summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc9568.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc9568.txt')
-rw-r--r--doc/rfc/rfc9568.txt1972
1 files changed, 1972 insertions, 0 deletions
diff --git a/doc/rfc/rfc9568.txt b/doc/rfc/rfc9568.txt
new file mode 100644
index 0000000..6cbbf98
--- /dev/null
+++ b/doc/rfc/rfc9568.txt
@@ -0,0 +1,1972 @@
+
+
+
+
+Internet Engineering Task Force (IETF) A. Lindem
+Request for Comments: 9568 LabN Consulting, L.L.C.
+Obsoletes: 5798 A. Dogra
+Category: Standards Track Cisco Systems
+ISSN: 2070-1721 April 2024
+
+
+ Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6
+
+Abstract
+
+ This document defines version 3 of the Virtual Router Redundancy
+ Protocol (VRRP) for IPv4 and IPv6. It obsoletes RFC 5798, which
+ previously specified VRRP (version 3). RFC 5798 obsoleted RFC 3768,
+ which specified VRRP (version 2) for IPv4. VRRP specifies an
+ election protocol that dynamically assigns responsibility for a
+ Virtual Router to one of the VRRP Routers on a LAN. The VRRP Router
+ controlling the IPv4 or IPv6 address(es) associated with a Virtual
+ Router is called the Active Router, and it forwards packets routed to
+ these IPv4 or IPv6 addresses. Active Routers are configured with
+ virtual IPv4 or IPv6 addresses, and Backup Routers infer the address
+ family of the virtual addresses being advertised based on the IP
+ protocol version. Within a VRRP Router, the Virtual Routers in each
+ of the IPv4 and IPv6 address families are independent of one another
+ and always treated as separate Virtual Router instances. The
+ election process provides dynamic failover in the forwarding
+ responsibility should the Active Router become unavailable. For
+ IPv4, the advantage gained from using VRRP is a higher-availability
+ default path without requiring configuration of dynamic routing or
+ router discovery protocols on every end-host. For IPv6, the
+ advantage gained from using VRRP for IPv6 is a quicker switchover to
+ Backup Routers than can be obtained with standard IPv6 Neighbor
+ Discovery mechanisms.
+
+Status of This Memo
+
+ This is an Internet Standards Track document.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Further information on
+ Internet Standards is available in Section 2 of RFC 7841.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ https://www.rfc-editor.org/info/rfc9568.
+
+Copyright Notice
+
+ Copyright (c) 2024 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (https://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Revised BSD License text as described in Section 4.e of the
+ Trust Legal Provisions and are provided without warranty as described
+ in the Revised BSD License.
+
+Table of Contents
+
+ 1. Introduction
+ 1.1. Differences from RFC 5798
+ 1.2. A Note on Terminology
+ 1.3. IPv4
+ 1.4. IPv6
+ 1.5. Requirements Language
+ 1.6. Scope
+ 1.7. Definitions
+ 2. Required Features
+ 2.1. IPvX Address Backup
+ 2.2. Preferred Path Indication
+ 2.3. Minimization of Unnecessary Service Disruptions
+ 2.4. Efficient Operation over Extended LANs
+ 2.5. Sub-second Operation for IPv4 and IPv6
+ 3. VRRP Overview
+ 4. Sample VRRP Networks
+ 4.1. Sample VRRP Network 1
+ 4.2. Sample VRRP Network 2
+ 5. Protocol
+ 5.1. VRRP Packet Format
+ 5.1.1. IPv4 Field Descriptions
+ 5.1.1.1. Source Address
+ 5.1.1.2. Destination Address
+ 5.1.1.3. TTL
+ 5.1.1.4. Protocol
+ 5.1.2. IPv6 Field Descriptions
+ 5.1.2.1. Source Address
+ 5.1.2.2. Destination Address
+ 5.1.2.3. Hop Limit
+ 5.1.2.4. Next Header
+ 5.2. VRRP Field Descriptions
+ 5.2.1. Version
+ 5.2.2. Type
+ 5.2.3. Virtual Rtr ID (VRID)
+ 5.2.4. Priority
+ 5.2.5. IPvX Addr Count
+ 5.2.6. Reserve
+ 5.2.7. Maximum Advertisement Interval (Max Advertise Interval)
+ 5.2.8. Checksum
+ 5.2.9. IPvX Address(es)
+ 6. Protocol State Machine
+ 6.1. Parameters per Virtual Router
+ 6.2. Timers
+ 6.3. State Transition Diagram
+ 6.4. State Descriptions
+ 6.4.1. Initialize
+ 6.4.2. Backup
+ 6.4.3. Active
+ 7. Sending and Receiving VRRP Packets
+ 7.1. Receiving VRRP Packets
+ 7.2. Transmitting VRRP Packets
+ 7.3. Virtual Router MAC Address
+ 7.4. IPv6 Interface Identifiers
+ 8. Operational Issues
+ 8.1. IPv4
+ 8.1.1. ICMP Redirects
+ 8.1.2. Host ARP Requests
+ 8.1.3. Proxy ARP
+ 8.2. IPv6
+ 8.2.1. ICMPv6 Redirects
+ 8.2.2. ND Neighbor Solicitation
+ 8.2.3. Router Advertisements
+ 8.2.4. Unsolicited Neighbor Advertisements
+ 8.3. IPvX
+ 8.3.1. Potential Forwarding Loop
+ 8.3.2. Recommendations Regarding Setting Priority Values
+ 8.4. VRRPv3 and VRRPv2 Interoperation
+ 8.4.1. Assumptions
+ 8.4.2. VRRPv3 Support of VRRPv2 Interoperation
+ 8.4.2.1. Interoperation Considerations
+ 9. Security Considerations
+ 10. IANA Considerations
+ 11. References
+ 11.1. Normative References
+ 11.2. Informative References
+ Acknowledgments
+ Authors' Addresses
+
+1. Introduction
+
+ This document defines version 3 of the Virtual Router Redundancy
+ Protocol (VRRP) for IPv4 and IPv6. It obsoletes [RFC5798], which
+ previously specified VRRP (version 3). [RFC5798] obsoleted
+ [RFC3768], which specified VRRP (version 2) for IPv4. VRRP specifies
+ an election protocol that dynamically assigns responsibility for a
+ Virtual Router (refer to Section 1.7) to one of the VRRP Routers on a
+ LAN. The VRRP Router controlling the IPv4 or IPv6 address(es)
+ associated with a Virtual Router is called the Active Router, and it
+ forwards packets routed to these IPv4 or IPv6 addresses (except for
+ packets addressed to these addresses as described in Section 8.3.1).
+ VRRP Active Routers are configured with virtual IPv4 or IPv6
+ addresses, and Backup Routers infer the address family of the virtual
+ addresses being advertised based on the IP protocol version. Within
+ a VRRP Router, the Virtual Routers in each of the IPv4 and IPv6
+ address families are independent of one another and always treated as
+ separate Virtual Router instances. The election process provides
+ dynamic failover in the forwarding responsibility should the Active
+ Router become unavailable.
+
+ VRRP provides a function similar to the proprietary protocols Hot
+ Standby Router Protocol (HSRP) [RFC2281] and IP Standby Protocol
+ [IPSTB].
+
+1.1. Differences from RFC 5798
+
+ The following changes have been made from [RFC5798]:
+
+ 1. The VRRP terminology has been updated to conform to inclusive
+ language guidelines for IETF technologies. The IETF has
+ designated the National Institute of Standards and Technology
+ (NIST) document "Guidance for NIST Staff on Using Inclusive
+ Language in Documentary Standards" [NISTIR8366] for its
+ inclusive language guidelines.
+
+ 2. The term for the VRRP Router assuming forwarding responsibility
+ has been changed to "Active Router" to be consistent with IETF
+ inclusive terminology. Additionally, inconsistencies in the
+ terminology of [RFC5798] for both "Active Router" and "Backup
+ Router" were corrected. Additionally, the undesirable term for
+ attracting and dropping unreachable packets has been changed.
+
+ 3. Errata pertaining to the state machines in Section 6 were
+ corrected.
+
+ 4. The checksum calculation in Section 5.2.8 has been clarified to
+ specify precisely what is included and that it does not include
+ the pseudo-header for IPv4.
+
+ 5. When a VRRP advertisement is received from a lower priority VRRP
+ Router, the Active VRRP Router will immediately send a VRRP
+ advertisement to assure learning bridges will bridge the packets
+ to the correct Ethernet segment (refer to Section 6.4.3).
+
+ 6. Appendices describing operation over legacy technologies (Fiber
+ Distributed Data Interface (FDDI), Token Ring, and ATM LAN
+ Emulation) were removed.
+
+ 7. A recommendation was added indicating that IPv6 Unsolicited
+ Neighbor Advertisements SHOULD be accepted by the Active and
+ Backup Routers (Section 8.2.4).
+
+ 8. Checking that the Maximum Advertisement Intervals match is
+ recommended, although this will not result in the VRRP packet
+ being dropped (Section 7.1).
+
+ 9. Miscellaneous editorial changes were made for readability.
+
+ 10. The IANA Considerations section was augmented to include all the
+ IPv4/IPv6 multicast address allocations and Ethernet Media
+ Access Control (MAC) address allocations.
+
+1.2. A Note on Terminology
+
+ This document discusses both IPv4 and IPv6 operations, and with
+ respect to the VRRP protocol, many of the descriptions and procedures
+ are common. In this document, it would be less verbose to be able to
+ refer to "IP" to mean either "IPv4 or IPv6". However, historically,
+ the term "IP" often refers to IPv4. For this reason, in this
+ specification, the term "IPvX" (where X is 4 or 6) is introduced to
+ mean either "IPv4" or "IPv6". In this text, where the IP version
+ matters, the appropriate term is used, and the use of the term "IP"
+ is avoided.
+
+1.3. IPv4
+
+ There are a number of methods that an IPv4 end-host can use to
+ determine its first-hop router for a particular IPv4 destination.
