beautypg.com

Vrrp timers, Packet format – H3C Technologies H3C MSR 50 User Manual

Page 64

background image

56

VRRP priority is in the range of 0 to 255, and the greater the number, the higher the priority.

Priorities 1 to 254 are configurable. Priority 0 is reserved for special uses and priority 255 is for
the IP address owner. The router acting as the IP address owner in a VRRP group always has the

running priority 255 and acts as the master as long as it works correctly.

2.

Working mode
A router in a VRRP group operates in either of the following modes:

{

Non-preemptive mode—When a router in the VRRP group becomes the master, it stays as the
master as long as it operates correctly, even if a backup is assigned a higher priority later.

{

Preemptive mode—When a backup finds its priority higher than that of the master, the backup
sends VRRP advertisements to start a new master election in the VRRP group and becomes the

master. Accordingly, the original master becomes a backup.

3.

Authentication mode
To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP
packets to authenticate one another. VRRP provides the following authentication modes:

{

simple—Simple text authentication:
The sender fills an authentication key into the VRRP packet, and the receiver compares the
received authentication key with its local authentication key. If the two authentication keys are
the same, the received VRRP packet is legitimate. Otherwise, the received packet is

illegitimate.

{

md5—MD5 authentication:
The sender computes a digest for the packet to be sent by using the authentication key and
MD5 algorithm and saves the result in the authentication header. The receiver performs the

same operation by using the authentication key and MD5 algorithm, and compares the result

with the content in the authentication header. If the results are the same, the received VRRP
packet is legitimate. Otherwise, the received packet is illegitimate.

On a secure network, you can choose to not authenticate VRRP packets.

VRRP timers

VRRP timers include VRRP advertisement interval and VRRP preemption delay timer.

1.

VRRP advertisement interval
The master in a VRRP group periodically sends VRRP advertisements to inform the other routers in
the VRRP group that it operates correctly.
You can adjust the interval for sending VRRP advertisements by setting the VRRP advertisement
interval. If a backup receives no advertisements in a period three times the interval, the backup

regards itself as the master and sends VRRP advertisements to start a new master election.

2.

VRRP preemption delay timer
To avoid frequent state changes among members in a VRRP group and provide the backups
enough time to collect information (such as routing information), each backup waits for a period

of time called the preemption delay time. The backup waits this period of time after it receives an
advertisement with the priority lower than the local priority, then it sends VRRP advertisements to

start a new master election in the VRRP group and becomes the master.

Packet format

The master periodically multicasts VRRP packets to declare its presence. VRRP packets are also used for
checking the parameters of the virtual router and electing the master.

This manual is related to the following products: