NSX-T HA VIP and VRRP are same or different?

By / / Leave a Comment

HA VIP in NSX-T is often compared with VRRP (Virtual Router Redundancy Protocol). Everyone who would look at both of them side by side would have quick following questions in their mind:

  1. Are they both analogous to each other?
  2. Do they both support the same topology from functionality standpoint?
  3. When T-0 is configured with HA VIP, will it maintain the state similar to Master Virtual Router as in VRRP?
  4. Does HA VIP exchange protocol message between Active and Standby instance to maintain the state or failover like VRRP?
  5. Does it support Preemption?
  6.  Will there be any consideration where both VRRP and HA VIP could run side by side?

Let us first understand VRRP and HA VIP, then shall answer these questions individually.:

VRRP

The Virtual Router Redundancy Protocol (VRRP) is designed to eliminate the single point of failure inherent in the static default routed environment.  VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.  The VRRP router controlling the IP address associated with a virtual router is called the Master and forwards packets sent to these IP addresses.  The election process provides dynamic fail-over in the forwarding responsibility should the Master become unavailable.  Any of the virtual router’s IP addresses on a LAN can then be used as the default first hop router by end-hosts.  The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host.

Screenshot 2019-08-27_19-01-23

HA VIP

HA VIP does same to an extent where Virtual IP Address is assigned to Active T-0 Instance uplink interface alongside its primary interface IP Address and on standby T-0 instance does not own it until takes Active responsibility. Active T-0 instance is responsible to reply back to any ARP request generated by Top of Rack switch or router resolving data link address (MAC) for the Next Hop IP address (Configured inside the static route to reach NSX-T downlinks configured on T-0 or T-1). HA VIP does not have election protocol to elect which T-0 instance becomes the Master (That owns the VIP) or also both Active and standby instance do exchange keepalive messages in comparison to  VRRP which uses advertisement messages to know the state to action any failover. Hence in HA VIP Master role is always provided to active T-0 Instance during its implementation and depends on NSX-T way of detecting failure to failover to standby instance.

Figure 2: Basic HA VIP Topology

Screenshot 2019-08-27_19-27-21
  1. Are they both analogous to each other?Both are achieving the same objective and designed to eliminate the single point of failure inherent in the static routed environment.
    VRRP master router act as the gateway to Host/Desktop/VMs (Endpoints) in a particular VLAN or IP Subnet. In case the master router fails other Standby router takes the responsibility of master and serves as the default gateway for the Endpoints. Similarly, HA VIP is active on Active T-0 SR serving as active forwarder and acting as the default gateway to reach segments configured as downlinks.
  1. Do they both support the same topology from functionality standpoint?No, Topological both work differently. VRRP can have more than one router in the subnet group servicing as the default gateway for the endpoint (Refer Figure 1). Whereas HA VIP hooks up with standard Active-Standby Instance of T-0 and serves as the default gateway to ToR or switch.
  2.  When T-0 SR is configured with HA VIP on T-0 Logical Router, will it maintain the state similar to Master Virtual Router as it does in VRRP?In VRRP router exchange advertisement message over multicast address 224.0.0.18 to maintain the state (Refer RFC 3768 for more information). In HA VIP for failover T-0 Active instance is dependent on NSX-T way of detecting failure via keepalive sent over management and tunnel interface as specified in Figure 3 below
  3. Does HA VIP exchange protocol message between Active and Standby instance to detect failure and failover like VRRP?HA VIP depends on T-0 SR HA failover as described in below image

    Figure 3: T-0 SR High Availability and Failure detection

  1. Does HA VIP support Preemption on its own?Yes, it does work along with T-0 SR failover configuration which allows you to enable preemption or non-preemption mode.
  2.  Will there be any consideration where both VRRP and HA VIP could run side by side?Yes, VRRP can be run on ToR router or switches alongside HA VIP on T-0 uplink as described in below topology:

    Figure 4

Note: HA VIP or VRRP both supports static routing and does not go along with Dynamic routing protocol.

To learn more about VRRP refer to the RFC 3768

Amit Juneja on Linkedin
Amit Juneja
Amit Juneja has 13 years of experience in the networking industry. He has held diverse positions throughout his career including support, implementation, design, consulting, project management, Day-2 operations, and people management. Amit has served a majority of Service Providers and several enterprise customers across the globe on various technologies such as: Service Provider MPLS Core/Edge, Enterprise Cisco Unified Communication (Collaboration) and SP / Enterprise Wireless. Amit holds the preeminent CCIE certification in Routing & Switching and Service Provider along with VCP Certification in Network Virtualization.

Leave a Reply