Active/Backup reservation (VRRP) [Документация VAS Experts]

Active/Backup reservation (VRRP)

VRRP support is implemented in SSG using the Linux daemon keepalived. It configures scripts for calling CLI commands to put SCAT in master or backup mode.

In master mode, all SSG functionality is available. In backup mode, SSG works only as a bridge in_dev ↔ out_dev, no packets are emitted by SSG itself. It is supposed that in backup mode no traffic should come to SSG at all. But it seems that some service L2 protocols necessary for the operator's network may still arrive at the SSG in backup mode, which is why the transparent bridge mode remains enabled in backup mode.

VRRP support is enabled in SSG by configuration parameter vrrp_enable in fastdpi.conf:

    # [hot] Flag to enable VRRP support
    # 0 - disabled (default)
    # 1 - enabled
vrrp_enable=1

VRRP support is disabled by default.

All SSGs belonging to the same VRRP group must have the same configuration. In particular, the following parameters must be set and be the same in all SSGs of the VRRP group, as they set the virtual MAC and IP addresses:

  • bras_arp_mac - virtual MAC address of SSG
  • bras_arp_ip - virtual IP address of SSG

If IPv6 support is enabled, the parameters bras_ipv6_link_local and bras_ipv6_address (virtual link-local and global IPv6 addresses) must also be set and be the same.

To switch the SSG to master/backup mode run the CLI commands:

   # swicth SSG to master mode
   # this command should be called by the keepalived script notify_master
fdpi_cli vrrp set master

   # switch SSG to backup mode
   # this command should be called by the keepalived script notify_backup
fdpi_cli vrrp set backup

SSG always starts in master mode. It is assumed that immediately after startup the keepalived daemon will see that a VRRP group member is started and will call the corresponding script. That is, immediately after startup, the SSG must be explicitly put into master or backup mode.

It is an error to have two or more SSG instances running in master mode at the same time. There should be only one master.

When an SSG is put into master mode with the fdpi_cli vrrp set master CLI command, the SSG sends gARP (gratuitous ARP) to all of its in and out interfaces to inform the switches that the virtual MAC and IP addresses (bras_arp_mac and bras_arp_ip) are now on the ports of the SSG-connected switches. After receiving such a gARP, the switch should get that the virtual MAC/IP address of the SSG is now on this port, and switch all traffic to this SSG (on this port).

The number of gARP notifications and the interval between them are regulated by the following fastdpi.conf parameters:

    # Parameters for sending gratuitous ARP when switching to master mode
    # gratuitous ARP are sent to all SSG interfaces
    # On each interface, vrrp_arp_count gratuitous ARP packets are sent
    # with a packet interval of vrrp_arp_timeout seconds
    #
    # [hot] Timeout between sending, seconds (default=1)
#vrrp_arp_timeout=1
    # [hot] Nimber of repetitions, default=10
#vrrp_arp_count=10

You can check current SSG mode by runnning this CLI command:

fdpi_cli vrrp stat