+ These include running (or snooping) a dynamic routing protocol such
+ as Routing Information Protocol (RIP) [RFC2453] or OSPF version 2
+ [RFC2328], running an ICMP router discovery client [RFC1256], running
+ DHCPv4 [RFC2131], or using a statically configured default route.
+
+ Running a dynamic routing protocol on every end-host may not be
+ feasible for a number of reasons, including administrative overhead,
+ processing overhead, security issues, or the lack of an
+ implementation for a particular platform. Neighbor or router
+ discovery protocols may require active participation by all hosts on
+ a network, requiring large timer values to reduce protocol overhead
+ associated with the protocol packet processing for each host. This
+ can result in a significant delay in the detection of an unreachable
+ router, and such a delay may introduce unacceptably long periods of
+ unreachability for the default route.
+
+ The use of a manually configured default route (either via a static
+ route or DHCPv4) is quite popular since it minimizes configuration
+ and processing overhead on the end-host and is supported by virtually
+ every IPv4 implementation. However, this creates a single point of
+ failure. Loss of the default router results in a catastrophic event,
+ isolating all end-hosts that are unable to detect an available
+ alternate path.
+
+ The Virtual Router Redundancy Protocol (VRRP) is designed to
+ eliminate the single point of failure inherent in a network utilizing
+ default routing. VRRP specifies an election protocol that
+ dynamically assigns responsibility for a Virtual Router to one of the
+ VRRP Routers on a LAN. The VRRP Router controlling the IPv4
+ address(es) associated with a Virtual Router is called the Active
+ Router and forwards packets sent to these IPv4 addresses. The
+ election process provides dynamic failover of the forwarding
+ responsibility should the Active Router become unavailable. Any of
+ the Virtual Router's IPv4 addresses on a LAN can then be used as the
+ default first-hop router by end-hosts. The advantage gained from
+ using VRRP is a higher availability default path without requiring
+ configuration of dynamic routing or a router discovery protocol on
+ every end-host.
+
+1.4. IPv6
+
+ IPv6 hosts on a LAN will usually learn about one or more default
+ routers by receiving Router Advertisements sent using the IPv6
+ Neighbor Discovery (ND) protocol [RFC4861]. The Router
+ Advertisements are periodically multicast at a rate such that the
+ hosts can take more than 10 seconds to learn the default routers on a
+ LAN. They are not sent frequently enough to rely on the absence of
+ the Router Advertisement to detect router failures.
+
+ The ND protocol includes a mechanism called Neighbor Unreachability
+ Detection to detect the failure of a neighbor node (router or host)
+ or the forwarding path to a neighbor. This is done by sending
+ unicast ND Neighbor Solicitation messages to the neighbor node. To
+ reduce the overhead of sending Neighbor Solicitations, they are only
+ sent to neighbors to which the node is actively sending traffic and
+ only after there has been no positive indication that the router is
+ up for a period of time. Using the default parameters in ND, it can
+ take a host more than 10 seconds to learn that a router is
+ unreachable before it will switch to another default router. This
+ delay would be very noticeable to users and cause some transport
+ protocol implementations to time out.
+
+ While the Neighbor Unreachability Detection could be made quicker by
+ configuring the timer intervals to be more aggressive (note that the
+ current lower limit for this is 5 seconds), this would have the
+ downside of significantly increasing the overhead of ND traffic,
+ especially when there are many hosts all trying to determine the
+ reachability of one or more routers.
+
+ The Virtual Router Redundancy Protocol for IPv6 provides a much
+ faster switchover to an alternate default router than can be obtained
+ using standard ND procedures. Using VRRP, a Backup Router can take
+ over for a failed default router in around three seconds (using VRRP
+ default parameters). This is done without any interaction with the
+ hosts and a minimum amount of VRRP traffic.
+
+1.5. Requirements Language
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
+ "OPTIONAL" in this document are to be interpreted as described in
+ BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
+ capitals, as shown here.
+
+1.6. Scope
+
+ The remainder of this document describes the features, design goals,
+ and theory of operation of VRRP. The message formats, protocol
+ processing rules, and state machine that guarantee convergence to a
+ single Active Router are presented. Finally, operational issues
+ related to MAC address mapping, handling of ARP messages, generation
+ of ICMP redirect messages, and security issues are addressed.
+
+1.7. Definitions
+
+ VRRP Router A router running the Virtual Router
+ Redundancy Protocol. It may participate as
+ one or more Virtual Routers.
+
+ Virtual Router An abstract object managed by VRRP that acts
+ as a default router for hosts on a shared
+ LAN. It consists of a Virtual Router
+ Identifier and either a set of associated
+ IPv4 addresses or a set of associated IPv6
+ addresses across a common LAN. A VRRP Router
+ can serve as a Backup Router for one or more
+ Virtual Routers.
+
+ Virtual Router Identifier An integer value (1-255) identifying an
+ instance of a Virtual Router on a LAN. Also
+ referred by its acronym, VRID.
+
+ Virtual Router MAC Address The multicast Ethernet MAC address used
+ for VRRP advertisements for a VRID. Refer to
+ Section 7.3.
+
+ IP Address Owner The VRRP Router that has the Virtual Router's
+ IPvX address(es) as real interface
+ address(es). This is the router that, when
+ up, will respond to packets addressed to one
+ of these IPvX addresses for ICMP pings, TCP
+ connection requests, etc.
+
+ Primary IP Address In IPv4, an IPv4 address selected from the
+ set of real interface addresses. One
+ possible selection algorithm is to always
+ select the first address. In IPv4, VRRP
+ advertisements are always sent using the
+ primary IPv4 address as the source of the
+ IPv4 packet. In IPv6, the link-local address
+ of the interface over which the packet is
+ transmitted is used.
+
+ Forwarding Responsibility The responsibility for forwarding packets
+ sent to the IPvX address(es) associated with
+ the Virtual Router. This includes receiving
+ packets sent to the Virtual Router MAC
+ address, forwarding these packets based on
+ the local Routing Information Base (RIB) /
+ Forwarding Information Base (FIB), answering
+ ARP requests for the IPv4 address(es), and
+ answering ND requests for the IPv6
+ address(es).
+
+ Active Router The VRRP Router that is assuming the
+ responsibility of forwarding packets sent to
+ the IPvX address(es) associated with the
+ Virtual Router, answering ARP requests for
+ the IPv4 address(es), and answering ND
+ requests for the IPv6 address(es). Note that
+ if the IPvX address owner is available, then
+ it will always be the Active Router.
+
+ Backup Router(s) The set of VRRP Routers available to assume
+ forwarding responsibility for a Virtual
+ Router should the current Active Router fail.
+
+ Drop Route A route installed in the Routing Information
+ Base (RIB) that will result in traffic with a
+ destination address that matches the route to
+ be dropped.
+
+2. Required Features
+
+ This section describes the set of features that were considered
+ mandatory and that guided the design of VRRP.
+
+2.1. IPvX Address Backup
+
+ Backup of an IPvX address or addresses is the primary function of
+ VRRP. When providing election of an Active Router and the additional
+ functionality described below, the protocol should strive to:
+
+ * minimize the duration of unreachability,
+
+ * minimize the steady-state bandwidth overhead and processing
+ complexity,
+
+ * function over a wide variety of multiaccess LAN technologies
+ capable of supporting IPvX traffic,
+
+ * allow multiple Virtual Routers on a network for load-balancing,
+ and
+
+ * support multiple logical IPvX subnets on a single LAN segment.
+
+2.2. Preferred Path Indication
+
+ A simple model of Active Router election among a set of redundant
+ routers is to treat each router with equal preference and claim
+ victory after converging to any router as the Active Router.
+ However, there are likely to be many environments where there is a
+ distinct preference (or range of preferences) among the set of
+ redundant routers. For example, this preference may be based upon
+ access link cost or speed, router performance or reliability, or
+ other policy considerations. The protocol should allow the
+ expression of this relative path preference in an intuitive manner
+ and guarantee Active Router convergence to the most preferred Virtual
+ Router currently available.
+
+2.3. Minimization of Unnecessary Service Disruptions
+
+ Once Active Router election has been performed, any unnecessary
+ transition between Active and Backup Routers can result in a
+ disruption of service. The protocol should ensure that, after Active
+ Router election, no state transition is triggered by any Backup
+ Router of equal or lower preference as long as the Active Router
+ continues to function properly.
+
+ Some environments may find it beneficial to avoid the state
+ transition triggered when a router that is preferred over the current
+ Active Router becomes available. It may be useful to support an
+ override of the immediate restoration to the preferred path.
+
+2.4. Efficient Operation over Extended LANs
+
+ Sending IPvX packets, i.e., sending either IPv4 or IPv6, on a
+ multiaccess LAN requires mapping from an IPvX address to a MAC
+ address. The use of the Virtual Router MAC address in an extended
+ LAN employing learning bridges can have a significant effect on the
+ bandwidth overhead of packets sent to the Virtual Router. If the
+ Virtual Router MAC address is never used as the source address in a
+ link-level frame, then the MAC address location is never learned,
+ resulting in flooding of all packets sent to the Virtual Router. To
+ improve the efficiency in this environment, the protocol should do
+ the following:
+
+ 1. Use the Virtual Router MAC address as the source in a packet sent
+ by the Active Router to trigger MAC learning.
+
+ 2. Trigger a message immediately after transitioning to the Active
+ Router to update MAC learning.
+
+ 3. Trigger periodic messages from the Active Router to maintain the
+ MAC address cache.
+
+2.5. Sub-second Operation for IPv4 and IPv6
+
+ Sub-second detection of Active Router failure is needed in both IPv4
+ and IPv6 environments. Earlier work proposed that sub-second
+ operation was for IPv6, and this specification leverages that earlier
+ approach for both IPv4 and IPv6.
