2.8 Virtual Routers with Multiple IP Addresses
VRRP Internet Draft hints at the possibility of protecting multiple IP addresses with a single virtual router by using the expression IP address(es) without explicitly going into the details of this characteristic. As a matter of fact, a physical interface may have multiple IP addresses that can be on the same (usually rare) or different subnets, the latter being referred to as multinetting. Network administrators commonly use multinetting when they need to renumber a network, that is, assign new addresses with a different subnet definition. In such cases, to ease the transition both subnets are maintained for a brief period.
When a VRRP router has more than one address associated with its interface, it can have all its addresses protected by one single virtual router. In such an arrangement, the router in question qualifies as the owner of all addresses, but the router picks one of those addresses as primary to be used for the purposes of VRRP traffic.
These considerations apply independent of whether the protected multiple addresses are on the same subnet or not. The multinetting case is more interesting, though, and demonstrates that VRRP can still be used without significant reconfiguration during the periods of transitions in networks. Figure 2-9 depicts a virtual router protecting a default router configured for multinetting.
FIGURE 2-9. A virtual router protecting multiple IP addresses
Note that in Figure 2-9 we have one LAN segment that is partitioned into two subnets: 184.108.40.206 and 220.127.116.11. Router R2, the owner of both addresses IP(R2)5 and IP(R2)205, is the master of the virtual router V1. Router R1 is the backup and is similarly configured, that is, it has been configured for multinetting with an IP address on each subnet like R2. Although the IP addresses are in different subnets, they are associated with the same virtual router V1, and they are both protected by the same virtual router V1. One of the addresses designated via configuration as primary would be picked for V1; in this example, 18.104.22.168 and router R1 would be the backup. The VRRP mechanism and VRRP exchanges will be on this subnet 22.214.171.124, and 126.96.36.199 will be the primary IP address of virtual router V1. However, the other address, 188.8.131.52, would simply piggyback on the protection offered by VRRP to the primary address because both of them are on the same interface. As long as R2 is operational, R1 will stay in the backup status; but when R2 fails, VRRP will detect the failure and R1 will become the master and route on behalf of 184.108.40.206 as well as 220.127.116.11, since R1 is configured accordingly. In other words, all IP addresses in a multinetted interface will switch over to the backup. We do realize that it is possible to have one virtual router, not multiple ones, to protect more than one IP address as long as all physical routers within a virtual router have a multinetted configuration on the same set of subnets. See Chapter 8 for possible misconfigurations.