VRRP (Virtual Router Redundancy Protocol) is a standard protocol, similar to HSRP (Hot Standby Routing Protocol), that's used to create a virtual gateway. VRRP lets LAN hosts leverage local, redundant routing platforms using only the static configuration of one default route on the hosts. This is common for various forms of Ethernet (fast, gigabit, 10-gigabit) and logical interfaces running in an active/passive configuration. This is often called a primary/backup relationship.
How does VRRP work?
Because VRRP offers simplicity and enables high availability, a VRRP group can support up to 255 devices. While the VRRP mechanism dynamically assigns priority to compatible devices, administrators can manually assign a priority level of 1 (lowest priority) to 255 (highest priority) to each VRRP device.
This has a couple of implications. First, the system will determine a new primary router based on priority level—should the original primary device fail. If a new VRRP router comes online with a higher priority than the primary router, then it replaces the primary. However, this behavior isn't guaranteed. It's also possible to ignore a new VRRP router with higher priority than the current primary, and instead defer to the original primary device when choosing a backup.
Overall, here's how VRRP works under the hood:
The system assigns a virtual IP address from the local subnet, which then becomes a default gateway for all local hosts.
The last eight bytes of the VRRP hexadecimal group number is used to automatically generate a virtual MAC address. VRRP uses the 0000.5e00.01xx MAC address by default and replaces the last two digits with the group hex number.
A VRRP group member with the highest priority level becomes the new primary device, and begins forwarding traffic. If two members have the same priority, then the device with the higher IP address takes precedence.
All remaining VRRP devices then become backup devices.
The primary router sends periodic keep-alive pings to its backups every second, using multicasting.
If the master advertisement message isn't received within a certain period of time, the corresponding backup router becomes the new primary. This is the preempt function in action.
The VRRP group performs object tracking and polls continuously for status changes. This powers dynamic priority assignments and master router nomination.
VRRP supports plain-text authentication, MD5 authentication, or no authentication entirely.
Why is VRRP beneficial?
As mentioned, VRRP is all about redundancy and dynamically intelligent traffic routing. It negates the need to manually configure (if you don't need to) backup devices while leaving the door open for granular administration. Network performance doesn't revolve around one single point of failure.
Since VRRP handles traffic routing, it's a popular addition to a load balancing environment. This paired with host configuration simplification equates to improved network performance. And in the context of IPv6, VRRP switchover is much quicker than IPv6 neighbor discovery.
Does HAProxy support VRRP?
Yes! HAProxy supports an installable VRRP module for all HAProxy form factors, which supports active/passive clustering. We assign a virtual, static IP address to your load balancer node while assigning corresponding backup nodes. HAProxy defines VRRP instances and provides mechanisms for health checking, failover, and more.
However, VRRP isn't a great fit for containerized deployments since containers and hosts communicate. A VRRP setup on the same host won't allow the feature to kick in effectively when it goes down.