+
+ One possible problematic scenario that may occur when using a small
+ Advertisement_Interval (refer to Section 6.1) is when a VRRP Router
+ is generating more packets than it can transmit, and a queue builds
+ up on the VRRP Router. When this occurs, it is possible that packets
+ being transmitted onto the VRRP-protected LAN could see a larger
+ queueing delay than the smallest Advertisement_Interval. In this
+ case, the Active_Down_Interval (refer to Section 6.1) may be small
+ enough that normal queuing delays might cause a Backup Router to
+ conclude that the Active Router is down and, hence, promote itself to
+ Active Router. Very shortly afterwards, the delayed VRRP packets
+ from the original Active Router cause the VRRP Router to switch back
+ to Backup Router. Furthermore, this process can repeat many times
+ per second, causing a significant disruption of traffic. To mitigate
+ this problem, giving VRRP packets priority on egress interface queues
+ should be considered. If the Active Router observes that this is
+ occurring, it SHOULD log the problem (subject to rate-limiting).
+
+3. VRRP Overview
+
+ VRRP specifies an election protocol to provide the Virtual Router
+ function described earlier. All protocol messaging is performed
+ using either IPv4 or IPv6 multicast datagrams. Thus, the protocol
+ can operate over a variety of multiaccess LAN technologies supporting
+ IPvX multicast. Each link of a VRRP Virtual Router has a single
+ well-known MAC address allocated to it. This document currently only
+ details the mapping to networks using an IEEE 802 48-bit MAC address.
+ The Virtual Router MAC address is used as the source in all periodic
+ VRRP messages sent by the Active Router to enable MAC learning by
+ Layer 2 (L2) bridges on an extended LAN.
+
+ A Virtual Router is defined by its Virtual Router Identifier (VRID)
+ and a set of either IPv4 or IPv6 address(es). A VRRP Router may
+ associate a Virtual Router with its real address on an interface.
+ The scope of each Virtual Router is restricted to a single LAN. A
+ VRRP Router may be configured with additional Virtual Router mappings
+ and priority for Virtual Routers it is willing to back up. The
+ mapping between the VRID and its IPvX address(es) must be coordinated
+ among all VRRP Routers on a LAN.
+
+ There is no restriction against reusing a VRID with a different
+ address mapping on different LANs, nor is there a restriction against
+ using the same VRID number for a set of IPv4 addresses and a set of
+ IPv6 addresses. However, these are two different Virtual Routers.
+
+ To minimize network traffic, only the Active Router for each Virtual
+ Router sends periodic VRRP Advertisement messages. A Backup Router
+ will not attempt to preempt the Active Router unless the Backup
+ Router has a higher priority. This eliminates service disruption
+ unless a more preferred path becomes available. It's also possible
+ to administratively prohibit Active Router preemption attempts. The
+ only exception is that a VRRP Router will always become the Active
+ Router for any Virtual Router associated with address(es) it owns.
+ If the Active Router becomes unavailable, then the highest-priority
+ Backup Router will transition to the Active Router after a short
+ delay, providing a controlled transition of Virtual Router
+ responsibility with minimal service interruption.
+
+ The VRRP protocol design provides rapid transition from the Backup
+ Router to the Active Router to minimize service interruption and
+ incorporates optimizations that reduce protocol complexity while
+ guaranteeing controlled Active Router transition for typical
+ operational scenarios. These optimizations result in an election
+ protocol with minimal runtime state requirements, minimal active
+ protocol states, and a single message type and sender. The typical
+ operational scenarios are defined to be two redundant routers and/or
+ distinct path preferences for each router. A side effect when these
+ assumptions are violated, i.e., more than two redundant paths with
+ equal preference, is that duplicate packets may be forwarded for a
+ brief period during Active Router election. However, the typical
+ scenario assumptions are likely to cover the vast majority of
+ deployments, loss of the Active Router is infrequent, and the
+ expected duration for Active Router election convergence is quite
+ small (< 4 seconds when using the default Advertisement_Interval and
+ configurable to < 1/25 second). Thus, the VRRP optimizations
+ represent significant simplifications in the protocol design while
+ incurring an insignificant probability of brief network disruption.
+
+4. Sample VRRP Networks
+
+4.1. Sample VRRP Network 1
+
+ The following figure shows a simple network with two VRRP Routers
+ implementing one Virtual Router.
+
+ +-----------+ +-----------+
+ | Router-1 | | Router-2 |
+ |(AR VRID=1)| |(BR VRID=1)|
+ | | | |
+ VRID=1 +-----------+ +-----------+
+ IPvX A------>* *<---------IPvX B
+ | |
+ | |
+ -------------+------------+--+-----------+-----------+-----------+
+ ^ ^ ^ ^
+ | | | |
+ Default Router | | | |
+ IPvX Addresses ---> (IPvX A) (IPvX A) (IPvX A) (IPvX A)
+ | | | |
+ IPvX H1->* IPvX H2->* IPvX H3->* IPvX H4->*
+ +--+--+ +--+--+ +--+--+ +--+--+
+ | H1 | | H2 | | H3 | | H4 |
+ +-----+ +-----+ +--+--+ +--+--+
+ Legend:
+ --+---+---+-- = Ethernet
+ H = Host computer
+ AR = Active Router
+ BR = Backup Router
+ * = IPvX Address: X is 4 everywhere in IPv4 case
+ X is 6 everywhere in IPv6 case
+ (IPvX) = Default Router for hosts
+
+ Figure 1: Sample VRRP Network 1
+
+ In the IPv4 case, i.e., IPvX is IPv4 everywhere in the figure, each
+ router is permanently assigned an IPv4 address on the LAN interface
+ (Router-1 is assigned IPv4 A and Router-2 is assigned IPv4 B), and
+ each host installs a default route (learned through DHCPv4 or via a
+ configured static route) through one of the routers (in this example,
+ they all use Router-1's IPv4 A).
+
+ In the IPv6 case, i.e., IPvX is IPv6 everywhere in the figure, each
+ router has its own link-local IPv6 address on the LAN interface and a
+ link-local IPv6 address per VRID that is shared with the other
+ routers that serve the same VRID. Each host learns a default route
+ from Router Advertisements through one of the routers (in this
+ example, they all use Router-1's IPv6 Link-Local A).
+
+ In an IPv4 VRRP environment, each router supports reception and
+ transmission for the exact same IPv4 address. Router-1 is said to be
+ the IPv4 address owner of IPv4 A, and Router-2 is the IPv4 address
+ owner of IPv4 B. A Virtual Router is then defined by associating a
+ unique identifier (the VRID) with the address owned by Router-1.
+
+ In an IPv6 VRRP environment, each router will support transmission
+ and reception for the IPv6 addresses associated with the VRID.
+ Router-1 is said to be the IPv6 address owner of IPv6 A, and Router-2
+ is the IPv6 address owner of IPv6 B. A Virtual Router is then
+ defined by associating a unique identifier (the VRID) with the
+ address owned by Router-1.
+
+ Finally, in both the IPv4 and IPv6 cases, the VRRP protocol manages
+ Virtual Router failover to a Backup Router.
+
+ The IPvX example above shows a Virtual Router configured to cover the
+ IPvX address owned by Router-1 (VRID=1, IPvX_Address=A). When VRRP
+ is enabled on Router-1 for VRID=1, it will assert itself as the
+ Active Router, with priority = 255, since it is the IPvX address
+ owner for the Virtual Router IPvX address. When VRRP is enabled on
+ Router-2 for VRID=1, it will transition to the Backup Router, with
+ priority = 100 (the default priority is 100), since it is not the
+ IPvX address owner. If Router-1 should fail, then the VRRP protocol
+ will transition Router-2 to the Active Router, temporarily taking
+ over forwarding responsibility for IPvX A to provide uninterrupted
+ service to the hosts.
+
+ Note that in both cases in this example, IPvX B is not backed up and
+ it is only used by Router-2 as its interface address. In order to
+ back up IPvX B, a second Virtual Router must be configured. This is
+ shown in the next section.
+
+4.2. Sample VRRP Network 2
+
+ The following figure shows a configuration with two Virtual Routers
+ with the hosts splitting their traffic between them.
+
+ +-----------+ +-----------+
+ | Router-1 | | Router-2 |
+ |(AR VRID=1)| |(BR VRID=1)|
+ |(BR VRID=2)| |(AR VRID=2)|
+ VRID=1 +-----------+ +-----------+ VRID=2
+ IPvX A ----->* *<---------- IPvX B
+ | |
+ | |
+ ----------+-------------+-+-----------+-----------+-----------+
+ ^ ^ ^ ^
+ | | | |
+ Default Router | | | |
+ IPvX Addresses ---> (IPvX A) (IPvX A) (IPvX B) (IPvX B)
+ | | | |
+ IPvX H1->* IPvX H2->* IPvX H3->* IPvX H4->*
+ +--+--+ +--+--+ +--+--+ +--+--+
+ | H1 | | H2 | | H3 | | H4 |
+ +-----+ +-----+ +--+--+ +--+--+
+
+ Legend:
+ ---+---+---+-- = Ethernet
+ H = Host computer
+ AR = Active Router
+ BR = Backup Router
+ * = IPvX Address: X is 4 everywhere in IPv4 case
+ X is 6 everywhere in IPv6 case
+ (IPvX) = Default Router for hosts
+
+ Figure 2: Sample VRRP Network 2
+
+ In the IPv4 example above, i.e., IPvX is IPv4 everywhere in the
+ figure, half of the hosts have configured a static default route
+ through Router-1's IPv4 A, and half are using Router-2's IPv4 B. The
+ configuration of Virtual Router VRID=1 is exactly the same as in the
+ first example (see Section 4.1), and a second Virtual Router has been
+ added to cover the IPv4 address owned by Router-2 (VRID=2,
+ IPv4_Address=B). In this case, Router-2 will assert itself as the
+ Active Router for VRID=2, while Router-1 will act as a Backup Router.
+ This scenario demonstrates a deployment providing load-splitting when
+ both routers are available, while providing full redundancy for
+ robustness.
