Internet Engineering Task Force N. Serafini Internet-Draft Individual Intended status: Experimental A. Dogra Expires: 13 October 2026 Cisco Systems, Inc. 11 April 2026 Fast failure detection in VRRP with S-BFD draft-nser-vrrp-sbfd-02 Abstract The Virtual Router Redundancy Protocol (VRRP) protocol depends on IPv4 or IPv6 connectivity between redundant peers and can use Seamless Bidirectional Forwarding Detection (S-BFD) to detect a Primary Router failure faster than the base VRRP advertisement timers. This document describes an extension that allows VRRP to use S-BFD as an additional failure-detection mechanism. It defines a new VRRP packet type, a dedicated timer, and a mechanism for a VRRP Primary Router to advertise an S-BFD reflector discriminator to Backup Routers. Local discriminator allocation is left to the implementation. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 13 October 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. Serafini & Dogra Expires 13 October 2026 [Page 1] Internet-Draft VRRP and S-BFD April 2026 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 4. Required Features . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Timers for Primary election . . . . . . . . . . . . . . . 4 4.2. Local S-BFD Discriminator allocation . . . . . . . . . . 4 4.3. Remote S-BFD Discriminator advertisement and learning . . 5 4.4. S-BFD Discriminator length . . . . . . . . . . . . . . . 5 5. Known Limitations . . . . . . . . . . . . . . . . . . . . . . 5 5.1. Inconsistency . . . . . . . . . . . . . . . . . . . . . . 5 6. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 5 7. VRRP state machine and S-BFD operational mode . . . . . . . . 6 8. VRRP and S-BFD state machines interoperability . . . . . . . 7 9. Relation maintenance . . . . . . . . . . . . . . . . . . . . 7 9.1. Relation requirements . . . . . . . . . . . . . . . . . . 8 9.1.1. Primary state . . . . . . . . . . . . . . . . . . . . 8 9.1.2. Backup state . . . . . . . . . . . . . . . . . . . . 8 9.1.3. Initialize state . . . . . . . . . . . . . . . . . . 8 10. S-BFD Discriminator advertisement . . . . . . . . . . . . . . 8 10.1. Advertisement field . . . . . . . . . . . . . . . . . . 9 10.2. Learning the SBFDInitiator Your Discriminator field . . 9 10.3. Implementation considerations . . . . . . . . . . . . . 9 10.4. Why explicit advertisement is required . . . . . . . . . 10 11. Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 12. Operational requirements . . . . . . . . . . . . . . . . . . 10 12.1. Initialize state . . . . . . . . . . . . . . . . . . . . 10 12.2. VRRP Backup state . . . . . . . . . . . . . . . . . . . 12 12.3. Primary state . . . . . . . . . . . . . . . . . . . . . 15 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 14. Security Considerations . . . . . . . . . . . . . . . . . . . 19 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 15.1. Normative References . . . . . . . . . . . . . . . . . . 19 15.2. Informative References . . . . . . . . . . . . . . . . . 20 Appendix A. Prior Work . . . . . . . . . . . . . . . . . . . . . 20 Appendix B. Tools . . . . . . . . . . . . . . . . . . . . . . . 20 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 20 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Serafini & Dogra Expires 13 October 2026 [Page 2] Internet-Draft VRRP and S-BFD April 2026 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 1. Introduction Bidirectional Forwarding Detection (BFD), defined in [RFC5880], is a protocol for rapid failure detection between a pair of systems. [RFC5881] specifies its use for single-hop IPv4 and IPv6 sessions. Seamless BFD (S-BFD), defined in [RFC7880], reduces setup and negotiation overhead and enables simpler provisioning. [RFC7881] extends S-BFD to IPv4, IPv6, and MPLS networks. VRRP is a standardized first-hop redundancy protocol for IPv4 and IPv6 networks. VRRP defined in [RFC9568] provides a standard election procedure for selecting a Primary Router and interoperable behavior across implementations. In the base protocol, failure detection depends on advertisement processing and associated timers. This document combines S-BFD with VRRP for deployments that need failure detection in the millisecond or sub-second range without relying only on aggressive VRRP advertisement timers. Similar to the S-BFD discriminator advertisements defined for IS-IS in [RFC7883] and OSPF in [RFC7884], the extension defined in this document allows a VRRP Primary Router to advertise an S-BFD reflector discriminator that Backup Routers can use to create SBFDInitiator sessions. The selection of local S-BFD discriminators remains implementation specific. 