1. Field of the Invention
The present invention relates to the field of network communications technology, and in particular, to a method for managing Virtual Router Redundancy Protocol (VRRP) backup groups.
2. Background of the Invention
In order to realize reliable access of a local area network to an external network, two or more routers are generally employed as a gateway, via which the internal host of the local area network accesses the external network, so as to provide backup for each other. According to the VRRP, two or more routers constitute a virtual router which provides a uniform virtual Internet Protocol (IP) address and a corresponding virtual Media Access Control (MAC) address. In this way, an internal host needs only to set one gateway, i.e., the IP address of the VRRP backup group. As long as any one of the routers constituting the virtual router operates normally, the router may transmit packets from the internal network to the external network as an inter-network device; thus the normal operation of the network is guaranteed.
In the VRRP, all routers constituting a virtual router are called by a joint name, which is a VRRP backup group; and each of the routers in the VRRP backup group is called a VRRP backup group member. As a VRRP backup group member, the router has three states.
Initialize: corresponding interfaces configured with VRRP have not been started, the purpose of this state is to wait for a Startup event.
Master: the member is in the state of transmitting packets. The VRRP backup group member in the Master state is called a master member or a master device. While in the Master state the router functions as the forwarding router for the IP address and the MAC address associated with the virtual router and periodically sends a advertisement t packet to inform backup devices of keeping monitoring.
Backup: the purpose of the Backup state is to monitor the availability and state of the Master Router. The member in this state receives the advertisement packet from the master device, if the advertisement packet has not been received for a specific number of intervals, the member in the Backup state becomes the master device according to the priority thereof and begins transmitting packets. The VRRP backup group member in the Backup state is called a backup member or a backup device.
In a VRRP backup group, only one device is in the Master state and in charge of transmitting packets, the other devices are all in the Backup state and ready for replacing the master device to transmit packets at any moment according to their priorities. One physical device can be a member of multiple VRRP backup groups, and may be a master device in some VRRP backup groups and be a backup device in some other VRRP backup groups.
As shown in FIG. 1, RouteA, RouteB and RouteC belong to a single VRRP backup group, and have the same virtual IP address 10.110.10.1. A device in the local area network sets this virtual IP address as the default gateway. At the beginning, RouteA is the master device of the VRRP backup group for the IP address associated with the virtual router, and is in charge of transmitting IP packets and sending VRRP advertisement packets periodically; RouteB and RouteC are backup devices, and monitor the advertisement packets from RouteA. The interval of the period is set in advance, usually in seconds.
If, for some reason, there is a failure in RouteA or in the link from RouteA to the internal network, RouteB and RouteC will not be able to receive the VRRP advertisement packet. If a backup device has not received a VRRP advertisement packet for a threshold number of consecutive intervals, the backup devices RouteB and RouteC will compete to be a new master device; and eventually one of them will transit to the Master state and transmit packets. The threshold number is set in advance. After a transition has occurred, the networking structure of FIG. 1 turns into the networking structure of FIG. 2.
When it is a failure of RouterA that results in the transition, the link from RouterA to the external network will be disconnected, and the packet returned from the external network will arrive in the internal network through RouterB or RouterC. When it is a failure in the link between the RouterA and the internal local area network that leads to the transition, in the case that the packet returned from the external network to the internal network has been forwarded to RouterA, the proper packet transmission may be guaranteed by notifying the upstream device to perform a route transition through configuring a dynamic route protocol, or by forwarding the packets between routers
If there is neither a failure in the master device RouterA nor a failure in the link from the master device to the internal network, and the link from the master device to the external network is in failure, as shown in FIG. 3, as being configured with a VRRP monitoring interface, the VRRP backup group member can modify its own priority according to the connection state of the monitored interface. For example, the monitoring interface configured in the RouterA monitors the uplink interface between RouterA and the external network. Once the uplink interface is in failure, RouterA will lower its own priority, e.g., lower its own priority by 30. Because the member with the highest priority becomes a master device in the VRRP backup group, another VRRP backup group member will become the master device as its priority is higher than that of the current master device, and a networking structure after such a transition is shown in FIG. 4.
Though VRRP can provide route backup of the local area network, it cannot guarantee the normal operation of network due to its limitation in supporting evolving networking environments. The evolving networking environments include: reliability networking based on state firewall, reliability networking based on Network Address Translator (NAT) gateway and reliability networking based on Proxy server. A common characteristic of these networking environments is a consistency of the to-and-fro paths of a particular session, i.e. the to-and-fro packets must pass a same inter-network device.
The characteristic is described hereinafter by taking firewall as an example.
As shown in FIG. 5, the firewalls EudemonA and EudemonB use three VRRP backup groups to perform route backup between different local area networks. Supposing that the master device of VRRP backup group 1 is EudemonA and the master device of VRRP backup group 3 is EudemonB, the network connection between a Trust domain which is located in the 10.100.10.0 network segment and an Untrust domain which is located in the 202.38.10.0 network segment will disconnect. The reason is as follows: a packet from the Trust domain to the Untrust domain will pass EudemonA; when a packet reaches EudemonA, if the packet is a first packet and is allowed to be forwarded to the external network, a session table will be established in EudemonA and the packet will pass FudemonA to the Untrust domain. Meanwhile the packet returned from the Untrust domain to the Trust domain will reach EudemonB instead of EudemonA while the EudemonB has no corresponding session table information and the packet is not a first packet, so the packet can not match the session table properly and will be discarded by the firewall, which will result in network disconnection.
Besides the state firewall, all the inter-network devices related to dynamic states require the consistency of to-and-fro paths because they dynamically generate state information of every session. But the state of a VRRP backup group member is only impacted by its own configuration and by the configuration and state of the other members in the VRRP backup group. Therefore, VRRP itself cannot provide the consistency of VRRP backup groups. As a result, reliable transmission of services requiring the consistency of to-and-fro paths cannot be guaranteed.
In addition, although a certain relationship among VRRP backup groups may be established through configuring monitoring interfaces, the corresponding configuration complexity will result in more workload, and the VRRP state consistency among VRRP backup groups still cannot be guaranteed.