HPE FlexNetwork HSR6800 series Configuration Manual page 141

Non-preemptive mode—When a router in the VRRP group becomes the master, it stays
as the master as long as it operates correctly, even if a backup is assigned a higher priority
later.
Preemptive mode—When a backup finds its priority higher than that of the master, the
backup sends VRRP advertisements to start a new master election in the VRRP group and
becomes the master. Accordingly, the original master becomes a backup.
3. Authentication mode
To avoid attacks from unauthorized users, VRRP member routers add authentication keys in
VRRP packets to authenticate one another. VRRP provides the following authentication
modes:
simple—Simple text authentication:
The sender fills an authentication key into the VRRP packet, and the receiver compares the
received authentication key with its local authentication key. If the two authentication keys
are the same, the received VRRP packet is legitimate. Otherwise, the received packet is
illegitimate.
md5—MD5 authentication:
The sender computes a digest for the packet to be sent by using the authentication key and
MD5 algorithm and saves the result in the authentication header. The receiver performs the
same operation by using the authentication key and MD5 algorithm, and compares the
result with the content in the authentication header. If the results are the same, the received
VRRP packet is legitimate. Otherwise, the received packet is illegitimate.
On a secure network, you can choose to not authenticate VRRP packets.
VRRP timers
VRRP timers include VRRP advertisement interval and VRRP preemption delay timer.
1. VRRP advertisement interval
The master in a VRRP group periodically sends VRRP advertisements to inform the other
routers in the VRRP group that it operates correctly.
You can adjust the interval for sending VRRP advertisements by setting the VRRP
advertisement interval. If a backup receives no advertisements in a period three times the
interval, the backup regards itself as the master and sends VRRP advertisements to start a new
master election.
2. VRRP preemption delay timer
To avoid frequent state changes among members in a VRRP group and provide the backups
enough time to collect information (such as routing information), each backup waits for a period
of time called the preemption delay time. The backup waits this period of time after it receives
an advertisement with the priority lower than the local priority, then it sends VRRP
advertisements to start a new master election in the VRRP group and becomes the master.
Packet format
The master periodically multicasts VRRP packets to declare its presence. VRRP packets are also
used for checking the parameters of the virtual router and electing the master.
VRRP packets are encapsulated in IP packets, with the protocol number being 112.
the IPv4 VRRPv2 packet format,
shows the VRRPv3 packet format.
Figure 35 shows the IPv4 VRRPv2 packet format, and
134
Figure 34 shows
Figure 36