Working mode, Authentication mode, Vrrp timers – H3C Technologies H3C S7500E Series Switches User Manual

10-4

If two routers are both in the master state and have the same priority, the router with a higher IP

address becomes the master.

Working mode

A router in a VRRP group works in either of the following two modes:

z

Non-preemptive mode

When a router in the VRRP group becomes the master, it stays as the master as long as it

operates normally, even if a backup is assigned a higher priority later.

z

Preemptive mode

When a backup finds its priority higher than that of the master, the backup sends VRRP

advertisements to start a new master election in the VRRP group and becomes the master.

Accordingly, the original master becomes a backup.

Authentication mode

To avoid attacks from unauthorized users, VRRP adds authentication keys into packets for

authentication. VRRP provides two authentication modes:

z

simple: Simple text authentication

A router sending a packet fills an authentication key into the packet, and the router receiving the

packet compares its local authentication key with that of the received packet. If the two

authentication keys are the same, the received VRRP packet is considered legitimate;

otherwise, the received packet is considered invalid.

z

md5: MD5 authentication

A router computes the digest of a packet to be sent by using the authentication key and MD5

algorithm and saves the result in the authentication header. The router that receives the packet

performs the same operation by using the authentication key and MD5 algorithm, and compares

the result with the content in the authentication header. If the results are the same, the router

that receives the packet considers the packet an authentic and valid VRRP packet; otherwise,

the router considers the packet invalid.

On a secure network, you can choose not to set the authentication mode.

VRRP Timers

VRRP timers include VRRP advertisement interval timer and VRRP preemption delay timer.

VRRP advertisement interval timer

The master in a VRRP group periodically sends VRRP advertisements to inform the other

routers in the VRRP group that it operates properly.

You can adjust the interval for sending VRRP advertisements by setting the VRRP

advertisement interval timer. If a backup receives no advertisements in a period three times the

interval, the backup regards itself as the master and sends VRRP advertisements to start a new

master election.