Virtual Router Redundancy Protocol or VRRP for short allows multiple routers to coordinate the use of a shared IP address known as a Virtual IP in case of failover. It works on a master/backup model in which one router is designated the primary and the others are allocated as backups.
The primary router takes control of the VIP (Virtual IP) and communicates on its behalf. If it fails the next highest priority router within the group will be promoted in its place.
The primary will periodically send a heartbeat to all backup routers letting them know it is online. If the backup routers do not receive the heartbeat within the allocated period (three times the advertisement timer) the election process is initiated.
Things to watch out for...
VRRP is not a silver bullet when it comes to a highly available router. I like to think of it as a key component in the bigger picture of high availability. With that in mind, you may need to consider the following in cases where services are hosted publicly or there are multiple routed subnets.
1. Inbound Routing
You may have noticed that in the example topology VRRP doesn’t provide the same redundancy to external clients as internal clients because there is no Virtual IP on the WAN. In certain circumstances it’s possible to setup VRRP on the WAN, however, it requires a minimum of 3 public IP addresses in the same network and might require your ISP to support gratuitous arp depending on your hardware. A much better solution to the problem is to use a dynamic routing protocol such as BGP to re-route traffic to a live router. BFD can be used to shorten the associated convergence time.
2. Outbound Routing and Link Failure
VRRP does not protect against WAN link failure. The primary router will continue to send its heartbeat regardless of whether it has an available default route. This means if your primary router’s WAN link fails you won’t be able to reach the internet although your backup router(s) have functional WAN links available. To protect against this a dynamic routing protocol such as OSPF can be used to automatically route outbound traffic based on network availability. For example, if a client requests a website and there are no available wan link on R1, OSPF can be used to advertise a default route via R2. In this way R1 continues to act as the primary VRRP router and is provided enough information to successfully connect clients to the internet.
3. Network Services
If you’re hosting network services such as DHCP, DNS or a VPN on your router, you may want to replicate these settings to all backup routers and where applicable, account for duplication of settings. For example, you may want to split your DHCP scope so new clients can obtain an IP address if the primary router fails. Additionally, you may want to configure multiple VPN links to each destination so a route is available if the primary link(s) fail.
Alternatives
As an alternative to VRRP, Cisco has a proprietary protocol called Hot Standby Router Protocol (HSRP). Unless you’re working in environments with Cisco only gear you’ll likely use VRRP due to wider device compatibility. Cisco devices generally support VRRP in addition to their proprietary HSRP.
Learn More
IETF RFC: https://tools.ietf.org/html/rfc3768
Wikipedia: https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol
