dead and initiate an election process by transitioning to the Master state and forwarding
VRRP packets.
To avoid frequent Master-Backup state transition among routers in the backup group and
provide enough time for backup routers to collect necessary information, backup router
would not preempt to be master as soon as it receives packets with lower priority value. It
would wait for a certain time, which is called preempt-mode delay time, and then send
packets to take place of the former master. Users can customize the preempt-mode delay
time.
4.
Authentication Methods
VRRP provides three authentication methods:
•
No authentication: the eligibility of VRRP packets is not verified and no security
insurance is provided. In a safe network, no authentication can be set as authentication
method.
•
Simple text password: in a network where security is possible to be threatened, simple
text password is recommended. The router which forwards the VRRP packets fills the
authentication data in the VRRP packets. The router which has received the VRRP
packets compares the data with that in local configuration. If they are the same, the
VRRP packet received is considered legitimate. If not, it would be considered as
illegitimacy.
•
MD5 authentication: in a highly-unsecured network, MD5 authentication is
recommended. The router which sends the VRRP packets conducts digest operation
on VRRP packets using authentication data and MD5 algorithm. The result is saved in
Authentication Header. The router which has received the VRRP packet conducts the
same digest operation and compares the result with the content in Authentication
Header. If they match, the VRRP packet received is considered legitimate. If not, it
would be considered as illegitimacy.
Interface Tracking
This function enhances the backup function. If interface tracking is enabled, when the
master router's other interfaces which are not in this backup group (for example, the uplink
interface) fail, it would lower its priority value automatically. Therefore, router with more
available interfaces and better performance can be elected as master router; and the
stability of backup group is increased.
When the router interface connecting the uplink fails, the backup group cannot recognize
uplink breakdown. If this router is in Master state, hosts in the LAN cannot visit external
network. This problem can be solved with the help of interface tracking function. When the
interface connecting the uplink is down, the router will automatically lower its priority,
making priority of other routers in the backup group higher than its priority value. As a result,
the backup router with the highest priority becomes master.
Load Balancing
One router can work in more than one backup group, which makes it possible that a router
can be master router in one backup group and backup router in other backup groups.
242