2. Terminology VRRP Virtual Router Redundancy Protocol BFD Bidirectional Forwarding Detection S-BFD Seamless Bidirectional Forwarding Detection FHRP First Hop Redundancy Protocol SBFD_Handler Handler in the Virtual Router that is triggered when an S-BFD Initiator session detects a failure. Serafini & Dogra Expires 13 October 2026 [Page 3] Internet-Draft VRRP and S-BFD April 2026 SBFD_My_Discriminator State variable maintained by the Virtual Router when S-BFD is used as a failure-detection mechanism. Its meaning depends on the current S-BFD operating mode. SBFD_Your_Discriminator State variable maintained by the Virtual Router when it uses S-BFD as an Initiator. SBFD_Primary_Down_Timer Timer in the Virtual Router that starts when S-BFD triggers the SBFD_Handler and is used by the election procedure defined in this document. 3. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 4. Required Features This section lists the features that guided the design of this specification. There is no implied priority among them, and all of the features below MUST be supported by an implementation of this specification. 4.1. Timers for Primary election When enabled, this specification MUST allow S-BFD to accelerate failure detection independently of the normal VRRP advertisement timers. 4.2. Local S-BFD Discriminator allocation Every Router in a VRRP domain MUST be able to allocate a local S-BFD discriminator for use as an SBFDInitiator or SBFDReflector. The allocation method is implementation specific, but the selected value MUST satisfy the local uniqueness requirements of [RFC7880] and [RFC7881]. Serafini & Dogra Expires 13 October 2026 [Page 4] Internet-Draft VRRP and S-BFD April 2026 4.3. Remote S-BFD Discriminator advertisement and learning A Router in VRRP Backup state MUST be able to learn the remote S-BFD discriminator for the VRRP Primary Router acting as an SBFDReflector from the VRRP packet type defined in this document. 4.4. S-BFD Discriminator length The locally allocated and remotely advertised S-BFD discriminator MUST be 32 bits long, as defined in [RFC5880]. 5. Known Limitations Before S-BFD is used as a failure-detection mechanism with VRRP, the following limitation MUST be considered. 5.1. Inconsistency The implementation SHOULD raise an event when it detects an inconsistency between the VRRP state machine and the corresponding S-BFD operating mode. 6. Overview Each VRRP Router that uses S-BFD for failure detection MUST allocate a local S-BFD discriminator and MUST operate as an SBFDReflector or SBFDInitiator according to its VRRP state. When VRRP is in Primary state and the router wants other peers to monitor it, it MUST start an SBFDReflector session using the locally allocated discriminator and MUST advertise that discriminator by sending the VRRP packet type defined in this document. When VRRP is in Backup state, the router MUST start an SBFDInitiator session to monitor the Primary Router. To start a new session, the SBFDInitiator MUST learn the Primary Router's SBFDReflector discriminator and source IPvX address from the VRRP S-BFD Advertisement defined in this document. The SBFDInitiator MUST use a locally allocated discriminator as My Discriminator and the learned reflector discriminator as Your Discriminator, and it MUST monitor the learned source address. When the SBFDReflector receives a control packet from an SBFDInitiator, it MUST locate the corresponding SBFDReflector session by using the incoming Your Discriminator value. Serafini & Dogra Expires 13 October 2026 [Page 5] Internet-Draft VRRP and S-BFD April 2026 This document also defines how VRRP and S-BFD state changes interact, how the new handler and timer are used, and how the new packet type advertises the reflector discriminator needed by VRRP peers. This document does not define a deterministic algorithm for deriving S-BFD discriminators from VRRP fields. The following figure illustrates the high-level behavior. +---------------------+ +------------------------+ | Backup | | Primary | | +-----------------+ | | +-----------------+ | | | SBFDInitiator |---S-BFD Ctrl pkt----->| SBFDReflector | | | | +-------------+ |<--S-BFD Ctrl pkt------| +-------------+ | | | | |S-BFD Discrim| | | | | |S-BFD Discrim| | | | | | | |---S-BFD Echo pkt---+ | | | | | | | +-^-----------+ | | | | | +----------^--+ | | | +---|-------------+<-------------------+ +------------|----+ | | | | | | | | +---v----+ | | +---v----+ | | | VRID | | | | VRID | | | +---^----+ | | +----^---+ | | | | | | | | +----+ | | +----+ | | | | | | | +---------[^]---------+ +------------[v]---------+ | VRRP | +-------------------//--------------------+ Figure 1: VRRP and S-BFD 7. VRRP state machine and S-BFD operational mode To facilitate interoperability between the two protocols, this document defines a direct relationship between the VRRP state machine and the S-BFD operating mode. When VRRP is in Primary state, the router MUST initialize an SBFDReflector session using the locally allocated discriminator. When VRRP is in Backup state, the router MUST initialize an SBFDInitiator session using a locally allocated discriminator as My Discriminator and the value advertised by the VRRP Primary Router as Your Discriminator. The destination of the Initiator session is the source IPvX address from which the corresponding VRRP S-BFD Advertisement was received. When VRRP is in Initialize state, no S-BFD session is associated with that Virtual Router instance, including its VRID, VRRP version, address family, and applicable interface, bridge-domain, or VRF context. Serafini & Dogra Expires 13 October 2026 [Page 6] Internet-Draft VRRP and S-BFD April 2026 An implementation that uses this specification is responsible for maintaining the relationship between VRRP and S-BFD. When an inconsistency is detected, it MUST be treated as a critical error. 8. VRRP and S-BFD state machines interoperability As defined in [RFC7880], S-BFD also has its own state machine. In SBFDInitiator mode, the relevant states are Up and Down. The Down state is entered when a timer expires or when an AdminDown indication is received from the remote Reflector session. In SBFDReflector mode, the session can indicate Up or AdminDown. When VRRP is in Primary state and S-BFD is operating as an SBFDReflector, VRRP MUST drive the associated S-BFD session behavior. When VRRP is in Backup state and S-BFD is operating as an Initiator, S-BFD MUST trigger the SBFD_Handler and VRRP MUST start and monitor the SBFD_Primary_Down_Timer. When VRRP is in Primary state and sends an advertisement with priority 0 in order to relinquish the role, it MUST continue to follow the base VRRP behavior. In that case, the election behavior remains the one defined by the corresponding VRRP version rather than the timer defined in this document. The implementation is responsible for defining how VRRP and S-BFD communicate state changes internally. 9. Relation maintenance The implementation is responsible for maintaining the relationship among the S-BFD session, the current VRID, the VRRP version, the address family, the applicable interface, bridge-domain, or VRF context, and the applicable S-BFD operating mode. When VRRP changes state, the implementation MUST destroy the old S-BFD session, initialize the new one as needed, and continue to apply the base VRRP state machine behavior. This relationship is maintained by using the two state variables SBFD_My_Discriminator and SBFD_Your_Discriminator. Their precise behavior depends on the current operating mode. When operating as an Initiator, the learned destination IPvX address of the SBFDReflector need not be retained after the S-BFD session has been initialized. Serafini & Dogra Expires 13 October 2026 [Page 7] Internet-Draft VRRP and S-BFD April 2026 9.1. Relation requirements This section clarifies how the relationship and state variables are managed for each VRRP state. To create and maintain the association, VRRP MUST store the state variables in the Virtual Router instance and use them to identify, create, or destroy the corresponding S-BFD session. 9.1.1. Primary state SBFD_My_Discriminator SBFDReflector discriminator allocated by the implementation for the Virtual Router instance. This state variable MUST be initialized if the Primary Router wants peers to monitor it through S-BFD and MUST be used to start the corresponding SBFDReflector session as My Discriminator. 9.1.2. Backup state SBFD_My_Discriminator Required SBFDInitiator discriminator allocated by the implementation. SBFD_Your_Discriminator Required SBFDReflector discriminator learned from the VRRP S-BFD Advertisement for this VRRP instance. 9.1.3. Initialize state In this state, the implementation MUST NOT maintain a relationship, and any previous S-BFD sessions MUST be destroyed. VRRP might terminate abnormally and therefore be unable to notify S-BFD. The behavior for handling such inconsistencies is discussed in Section 7. 