1 +-----+ +-----+ VRID=2 VRID=1 +-----+ +-----+ VRID=2
IP A ---------->* *<---------- IP B IP A ---------->* *<---------- IP B
| | | |
| | | |
| | | |
------------------+------------+-----+--------+--------+--------+-- ------------------+------------+-----+--------+--------+--------+--
^ ^ ^ ^ ^ ^ ^ ^
| | | | | | | |
(IP A) (IP A) (IP B) (IP B) (IP A) (IP A) (IP B) (IP B)
| | | | | | | |
+--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ +--+--+
| H1 | | H2 | | H3 | | H4 | | H1 | | H2 | | H3 | | H4 |
+-----+ +-----+ +--+--+ +--+--+ +-----+ +-----+ +--+--+ +--+--+
Legend: Legend:
---+---+---+-- = Ethernet, Token Ring, or FDDI ---+---+---+-- = Ethernet, Token Ring, or FDDI
H = Host computer H = Host computer
MR = Master Router MR = Master Router
BR = Backup Router BR = Backup Router
* = IP Address * = IP Address
(IP) = default router for hosts (IP) = default router for hosts
In the above configuration, half of the hosts install a default route In the above configuration, half of the hosts install a default route
to virtual router #1's IP address (IP A), and the other half of the to virtual router #1's IP address (IP A), and the other half of the
hosts install a default route to virtual router #2's IP address (IP hosts install a default route to virtual router #2's IP address (IP
B). This has the effect of load balancing the outgoing traffic, B). This has the effect of load balancing the outgoing traffic,
while also providing full redundancy. while also providing full redundancy.
5.0 Protocol 5.0 Protocol
The purpose of the VRRP packet is to communicate to all VRRP routers The purpose of the VRRP packet is to communicate to all VRRP routers
skipping to change at page 12, line 28 skipping to change at page 12, line 15
5.3.6 Authentication Type 5.3.6 Authentication Type
The authentication type field identifies the authentication method The authentication type field identifies the authentication method
being utilized. Authentication type is unique on a per interface being utilized. Authentication type is unique on a per interface
basis. The authentication type field is an 8 bit unsigned integer. basis. The authentication type field is an 8 bit unsigned integer.
A packet with unknown authentication type or that does not match the A packet with unknown authentication type or that does not match the
locally configured authentication method MUST be discarded. locally configured authentication method MUST be discarded.
The authentication methods currently defined are: The authentication methods currently defined are:
0 - No Authentication 0 - No Authentication
1 - Simple Text Password 1 - Simple Text Password
2 - IP Authentication Header 2 - IP Authentication Header
5.3.6.1 No Authentication 5.3.6.1 No Authentication
The use of this authentication type means that VRRP protocol The use of this authentication type means that VRRP protocol
exchanges are not authenticated. The contents of the Authentication exchanges are not authenticated. The contents of the Authentication
Data field should be set to zero on transmission and ignored on Data field should be set to zero on transmission and ignored on
reception. reception.
5.3.6.2 Simple Text Password 5.3.6.2 Simple Text Password
The use of this authentication type means that VRRP protocol The use of this authentication type means that VRRP protocol
exchanges are authenticated by a clear text password. The contents exchanges are authenticated by a clear text password. The contents
of the Authentication Data field should be set to the locally of the Authentication Data field should be set to the locally
configured password on transmission. There is no default password. configured password on transmission. There is no default password.
The receiver MUST check that the Authentication Data in the packet The receiver MUST check that the Authentication Data in the packet
matches its configured authentication string. Packets that do not matches its configured authentication string. Packets that do not
match MUST be discarded. match MUST be discarded.
Note that there are security implications to using Simple Text
password authentication, and one should see the Security
Consideration section of this document.
