HP 6125G HP 6125G & 6125G/XG Blade Switches High Availability Configur - Page 121

Operation mode, Authentication mode, VRRP timers, VRRP advertisement interval timer

Get HP 6125G PDF manuals and user guides View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals

Page 121 highlights

VRRP priority is in the range of 0 to 255. The greater the number, the higher the priority. Priorities 1 to 254 are configurable. Priority 0 is reserved for special uses and priority 255 for the IP address owner. When a router acts as the IP address owner, its running priority is always 255. That is, the IP address owner in a VRRP group acts as the master as long as it operates properly. Operation mode A router in a VRRP group operates in either of the following modes: • Non-preemptive mode-When a router in the VRRP group becomes the master, it stays as the master as long as it operates properly, even if a backup is assigned a higher priority later. • Preemptive mode-When a backup finds its priority higher than that of the master, the backup sends VRRP advertisements to start a new master election in the VRRP group and becomes the master. Accordingly, the original master becomes a backup. Authentication mode To avoid attacks from unauthorized users, VRRP adds authentication keys into packets for authentication. VRRP provides the following authentication modes: • simple-Simple text authentication A router sending a packet fills an authentication key into the packet, and the router receiving the packet compares its local authentication key with that of the received packet. If the two authentication keys are the same, the received VRRP packet is considered legitimate. Otherwise, the received packet is considered invalid. • md5-MD5 authentication A router computes the digest of a packet to be sent by using the authentication key and MD5 algorithm and saves the result in the authentication header. The router that receives the packet performs the same operation by using the authentication key and MD5 algorithm, and compares the result with the content in the authentication header. If the results are the same, the router that receives the packet considers the packet an authentic and valid VRRP packet. Otherwise, the router considers the packet invalid. On a secure network, you can choose not to set the authentication mode. VRRP timers VRRP timers include VRRP advertisement interval timer and VRRP preemption delay timer. VRRP advertisement interval timer The master in a VRRP group periodically sends VRRP advertisements to inform the other routers in the VRRP group that it operates properly. You can adjust the interval for sending VRRP advertisements by setting the VRRP advertisement interval timer. If a backup receives no advertisements in a period three times the interval, the backup regards itself as the master and sends VRRP advertisements to start a new master election. VRRP preemption delay timer To avoid frequent state changes among members in a VRRP group and provide the backups enough time to collect information (such as routing information), each backup waits for a period of time (the preemption delay time) after it receives an advertisement with the priority lower than the local priority, then sends VRRP advertisements to start a new master election in the VRRP group and becomes the master. 114

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
114
VRRP priority is in the range of 0 to 255. The greater the number, the higher the priority. Priorities 1 to
254 are configurable. Priority 0 is reserved for special uses and priority 255 for the IP address owner.
When a router acts as the IP address owner, its running priority is always 255. That is, the IP address
owner in a VRRP group acts as the master as long as it operates properly.
Operation mode
A router in a VRRP group operates in either of the following modes:
Non-preemptive mode
—When a router in the VRRP group becomes the master, it stays as the
master as long as it operates properly, even if a backup is assigned a higher priority later.
Preemptive mode
—When a backup finds its priority higher than that of the master, the backup
sends VRRP advertisements to start a new master election in the VRRP group and becomes the
master. Accordingly, the original master becomes a backup.
Authentication mode
To avoid attacks from unauthorized users, VRRP adds authentication keys into packets for authentication.
VRRP provides the following authentication modes:
simple
—Simple text authentication
A router sending a packet fills an authentication key into the packet, and the router receiving the
packet compares its local authentication key with that of the received packet. If the two
authentication keys are the same, the received VRRP packet is considered legitimate. Otherwise,
the received packet is considered invalid.
md5
—MD5 authentication
A router computes the digest of a packet to be sent by using the authentication key and MD5
algorithm and saves the result in the authentication header. The router that receives the packet
performs the same operation by using the authentication key and MD5 algorithm, and compares
the result with the content in the authentication header. If the results are the same, the router that
receives the packet considers the packet an authentic and valid VRRP packet. Otherwise, the
router considers the packet invalid.
On a secure network, you can choose not to set the authentication mode.
VRRP timers
VRRP timers include VRRP advertisement interval timer and VRRP preemption delay timer.
VRRP advertisement interval timer
The master in a VRRP group periodically sends VRRP advertisements to inform the other routers in the
VRRP group that it operates properly.
You can adjust the interval for sending VRRP advertisements by setting the VRRP advertisement interval
timer. If a backup receives no advertisements in a period three times the interval, the backup regards itself
as the master and sends VRRP advertisements to start a new master election.
VRRP preemption delay timer
To avoid frequent state changes among members in a VRRP group and provide the backups enough time
to collect information (such as routing information), each backup waits for a period of time (the
preemption delay time) after it receives an advertisement with the priority lower than the local priority,
then sends VRRP advertisements to start a new master election in the VRRP group and becomes the
master.