Vrrp timers, Packet format – H3C Technologies H3C MSR 50 User Manual
Page 64
56
VRRP priority is in the range of 0 to 255, and the greater the number, the higher the priority.
Priorities 1 to 254 are configurable. Priority 0 is reserved for special uses and priority 255 is for
the IP address owner. The router acting as the IP address owner in a VRRP group always has the
running priority 255 and acts as the master as long as it works correctly.
2.
Working mode
A router in a VRRP group operates in either of the following modes:
{
Non-preemptive mode—When a router in the VRRP group becomes the master, it stays as the
master as long as it operates correctly, even if a backup is assigned a higher priority later.
{
Preemptive mode—When a backup finds its priority higher than that of the master, the backup
sends VRRP advertisements to start a new master election in the VRRP group and becomes the
master. Accordingly, the original master becomes a backup.
3.
Authentication mode
To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP
packets to authenticate one another. VRRP provides the following authentication modes:
{
simple—Simple text authentication:
The sender fills an authentication key into the VRRP packet, and the receiver compares the
received authentication key with its local authentication key. If the two authentication keys are
the same, the received VRRP packet is legitimate. Otherwise, the received packet is
illegitimate.
{
md5—MD5 authentication:
The sender computes a digest for the packet to be sent by using the authentication key and
MD5 algorithm and saves the result in the authentication header. The receiver performs the
same operation by using the authentication key and MD5 algorithm, and compares the result
with the content in the authentication header. If the results are the same, the received VRRP
packet is legitimate. Otherwise, the received packet is illegitimate.
On a secure network, you can choose to not authenticate VRRP packets.
VRRP timers
VRRP timers include VRRP advertisement interval and VRRP preemption delay timer.
1.
VRRP advertisement interval
The master in a VRRP group periodically sends VRRP advertisements to inform the other routers in
the VRRP group that it operates correctly.
You can adjust the interval for sending VRRP advertisements by setting the VRRP advertisement
interval. If a backup receives no advertisements in a period three times the interval, the backup
regards itself as the master and sends VRRP advertisements to start a new master election.
2.
VRRP preemption delay timer
To avoid frequent state changes among members in a VRRP group and provide the backups
enough time to collect information (such as routing information), each backup waits for a period
of time called the preemption delay time. The backup waits this period of time after it receives an
advertisement with the priority lower than the local priority, then it sends VRRP advertisements to
start a new master election in the VRRP group and becomes the master.
Packet format
The master periodically multicasts VRRP packets to declare its presence. VRRP packets are also used for
checking the parameters of the virtual router and electing the master.