5.3.6.3 IP Authentication Header 5.3.6.3 IP Authentication Header
The use of this authentication type means the VRRP protocol exchanges The use of this authentication type means the VRRP protocol exchanges
are authenticated using the mechanisms defined by the IP are authenticated using the mechanisms defined by the IP
Authentication Header [AUTH] using "The Use of HMAC-MD5-96 within ESP Authentication Header [AUTH] using "The Use of HMAC-MD5-96 within ESP
and AH" [HMAC]. Keys may be either configured manually or via a key and AH" [HMAC]. Keys may be either configured manually or via a key
distribution protocol. distribution protocol.
If a packet is received that does not pass the authentication check If a packet is received that does not pass the authentication check
due to a missing authentication header or incorrect message digest, due to a missing authentication header or incorrect message digest,
skipping to change at page 14, line 13 skipping to change at page 13, line 46
The authentication string is unique on a per interface basis. The authentication string is unique on a per interface basis.
There is no default value for this field. There is no default value for this field.
6. Protocol State Machine 6. Protocol State Machine
6.1 Parameters 6.1 Parameters
6.1.1 Parameters per Interface 6.1.1 Parameters per Interface
Authentication_Type Type of authentication being used. Values Authentication_Type Type of authentication being used. Values
are defined in section 5.3.6. are defined in section 5.3.6.
Authentication_Data Authentication data specific to the Authentication_Data Authentication data specific to the
Authentication_Type being used. Authentication_Type being used.
6.1.2 Parameters per Virtual Router 6.1.2 Parameters per Virtual Router
VRID Virtual Router Identifier. Configured item VRID Virtual Router Identifier. Configured item
in the range 1-255 (decimal). There is no in the range 1-255 (decimal). There is no
default. default.
Priority Priority value to be used by this VRRP Priority Priority value to be used by this VRRP
router in Master election for this virtual router in Master election for this virtual
router. The value of 255 (decimal) is router. The value of 255 (decimal) is
reserved for the router that owns the IP reserved for the router that owns the IP
addresses associated with the virtual addresses associated with the virtual
router. The value of 0 (zero) is reserved router. The value of 0 (zero) is reserved
for Master router to indicate it is for Master router to indicate it is
releasing responsibility for the virtual releasing responsibility for the virtual
router. The range 1-254 (decimal) is router. The range 1-254 (decimal) is
available for VRRP routers backing up the available for VRRP routers backing up the
virtual router. The default value is 100 virtual router. The default value is 100
(decimal). (decimal).
IP_Addresses One or more IP addresses associated with IP_Addresses One or more IP addresses associated with
this virtual router. Configured item. No this virtual router. Configured item. No
default. default.
Advertisement_Interval Time interval between ADVERTISEMENTS Advertisement_Interval Time interval between ADVERTISEMENTS
(seconds). Default is 1 second. (seconds). Default is 1 second.
Skew_Time Time to skew Master_Down_Interval in Skew_Time Time to skew Master_Down_Interval in
seconds. Calculated as: seconds. Calculated as:
( (256 - Priority) / 256 ) ( (256 - Priority) / 256 )
Master_Down_Interval Time interval for Backup to declare Master Master_Down_Interval Time interval for Backup to declare Master
down (seconds). Calculated as: down (seconds). Calculated as:
(3 * Advertisement_Interval) + Skew_time (3 * Advertisement_Interval) + Skew_time
Preempt_Mode Controls whether a higher priority Backup Preempt_Mode Controls whether a higher priority Backup
router preempts a lower priority Master. router preempts a lower priority Master.
Values are True to allow preemption and Values are True to allow preemption and
False to not prohibit preemption. Default False to not prohibit preemption. Default
is True. is True.
Note: Exception is that the router that owns Note: Exception is that the router that owns
the IP address(es) associated with the the IP address(es) associated with the
virtual router always pre-empts independent virtual router always pre-empts independent
of the setting of this flag. of the setting of this flag.
6.2 Timers 6.2 Timers
Master_Down_Timer Timer that fires when ADVERTISEMENT has not Master_Down_Timer Timer that fires when ADVERTISEMENT has not
been heard for Master_Down_Interval. been heard for Master_Down_Interval.
