Manualshelf

R3166-R3206-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
12345678910
3
VRRP priority
VRRP determines the role (master or backup) of each router in the VRRP group by priority. A router with
a higher priority has more opportunity to become the master.
VRRP priority is in the range of 0 to 255. A bigger number means a higher priority. Priorities 1 to 254 are
configurable. Priority 0 is reserved for special uses and priority 255 for the IP address owner. When a
router acts as the IP address owner, its running priority is always 255. That is, the IP address owner in a
VRRP group acts as the master as long as it works properly.
Working mode
A router in a VRRP group works in one of the following two modes:
Non-preemptive mode
When a router in the VRRP group becomes the master, it stays as the master as long as it operates
normally, even if a backup is assigned a higher priority later.
Preemptive mode
When a backup finds its priority higher than that of the master, the backup sends VRRP advertisements
to start a new master election in the VRRP group and becomes the master. Accordingly, the original
master becomes a backup.
Authentication mode
VRRP provides two authentication modes:
simple: Simple text authentication
You can adopt the simple text authentication mode in a network facing possible security problems. A
router sending a packet fills an authentication key into the packet, and the router receiving the packet
compares its local authentication key with that of the received packet. If the two authentication keys are
the same, the received VRRP packet is considered real and valid; otherwise, the received packet is
considered invalid.
md5: MD5 authentication
You can adopt MD5 authentication in a network facing severe security problems. The router encrypts a
packet to be sent using the authentication key and MD5 algorithm and saves the encrypted packet in the
authentication header. The router receiving the packet uses the authentication key to decrypt the packet
and checks the validity of the packet.
On a secure network, you do not need to set the authentication mode.
VRRP timers
VRRP timers include VRRP advertisement interval timer and VRRP preemption delay timer.
VRRP advertisement interval timer
The master in a VRRP group sends VRRP advertisements periodically to inform the other routers in the
VRRP group that it operates properly.
You can adjust the interval for sending VRRP advertisements by setting the VRRP advertisement interval
timer. If a backup receives no advertisements in a period three times the interval, the backup regards itself
as the master and sends VRRP advertisements to start a new master election.