+
+ In the IPv6 example above, i.e., IPvX is IPv6 everywhere in the
+ figure, half of the hosts are using a default route through Router-
+ 1's IPv6 A, and half are using Router-2's IPv6 B. The configuration
+ of Virtual Router VRID=1 is exactly the same as in the first example
+ (see Section 4.1), and a second Virtual Router has been added to
+ cover the IPv6 address owned by Router-2 (VRID=2, IPv6_Address=B).
+ In this case, Router-2 will assert itself as the Active Router for
+ VRID=2, while Router-1 will act as a Backup Router. This scenario
+ demonstrates a deployment providing load-splitting when both routers
+ are available while providing full redundancy for robustness.
+
+ Note that the details of load-balancing are out of scope of this
+ document. However, in a case where the servers need different
+ weights, it may not make sense to rely on Router Advertisements alone
+ to balance the host traffic between the routers [RFC4311].
+
+5. Protocol
+
+ The purpose of the VRRP Advertisement is to communicate to all VRRP
+ Routers the priority, Maximum Advertisement Interval, and IPvX
+ addresses of the Active Router associated with the VRID.
+
+ When VRRP is protecting an IPv4 address, VRRP packets are sent
+ encapsulated in IPv4 packets. They are sent to the IPv4 multicast
+ address assigned to VRRP.
+
+ When VRRP is protecting an IPv6 address, VRRP packets are sent
+ encapsulated in IPv6 packets. They are sent to the IPv6 multicast
+ address assigned to VRRP.
+
+5.1. VRRP Packet Format
+
+ This section defines the format of the VRRP packet and the relevant
+ fields in the IPvX header (in conjunction with the address family).
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | IPv4 Fields or IPv6 Fields |
+ ... ...
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ |Version| Type | Virtual Rtr ID| Priority |IPvX Addr Count|
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ |Reserve| Max Advertise Interval| Checksum |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | |
+ + +
+ | IPvX Address(es) |
+ + +
+ + +
+ + +
+ + +
+ | |
+ + +
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Figure 3: IPv4/IPv6 VRRP Advertisement Packet Format
+
+5.1.1. IPv4 Field Descriptions
+
+5.1.1.1. Source Address
+
+ This is the primary IPv4 address of the interface from which the
+ packet is being sent.
+
+5.1.1.2. Destination Address
+
+ The IPv4 multicast address as assigned by the IANA for VRRP is:
+
+ 224.0.0.18
+
+ This is a link-local scope multicast address. Routers MUST NOT
+ forward a datagram with this destination address, regardless of its
+ TTL.
+
+5.1.1.3. TTL
+
+ The TTL MUST be set to 255. A VRRP Router receiving a packet with
+ the TTL not equal to 255 MUST discard the packet [RFC5082].
+
+5.1.1.4. Protocol
+
+ The IPv4 protocol number assigned by the IANA for VRRP is 112
+ (decimal).
+
+5.1.2. IPv6 Field Descriptions
+
+5.1.2.1. Source Address
+
+ This is the IPv6 link-local address of the interface from which the
+ packet is being sent.
+
+5.1.2.2. Destination Address
+
+ The IPv6 multicast address assigned by the IANA for VRRP is:
+
+ ff02:0:0:0:0:0:0:12
+
+ This is a link-local scope multicast address. Routers MUST NOT
+ forward a datagram with this destination address, regardless of its
+ Hop Limit.
+
+5.1.2.3. Hop Limit
+
+ The Hop Limit MUST be set to 255. A VRRP Router receiving a packet
+ with the Hop Limit not equal to 255 MUST discard the packet
+ [RFC5082].
+
+5.1.2.4. Next Header
+
+ The IPv6 Next Header protocol assigned by the IANA for VRRP is 112
+ (decimal).
+
+5.2. VRRP Field Descriptions
+
+5.2.1. Version
+
+ The Version field specifies the VRRP protocol version of this packet.
+ This document defines version 3.
+
+5.2.2. Type
+
+ The Type field specifies the type of this VRRP packet. The only
+ packet type defined in this version of the protocol is:
+
+ 1 - ADVERTISEMENT
+
+ A packet with unknown type MUST be discarded.
+
+5.2.3. Virtual Rtr ID (VRID)
+
+ The Virtual Rtr ID field identifies the Virtual Router for which this
+ packet is reporting status.
+
+5.2.4. Priority
+
+ The Priority field specifies sending the VRRP Router's priority for
+ the Virtual Router. Higher values indicate higher priority. This
+ field is an 8-bit unsigned integer field.
+
+ The priority value for the VRRP Router that owns the IPvX address
+ associated with the Virtual Router MUST be 255 (decimal).
+
+ VRRP Routers backing up a Virtual Router MUST use priority values
+ between 1-254 (decimal). The default priority value for VRRP Routers
+ backing up a Virtual Router is 100 (decimal). Refer to Section 8.3.2
+ for recommendations on setting the priority.
+
+ The priority value zero (0) has special meaning, indicating that the
+ current Active Router has stopped participating in VRRP. This is
+ used to trigger Backup Routers to quickly transition to the Active
+ Router without having to wait for the current Active_Down_Interval
+ (refer to Section 6.1).
+
+5.2.5. IPvX Addr Count
+
+ The IPvX Addr Count field is the number of either IPv4 addresses or
+ IPv6 addresses contained in this VRRP advertisement. The minimum
+ value is 1. If the received count is 0, the VRRP advertisement MUST
+ be ignored.
+
+5.2.6. Reserve
+
+ The Reserve field MUST be set to zero on transmission and ignored on
+ reception.
+
+5.2.7. Maximum Advertisement Interval (Max Advertise Interval)
+
+ The Max Advertise Interval is a 12-bit field that indicates the time
+ interval (in centiseconds) between advertisements. The default is
+ 100 centiseconds (1 second).
+
+ Note that higher-priority Active Routers with slower transmission
+ rates than their Backup Routers are unstable. This is because lower-
+ priority Backup Routers configured to faster rates could join the LAN
+ and decide they should be Active Routers before they have heard
+ anything from the higher-priority Active Router with a slower rate.
+ When this happens, it is temporary, i.e., once the lower-priority
+ node does hear from the higher-priority Active Router, it will
+ relinquish Active Router status.
+
+5.2.8. Checksum
+
+ The Checksum field is used to detect data corruption in the VRRP
+ message.
+
+ For both the IPv4 and IPv6 address families, the checksum is the
+ 16-bit one's complement of the one's complement sum of the VRRP
+ message. For computing the checksum, the Checksum field is set to
+ zero. See [RFC1071] for more details.
+
+ For the IPv4 address family, the checksum calculation only includes
+ the VRRP message starting with the Version field and ending after the
+ last IPv4 address (refer to Section 5.2).
+
+ For the IPv6 address family, the checksum calculation also includes a
+ prepended "pseudo-header", as defined in Section 8.1 of [RFC8200].
+ The Next Header field in the "pseudo-header" should be set to 112
+ (decimal) for VRRP.
+
+5.2.9. IPvX Address(es)
+
+ This refers to one or more IPvX addresses associated with the Virtual
+ Router. The number of addresses included is specified in the IPvX
+ Addr Count field. These fields are used for troubleshooting
+ misconfigured routers. If more than one address is sent, it is
+ recommended that all routers be configured to send these addresses in
+ the same order to simplify comparisons.
+
+ For IPv4 addresses, this refers to one or more IPv4 addresses that
+ are backed up by the Virtual Router.
+
+ For IPv6, the first address MUST be the IPv6 link-local address
+ associated with the Virtual Router.
+
+ This field contains either one or more IPv4 addresses or one or more
+ IPv6 addresses. The address family of the addresses, IPv4 or IPv6
+ but not both, MUST be the same as the VRRP packet's IPvX header
+ address family.
+
+6. Protocol State Machine
+
+6.1. Parameters per Virtual Router
+
+ VRID Virtual Router Identifier. Configurable
+ value in the range 1-255 (decimal).
+ There is no default.
+
+ Priority Priority value to be used by this VRRP
+ Router in Active Router election for this
+ Virtual Router. The value of 255
+ (decimal) is reserved for the router that
+ owns the IPvX address associated with the
+ Virtual Router. The value of 0 (zero) is
+ reserved for the Active Router to
+ indicate it is relinquishing
+ responsibility for the Virtual Router.
+ The range 1-254 (decimal) is available
+ for VRRP Routers backing up the Virtual
+ Router. Higher values indicate higher
+ priorities. The default value is 100
+ (decimal).
+
+ IPv4_Addresses One or more IPv4 addresses associated
+ with this Virtual Router. Configured
+ list of addresses with no default.
+
+ IPv6_Addresses One or more IPv6 addresses associated
+ with this Virtual Router. Configured
+ list of addresses with no default. The
+ first address MUST be the Link-Local
+ address associated with the Virtual
+ Router.
+
+ IPvX_Addresses Refer to either the IPv4 or IPv6 address
+ associated with this Virtual Router (see
+ IPv4_Addresses and IPv6_Addresses above).
+
+ Advertisement_Interval Time interval between VRRP Advertisements
+ (centiseconds) sent by this Virtual
+ Router. Default is 100 centiseconds (1
+ second).
+
+ Active_Adver_Interval Advertisement interval contained in VRRP
+ Advertisements received from the Active
+ Router (in centiseconds). This value is
+ saved by Virtual Routers in the Backup
+ state and used to compute Skew_Time (as
+ specified in Section 8.3.2) and
+ Active_Down_Interval. The initial value
+ is the same as Advertisement_Interval.
+
+ Skew_Time Time to skew Active_Down_Interval in
+ centiseconds. Calculated as:
+
+ (((256 - Priority) *
+ Active_Adver_Interval) / 256)
+
+ Active_Down_Interval Time interval for the Backup Router to
+ declare the Active Router down
+ (centiseconds). Calculated as:
+
+ (3 * Active_Adver_Interval) +
+ Skew_Time
+
+ Preempt_Mode Controls whether a (starting or
+ restarting) higher-priority Backup Router
+ preempts a lower-priority Active Router.