10. S-BFD Discriminator advertisement This specification does not define a deterministic algorithm for deriving S-BFD discriminators from the VRID, IP addresses, or other VRRP state. A Router that implements this specification MUST allocate SBFD_My_Discriminator according to local implementation policy and MUST ensure that the selected value is a valid non-zero 32-bit S-BFD discriminator that satisfies the local uniqueness requirements of [RFC7880] and [RFC7881]. Serafini & Dogra Expires 13 October 2026 [Page 8] Internet-Draft VRRP and S-BFD April 2026 Similar to the S-BFD discriminator advertisements defined for IS-IS in [RFC7883] and OSPF in [RFC7884], the VRRP packet type defined in this document explicitly carries the SBFDReflector discriminator selected by the VRRP Primary Router. 10.1. Advertisement field A VRRP S-BFD Advertisement reuses the advertisement format of the applicable VRRP version and appends a 32-bit S-BFD Reflector Discriminator field after the protected IPvX address list. All other fields are identical to the corresponding VRRP Advertisement and are processed according to [RFC9568]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ VRRP Advertisement fields for the applicable version ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | S-BFD Reflector Discriminator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: VRRP S-BFD Advertisement Extension The checksum processing for the corresponding VRRP version MUST cover the S-BFD Reflector Discriminator field. 10.2. Learning the SBFDInitiator Your Discriminator field When a Backup Router receives a VRRP S-BFD Advertisement, it MUST copy the advertised S-BFD Reflector Discriminator value into SBFD_Your_Discriminator and use that value as the S-BFD Your Discriminator, as defined in Section 7.2 of [RFC7880]. 10.3. Implementation considerations The same VRID can be reused on different interfaces or bridge domains, and overlapping IPv4 or IPv6 addresses can exist in different VRF contexts. Therefore, deriving S-BFD discriminators only from the VRID and IP addressing information is not sufficient to guarantee uniqueness across VRRP deployments. Explicit advertisement avoids this ambiguity and leaves local discriminator allocation to the implementation. Serafini & Dogra Expires 13 October 2026 [Page 9] Internet-Draft VRRP and S-BFD April 2026 10.4. Why explicit advertisement is required A point-to-multipoint BFD solution, such as one based on [RFC8562], can make a different design choice because the Primary Router itself originates BFD Control packets and a Backup Router can demultiplex the received session by using the source IPvX address together with locally defined rules. S-BFD has a different operational model. An SBFDInitiator MUST know the discriminator allocated by the remote SBFDReflector before it can send an S-BFD Control packet with the correct Your Discriminator value, as described in [RFC7880]. Because the same VRID can be reused in different interface, bridge-domain, or VRF contexts, and because overlapping IP addressing is possible, this document does not attempt to infer the remote reflector discriminator from VRRP state alone. For that reason, this specification carries the SBFDReflector discriminator explicitly in the VRRP S-BFD Advertisement. A specification that uses point-to-multipoint BFD instead of S-BFD could avoid that advertisement, but it would define a different failure-detection mechanism. 11. Timers The standard VRRP election procedure uses the advertisement interval as part of its failure-detection behavior and cannot directly provide the behavior required by this specification. To avoid collisions between the two mechanisms, a dedicated timer named SBFD_Primary_Down_Timer MUST be implemented in the VRRP Router. This timer MUST be equal to the Skew_Time for the applicable VRRP version and MUST be started only when an S-BFD Initiator session triggers the VRRP SBFD_Handler because of a Down or AdminDown indication from the Reflector. 12. Operational requirements This section defines the operational requirements of this specification and summarizes how VRRP and S-BFD are integrated. For IPv6 procedures, the Solicited-Node multicast address is the one defined in [RFC4291]. 