Manualshelf

R3204P16-HP Load Balancing Module High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
12345678910
5
NOTE:
A virtual IP address can be either an unused IP address on the segment where the VRRP
g
roup resides
or the IP address of an interface on a router in the VRRP
roup. In the latter case, the router is called the
IP address owner.
In a VRRP group, you can configure only one IP address owner.
Status of a router in a VRRP group includes master, backup, and initialize.
1. VRRP priority
VRRP determines the role (master or backup) of each router in the VRRP group by priority. A router with
a higher priority has more opportunity to become the master.
VRRP priority is in the range of 0 to 255. A bigger number means a higher priority. Priorities 1 to 254 are
configurable. Priority 0 is reserved for special uses and priority 255 for the IP address owner. When a
router acts as the IP address owner, its priority is always 255. That is, the IP address owner in a VRRP
group acts as the master as long as it works properly.
2. Working mode
A router in a VRRP group works in one of the following two modes:
Non-preemptive mode
When a router in the VRRP group becomes the master, it stays as the master as long as it operates
normally, even if a backup is assigned a higher priority later.
Preemptive mode
When a backup finds its priority higher than that of the master, the backup sends VRRP advertisements
to start a new master election in the VRRP group and becomes the master. Accordingly, the original
master becomes a backup.
3. Authentication mode
To avoid being attacked by unauthorized users, VRRP authenticates the received packets by adding
authentication keys into the packets. VRRP provides two authentication modes:
simple—Simple text authentication
A router sending a packet fills an authentication key into the packet, and the router receiving the packet
compares its local authentication key with that of the received packet. If the two authentication keys are
the same, the received VRRP packet is considered real and valid; otherwise, the received packet is
considered invalid.
md5—MD5 authentication
The router computes the digest of a packet to be sent using the authentication key and MD5 algorithm
and saves the result in the authentication header. The router receiving the packet performs the same
operation using the authentication key and MD5 algorithm, and compares the result with the content in
the authentication header. If the results are the same, the router receiving the packet considers the packet
an authentic and valid VRRP packet; otherwise, the router considers the packet invalid.
On a secure network, you do not need to set the authentication mode.
VRRP timers
VRRP timers include VRRP advertisement interval timer and VRRP preemption delay timer.
1. VRRP advertisement interval timer
The master in a VRRP group sends VRRP advertisements periodically to inform the other routers in the
VRRP group that it operates properly.