Tag Archives: brocade

Redundancy on the first hop – VRRP

This posting is ~7 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

The Virtual Router Redundancy Protocol (VRRP) was developed in 1998 as an open standard protocol. VRRP is the result of an Internet Engineering Task Force (IETF), and it’s described in RFC 5798 (VRRPv3). VRRP was designed as an open standard protocol, but it uses some patents from Cisco. Its function is comparable to Cisco Hot Standby Router Protocol (HSRP), or to the Common Address Redundancy Protocol (CARP). VRRP solves a very specific problem at the network edge: It offers highly available virtual router interfaces, or in simple words: A highly available default gateway. Its home is the network edge, and because of this, VRRP is a so called first hop redundancy protocol. When moving towards network core, VRRP loses importance. If you move from the network edge to the core, redundancy is primarily offered by dynamic routing protocols and redundant links.

Fun fact: Its home is the network edge, but most edge switches, doesn’t support VRRP…

As already mentioned, VRRP is comparable to HSRP, CARP, Cisco Gateway Load Balancing Protocol (GLBP), or the Extreme Standby Router Protocol (ESRP).

VRRPv3 supports IPv6 and IPv4.

How does it work?

 Pretty easy:

  • at least two routers or switches that support VRRP
  • a virtual IP address
  • a virtual mac address

Okay, maybe it’s not that easy.

Key point is the virtual router. A virtual router is defined on each physical router or switch that should offer high availability for a virtual IP address. A virtual router is defined on a per-vlan base, and it consists of a virtual router identifier (VRID), one or more virtual IP addresses, and a statement that declares a router or switch as a master or backup virtual router.

The virtual mac address is build upon the VRID. The mac address is always 00-00-5E-00-01-xx, in which xx is the VRID in hexadecimal format.

The interface IP address, or switch virtual interface (SVI), that is configured for a specific VLAN, and the virtual IP address of a virtual router configured for the same VLAN, must belong to the same subnet.

Master, Backup, Owner

A router or switch can have one of two roles:

  • master virtual router
  • backup virtual router

You can have one master, but multiple backup virtual router. The master virtual router answers to ARP requests and forwards packets for the virtual IP address. The backup virtual router comes into play, in case of a failure of the master virtual router. If a backup virtual router doesn’t receive packets from the master virtual router (a period longer than three times of the advertisement time), the backup virtual routers assume that the master virtual router is dead. An election process is then initiated, to select a new master virtual router.

Master and backup virtual routers communicate via multicast using the multicast IP address 224.0.0.18.

The virtual IP address must also be a real interface IP address on a router or switch. This router or switch is called IP address owner. The IP address owner has always the priority 255. Because of this. the IP address owner will always become the master virtual router, regardless what the configuration says.

vrrp_owner_master_backup

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

As you can see, R1 has the IP 10.0.0.1/24 and the virtual IP address (VIP) is also 10.0.0.1. In this case, R1 is the master virtual router and the IP address owner.

Some vendors allow a no owner design.

vrrp_no_owner_backup_backup

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

As you can see, R1 and R2 are both configured as backup virtual router, but R1 has a higher priority. In this case, R1 will answer to ARP requests and will forward packets for 10.0.0.254. Another interesting fact: The VIP is a true VIP, and it’s not a real interface IP address of any of the participating routers or switches.

Not all vendors seem to support such a design, and RFC 5798 has no references to it. According to some other vendor docs and RFC 5798, VRRP requires that the master virtual router has the virtual IP address configured as a physical IP address, which means that the master virtual router must also the IP address owner (as mentioned above).

VRRP-E – extended VRRP

Brocade and HPE offer VRRP-E, an extended and proprietary version of VRRP. Extended means, that it overcomes limitations of VRRP (told by Brocade and HPE).

VRRP-E doesn’t know the concept of master and backup virtual routers. All routers are acting as backup virtual routers. A priority value is used to determine, which router will act as master virtual router. Furthermore, VRRP-E doesn’t know the concept of the IP address owner.

Brocade states in one of their docs:

The most important difference is that all VRRP-E routers are Backups. There is no Owner router. VRRP-E overcomes the limitations in standard VRRP by removing the Owner.

