Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
5
Configuring a default route for network hosts facilitates your configuration, but also requires high
performance stability of the device that acts as the gateway. Using more egress gateways is a common
way to improve system reliability, but introduces the problem of routing among the egresses.
Virtual Router Redundancy Protocol (VRRP) is designed to address this problem. VRRP adds a group of
routers that can act as network gateways to a VRRP group, which forms a virtual router. Routers in the
VRRP group elect a master through the VRRP election mechanism to act as a gateway, and hosts on a
LAN only need to configure the virtual router as their default network gateway.
VRRP is an error-tolerant protocol, which improves the network reliability and simplifies configurations on
hosts. On a multicast and broadcast LAN such as Ethernet, VRRP provides highly reliable default links
without configuration changes (such as dynamic routing protocols, route discovery protocols) when a
router fails, and prevent network interruption due to a single link failure.
VRRP can operate in only standard mode, which includes IETF VRRPv2 for IPv4 and VRRPv3 for IPv6. For
more information, see "
476HVRRP standard mode."
18B
VRRP standard mode
226BVRRP group
VRRP combines a group of routers (including a master and multiple backups) on a LAN into a virtual
router called VRRP group.
A VRRP group has the following features:
A virtual router has a virtual IP address. A host on the LAN only needs to know the IP address of the
virtual router and uses the IP address as the next hop of the default route.
Every host on the LAN communicates with external networks through the virtual router.
Routers in the VRRP group elect a master that acts as the gateway according to their priorities. The
other routers function as the backups. When the master fails, to make sure that the hosts in the
network segment can communicate without interruption with the external networks, the backups in
the VRRP group elect a new gateway to take the responsibility for the failed master.
Figure 2 Network diagram
As shown in 477HFigure 2, Router A, Router B, and Router C form a virtual router, which has its own IP address.
Hosts on the Ethernet use the virtual router as the default gateway.