VRRP报文格式
VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)是一种容错协议,它通过把几台路由设备联合组成一台虚拟的路由设备,并通过一定的机制来保证当主机的下一跳设备出现故障时,可以及时将业务切换到其它设备,从而保持通讯的连续性和可靠性。
一、VRRP报文格式
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-------+-------+---------------+---------------+---------------+
|Version| Type | Virtual Rtr ID| Priority | Count IP Addrs|
+-------+-------+---------------+---------------+---------------+
| Auth Type | Adver Int | Checksum |
+---------------+---------------+-------------------------------+
| IP Address (1) |
+---------------------------------------------------------------+
| . |
| . |
| . |
+---------------------------------------------------------------+
| IP Address (n) |
+---------------------------------------------------------------+
| Authentication Data (1) |
+---------------------------------------------------------------+
| Authentication Data (2) |
+---------------------------------------------------------------+
二、VRRP报文格式解释
| Version | 4比特 | 指VRRP协议版本,本文档定义版本号2。 |
| Type | 4比特 |
定义了VRRP报文的类型。本版本的协议仅定义了一个报文类型: 1:ADVERTISEMENT 带有未知类型的报文必须被丢弃。 |
| Virtual Rtr ID | 8比特 | 虚拟路由器标识(VRID)字段标识了此报文所报告状态的虚拟路由器。可配置的范围是1--255。没有缺省值。 |
| Priority | 8比特 |
Priority字段申明了发送此报文的VRRP路由器的优先级。值越高优先级越高。该字段为8位无符号整型。 如果VRRP路由器是虚拟路由器地址的IP地址所有者,那么其优先级必须为255。起备用作用的VRRP路由器的优先级必须在1--254之间。缺省的VRRP路由器优先级为100。 优先级值0 用于指示当前虚拟路由器的主路由器停止参与VRRP组。主要用于触发备用路由器快速地迁移到主路由器,而不用等待当前主路由器超时。 |
| Count IP Addrs | 8比特 | 在此VRRP通告中包含的IP地址的数量。 |
| Auth Type | 8比特 |
认证类型字段用于标识要用到的认证方法。在一个虚拟路由器组内认证类型是唯一的。认证类型字段是一个8位无符号整型。如果报文携带未知的认证类型或者该认证类型和本地配置的认证方法不匹配,那么该报文必须被丢弃。 目前定义的认证方法有:
说明:
VRRP的早期版本 定义了一些认证类型[RFC2338]。这些认证类型的定义已经在本文档中被删除,因为根据实际经验表明,这些认证方法并不能提供任何真正的安全保障,并且仅会导致在一个VRRP组内出现多个Master的情况。
|
| Adver Int | 8比特 |
VRRP通告间隔时间,单位为秒。缺省为1秒。这个字段主要用于错误配置路由器时的故障定位和解决。 |
| Checksum | 16比特 |
校验和字段用于检测VRRP消息的数据是否出错。 校验和是从version字段开始的整个VRRP消息的1的16位补码和。(RFC1071 描述了校验和的计算细节)。 |
| IP Address | 32比特 | IP地址字段为虚拟路由器的一个或者多个IP地址。IP地址的数量在"Count IP Addrs"字段中说明。IP地址字段用于错误配置路由器时的故障定位和解决。 |
| Authentication Data | 32比特 |
认证字符串仅仅用于对RFC2338的向后兼容。在发送VRRP报文时该字段应该被置为0,而在接收VRRP报文时该字段应该被忽略。 |
三、VRRP报文示例
Frame 1: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Jan 1, 1970 08:00:00.010912000
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 0.010912000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 68 bytes (544 bits)
Capture Length: 68 bytes (544 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:vlan:ethertype:ip:vrrp]
[Coloring Rule Name: Routing]
[Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp]
Ethernet II, Src: IETF-VRRP-VRID_64 (00:00:5e:00:01:64), Dst: IPv4mcast_12 (01:00:5e:00:00:12)
Destination: IPv4mcast_12 (01:00:5e:00:00:12)
Address: IPv4mcast_12 (01:00:5e:00:00:12)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: IETF-VRRP-VRID_64 (00:00:5e:00:01:64)
Address: IETF-VRRP-VRID_64 (00:00:5e:00:01:64)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 6, CFI: 0, ID: 100
110. .... .... .... = Priority: Voice, < 10ms latency and jitter (6)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0110 0100 = ID: 100
Type: IP (0x0800)
Padding: 0000
Trailer: 000000004bd97116
Internet Protocol Version 4, Src: 10.0.0.1 (10.0.0.1), Dst: 224.0.0.18 (224.0.0.18)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x0126 (294)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: VRRP (112)
Header checksum: 0x646c [validation disabled]
[Good: False]
[Bad: False]
Source: 10.0.0.1 (10.0.0.1)
Destination: 224.0.0.18 (224.0.0.18)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Virtual Router Redundancy Protocol
Version 2, Packet type 1 (Advertisement)
0010 .... = VRRP protocol version: 2
.... 0001 = VRRP packet type: Advertisement (1)
Virtual Rtr ID: 100
Priority: 100 (Default priority for a backup VRRP router)
Addr Count: 1
Auth Type: No Authentication (0)
Adver Int: 1
Checksum: 0x0535 [correct]
IP Address: 10.0.0.100 (10.0.0.100)
四、VRRP协议栈结构
VRRP报文被封装在IP包中。使用专门的VRRP IPv4组播地址。(协议号112,组播地址 224.0.0.18)
IANA分配给VRRP的IP协议号为112(十进制)。
IANA给VRRP分配的IP组播地址为224.0.0.18。这是一个本地范围的多播地址。不论TTL的值是多少,路由器都被禁止转发以此地址为目标地址的报文。
VRRP报文的IP头中,TTL必须为255。当VRRP路由器收到TTL不等于255的VRRP协议报文后,必须丢弃。
发表评论