+ Values are True to allow preemption and
+ False to prohibit preemption. Default is
+ True.
+
+ Note: The exception is that the router
+ that owns the IPvX address associated
+ with the Virtual Router always preempts,
+ independent of the setting of this flag.
+
+ Accept_Mode Controls whether a Virtual Router in
+ Active state will accept packets
+ addressed to the address owner's IPvX
+ address as its own even if it is not the
+ IPvX address owner. The default is
+ False. Deployments that rely on, for
+ example, pinging the address owner's IPvX
+ address may wish to configure Accept_Mode
+ to True.
+
+ Note: IPv6 Neighbor Solicitations and
+ Neighbor Advertisements MUST NOT be
+ dropped when Accept_Mode is False.
+
+ Virtual_Router_MAC_Address The MAC address used for the source MAC
+ address in VRRP advertisements and
+ advertised in ARP/ND messages as the MAC
+ address to use for IPvX_Addresses.
+
+6.2. Timers
+
+ Active_Down_Timer Timer that fires when a VRRP Advertisement
+ has not been received for
+ Active_Down_Interval (Backup Routers only).
+
+ Adver_Timer Timer that fires to trigger transmission of
+ a VRRP Advertisement based on the
+ Advertisement_Interval (Active Routers
+ only).
+
+6.3. State Transition Diagram
+
+ +---------------+
+ +--------->| |<-------------+
+ | | Initialize | |
+ | +------| |----------+ |
+ | | +---------------+ | |
+ | | | |
+ | V V |
+ +---------------+ +---------------+
+ | |---------------------->| |
+ | Active | | Backup |
+ | |<----------------------| |
+ +---------------+ +---------------+
+
+ Figure 4: State Transition Diagram
+
+6.4. State Descriptions
+
+ In the state descriptions below, the state names are identified by
+ {state-name}, and the packets are identified by all-uppercase
+ characters.
+
+ A VRRP Router implements an instance of the state machine for each
+ Virtual Router in which it is participating.
+
+6.4.1. Initialize
+
+ The purpose of this state is to wait for a Startup event, that is, an
+ implementation-defined mechanism that initiates the protocol once it
+ has been configured. The configuration mechanism is out of scope for
+ this specification.
+
+ If a Startup event is received, then:
+
+ * If the Priority = 255, i.e., the router owns the IPvX address(es)
+ associated with the Virtual Router, then:
+
+ - Send an ADVERTISEMENT
+
+ - If the protected IPvX address is an IPv4 address, then:
+
+ o For each IPv4 address associated with the Virtual Router,
+ broadcast a gratuitous ARP message containing the Virtual
+ Router MAC address and with the target link-layer address
+ set to the Virtual Router MAC address.
+
+ - else // IPv6
+
+ o For each IPv6 address associated with the Virtual Router,
+ send an unsolicited ND Neighbor Advertisement with the
+ Router Flag (R) set, the Solicited Flag (S) clear, the
+ Override flag (O) set, the target address set to the IPv6
+ address of the Virtual Router, and the target link-layer
+ address set to the Virtual Router MAC address.
+
+ - endif // was protected address IPv4?
+
+ - Set the Adver_Timer to Advertisement_Interval
+
+ - Transition to the {Active} state
+
+ * else // Router is not the address owner
+
+ - Set the Active_Adver_Interval to Advertisement_Interval
+
+ - Set the Active_Down_Timer to Active_Down_Interval
+
+ - Transition to the {Backup} state
+
+ * endif // was priority 255?
+
+ endif // Startup event was received
+
+6.4.2. Backup
+
+ The purpose of the {Backup} state is to monitor the availability and
+ state of the Active Router. The Solicited-Node multicast address
+ [RFC4291] is referenced in the pseudocode below.
+
+ While in the {Backup} state, a VRRP Router MUST do the following:
+
+ * If the protected IPvX address is an IPv4 address, then:
+
+ - It MUST NOT respond to ARP requests for the IPv4 address(es)
+ associated with the Virtual Router.
+
+ * else // protected address is IPv6
+
+ - It MUST NOT respond to ND Neighbor Solicitation messages for
+ the IPv6 address(es) associated with the Virtual Router.
+
+ - It MUST NOT send ND Router Advertisement messages for the
+ Virtual Router.
+
+ * endif // was protected address IPv4?
+
+ * It MUST discard packets with a destination link-layer MAC address
+ equal to the Virtual Router MAC address.
+
+ * It MUST NOT accept packets addressed to the IPvX address(es)
+ associated with the Virtual Router.
+
+ * If a Shutdown event is received, then:
+
+ - Cancel the Active_Down_Timer
+
+ - Transition to the {Initialize} state
+
+ * endif // Shutdown event received
+
+ * If the Active_Down_Timer fires, then:
+
+ - Send an ADVERTISEMENT
+
+ - If the protected IPvX address is an IPv4 address, then:
+
+ o For each IPv4 address associated with the Virtual Router,
+ broadcast a gratuitous ARP message containing the Virtual
+ Router MAC address and with the target link-layer address
+ set to the Virtual Router MAC address.
+
+ - else // IPv6
+
+ o Compute and join the Solicited-Node multicast address
+ [RFC4291] for the IPv6 address(es) associated with the
+ Virtual Router.
+
+ o For each IPv6 address associated with the Virtual Router,
+ send an unsolicited ND Neighbor Advertisement with the
+ Router Flag (R) set, the Solicited Flag (S) clear, the
+ Override flag (O) set, the target address set to the IPv6
+ address of the Virtual Router, and the target link-layer
+ address set to the Virtual Router MAC address.
+
+ - endif // was protected address IPv4?
+
+ - Set the Adver_Timer to Advertisement_Interval
+
+ - Transition to the {Active} state
+
+ * endif // Active_Down_Timer fired
+
+ * If an ADVERTISEMENT is received, then:
+
+ - If the Priority in the ADVERTISEMENT is 0, then:
+
+ o Set the Active_Down_Timer to Skew_Time
+
+ - else // priority non-zero
+
+ o If Preempt_Mode is False, or if the Priority in the
+ ADVERTISEMENT is greater than or equal to the local
+ Priority, then:
+
+ + Set the Active_Adver_Interval to the Max Advertise
+ Interval contained in the ADVERTISEMENT
+
+ + Recompute the Skew_Time
+
+ + Recompute the Active_Down_Interval
+
+ + Set the Active_Down_Timer to Active_Down_Interval
+
+ o else // preempt was true and priority was less than the
+ local priority
+
+ + Discard the ADVERTISEMENT
+
+ o endif // preempt test
+
+ - endif // was priority 0?
+
+ * endif // was advertisement received?
+
+ endwhile // {Backup} state
+
+6.4.3. Active
+
+ While in the {Active} state, the router functions as the forwarding
+ router for the IPvX address(es) associated with the Virtual Router.
+
+ Note that in the {Active} state, the Preempt_Mode Flag is not
+ considered.
+
+ While in the {Active} state, a VRRP Router MUST do the following:
+
+ * If the protected IPvX address is an IPv4 address, then:
+
+ - It MUST respond to ARP requests for the IPv4 address(es)
+ associated with the Virtual Router.
+
+ * else // IPv6
+
+ - It MUST be a member of the Solicited-Node multicast address for
+ the IPv6 address(es) associated with the Virtual Router.
+
+ - It MUST respond to ND Neighbor Solicitation messages (with the
+ Router Flag (R) set) for the IPv6 address(es) associated with
+ the Virtual Router.
+
+ - It MUST send ND Router Advertisements for the Virtual Router.
+
+ - If Accept_Mode is False:
+
+ o It MUST NOT drop IPv6 Neighbor Solicitations and Neighbor
+ Advertisements.
+
+ * endif // IPv4?
+
+ * It MUST forward packets with a destination link-layer MAC address
+ equal to the Virtual Router MAC address.
+
+ * It MUST accept packets addressed to the IPvX address(es)
+ associated with the Virtual Router if it is the IPvX address owner
+ or if Accept_Mode is True. Otherwise, it MUST NOT accept these
+ packets.
+
+ * If a Shutdown event is received, then:
+
+ - Cancel the Adver_Timer
+
+ - Send an ADVERTISEMENT with Priority = 0
+
+ - Transition to the {Initialize} state
+
+ * endif // shutdown received
+
+ * If the Adver_Timer fires, then:
+
+ - Send an ADVERTISEMENT
+
+ - Reset the Adver_Timer to Advertisement_Interval
+
+ * endif // advertisement timer fired
+
+ * If an ADVERTISEMENT is received, then:
+
+ - If the Priority in the ADVERTISEMENT is 0, then:
+
+ o Send an ADVERTISEMENT
+
+ o Reset the Adver_Timer to Advertisement_Interval
+
+ - else // priority was non-zero
+
+ o If the Priority in the ADVERTISEMENT is greater than the
+ local Priority or the Priority in the ADVERTISEMENT is equal
+ to the local Priority and the primary IPvX address of the
+ sender is greater than the local primary IPvX address (based
+ on an unsigned integer comparison of the IPvX addresses in
+ network byte order), then:
+
+ + Cancel Adver_Timer
+
+ + Set the Active_Adver_Interval to the Max Advertise
+ Interval contained in the ADVERTISEMENT
+
+ + Recompute the Skew_Time
+
+ + Recompute the Active_Down_Interval
+
+ + Set the Active_Down_Timer to Active_Down_Interval
+
+ + Transition to the {Backup} state
+
+ o else // new Active Router logic
+
+ + Discard the ADVERTISEMENT
+
+ + Send an ADVERTISEMENT immediately to assert the {Active}
+ state to the sending VRRP Router and to update any
+ learning bridges with the correct Active VRRP Router
+ path.
+
+ o endif // new Active Router detected
+
+ - endif // was priority zero?
+
+ * endif // advert received
+
+ endwhile // in {Active} state
+
+ Note: VRRP packets are transmitted with the Virtual Router MAC
+ address as the source MAC address to ensure that learning bridges
+ correctly determine the LAN segment to which the Virtual Router is
+ attached.