Adver_Timer Timer that fires to trigger sending of Adver_Timer Timer that fires to trigger sending of
ADVERTISEMENT based on ADVERTISEMENT based on
Advertisement_Interval. Advertisement_Interval.
6.3 State Transition Diagram 6.3 State Transition Diagram
+---------------+ +---------------+
+--------->| |<-------------+ +--------->| |<-------------+
| | Initialize | | | | Initialize | |
| +------| |----------+ | | +------| |----------+ |
| | +---------------+ | | | | +---------------+ | |
| | | | | | | |
| V V | | V V |
skipping to change at page 23, line 5 skipping to change at page 22, line 16
token ring VRRP users will be responsible for resolution of other token ring VRRP users will be responsible for resolution of other
user-defined token ring functional address conflicts. user-defined token ring functional address conflicts.
VRIDs are mapped directly to token ring functional addresses. In VRIDs are mapped directly to token ring functional addresses. In
order to decrease the likelihood of functional address conflicts, order to decrease the likelihood of functional address conflicts,
allocation will begin with the largest functional address. Most non- allocation will begin with the largest functional address. Most non-
IP protocols use the first or first couple user-defined functional IP protocols use the first or first couple user-defined functional
addresses and it is expected that VRRP users will choose VRIDs addresses and it is expected that VRRP users will choose VRIDs
sequentially starting with 1. sequentially starting with 1.
VRID Token Ring Functional Address VRID Token Ring Functional Address
---- ----------------------------- ---- -----------------------------
1 03-00-02-00-00-00 1 03-00-02-00-00-00
2 03-00-04-00-00-00 2 03-00-04-00-00-00
3 03-00-08-00-00-00 3 03-00-08-00-00-00
4 03-00-10-00-00-00 4 03-00-10-00-00-00
5 03-00-20-00-00-00 5 03-00-20-00-00-00
6 03-00-40-00-00-00 6 03-00-40-00-00-00
7 03-00-80-00-00-00 7 03-00-80-00-00-00
8 03-00-00-01-00-00 8 03-00-00-01-00-00
9 03-00-00-02-00-00 9 03-00-00-02-00-00
10 03-00-00-04-00-00 10 03-00-00-04-00-00
11 03-00-00-08-00-00 11 03-00-00-08-00-00
Or more succinctly, octets 3 and 4 of the functional address are Or more succinctly, octets 3 and 4 of the functional address are
equal to (0x4000 >> (VRID - 1)) in non-canonical format. equal to (0x4000 >> (VRID - 1)) in non-canonical format.
Since a functional address cannot be used used as a MAC level source Since a functional address cannot be used used as a MAC level source
address, the real MAC address is used as the MAC source address in address, the real MAC address is used as the MAC source address in
VRRP advertisements. This is not a problem for bridges since packets VRRP advertisements. This is not a problem for bridges since packets
addressed to functional addresses will be sent on the spanning-tree addressed to functional addresses will be sent on the spanning-tree
explorer path [802.1D]. explorer path [802.1D].
skipping to change at page 25, line 4 skipping to change at page 24, line 16
misconfiguration of routers on a LAN. It protects against routers misconfiguration of routers on a LAN. It protects against routers
inadvertently backing up another router. A new router must first be inadvertently backing up another router. A new router must first be
configured with the correct password before it can run VRRP with configured with the correct password before it can run VRRP with
another router. This type of authentication does not protect against another router. This type of authentication does not protect against
hostile attacks where the password can be learned by a node snooping hostile attacks where the password can be learned by a node snooping
VRRP packets on the LAN. The Simple Text Authentication combined VRRP packets on the LAN. The Simple Text Authentication combined
with the TTL check makes it difficult for a VRRP packet to be sent with the TTL check makes it difficult for a VRRP packet to be sent
from another LAN to disrupt VRRP operation. from another LAN to disrupt VRRP operation.
