Mastering VRRP: How to Ensure Router Redundancy and Prevent Split‑Brain Failures

VRRP

In IP networks, gateway devices (routers, NAT gateways, load balancers, etc.) connect different LANs; hosts use the gateway as their default gateway.

VRRP (Virtual Router Redundancy Protocol) provides default‑gateway redundancy for LANs, ensuring high availability of the IP gateway. It has IPv4 VRRPv2 and IPv6 VRRPv3 versions.

Basic Concepts and Operation

VRRP Router (Physical Router) : a physical router with VRRP enabled.

VRRP Group (Backup Group) : a redundancy group composed of multiple VRRP routers.

Virtual Router : the logical router built from the group.

VIP (Virtual IP address) : the address presented to hosts as their default gateway.

VIP Address Owner : the router currently owning the VIP.

VMAC (Virtual MAC address) : automatically generated MAC for the VIP.

Master Router : the active router holding VIP and VMAC.

Backup Router : standby routers that can become Master.

The protocol builds a virtual router from multiple physical routers, offers a single VIP to LAN hosts, and uses a fault‑detection mechanism to elect and switch the Master, providing gateway‑level HA.

VRRP Router States and Message Flow

Masters periodically multicast VRRP messages to backups using address 223.0.0.18, port 112, TTL 255. Authentication can be none, simple password, or MD5.

No authentication : no validation.

Simple password authentication : a clear‑text password is compared.

MD5 authentication : the message is hashed with a secret.

VRRP defines three states for a router:

Initialize : after enabling VRRP, the router joins the election based on priority.

Master : the router with highest priority (255) becomes Master and sends periodic advertisements.

Backup : waits for Master advertisements; if they stop, it starts election.

Master Election Process

The election follows these rules:

If a router’s IP matches the VIP, it becomes Master.

Otherwise, the router with the highest priority wins.

If priorities tie, the router with the higher IP address wins.

After election, the new Master broadcasts a gratuitous ARP to update hosts’ ARP tables.

Multi‑Master HA Mode

Although VRRP is designed for active‑standby HA, multiple VRRP groups can be configured to achieve a “multi‑master” setup, allowing a single physical router to act as Master in one group and Backup in another, improving bandwidth utilization.

VRRP Configuration Examples on Router Devices

1. Configure VRRP Group

Enable VRRP by creating a group and assigning a virtual IP. vrrp group-number ip ip-address [secondary] group-number: VRRP group ID (1‑255).

ip-address: virtual IP.

secondary: optional secondary IP.

2. Configure VRRP Priority

Set a router’s priority (0‑255) to influence Master selection; 255 makes the router the IP address owner.

vrrp group-number priority number

3. Configure VRRP Interface Tracking

Track interface status; when an interface goes down, the router’s priority is decremented, causing it to drop to Backup.

vrrp group-number track interface [priority-decrement]

4. Configure VRRP Preempt Mode

Enable a router to reclaim Master role after recovery.

vrrp group-number preempt {delay [Delay-time]}

5. Configure VRRP Timers

Adjust the advertisement interval.

vrrp group-number timers advertise vrrp-advertise-interval

6. Configure VRRP Learn Timers

Enable the router to learn the advertisement interval and compute the fail‑over timeout.

vrrp group-number times learn

Keepalived – VRRP Implementation on Linux

Keepalived adds a VRRP stack to Linux, providing HA for LVS, HAProxy, Redis, RabbitMQ, etc.

Software Architecture

IPVS : kernel module for load balancing.

NETLINK : communication between kernel and user space.

IPVS Wrapper : generates forwarding rules.

Checkers : health checks for real servers.

VRRP Stack : implements VRRP.

WatchDog : monitors child processes.

I/O Multiplexer : manages I/O.

Memory Management : handles memory.

Control Plane : parses configuration files.

Three processes run: a parent process, a child handling the VRRP stack, and a child performing health checks.

VRRP Stack

The stack follows the VRRP standard, electing a Master and handling failover.

Checkers

Checkers perform L3 ping, L4 TCP, and L7 HTTP health checks on real servers, removing or adding them from the pool as needed.

VRRP Split‑Brain Issues

If multiple routers believe they are Master, IP conflicts occur. Causes include communication failures, misconfiguration, firewall blocks, or bugs. Mitigations involve custom heartbeat scripts, split‑brain detection with automated power‑off, and redundant physical links.