+
+7. Sending and Receiving VRRP Packets
+
+7.1. Receiving VRRP Packets
+
+ The following functions must be performed when a VRRP packet is
+ received:
+
+ * If the received packet is an IPv4 packet, then:
+
+ - It MUST verify that the IPv4 TTL is 255.
+
+ * else // IPv6 VRRP packet received
+
+ - It MUST verify that the IPv6 Hop Limit is 255.
+
+ * endif
+
+ * It MUST verify that the VRRP version is 3.
+
+ * It MUST verify that the VRRP packet type is 1 (ADVERTISEMENT).
+
+ * It MUST verify that the received packet contains the complete VRRP
+ packet (including fixed fields and the IPvX address).
+
+ * It MUST verify the VRRP checksum.
+
+ * It MUST verify that the VRID is configured on the receiving
+ interface and the local router is not the IPvX address owner
+ (Priority = 255 (decimal)).
+
+ If any one of the above checks fails, the receiver MUST discard the
+ packet, SHOULD log the event (subject to rate-limiting), and MAY
+ indicate via network management that an error occurred.
+
+ A receiver SHOULD also verify that the Max Advertise Interval in the
+ received VRRP packet matches the Advertisement_Interval configured
+ for the VRID. Instability can occur with differing intervals (refer
+ to Section 5.2.7). If this check fails, the receiver SHOULD log the
+ event (subject to rate-limiting) and MAY indicate via network
+ management that a misconfiguration was detected.
+
+ A receiver MAY also verify that "IPvX Addr Count" and the list of
+ IPvX address(es) match the IPvX address(es) configured for the VRID.
+ If this check fails, the receiver SHOULD log (subject to rate-
+ limiting) the event and MAY indicate via network management that a
+ misconfiguration was detected.
+
+7.2. Transmitting VRRP Packets
+
+ The following operations MUST be performed when transmitting a VRRP
+ packet:
+
+ * Fill in the VRRP packet fields with the appropriate Virtual Router
+ configuration state
+
+ * Compute the VRRP checksum
+
+ * Set the source MAC address to the Virtual Router MAC address
+
+ * If the protected address is an IPv4 address, then:
+
+ - Set the source IPv4 address to the interface's primary IPv4
+ address
+
+ * else // IPv6
+
+ - Set the source IPv6 address to the interface's link-local IPv6
+ address
+
+ * endif
+
+ * Set the IPvX protocol to VRRP
+
+ * Send the VRRP packet to the VRRP IPvX multicast group
+
+ Note: VRRP packets are transmitted with the Virtual Router MAC
+ address as the source MAC address to ensure that learning bridges
+ correctly determine the LAN segment to which the Virtual Router is
+ attached.
+
+7.3. Virtual Router MAC Address
+
+ The Virtual Router MAC address associated with a Virtual Router is an
+ IEEE 802 MAC address [RFC9542] in the following format:
+
+ IPv4 case: 00-00-5E-00-01-{VRID} (in hex, in network byte order)
+
+ The first three octets are derived from the IANA's Organizationally
+ Unique Identifier (OUI). The next two octets (00-01) indicate the
+ address block assigned to the VRRP protocol for the IPv4 protocol.
+ {VRID} is the Virtual Router Identifier. This mapping provides for
+ up to 255 IPv4 VRRP Routers on a LAN.
+
+ IPv6 case: 00-00-5E-00-02-{VRID} (in hex, in network byte order)
+
+ The first three octets are derived from the IANA's OUI. The next two
+ octets (00-02) indicate the address block assigned to the VRRP
+ protocol for the IPv6 protocol. {VRID} is the Virtual Router
+ Identifier. This mapping provides for up to 255 IPv6 VRRP Routers on
+ a LAN.
+
+7.4. IPv6 Interface Identifiers
+
+ [RFC8064] specifies that [RFC7217] be used as the default scheme for
+ generating a stable address in IPv6 Stateless Address
+ Autoconfiguration (SLAAC) [RFC4862]. The Virtual Router MAC MUST NOT
+ be used for the Net_Iface parameter used in the Interface Identifier
+ (IID) derivation algorithms in [RFC7217] and [RFC8981].
+
+ This VRRP specification describes how to advertise and resolve the
+ VRRP Router's IPv6 link-local address and other associated IPv6
+ addresses into the Virtual Router MAC address.
+
+8. Operational Issues
+
+8.1. IPv4
+
+8.1.1. ICMP Redirects
+
+ ICMP redirects can be used normally when VRRP is running among a
+ group of routers. This allows VRRP to be used in environments where
+ the topology is not symmetric.
+
+ The IPv4 source address of an ICMP redirect should be the address
+ that the end-host used when making its next-hop routing decision. If
+ a VRRP Router is acting as the Active Router for Virtual Router(s)
+ containing address(es) it does not own, then it must determine to
+ which Virtual Router the packet was sent when selecting the redirect
+ source address. One method to deduce the Virtual Router used is to
+ examine the destination MAC address in the packet that triggered the
+ redirect.
+
+ It may be useful to disable redirects for specific cases where VRRP
+ is being used to load-share traffic among a number of routers in a
+ symmetric topology.
+
+8.1.2. Host ARP Requests
+
+ When a host sends an ARP request for one of the Virtual Router IPv4
+ addresses, the Active Router MUST respond to the ARP request with an
+ ARP response that indicates the Virtual Router MAC address for the
+ Virtual Router. Note that the source address of the Ethernet frame
+ of this ARP response is the physical MAC address of the physical
+ router. The Active Router MUST NOT respond with its physical MAC
+ address in the ARP response. This allows the host to always use the
+ same MAC address, regardless of the current Active Router.
+
+ When a VRRP Router restarts or boots, it SHOULD NOT send any ARP
+ messages using its physical MAC address for an IPv4 address for which
+ it is the IPv4 address owner (as defined in Section 1.7), and it
+ should only send ARP messages that include Virtual Router MAC
+ addresses.
+
+ This entails the following:
+
+ * When configuring an interface, Active Routers SHOULD broadcast a
+ gratuitous ARP message containing the Virtual Router MAC address
+ for each IPv4 address on that interface.
+
+ * At system boot, when initializing interfaces for VRRP operation,
+ gratuitous ARP messages MUST be delayed until both the IPv4
+ address and the Virtual Router MAC address are configured.
+
+ * When, for example, Secure Shell (SSH) access to a particular VRRP
+ Router is required, an IPv4 address known to belong to that router
+ SHOULD be used.
+
+8.1.3. Proxy ARP
+
+ If Proxy ARP is to be used on a VRRP Router, then the VRRP Router
+ MUST advertise the Virtual Router MAC address in the Proxy ARP
+ message. Doing otherwise could cause hosts to learn the real MAC
+ address of the VRRP Router.
+
+8.2. IPv6
+
+8.2.1. ICMPv6 Redirects
+
+ ICMPv6 redirects can be used normally when VRRP is running among a
+ group of routers [RFC4443]. This allows VRRP to be used in
+ environments where the topology is not symmetric, e.g., the VRRP
+ Routers do not connect to the same destinations.
+
+ The IPv6 source address of an ICMPv6 redirect SHOULD be the address
+ that the end-host used when making its next-hop routing decision. If
+ a VRRP Router is acting as the Active Router for Virtual Router(s)
+ containing address(es) it does not own, then it has to determine to
+ which Virtual Router the packet was sent when selecting the redirect
+ source address. A method to deduce the Virtual Router used is to
+ examine the destination MAC address in the packet that triggered the
+ redirect.
+
+8.2.2. ND Neighbor Solicitation
+
+ When a host sends an ND Neighbor Solicitation message for a Virtual
+ Router IPv6 address, the Active Router MUST respond to the ND
+ Neighbor Solicitation message with the Virtual Router MAC address for
+ the Virtual Router. The Active Router MUST NOT respond with its
+ physical MAC address. This allows the host to always use the same
+ MAC address, regardless of the current Active Router.
+
+ When an Active Router sends an ND Neighbor Solicitation message for a
+ host's IPv6 address, the Active Router MUST include the Virtual
+ Router MAC address for the Virtual Router if it sends a source link-
+ layer address option in the Neighbor Solicitation message. It MUST
+ NOT use its physical MAC address in the source link-layer address
+ option.
+
+ When a VRRP Router restarts or boots, it SHOULD NOT send any ND
+ messages with its physical MAC address for the IPv6 address it owns
+ and it should only send ND messages that include Virtual Router MAC
+ addresses.
+
+ This entails the following:
+
+ * When configuring an interface, Active Routers SHOULD send an
+ unsolicited ND Neighbor Advertisement message containing the
+ Virtual Router MAC address for the IPv6 address on that interface.
+
+ * At system boot, when initializing interfaces for VRRP operation,
+ all ND Router Advertisements, ND Neighbor Advertisements, and ND
+ Neighbor Solicitation messages MUST be delayed until both the IPv6
+ address and the Virtual Router MAC address are configured.
+
+ Note that on a restarting Active Router where the VRRP protected
+ address is an interface address, i.e., the address owner, Duplicate
+ Address Detection may fail, as the Backup Router MAY answer that it
+ owns the address. One solution is to not run Duplicate Address
+ Detection in this case.
+
+8.2.3. Router Advertisements
+
+ When a Backup VRRP Router has become the Active Router for a Virtual
+ Router, it is responsible for sending Router Advertisements for the
+ Virtual Router, as specified in Section 6.4.3. The Backup Routers
+ MUST be configured to send the same Router Advertisement options as
+ the address owner.
+
+ Router Advertisement options that advertise special services, e.g.,
+ Home Agent Information Option, that are present in the address owner
+ SHOULD NOT be sent by the address owner unless the Backup Routers are
+ prepared to assume these services in full and have a complete and
+ synchronized database for this service.
