Authentication mode, Vrrp timers, Vrrp advertisement interval timer – H3C Technologies H3C SecPath F1000-E User Manual
Page 5: Vrrp preemption delay timer, Packet format
4
Authentication mode
To avoid attacks from unauthorized users, VRRP adds authentication keys into packets for authentication.
VRRP provides two authentication modes:
•
simple: Simple text authentication
A router sending a packet fills an authentication key into the packet, and the router receiving the packet
compares its local authentication key with that of the received packet. If the two authentication keys are
the same, the received VRRP packet is considered legitimate; otherwise, the received packet is
considered invalid.
•
md5: MD5 authentication
A router computes the digest of a packet to be sent by using the authentication key and MD5 algorithm
and saves the result in the authentication header. The router that receives the packet performs the same
operation by using the authentication key and MD5 algorithm, and compares the result with the content
in the authentication header. If the results are the same, the router that receives the packet considers the
packet an authentic and valid VRRP packet; otherwise, the router considers the packet invalid.
On a secure network, you can choose not to set the authentication mode.
VRRP Timers
VRRP timers include VRRP advertisement interval timer and VRRP preemption delay timer.
VRRP advertisement interval timer
The master in a VRRP group periodically sends VRRP advertisements to inform the other routers in the
VRRP group that it operates properly.
You can adjust the interval for sending VRRP advertisements by setting the VRRP advertisement interval
timer. If a backup receives no advertisements in a period three times the interval, the backup regards itself
as the master and sends VRRP advertisements to start a new master election.
VRRP preemption delay timer
To avoid frequent state changes among members in a VRRP group and provide the backups enough time
to collect information (such as routing information), each backup waits for a period of time (the
preemption delay time) after it receives an advertisement with the priority lower than the local priority,
then sends VRRP advertisements to start a new master election in the VRRP group and becomes the
master.
Packet Format
The master multicasts VRRP packets periodically to declare its existence. VRRP packets are also used for
checking the parameters of the virtual router and electing the master.
VRRP packets are encapsulated in IP packets, with the protocol number being 112.
shows the
format of a VRRPv2 packet and
shows the format of a VRRPv3 packet.