12.1. Initialize state Serafini & Dogra Expires 13 October 2026 [Page 10] Internet-Draft VRRP and S-BFD April 2026 + If a Startup event is received, then: + If the Priority = 255, i.e., the router owns the IPvX address(es) associated with the Virtual Router, then: >> + If S-BFD is required, then: >> >> - Allocate the SBFD_My_Discriminator according to local >> implementation policy. >> >> - Start a new SBFDReflector session with >> SBFD_My_Discriminator as My Discriminator. >> >> - Set the VRRP packet type to 2 >> >> - Include SBFD_My_Discriminator as the >> S-BFD Reflector Discriminator field >> >> + else >> >> - Set the VRRP packet type to 1 >> >> + endif // is S-BFD required? - Send an ADVERTISEMENT + If the protected IPvX address is an IPv4 address, then: - For each IPv4 address associated with the Virtual Router, broadcast a gratuitous ARP message containing the Virtual Router MAC address and with the target link-layer address set to the Virtual Router MAC address. + else // IPv6 - For each IPv6 address associated with the Virtual Router, send an unsolicited ND Neighbor Advertisement with the Router Flag (R) set, the Solicited Flag (S) clear, the Override flag (O) set, the target address set to the IPv6 address of the Virtual Router, and the target link-layer address set to the Virtual Router MAC address. + endif // was protected address IPv4? - Set the Adver_Timer to Advertisement_Interval Serafini & Dogra Expires 13 October 2026 [Page 11] Internet-Draft VRRP and S-BFD April 2026 - Transition to the {Primary} state + else // Router is not the address owner - Set Primary_Adver_Interval to Advertisement_Interval - Set the Primary_Down_Timer to Primary_Down_Interval >> + If S-BFD is required, then: >> >> - Set the SBFD_Primary_Down_Timer to Skew_Time >> >> + endif // is S-BFD required? - Transition to the {Backup} state + endif // was priority 255? + endif // Startup event was received 12.2. VRRP Backup state While in Backup state, a VRRP Router MUST do the following: + If the protected IPvX address is an IPv4 address, then: - It MUST NOT respond to ARP requests for the IPv4 address(es) associated with the Virtual Router. + else // protected address is IPv6 - It MUST NOT respond to ND Neighbor Solicitation messages for the IPv6 address(es) associated with the Virtual Router. - It MUST NOT send ND Router Advertisement messages for the Virtual Router. + endif // was protected address IPv4? - It MUST discard packets with a destination link-layer MAC address equal to the Virtual Router MAC address. - It MUST NOT accept packets addressed to the IPvX address(es) associated with the Virtual Router. + If a Shutdown event is received, then: Serafini & Dogra Expires 13 October 2026 [Page 12] Internet-Draft VRRP and S-BFD April 2026 - Cancel the Primary_Down_Timer >> + If S-BFD is required, then: >> >> - Destroy the previous SBFDInitiator session. >> >> - Cancel the SBFD_Primary_Down_Timer. >> >> + endif // is S-BFD required? - Transition to the {Initialize} state + endif // Shutdown event received >> + If the SBFD_Handler event is received, then: >> >> - Start the SBFD_Primary_Down_Timer. >> >> + endif // SBFD_Handler event received >> + If the Primary_Down_Timer OR >> the SBFD_Primary_Down_Timer fires, then: >> + If S-BFD is required, then: >> >> - Allocate the SBFD_My_Discriminator according to local >> implementation policy. >> >> - Start a new SBFDReflector session with >> SBFD_My_Discriminator as My Discriminator. >> >> - Set the VRRP packet type to 2 >> >> - Include SBFD_My_Discriminator as the >> S-BFD Reflector Discriminator field >> >> + else >> >> - Set the VRRP packet type to 1 >> >> + endif // is S-BFD required? - Send an ADVERTISEMENT + If the protected IPvX address is an IPv4 address, then: - For each IPv4 address associated with the Virtual Router, broadcast a gratuitous ARP message Serafini & Dogra Expires 13 October 2026 [Page 13] Internet-Draft VRRP and S-BFD April 2026 containing the Virtual Router MAC address and with the target link-layer address set to the Virtual Router MAC address. + else // IPv6 - Compute and join the Solicited-Node multicast address defined in RFC4291 for the IPv6 address(es) associated with the Virtual Router. - For each IPv6 address associated with the Virtual Router, send an unsolicited ND Neighbor Advertisement with the Router Flag (R) set, the Solicited Flag (S) clear, the Override flag (O) set, the target address set to the IPv6 address of the Virtual Router, and the target link-layer address set to the Virtual Router MAC address. + endif // was protected address IPv4? - Set the Adver_Timer to Advertisement_Interval >> + If S-BFD is required, then: >> >> - Cancel the