The present invention relates to a method for configuring a network device, such as a router, which is configured for Border Gateway Protocol (BGP) to automatically cause route selection by a peer of the network device to failover from a route learned through a session with the network device to a route learned through a session with a backup network device in the event of a failure at the first network device, and more particularly, to a method for synchronized BGP and Virtual Router Redundancy Protocol (VRRP) failover when the network device also acts as one or more virtual routers in a VRRP network.
BGP is the protocol used to exchange route information between routers of Autonomous Systems (AS). See for example, Rekhter, Y., Li, T., and S. Hares, Eds., “A Border Gateway Protocol 4 (BGP-4)”, RFC 4271 (http://datatracker.ietf.org/doc/rfc4271), Jan. 2006.
BGP routers in neighboring ASs (referred to herein as “peers”) exchange route information with one another other in BGP sessions (henceforth “sessions”), whereby a router will advertise to its peers, via “UPDATE” messages, routes through which addresses within its AS are reachable. The receiving router stores the routes received from peers in the router's Route Information Database (RIB), which is then used by the router to determine the best route to any particular destination. A single BGP router may be simultaneously engaged in multiple sessions. Further, two or more BGP routers may be active in a single AS, providing the same or different routes to destinations within the AS. Often, these routers are configured for redundancy in a high availability deployment so that if the primary router fails, traffic will be routed through the alternate, or backup, router without incurring extra hops.
VRRP is a protocol used by physical routers that are clustered together to appear as virtual routers in which interfaces of the physical routers can be configured with the same virtual IP addresses which are shared by all routers in the cluster. See for example, Nadas, S., Ed., “Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6”, RFC 5798 (http://datatracker.ietf.org/doc/rfc5798), Mar. 2010. Since each physical router has multiple interfaces, each interface can be configured for a different virtual router, therefore a physical router may have some interfaces configured to be master virtual routers and other interfaces configured to be backup virtual routers. As used herein, the term “virtual router” refers to an interface of a physical router which is configured to act as a virtual router using VRRP.
In a high availability router deployment, taking a physical router offline is a very expensive process, especially when the problem is of a temporary nature or only affects a single session. More desirable would be a failover method where traffic can be routed through the backup router temporarily until the problem with the master router is resolved, and automatically routed through the master again once the problem it was experiencing is resolved. There may also be cases where although there may be a problem with the master router, it is nevertheless desired that traffic should continue to be received by the master router from some peers while traffic from other peers is transferred to the backup router. Thus, selectivity is another desirable feature of a failover method wherein some, but not all, sessions can be selected to failover to the backup router if the primary router is experiencing a problem with one or more sessions. Furthermore, since a BGP router may also be a member of a VRRP cluster, it would be advantageous if, when a session on the primary router fails over to the backup router, the primary router would also automatically transition from a VRRP ‘master’ state to a ‘backup’ state until the problem is resolved. The reverse is also a true, in that if a virtual router on the primary router transitioned from a ‘master’ state into an ‘init’ state, selected BGP sessions should automatically also failover to the backup router. Such a failover method would ensure that a router which has a problem is not acting as master in either capacity.