R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101
4
Configuring VRRP
NOTE:
• The term
router
in this document refers to both routers and Layer 3 firewalls.
• The interfaces that VRRP involves can be only Layer 3 Ethernet interfaces and Layer 3 aggregate
interfaces unless otherwise specified.
• VRRP cannot be configured on an interface of an aggregation group.
• VRRP versions include VRRPv2 and VRRPv3. VRRPv2 is based on IPv4, and VRRPv3 is based on IPv6.
The web interface supports only configuration of IPv4 VRRP.
VRRP overview
Typically, as shown in Figure 1, you can configure a default route with the gateway as the next hop for
every host on a network segment. All packets destined to other network segments are sent over the
default route to the gateway, which then forwards the packets. However, when the gateway fails, all the
hosts that use the gateway as the default next-hop router fail to communicate with external networks.
Figure 1 LAN networking
Configuring a default route for network hosts facilitates your configuration, but also requires high
performance stability of the device that acts as the gateway. Using more egress gateways is a common
way to improve system reliability, but introduces the problem of routing among the egresses.
Virtual Router Redundancy Protocol (VRRP) is designed to address this problem. VRRP adds a group of
routers that can act as network gateways to a VRRP group, which forms a virtual router. Routers in the
VRRP group elect a master through the VRRP election mechanism to act as a gateway, and hosts on a
LAN only need to configure the virtual router as their default network gateway.
VRRP is an error-tolerant protocol, which improves the network reliability and simplifies configurations on
hosts. On a multicast and broadcast LAN such as Ethernet, VRRP provides highly reliable default links