SBFD_Primary_Down_Timer timer. >> >> + endif // is S-BFD required? - Transition to the {Primary} state + endif // Primary_Down_Timer fired + If an ADVERTISEMENT is received, then: >> + If VRRP packet type is 2, then: >> >> - Allocate the SBFD_My_Discriminator according to local >> implementation policy. >> >> - Set the SBFD_Your_Discriminator to the >> S-BFD Reflector Discriminator field carried in the >> ADVERTISEMENT. >> >> - Create or update the SBFDInitiator session against >> the Primary >> Router using SBFD_My_Discriminator as My Discriminator >> and SBFD_Your_Discriminator as Your Discriminator; >> the destination IPvX of the new session is the Serafini & Dogra Expires 13 October 2026 [Page 14] Internet-Draft VRRP and S-BFD April 2026 >> source IPvX learnt from the advertisement packet >> and the port is the same defined in RFC7881. >> >> + endif // is VRRP packet type 2? + If the Priority in the ADVERTISEMENT is 0, then: - Set the Primary_Down_Timer to Skew_Time + else // priority non-zero + If Preempt_Mode is False, or if the Priority in the ADVERTISEMENT is greater than or equal to the local Priority, then: - Set Primary_Adver_Interval to Max Advertise Interval contained in the ADVERTISEMENT - Recompute the Skew_Time - Recompute the Primary_Down_Interval, - Set the Primary_Down_Timer to Primary_Down_Interval + else // preempt was true and priority was less than the local priority - Discard the ADVERTISEMENT + endif // preempt test + endif // was priority 0? + endif // was advertisement received? endwhile // Backup state 12.3. Primary state While in Primary state, a VRRP Router MUST do the following: + If the protected IPvX address is an IPv4 address, then: - It MUST respond to ARP requests for the IPv4 address(es) associated with the Virtual Router. + else // IPv6 Serafini & Dogra Expires 13 October 2026 [Page 15] Internet-Draft VRRP and S-BFD April 2026 - It MUST be a member of the Solicited-Node multicast address for the IPv6 address(es) associated with the Virtual Router. - It MUST respond to ND Neighbor Solicitation messages (with the Router Flag (R) set) for the IPv6 address(es) associated with the Virtual Router. - It MUST send ND Router Advertisements for the Virtual Router. + If Accept_Mode is False: MUST NOT drop IPv6 Neighbor Solicitations and Neighbor Advertisements. + endif // IPv4? - It MUST forward packets with a destination link-layer MAC address equal to the Virtual Router MAC address. - It MUST accept packets addressed to the IPvX address(es) associated with the Virtual Router if it is the IPvX address owner or if Accept_Mode is True. Otherwise, MUST NOT accept these packets. + If a Shutdown event is received, then: - Cancel the Adver_Timer >> + If S-BFD is required, then: >> >> - Set the VRRP packet type to 2 >> >> - Include SBFD_My_Discriminator as the >> S-BFD Reflector Discriminator field >> >> + else >> >> - Set the VRRP packet type to 1 >> >> + endif // is S-BFD required? >> - Send an ADVERTISEMENT with Priority = 0 - Transition to the {Initialize} state + endif // shutdown received Serafini & Dogra Expires 13 October 2026 [Page 16] Internet-Draft VRRP and S-BFD April 2026 + If the Adver_Timer fires, then: >> + If S-BFD is required, then: >> >> - Set the VRRP packet type to 2 >> >> - Include SBFD_My_Discriminator as the >> S-BFD Reflector Discriminator field >> >> + else >> >> - Set the VRRP packet type to 1 >> >> + endif // is S-BFD required? - Send an ADVERTISEMENT - Reset the Adver_Timer to Advertisement_Interval + endif // advertisement timer fired >> + If an ADVERTISEMENT type 1 or 2 is received, then: + If the Priority in the ADVERTISEMENT is 0, then: >> + If an ADVERTISEMENT type 2, then: >> >> - Set the VRRP packet type to 2 >> >> - Include SBFD_My_Discriminator as the >> S-BFD Reflector Discriminator field >> >> + else >> >> - Set the VRRP packet type to 1 >> >> + endif // is ADVERTISEMENT type 2? - Send an ADVERTISEMENT - Reset the Adver_Timer to Advertisement_Interval + else // priority was non-zero + If the Priority in the ADVERTISEMENT is greater than the local Priority or the Priority in the ADVERTISEMENT is equal to the local Priority and the primary IPvX Address of the sender is greater Serafini & Dogra Expires 13 October 2026 [Page 17] Internet-Draft VRRP and S-BFD April 2026 than the local primary IPvX Address (based on an unsigned integer comparison of the IPvX addresses in network-byte order), then: - Cancel Adver_Timer - Set Primary_Adver_Interval to Max Advertise Interval contained