5

Imagine the following topology enter image description here

I understand why both R1 and R2 need to share a virtual IP, but why is it necessary for them to also share a virtual MAC? Couldn't they simply use their own MAC address? And if the Active router went down, R2 could just send a graituitous ARP, announcing that the VIP will now use R2's MAC address, so the end hosts can update their ARP cache and switches their MAC address table.

Thank you in advance.

Improve this question

2 Answers 2

Reset to default
8

The reason for using a virtual MAC address instead of each router's own MAC address, is that in case of a failover, you don't want to have to learn the new MAC address for the virtual IP address on each node using this virtual address. A virtual MAC address ensures hosts are always sending traffic to the correct ethernet address, without having to update their ARP table if a failover occurs.

Improve this answer
2

In RFC 5798 which defines the operations of VRRP, you will find in section 7.3 the following:
(emphasis mine)

7.3. Virtual Router MAC Address

The virtual router MAC address associated with a virtual router is an IEEE 802 MAC Address in the following format:

IPv4 case: 00-00-5E-00-01-{VRID} (in hex, in Internet-standard bit- order)

The first three octets are derived from the IANA's Organizational
Unique Identifier (OUI). The next two octets (00-01) indicate the
address block assigned to the VRRP for IPv4 protocol. {VRID} is the
VRRP Virtual Router Identifier. This mapping provides for up to 255
IPv4 VRRP routers on a network.

IPv6 case: 00-00-5E-00-02-{VRID} (in hex, in Internet-standard bit- order)

The first three octets are derived from the IANA's OUI. The next two octets (00-02) indicate the address block assigned to the VRRP for IPv6 protocol. {VRID} is the VRRP Virtual Router Identifier. This mapping provides for up to 255 IPv6 VRRP routers on a network.

So as you can see the mac address convey information, it tell the other devices that this is a VRRP address and even provide the VRID.

Also keep in mind that you can define multiple instances of virtual gateway on the same device, and while they could all use the same mac address it is cleaner to have separate mac-addresses.

The same logic apply to HSRP (which, admittedly VRRP is derived from).

Improve this answer
1
  • The purpose of the mapping isn't to carry information to anyone; it's to try to avoid address clashes.
    – hobbs
    Commented Sep 19, 2022 at 14:33

Not the answer you're looking for? Browse other questions tagged or ask your own question.