This type of authentication is RECOMMENDED when there is minimal risk This type of authentication is RECOMMENDED when there is minimal risk
of nodes on a LAN actively disrupting VRRP operation. of nodes on a LAN actively disrupting VRRP operation. If this type
of authentication is used the user should be aware that this clear
text password is sent frequently, and therefore should not be the
same as any security significant password.
10.3 IP Authentication Header 10.3 IP Authentication Header
The use of this authentication type means the VRRP protocol exchanges The use of this authentication type means the VRRP protocol exchanges
are authenticated using the mechanisms defined by the IP are authenticated using the mechanisms defined by the IP
Authentication Header [AUTH] using "The Use of HMAC-MD5-96 within ESP Authentication Header [AUTH] using "The Use of HMAC-MD5-96 within ESP
and AH", [HMAC]. This provides strong protection against and AH", [HMAC]. This provides strong protection against
configuration errors, replay attacks, and packet configuration errors, replay attacks, and packet
corruption/modification. corruption/modification.
This type of authentication is RECOMMENDED when there is limited This type of authentication is RECOMMENDED when there is limited
control over the administration of nodes on a LAN. While this type control over the administration of nodes on a LAN. While this type
of authentication does protect the operation of VRRP, there are other of authentication does protect the operation of VRRP, there are other
types of attacks that may be employed on shared media links (e.g., types of attacks that may be employed on shared media links (e.g.,
generation of bogus ARP replies) which are independent from VRRP and generation of bogus ARP replies) which are independent from VRRP and
are not protected. are not protected.
11. Acknowledgments 11. Acknowledgments
The authors would like to thank Glen Zorn, and Michael Lane, Clark The authors would like to thank Glen Zorn, and Michael Lane, Clark
Bremer, Hal Peterson, Tony Li, Barbara Denny, Joel Halpern, and Steve Bremer, Hal Peterson, Tony Li, Barbara Denny, Joel Halpern, Steve
Bellovin for their comments and suggestions. Bellovin, and Thomas Narten for their comments and suggestions.
12. References 12. References
[802.1D] International Standard ISO/IEC 10038: 1993, ANSI/IEEE Std [802.1D] International Standard ISO/IEC 10038: 1993, ANSI/IEEE Std
802.1D, 1993 edition. 802.1D, 1993 edition.
[AUTH] Atkinson, R., "IP Authentication Header", RFC-1826, August [AUTH] Kent, S., and R. Atkinson, "IP Authentication Header",
1995. Work in Progress.
[DISC] Deering, S., "ICMP Router Discovery Messages", RFC-1256, [DISC] Deering, S., "ICMP Router Discovery Messages", RFC 1256,
September 1991. September 1991.
[DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC-1541, [DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
October 1993. March 1997.
[HMAC] Madson, C., R. Glenn, "The Use of HMAC-MD5-96 within ESP [HMAC] Madson, C., and R. Glenn, "The Use of HMAC-MD5-96 within
and AH", Internet Draft, <draft-ietf-ipsec-auth-hmac- ESP and AH", Work in Progress.
md5-96-00.txt> , July 1997.
[HSRP] Li, T., B. Cole, P. Morton, D. Li, "Hot Standby Router [HSRP] Li, T., Cole, B., Morton, P., and D. Li, "Cisco Hot Standby
Protocol (HSRP)", Internet Draft, <draft-li-hsrp-01.txt>, Router Protocol (HSRP)", RFC 2281, March 1998.
October 1997.
[IPSTB] Higginson, P., M. Shand, "Development of Router Clusters to [IPSTB] Higginson, P., M. Shand, "Development of Router Clusters to
Provide Fast Failover in IP Networks", Digital Technical Provide Fast Failover in IP Networks", Digital Technical
Journal, Volume 9 Number 3, Winter 1997. Journal, Volume 9 Number 3, Winter 1997.