in the ADVERTISEMENT - Recompute the Skew_Time - Recompute the Primary_Down_Interval - Set Primary_Down_Timer to Primary_Down_Interval - Transition to the {Backup} state + else // new Primary Router logic - Discard the ADVERTISEMENT >> + If an ADVERTISEMENT type 2, then: >> >> - Set the VRRP packet type to 2 >> >> - Include SBFD_My_Discriminator as the >> S-BFD Reflector Discriminator field >> >> + else >> >> - Set the VRRP packet type to 1 >> >> + endif // is ADVERTISEMENT type 2? - Send an ADVERTISEMENT immediately to assert Primary state to the sending VRRP Router and to update any learning bridges with the correct Primary VRRP Router path. + endif // new Primary Router detected + endif // was priority zero? + endif // advert received endwhile // in Primary state Serafini & Dogra Expires 13 October 2026 [Page 18] Internet-Draft VRRP and S-BFD April 2026 13. IANA Considerations This document requests IANA to assign a new VRRP packet type for use with S-BFD-enabled VRRP advertisements. The requested value is 2, with a description of "S-BFD Advertisement". If IANA assigns a different value, implementations of this specification MUST use the IANA-assigned value. 14. Security Considerations This document does not define a new security mechanism. It specifies how VRRP can use S-BFD to accelerate failure detection. Implementations inherit the security considerations of [RFC9568], [RFC5880], [RFC5881], [RFC7880], and [RFC7881]. A false or spoofed S-BFD Advertisement can inject an incorrect reflector discriminator or misdirect monitoring traffic, and a false failure indication can still trigger unnecessary VRRP state transitions. For that reason, operators should apply the same filtering, integrity, and control plane protections recommended for the base protocols. 15. References 15.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006, . [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, . [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, DOI 10.17487/RFC5881, June 2010, . [RFC7880] Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S. Pallagatti, "Seamless Bidirectional Forwarding Detection (S-BFD)", RFC 7880, DOI 10.17487/RFC7880, July 2016, . Serafini & Dogra Expires 13 October 2026 [Page 19] Internet-Draft VRRP and S-BFD April 2026 [RFC7881] Pignataro, C., Ward, D., and N. Akiya, "Seamless Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6, and MPLS", RFC 7881, DOI 10.17487/RFC7881, July 2016, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC9568] Lindem, A. and A. Dogra, "Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6", RFC 9568, DOI 10.17487/RFC9568, April 2024, . 15.2. Informative References [RFC7883] Ginsberg, L., Akiya, N., and M. Chen, "Advertising Seamless Bidirectional Forwarding Detection (S-BFD) Discriminators in IS-IS", RFC 7883, DOI 10.17487/RFC7883, July 2016, . [RFC7884] Pignataro, C., Bhatia, M., Aldrin, S., and T. Ranganath, "OSPF Extensions to Advertise Seamless Bidirectional Forwarding Detection (S-BFD) Target Discriminators", RFC 7884, DOI 10.17487/RFC7884, July 2016, . [RFC8562] Katz, D., Ward, D., Pallagatti, S., Ed., and G. Mirsky, Ed., "Bidirectional Forwarding Detection (BFD) for Multipoint Networks", RFC 8562, DOI 10.17487/RFC8562, April 2019, . Appendix A. Prior Work This document was inspired by earlier work on VRRP and BFD, including draft-ietf-rtgwg-vrrp-bfd-p2p-xx and draft-ietf-rtgwg-vrrp-p2mp-bfd- xx. Appendix B. Tools This document uses templates written by Pekka Savola, Elwyn Davies, and Henrik Levkowetz and relies on the open source xml2rfc project. Acknowledgements Thanks to the authors of the VRRP specifications for their work on the Primary and Backup election procedure. Serafini & Dogra Expires 13 October 2026 [Page 20] Internet-Draft VRRP and S-BFD April 2026 Thanks to the authors of the BFD specifications for their work on rapid failure detection. Thanks to the authors of the S-BFD specifications for their work on a streamlined BFD mode that can be applied to VRRP. Thanks to G. Mirsky, J. Tantsura, G. Mishra, N. Gupta, A. Dogra, and C. Docherty for their earlier work on VRRP and BFD. Thanks to the open source maintainers of VRRP and BFD implementations for their efforts. Contributors Contributions are welcome. Authors' Addresses Nicola Serafini Individual Email: n.serafini@tutanota.com Aditya Dogra Cisco Systems, Inc. Sarjapur Outer Ring Road Bangalore 560103 India Email: addogra@cisco.com URI: http://www.cisco.com/ Serafini & Dogra Expires 13 October 2026 [Page 21]