Setting Preemption For Virtual Routers; Configuring Vrrp Authentication - Alcatel OmniSwitch 6800 Series Network Configuration Manual
Hide thumbs
Also See for OmniSwitch 6800 Series:
- Troubleshooting manual (614 pages) ,
- Release notes (86 pages) ,
- Hardware user's manual (136 pages)
Table of Contents
Advertisement
Configuring VRRP
In this example, virtual router 6 is disabled. (If you are modifying an existing virtual router, the virtual
router must be disabled before it may be modified.) The virtual router priority is then set to 50. The prior-
ity value is relative to the priority value configured for other virtual routers backing up the same IP
address. Since the default priority is 100, setting the value to 50 would typically provide a router with
lower priority in the VRRP network.
Setting Preemption for Virtual Routers
When a master virtual router becomes unavailable (goes down for whatever reason), a backup router will
take over. There may be more than one backup router, and if the backup routers have similar priority
values, the backup with the highest priority value may not be the one to take over for the master because
of network traffic loads. If that's the case, the backup with the higher priority will then preempt the first
backup router.
By default virtual routers are allowed to preempt each other; that is, if the virtual router with the highest
priority will take over if the master router becomes unavailable. The preempt mode may be disabled so
that any backup router that takes over when the master is unavailable will not then be preempted by a
backup with a higher priority.
Note. The virtual router that owns the IP address(es) associated with the physical router always becomes
the master router if is available, regardless of the preempt mode setting and the priority values of the
backup routers.
To disable preemption for a virtual router, use the
example:
-> vrrp 6 4 disable
-> vrrp 6 4 no preempt
In this example, virtual router 23 is disabled. (If you are modifying an existing virtual router, the virtual
router must be disabled before it may be modified.) The virtual router is then configured to disable
preemption. If this virtual router takes over for an unavailable router, a router with a higher priority will
not be able to preempt it. For more information about priority, see
on page
16-10.
Configuring VRRP Authentication
VRRP is designed for a range of internetworking environments that may employ different security poli-
cies. The protocol includes two authentication methods (simple clear text password and IP authentication
with MD5 HMAC). In the current release, IP authentication with MD5 HMAC is not supported.
By default, VRRP authentication is not enabled. VRRP includes a mechanism, however, independent of
whether or not authentication is configured, that denies VRRP packets from remote networks. Whenever a
VRRP router receives a packet, it sets the Time To Live (TTL) to 255. This prevents the local VRRP
network from accepting VRRP packets from remote networks.
When a VRRP interface receives a VRRP packet, it verifies that the TTL is 255, the VRRP version is
correct, the checksum is correct, and the packet length is greater than or equal to the VRRP header. If the
virtual router is configured for authentication, it will also authenticate the packet. (The authentication
process is transparent to the user.)
OmniSwitch 6800 Series Network Configuration Guide
vrrp
command with the no preempt keywords. For
"Configuring Virtual Router Priority"
November 2004
Configuration Overview
page 16-11
- Quick Links:
- Configuring Vlans
Hide quick links:
Advertisement
Table of Contents