+
+8.2.4. Unsolicited Neighbor Advertisements
+
+ A VRRP Router acting as either an IPv6 Active Router or Backup Router
+ SHOULD accept Unsolicited Neighbor Advertisements and update the
+ corresponding neighbor cache [RFC4861]. Since these are sent to the
+ IPv6 all-nodes multicast address (ff02::1) [RFC4861] or the IPv6 all-
+ routers multicast address (ff02::2), they will be received.
+ Unsolicited Neighbor Advertisements are sent both in the case where
+ the link-level addresses change [RFC4861] and for gratuitous neighbor
+ discovery by first-hop routers [RFC9131]. Additional configuration
+ may be required in order for Unsolicited Neighbor Advertisements to
+ update the corresponding neighbor cache.
+
+8.3. IPvX
+
+8.3.1. Potential Forwarding Loop
+
+ If it is not the address owner, a VRRP Router SHOULD NOT forward
+ packets addressed to the IPvX address for which it becomes the Active
+ Router. Forwarding these packets would result in unnecessary
+ traffic. Also, in the case of LANs that receive packets they
+ transmit, this can result in a forwarding loop that is only
+ terminated when the IPvX TTL expires.
+
+ One mechanism for VRRP Routers to avoid these forwarding loops is to
+ add/delete a host Drop Route for each non-owned IPvX address when
+ transitioning to/from the Active state.
+
+8.3.2. Recommendations Regarding Setting Priority Values
+
+ A priority value of 255 designates a particular router as the "IPvX
+ address owner" for the VRID. VRRP Routers with priority 255 will, as
+ soon as they start up, preempt all lower-priority routers. For a
+ VRID, only a single VRRP Router on the link SHOULD be configured with
+ priority 255. If multiple VRRP Routers advertising priority 255 are
+ detected, the condition SHOULD be logged (subject to rate-limiting).
+ If no VRRP Router has this priority, and preemption is disabled, then
+ no preemption will occur.
+
+ In order to avoid two or more Backup Routers simultaneously becoming
+ Active Routers after the previous Active Router fails or is shut
+ down, all Virtual Routers SHOULD be configured with different
+ priorities and with sufficient differences in the priorities so that
+ lower priority Backup Routers do not transition to the Active state
+ before receiving an advertisement from the highest priority Backup
+ Router when it transitions to the Active Router. If multiple VRRP
+ Routers advertising the same priority are detected, this condition
+ MAY be logged as a warning (subject to rate-limiting).
+
+ Since the Skew_Time is reduced as the priority is increased, faster
+ convergence can be obtained by using a higher priority for the
+ preferred Backup Router. However, with multiple Backup Routers, the
+ priorities should have sufficient differences, as previously
+ recommended.
+
+8.4. VRRPv3 and VRRPv2 Interoperation
+
+8.4.1. Assumptions
+
+ 1. VRRPv2 and VRRPv3 interoperation is optional.
+
+ 2. Mixing VRRPv2 and VRRPv3 should only be done when transitioning
+ from VRRPv2 to VRRPv3. Mixing the two versions should not be
+ considered a permanent solution.
+
+8.4.2. VRRPv3 Support of VRRPv2 Interoperation
+
+ As mentioned above, this support is intended for upgrade scenarios
+ and is NOT RECOMMENDED for permanent deployments.
+
+ An implementation MAY implement a configuration flag that tells it to
+ listen for and send both VRRPv2 and VRRPv3 advertisements.
+
+ When a Virtual Router is configured this way and is the Active
+ Router, it MUST send both types at the configured rate, even if it is
+ sub-second.
+
+ When a Virtual Router is configured this way and is the Backup
+ Router, it MUST time out based on the rate advertised by the Active
+ Router. In the case of a VRRPv2 Active Router, this means it MUST
+ translate the timeout value it receives (in seconds) into
+ centiseconds. Also, a Backup Router SHOULD ignore VRRPv2
+ advertisements from the current Active Router if it is also receiving
+ VRRPv3 packets from it. It MAY report when a VRRPv3 Active Router is
+ not sending VRRPv2 packets, as this suggests they don't agree on
+ whether they're supporting VRRPv2 interoperation.
+
+8.4.2.1. Interoperation Considerations
+
+8.4.2.1.1. Slow, High-Priority Active Routers
+
+ See also Section 5.2.7, "Maximum Advertisement Interval (Max
+ Advertise Interval)".
+
+ The VRRPv2 Active Router interacting with a sub-second VRRPv3 Backup
+ Router is the most important example of this.
+
+ A VRRPv2 implementation SHOULD NOT be given a higher priority than a
+ VRRPv2 or VRRPv3 implementation with which it is interoperating if
+ the VRRPv2 or VRRPv3 router's advertisement rate is sub-second.
+
+8.4.2.1.2. Overwhelming VRRPv2 Backups
+
+ It seems possible that a VRRPv3 Active Router sending at centisecond
+ rates could potentially overwhelm a VRRPv2 Backup Router with
+ potentially non-deterministic results.
+
+ In this upgrade case, a deployment should initially run the VRRPv3
+ Active Routers with lower frequencies, e.g., 100 centiseconds, until
+ the VRRPv2 routers are upgraded. Then, once the deployment has
+ verified that VRRPv3 is working properly, the VRRPv2 support may be
+ disabled and the desired sub-second rates may be configured.
+
+9. Security Considerations
+
+ VRRP for IPvX does not currently include any type of authentication.
+ Earlier versions of the VRRP specification included several types of
+ authentication, ranging from no authentication to strong
+ authentication. Operational experience and further analysis
+ determined that these did not provide sufficient security to overcome
+ the vulnerability of misconfigured secrets, causing multiple Active
+ Routers to be elected. Due to the nature of the VRRP protocol, even
+ if VRRP messages are cryptographically protected, it does not prevent
+ hostile nodes from behaving as if they are an Active Router, creating
+ multiple Active Routers. Authentication of VRRP messages could have
+ prevented a hostile node from causing all properly functioning
+ routers from going into the Backup state. However, having multiple
+ Active Routers can cause as much disruption as no routers, which
+ authentication cannot prevent. Also, even if a hostile node could
+ not disrupt VRRP, it can disrupt ARP/ND and create the same effect as
+ having all routers go into the Backup state.
+
+ Some L2 switches provide the capability to filter out, for example,
+ ARP and/or ND messages from end-hosts on a switch-port basis. This
+ mechanism could also filter VRRP messages from switch ports
+ associated with end-hosts and can be considered for deployments with
+ untrusted hosts.
+
+ It should be noted that these attacks are not worse and are a subset
+ of the attacks that any node attached to a LAN can do independently
+ of VRRP. The kind of attacks a malicious node on a LAN can perform
+ include:
+
+ * promiscuously receiving packets for any router's MAC address,
+
+ * sending packets with the router's MAC address as the source MAC
+ address in the L2 header to tell the L2 switches to send packets
+ addressed to the router to the malicious node instead of the
+ router,
+
+ * sending redirects to tell hosts to send their traffic somewhere
+ else,
+
+ * sending unsolicited ND replies,
+
+ * answering ND requests, etc.
+
+ All of these can be done independently of implementing VRRP. VRRP
+ does not add to these vulnerabilities, and most of these
+ vulnerabilities are addressed independently, e.g., SEcure Neighbor
+ Discovery (SEND) [RFC3971].
+
+ VRRP includes a mechanism (setting IPv4 TTL or IPv6 Hop Limit to 255
+ and checking the value on receipt) that protects against VRRP packets
+ being injected from another remote network [RFC5082]. This limits
+ most vulnerabilities to attacks on the local network.
+
+ VRRP does not provide any confidentiality. Confidentiality is not
+ necessary for the correct operation of VRRP, and there is no
+ information in the VRRP messages that must be kept secret from other
+ nodes on the LAN.
+
+ In the context of IPv6 operation, if SEND is deployed, VRRP is
+ compatible with the "trust anchor" and "trust anchor or CGA" modes of
+ SEND [RFC3971]. The SEND configuration needs to give the Active and
+ Backup Routers the same prefix delegation in the certificates so that
+ Active and Backup Routers advertise the same set of subnet prefixes.
+ However, the Active and Backup Routers should have their own key
+ pairs to avoid private key sharing.
+
+ Also in the context of IPv6 operation, it is RECOMMENDED that the
+ link-level security guidelines in Section 2.3 of [RFC9099] be
+ followed.
+
+10. IANA Considerations
+
+ IANA has updated all IANA registry references to [RFC5798] to
+ references to RFC 9568, i.e., this document. The individual IANA
+ references are listed below.
+
+ The value 112 is assigned to VRRP in the "Assigned Internet Protocol
+ Numbers" registry.
+
+ In the "Local Network Control Block (224.0.0.0 - 224.0.0.255
+ (224.0.0/24))" registry of the "IPv4 Multicast Address Space
+ Registry" [RFC5771], IANA has assigned the IPv4 multicast address
+ 224.0.0.18 for VRRP.
+
+ In the "Link-Local Scope Multicast Addresses" registry of the "IPv6
+ Multicast Address Space Registry" [RFC3307], IANA has assigned the
+ IPv6 link-local scope multicast address ff02:0:0:0:0:0:0:12 for VRRP
+ for IPv6.
+
+ In the "IANA MAC ADDRESS BLOCK" registry [RFC9542], IANA has assigned
+ blocks of Ethernet unicast addresses as follows (in hexadecimal):
+
+ +======================+===========================+===========+
+ | Addresses | Usage | Reference |
+ +======================+===========================+===========+
+ | 00-01-00 to 00-01-FF | VRRP (Virtual Router | RFC 9568 |
+ | | Redundancy Protocol) | |
+ +----------------------+---------------------------+-----------+
+ | 00-02-00 to 00-02-FF | VRRP IPv6 (Virtual Router | RFC 9568 |
+ | | Redundancy Protocol IPv6) | |
+ +----------------------+---------------------------+-----------+
+
+ Table 1
+
+11. References
+
+11.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119,
+ DOI 10.17487/RFC2119, March 1997,
+ <https://www.rfc-editor.org/info/rfc2119>.