[IPX] Novell Incorporated., "IPX Router Specification", Version [IPX] Novell Incorporated., "IPX Router Specification", Version
1.10, October 1992. 1.10, October 1992.
[OSPF] Moy, J., "OSPF version 2", RFC-1583, July 1997. [OSPF] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[RIP] Hedrick, C., "Routing Information Protocol" , RFC-1058, [RIP] Hedrick, C., "Routing Information Protocol", RFC 1058,
June 1988. June 1988.
[RFC1469] Pusateri, T., "IP over Token Ring LANs", RFC 1469, June [RFC1469] Pusateri, T., "IP over Token Ring LANs", RFC 1469, June
1993. 1993.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC-2119, BCP14, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[TKARCH] IBM Token-Ring Network, Architecture Reference, Publication [TKARCH] IBM Token-Ring Network, Architecture Reference, Publication
SC30-3374-02, Third Edition, (September, 1989). SC30-3374-02, Third Edition, (September, 1989).
13. Author's Addresses 13. Authors' Addresses
Steven Knight Phone: +1 612 943-8990 Steven Knight Phone: +1 612 943-8990
Ascend Communications EMail: Steven.Knight@ascend.com Ascend Communications EMail: Steven.Knight@ascend.com
High Performance Network Division High Performance Network Division
10250 Valley View Road, Suite 113 10250 Valley View Road, Suite 113
Eden Prairie, MN USA 55344 Eden Prairie, MN USA 55344
USA USA
Douglas Weaver Phone: +1 612 943-8990 Douglas Weaver Phone: +1 612 943-8990
Ascend Communications EMail: Doug.Weaver@ascend.com Ascend Communications EMail: Doug.Weaver@ascend.com
High Performance Network Division High Performance Network Division
10250 Valley View Road, Suite 113 10250 Valley View Road, Suite 113
Eden Prairie, MN USA 55344 Eden Prairie, MN USA 55344
USA USA
David Whipple Phone: +1 206 703-3876
David Whipple Phone: +1 206 703-3876 Microsoft Corporation EMail: dwhipple@microsoft.com
Microsoft Corporation EMail: dwhipple@microsoft.com
One Microsoft Way One Microsoft Way
Redmond, WA USA 98052-6399 Redmond, WA USA 98052-6399
USA USA
Robert Hinden Phone: +1 408 990-2004 Robert Hinden Phone: +1 408 990-2004
Nokia EMail: hinden@ipsilon.com Nokia EMail: hinden@iprg.nokia.com
232 Java Drive 232 Java Drive
Sunnyvale, CA 94089 Sunnyvale, CA 94089
USA USA
Danny Mitzel Phone: +1 408 990-2037 Danny Mitzel Phone: +1 408 990-2037
Nokia EMail: mitzel@ipsilon.com Nokia EMail: mitzel@iprg.nokia.com
232 Java Drive 232 Java Drive
Sunnyvale, CA 94089 Sunnyvale, CA 94089
USA USA
Peter Hunt Phone: +1 408 990-2093 Peter Hunt Phone: +1 408 990-2093
Nokia EMail: hunt@ipsilon.com Nokia EMail: hunt@iprg.nokia.com
232 Java Drive 232 Java Drive
Sunnyvale, CA 94089 Sunnyvale, CA 94089
USA USA
P. Higginson Phone: +44 118 920 6293 P. Higginson Phone: +44 118 920 6293
Digital Equipment Corp. EMail: higginson@mail.dec.com Digital Equipment Corp. EMail: higginson@mail.dec.com
Digital Park Digital Park
Imperial Way Imperial Way
Reading Reading
Berkshire Berkshire
RG2 0TE RG2 0TE
UK UK
M. Shand Phone: +44 118 920 4424
Digital Equipment Corp. EMail: shand@mail.dec.com M. Shand Phone: +44 118 920 4424
Digital Equipment Corp. EMail: shand@mail.dec.com
Digital Park Digital Park
Imperial Way Imperial Way
Reading Reading
Berkshire Berkshire
RG2 0TE RG2 0TE
UK UK
Acee Lindem Phone: 1-919-254-1805 Acee Lindem Phone: 1-919-254-1805
IBM Corporation E-Mail: acee@raleigh.ibm.com IBM Corporation E-Mail: acee@raleigh.ibm.com
P.O. Box 12195 P.O. Box 12195
Research Triangle Park, NC 27709 Research Triangle Park, NC 27709
USA USA
14. Changes from Previous Drafts 14. Full Copyright Statement
Changes from <draft-ietf-vrrp-spec-04.txt>
- Added IANA assignment for MAC prefix.
