R3166-R3206-HP High-End Firewalls High Availability Configuration Guide-6PW101
2
VRRP is an error-tolerant protocol, which improves the network reliability and simplifies configurations on
hosts. Deploying VRRP on multicast and broadcast LANs such as Ethernet, you can ensure that the system
can still provide highly reliable default links without changing configurations (such as dynamic routing
protocols, route discovery protocols) when a device fails, and prevent network interruption due to failure
of a single link.
VRRP group
VRRP combines a group of routers (including a master and multiple backups) on a LAN into a virtual
router called VRRP group.
A VRRP group has the following features:
• A virtual router has an IP address. A host on the LAN only needs to know the IP address of the virtual
router and uses the IP address as the next hop of the default route.
• Every host on the LAN communicates with external networks through the virtual router.
• Routers in the VRRP group elect the gateway according to their priorities. When the master acting
as the gateway fails, to ensure that the hosts in the network segment can communicate with the
external networks uninterruptedly, the other routers in the VRRP group elect a new gateway to
undertake the responsibility of the failed router.
Figure 2 Network diagram for VRRP
As shown in Figure 2, Router A, Router B, and Router C form a virtual router, which has its own IP address.
Hosts on the Ethernet use the virtual router as the default gateway.
The router with the highest priority of the three routers is elected as the master to act as the gateway, and
the other two are backups.
NOTE:
• The IP address of the virtual router can be either an unused IP address on the segment where the VRRP
group resides or the IP address of an interface on a router in the VRRP
g
roup. In the latter case, the router
is called the IP address owner.
• In a VRRP group, you can configure only one IP address owner.