VRRP and dynamic routing protcols

If VRRP is used together with dynamic routing protocols, like OSPF, there’s a worth mentioning fact: Not a single dynamic routing protocol like it, if the IP address, which is used to build adjacencies, moves to another router. It’s not the IP address that is the problem, but perhaps the not matching routing protocol configuration, a changed router ID or similar. Because of this, the VRRP VIP must not be used in the configuration for dynamic routing protocols. A no owner design can have some benefits if you have to use VRRP and dynamic routing protocols on the same router or switch. In this case, the real interface IP addresses can be used for the dynamic routing protocol configuration, and not the floating VIP.

Fibre Channel: ISL, ISL trunking & FSPF

This posting is ~10 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
Note: This article is a bit Brocade-minded, especially with regard to the terminology.

Redundant paths in a network are always a curse. Always? Not always. It depends on the protocol and the kind of network. In a Ethernet network you have Spanning Tree which eliminates redundant paths and builds a loop free network. What about redundant paths in a storage network? When iSCSI and NFS is used, then usually TCP/IP is used on top of Ethernet. Fibre Channel manages redundant paths a bit different. There’s nothing like Spanning Tree. Redundant paths are nothing fancy. They are just there and they are used.

The Glossary

FSPF: “Fabric shortest path first” is a routing protocol used in Fibre Channel fabrics. It’s used to establish routes accross the fabric and to re-calculate this routes, if a topology change occurs (e.g. link failures).

ISL: An ISL is an inter-switch link. It’s a connection between two Fibre Channel switches.

ISL Trunking: An ISL Trunk is a logical ISL, that provides up to 128 Gbps of bandwidth (8 ports x 16 Gbps).

Context please..

One cool thing about Fibre Channel is the possibility, to use multiple ISLs between switches. No need to worry about loops, no blocked links. Just more ISLs that provide bandwidth and redundancy. If you add more ISLs between switches, Fabric Shortest Path First (FSPF) will care about this topology change. Fibre Channel fabrics are hierarchical and every fabric has a principal switch. He’s the boss and manages changes of name server entries, zone changes, he ensures uniqueness of domain IDs and synchronizes time throughout the fabric. He also analyzes the topology. Each switch is a hop and each ISL between switches has a cost. The costs depend on the link bandwidth.

BandwidthCosts
1 Gb1000
2 Gb500
4 Gb250
8 Gb125
10 Gb100

A link with two hops and 4 Gb bandwidth has costs of 500. A alternate link with only one hop but 2 Gb bandwidth has also a cost of 500. If two routes have the same speed and latency, FSPF will use the route with the least number of hops. A link to a hierarchical higher switch is a upstream connection. A link to a hierarchical lower switch is a downstream connection. FSPF uses a exchange-based load sharing (hash operation over SRC and DST FCID and OX_ID) to distribute the traffic over multiple ISLs. A Fibre Channel exchange is, simply said, a SCSI command. A exchange is made of several sequences and those of several Fibre Channel frames. This way of distributing traffic can lead into a situation, where congestion occurs, because FSPF doesn’t take the link utilization into account.

To avoid congestion ISL Trunking can be used. With ISL Trunking several ISLs are grouped into a logical ISL. When using Brocade switches, a license has to be installed on all switches, that use ISL Trunking. An ISL Trunk is automatically formed, when two or more (up to 8) adjacent ports are used to connect two switches. The adjacent ports must belong to the same port group. That’s the cause why you can’t add more than 8 ports to an ISL Trunk. Instead of using an exchange-based distribution, a frame-based distribution is used for ISL Trunks. This method is more finer and allows a better distribution. The Ports, that belongs to an ISL Trunk, are known as trunking members. One port of the trunking members is the trunking master. This port has a special function, because it assigns traffic to the other trunking members. Even if an ISL Trunk is an logical ISL, it preserves “in-order delivery” of frames.

Final words

Most times FSPF is doing a great job. It just works. But as with Ethernet, it is not done with adding links between Fibre Channel Switches. Sure, you don’t have to deal with Spanning Tree, but just adding more ISLs between switches can cause more problems than they solve. Choose a adequate design based on your requirements. Simplicity is often the key to success. Be sure, that you use an adequate number of links in an ISL. Take care of congestion and use ISL Trunking whenever it’s possible.