- Clarified examples and definitions.
- Updated reference to Digital IP Standby protocol.
Changes from <draft-ietf-vrrp-spec-03.txt>
- Added IANA assignments for protocol and multicast address. MAC
prefix still needed.
- Added Token Ring specific procedures supplied by Acee Lindem and
added him as an author.
- Tightened up terminology and definitions and made appropriate
changes in the text.
Changes from <draft-ietf-vrrp-spec-02.txt>
- Updated text and references to point to "The Use of HMAC-MD5-96
within ESP and AH" that is the correct reference for the use of
IPSEC AH with MD5.
Changes from <draft-ietf-vrrp-spec-01.txt>
Major change to use real IP addresses instead of virtual IP
addresses. Changes include:
- Updated version number to 2.
- Modified packet header
- New terminology (removed cluster, virtual IP address, etc., added
VRID, associated IP address(es), etc.).
- Special case of priority = 255 for router owning VRID and
associated IP address(es).
- Reworked examples.
- Rewrote introductory and overview sections.
- Added rules for redirects and ARP.
- Added sending gratuitous ARP request when transitioning to Master.
Changes from <draft-ietf-vrrp-spec-00.txt> Copyright (C) The Internet Society (1998). All Rights Reserved.
- Added Preempt_Mode to allow user control over preemption This document and translations of it may be copied and furnished to
independent of configured priorities. others, and derivative works that comment on or otherwise explain it
- Rewrote authentication section and expanded security or assist in its implementation may be prepared, copied, published
considerations. and distributed, in whole or in part, without restriction of any
- Expanded State Description section and removed State Table which kind, provided that the above copyright notice and this paragraph are
become redundant and impossible to edit. included on all such copies and derivative works. However, this
- Changed authentication to be on a per interface basis (not per document itself may not be modified in any way, such as by removing
cluster). the copyright notice or references to the Internet Society or other
- Clarified text on disabling ICMP Redirects. Internet organizations, except as needed for the purpose of
- Added text on FDDI and Token Ring issues. developing Internet standards in which case the procedures for
- Added HSRP acknowledgment. copyrights defined in the Internet Standards process must be
- Rewrote Introduction, Required Features, and VRRP Overview followed, or as required to translate it into languages other than
sections. English.
- Many small text clarifications.
Changes from <draft-hinden-vrrp-00.txt> The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
- Changed default behavior to stay with current master when This document and the information contained herein is provided on an
priorities are equal. This behavior can be changed by configuring "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
explicit priorities. TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- Changed Master state behavior to not send Advertisements when BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
receiving Advertisement with lower priority. Change reduces worst HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
case election message overhead to "n", where "n" is number of MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
configured equal priority VRRP routers.
- Added Skew_Time parameter and changed receiving advertisement with
zero priority behavior to cause resulting advertisement sent to be
skewed by priority.
- Changed sending behavior to send VRRP packets with VMAC as source
MAC and added text describing why this is important for bridged
environments.
- Changed definition of VMAC to be in IANA assigned unicast MAC
block.
- Added Advertisement Interval to VRRP header.
- Added text regarding ICMP Redirects, Proxy ARP, and network
management issues.
- Various small text clarifications.
 End of changes. 61 change blocks. 
237 lines changed or deleted 203 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/