Setting Preemption For Virtual Routers; Configuring Vrrp Authentication - Alcatel OmniSwitch 6624 Network Configuration Manual
Hide thumbs
Also See for OmniSwitch 6624:
- Troubleshooting manual (614 pages) ,
- Management manual (264 pages) ,
- Network configuration manual (654 pages)
Table of Contents
Advertisement
Configuration Overview
In this example, virtual router 6 is disabled. (If you are modifying an existing virtual router, the virtual
router must be disabled before it may be modified.) The virtual router priority is then set to 50. The prior-
ity value is relative to the priority value configured for other virtual routers backing up the same IP
address. Since the default priority is 100, setting the value to 50 would typically provide a router with
lower priority in the VRRP network.
Setting Preemption for Virtual Routers
When a master virtual router becomes unavailable (goes down for whatever reason), a backup router will
take over. There may be more than one backup router, and if the backup routers have similar priority
values, the backup with the highest priority value may not be the one to take over for the master because of
network traffic loads. If that's the case, the backup with the higher priority will then preempt the first
backup router.
By default virtual routers are allowed to preempt each other; that is, if the virtual router with the highest
priority will take over if the master router becomes unavailable. The preempt mode may be disabled so
that any backup router that takes over when the master is unavailable will not then be preempted by a
backup with a higher priority.
Note. The virtual router that owns the IP address(es) associated with the physical router always becomes
the master router if is available, regardless of the preempt mode setting and the priority values of the
backup routers.
To disable preemption for a virtual router, use the
example:
-> vrrp 6 4 disable
-> vrrp 6 4 no preempt
In this example, virtual router 23 is disabled. (If you are modifying an existing virtual router, the virtual
router must be disabled before it may be modified.) The virtual router is then configured to disable
preemption. If this virtual router takes over for an unavailable router, a router with a higher priority will
not be able to preempt it. For more information about priority, see
on page
16-9.
Configuring VRRP Authentication
VRRP is designed for a range of internetworking environments that may employ different security poli-
cies. The protocol includes two authentication methods (simple clear text password and IP authentication
with MD5 HMAC). In the current release, IP authentication with MD5 HMAC is not supported.
By default, VRRP authentication is not enabled. VRRP includes a mechanism, however, independent of
whether or not authentication is configured, that denies VRRP packets from remote networks. Whenever a
VRRP router receives a packet, it sets the Time To Live (TTL) to 255. This prevents the local VRRP
network from accepting VRRP packets from remote networks.
When a VRRP interface receives a VRRP packet, it verifies that the TTL is 255, the VRRP version is
correct, the checksum is correct, and the packet length is greater than or equal to the VRRP header. If the
virtual router is configured for authentication, it will also authenticate the packet. (The authentication
process is transparent to the user.)
page 16-10
vrrp
command with the no preempt keywords. For
OmniSwitch 6624/6648 Network Configuration Guide
Configuring VRRP
"Configuring Virtual Router Priority"
April 2004
Advertisement
Table of Contents