+
+ [RFC3307] Haberman, B., "Allocation Guidelines for IPv6 Multicast
+ Addresses", RFC 3307, DOI 10.17487/RFC3307, August 2002,
+ <https://www.rfc-editor.org/info/rfc3307>.
+
+ [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
+ Architecture", RFC 4291, DOI 10.17487/RFC4291, February
+ 2006, <https://www.rfc-editor.org/info/rfc4291>.
+
+ [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
+ Control Message Protocol (ICMPv6) for the Internet
+ Protocol Version 6 (IPv6) Specification", STD 89,
+ RFC 4443, DOI 10.17487/RFC4443, March 2006,
+ <https://www.rfc-editor.org/info/rfc4443>.
+
+ [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
+ "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
+ DOI 10.17487/RFC4861, September 2007,
+ <https://www.rfc-editor.org/info/rfc4861>.
+
+ [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C.
+ Pignataro, "The Generalized TTL Security Mechanism
+ (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007,
+ <https://www.rfc-editor.org/info/rfc5082>.
+
+ [RFC5771] Cotton, M., Vegoda, L., and D. Meyer, "IANA Guidelines for
+ IPv4 Multicast Address Assignments", BCP 51, RFC 5771,
+ DOI 10.17487/RFC5771, March 2010,
+ <https://www.rfc-editor.org/info/rfc5771>.
+
+ [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
+ 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
+ May 2017, <https://www.rfc-editor.org/info/rfc8174>.
+
+ [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
+ (IPv6) Specification", STD 86, RFC 8200,
+ DOI 10.17487/RFC8200, July 2017,
+ <https://www.rfc-editor.org/info/rfc8200>.
+
+ [RFC9542] Eastlake 3rd, D., Abley, J., and Y. Li, "IANA
+ Considerations and IETF Protocol and Documentation Usage
+ for IEEE 802 Parameters", BCP 141, RFC 9542,
+ DOI 10.17487/RFC9542, April 2024,
+ <https://www.rfc-editor.org/info/rfc9542>.
+
+11.2. Informative References
+
+ [IPSTB] Higginson, P. and M. Shand, "Development of Router
+ Clusters to Provide Fast Failover in IP Networks", Digital
+ Technical Journal, Volume 9, Number 3, 1997.
+
+ [NISTIR8366]
+ National Institute of Standards and Technology (NIST),
+ "Guidance for NIST Staff on Using Inclusive Language in
+ Documentary Standards,", NISTIR 8366,
+ DOI 10.6028/NIST.IR.8366, April 2021,
+ <https://doi.org/10.6028/NIST.IR.8366>.
+
+ [RFC1071] Braden, R., Borman, D., and C. Partridge, "Computing the
+ Internet checksum", RFC 1071, DOI 10.17487/RFC1071,
+ September 1988, <https://www.rfc-editor.org/info/rfc1071>.
+
+ [RFC1256] Deering, S., Ed., "ICMP Router Discovery Messages",
+ RFC 1256, DOI 10.17487/RFC1256, September 1991,
+ <https://www.rfc-editor.org/info/rfc1256>.
+
+ [RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
+ RFC 2131, DOI 10.17487/RFC2131, March 1997,
+ <https://www.rfc-editor.org/info/rfc2131>.
+
+ [RFC2281] Li, T., Cole, B., Morton, P., and D. Li, "Cisco Hot
+ Standby Router Protocol (HSRP)", RFC 2281,
+ DOI 10.17487/RFC2281, March 1998,
+ <https://www.rfc-editor.org/info/rfc2281>.
+
+ [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
+ DOI 10.17487/RFC2328, April 1998,
+ <https://www.rfc-editor.org/info/rfc2328>.
+
+ [RFC2338] Knight, S., Weaver, D., Whipple, D., Hinden, R., Mitzel,
+ D., Hunt, P., Higginson, P., Shand, M., and A. Lindem,
+ "Virtual Router Redundancy Protocol", RFC 2338,
+ DOI 10.17487/RFC2338, April 1998,
+ <https://www.rfc-editor.org/info/rfc2338>.
+
+ [RFC2453] Malkin, G., "RIP Version 2", STD 56, RFC 2453,
+ DOI 10.17487/RFC2453, November 1998,
+ <https://www.rfc-editor.org/info/rfc2453>.
+
+ [RFC3768] Hinden, R., Ed., "Virtual Router Redundancy Protocol
+ (VRRP)", RFC 3768, DOI 10.17487/RFC3768, April 2004,
+ <https://www.rfc-editor.org/info/rfc3768>.
+
+ [RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander,
+ "SEcure Neighbor Discovery (SEND)", RFC 3971,
+ DOI 10.17487/RFC3971, March 2005,
+ <https://www.rfc-editor.org/info/rfc3971>.
+
+ [RFC4311] Hinden, R. and D. Thaler, "IPv6 Host-to-Router Load
+ Sharing", RFC 4311, DOI 10.17487/RFC4311, November 2005,
+ <https://www.rfc-editor.org/info/rfc4311>.
+
+ [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
+ Address Autoconfiguration", RFC 4862,
+ DOI 10.17487/RFC4862, September 2007,
+ <https://www.rfc-editor.org/info/rfc4862>.
+
+ [RFC5798] Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP)
+ Version 3 for IPv4 and IPv6", RFC 5798,
+ DOI 10.17487/RFC5798, March 2010,
+ <https://www.rfc-editor.org/info/rfc5798>.
+
+ [RFC7217] Gont, F., "A Method for Generating Semantically Opaque
+ Interface Identifiers with IPv6 Stateless Address
+ Autoconfiguration (SLAAC)", RFC 7217,
+ DOI 10.17487/RFC7217, April 2014,
+ <https://www.rfc-editor.org/info/rfc7217>.
+
+ [RFC8064] Gont, F., Cooper, A., Thaler, D., and W. Liu,
+ "Recommendation on Stable IPv6 Interface Identifiers",
+ RFC 8064, DOI 10.17487/RFC8064, February 2017,
+ <https://www.rfc-editor.org/info/rfc8064>.
+
+ [RFC8981] Gont, F., Krishnan, S., Narten, T., and R. Draves,
+ "Temporary Address Extensions for Stateless Address
+ Autoconfiguration in IPv6", RFC 8981,
+ DOI 10.17487/RFC8981, February 2021,
+ <https://www.rfc-editor.org/info/rfc8981>.
+
+ [RFC9099] Vyncke, É., Chittimaneni, K., Kaeo, M., and E. Rey,
+ "Operational Security Considerations for IPv6 Networks",
+ RFC 9099, DOI 10.17487/RFC9099, August 2021,
+ <https://www.rfc-editor.org/info/rfc9099>.
+
+ [RFC9131] Linkova, J., "Gratuitous Neighbor Discovery: Creating
+ Neighbor Cache Entries on First-Hop Routers", RFC 9131,
+ DOI 10.17487/RFC9131, October 2021,
+ <https://www.rfc-editor.org/info/rfc9131>.
+
+ [VRRP-IPv6]
+ Hinden, R. and J. Cruz, "Virtual Router Redundancy
+ Protocol for IPv6", Work in Progress, Internet-Draft,
+ draft-ietf-vrrp-ipv6-spec-08, 5 March 2007,
+ <https://datatracker.ietf.org/doc/html/draft-ietf-vrrp-
+ ipv6-spec-08>.
+
+Acknowledgments
+
+ The IPv6 text in this specification is based on [RFC2338]. The
+ authors of [RFC2338] are S. Knight, D. Weaver, D. Whipple, R. Hinden,
+ D. Mitzel, P. Hunt, P. Higginson, M. Shand, and A. Lindem.
+
+ The authors of [VRRP-IPv6] would also like to thank Erik Nordmark,
+ Thomas Narten, Steve Deering, Radia Perlman, Danny Mitzel, Mukesh
+ Gupta, Don Provan, Mark Hollinger, John Cruz, and Melissa Johnson for
+ their helpful suggestions.
+
+ The IPv4 text in this specification is based on [RFC3768]. The
+ authors of that specification would like to thank Glen Zorn, Michael
+ Lane, Clark Bremer, Hal Peterson, Tony Li, Barbara Denny, Joel
+ Halpern, Steve M. Bellovin, Thomas Narten, Rob Montgomery, Rob
+ Coltun, Radia Perlman, Russ Housley, Harald Alvestrand, Ned Freed,
+ Ted Hardie, Bert Wijnen, Bill Fenner, and Alex Zinin for their
+ comments and suggestions.
+
+ Thanks to Steve Nadas for his work merging/editing [RFC3768] and
+ [VRRP-IPv6] into the document that eventually became [RFC5798].
+
+ Thanks to Stewart Bryant, Sasha Vainshtein, Pascal Thubert, Alexander
+ Okonnikov, Ben Niven-Jenkins, Tim Chown, Mališa Vučinić, Russ White,
+ Donald Eastlake, Dave Thaler, Eric Kline, and Vijay Gurbani for
+ comments on the current document (RFC 9568). Thanks to Gyan Mishra,
+ Paul Congdon, and Jon Rosen for discussions related to the removal of
+ legacy technology appendices. Thanks to Dhruv Dhody and Donald
+ Eastlake for comments and suggestions for improving the IANA section.
+ Thanks to Sasha Vainshtein for recommending "Maximum Advertisement
+ Interval" validation. Thanks to Tim Chown and Fernando Gont for
+ discussions and updates related to IPv6 SLAAC.
+
+ Special thanks to Quentin Armitage for a detailed review and
+ extensive comments on the current document (RFC 9568).
+
+Authors' Addresses
+
+ Acee Lindem
+ LabN Consulting, L.L.C.
+ 301 Midenhall Way
+ Cary, NC 27513
+ United States of America
+ Email: acee.ietf@gmail.com
+
+
+ Aditya Dogra
+ Cisco Systems
+ Sarjapur Outer Ring Road
+ Bangalore 560103
+ Karnataka
+ India
+ Email: addogra@cisco.com