A “virtual router” (an abstract representation of two or more physical routers acting as a group) can be used to increase the availability of a default gateway that services hosts on a subnet. At any given time, only one of the physical routers (a “first router”) is actually routing network traffic for the host; the Internet Protocol (IP) address for the first router serves as the IP address for the virtual router, and the hosts use that IP address as their default gateway. If the first router is unable to satisfactorily service the hosts for some reason, then it can “failover” to another physical router (a “second router”) that is spanned by the virtual router.
The Virtual Router Redundancy Protocol (VRRP) is used to assign responsibility for a virtual router to a physical router. According to VRRP, one of the physical routers in the group comprising the virtual router is assigned the highest priority (e.g., a value of 255) and consequently is identified as the owner or master, while the other physical routers in the group are assigned lower priorities and identified as backups. A backup can assume the role of master if the master cannot perform to a satisfactory level. If, for example, an interface (e.g., a port) on the master router (the first physical router) fails, then the priority of the first physical router may be reduced by an amount corresponding to the loss of that interface. If the first physical router's priority is reduced to less than the priority of the backup router with the next highest priority, then that backup (e.g., the second physical router) becomes the master.
Prior Art FIG. 1 is a block diagram showing a first physical routing device 110 and a second physical routing device 120 that service a first local area network (LAN) 131 and a second LAN 132. The first routing device 110 includes an interface 111 (e.g., a port) that is used for traffic between the routing device 110 and the first LAN 131, and an interface 112 that is used for traffic between the routing device 110 and the second LAN 132. Similarly, the second routing device 120 includes an interface 121 that is used for traffic between the routing device 120 and the first LAN 131, and an interface 122 that is used for traffic between the routing device 120 and the second LAN 132.
In the example of FIG. 1, a first virtual router 141 and a second virtual router 142 are defined. The first virtual router 141 spans both the first routing device 110 and the second routing device 120 and includes the interface 111 (on the device 110) and the interface 121 (on the device 120). Similarly, the second virtual router 142 also spans the first routing device 110 and the second routing device 120 but includes the interface 112 (on the device 110) and the interface 122 (on the device 120). Accordingly, a virtual router identifier (VRID) for the first virtual router 141 (VRID=1) is associated with the interfaces 111 and 121, and a VRID for the second virtual router 142 (VRID=2) is associated with the interfaces 112 and 122.
In the example of FIG. 1, the first routing device 110 is designated as master for both the virtual router 141 and the virtual router 142, while the second routing device 120 is designated as a backup to the first routing device 110 for both the virtual router 141 and the virtual router 142. Consider a situation in which the interface 111 fails for some reason such that, for the virtual router 141 (VRID=1), the first routing device 110 fails over to the second routing device 120—that is, the routing device 120 becomes the master for the virtual router 141 and the routing device 110 becomes a backup for the virtual router 141. However, the routing device 110 remains master for the virtual router 142 (VRID=2).
The situation just described can be problematic. According to VRRP, the backup must discard packets with a destination link layer MAC (Media Access Control) address equal to the virtual router MAC address, and must not accept packets addressed to the IP addresses associated with the virtual router. In general, according to VRRP, only the master can forward packets. Thus, after failover in the example of FIG. 1, packets that are being sent from the first LAN 131 to the second LAN 132 are first routed to the second routing device 120 (the master for the first virtual router 141). The second routing device 120 may either drop those packets or route them to the first routing device 110 (the master for the second virtual router 142) so that they can be forwarded to the LAN 132. Generally speaking, in the scenario just presented, traffic that is received from the LAN 131 into the routing device 120 is not sent out of that routing device.