How to adjust the interval between gratuitous ARP packets sent from a VRRP group

6

By default, the master router in a VRRP group sends a gratuitous ARP packet every 2 minutes. You can use the vrrp gratuitous-arp timeout command to change the interval at which gratuitous ARP packets are sent.

NOTE:
The interval configured by the vrrp gratuitous-arp timeout command takes effect globally. Currently, the interval cannot be configured for a single VRRP group.

Other related questions:
ARP anti-spoofing configuration on S series switch
The S series switch, except S1700, provides various methods to prevent ARP spoofing attacks. Dynamic ARP inspection (DAI) This function applies to the network where DHCP snooping is configured. It is recommended to configure DAI on the access switches.DAI can prevent man-in-the-middle attacks. # Enable DAI on GE 1/0/1. [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] arp anti-attack check user-bind enable # Enable DAI in VLAN 100. [HUAWEI] vlan 100 [HUAWEI-vlan100] arp anti-attack check user-bind enable - Configure fixed ARP. To prevent ARP spoofing attacks, configure fixed ARP on the gateway. # Enable fixed ARP in fixed MAC mode. [HUAWEI] arp anti-attack entry-check fixed-mac enable - Configure ARP gateway anti-collision (available on only S5720SI/S5720S-SI, S5720EI, S5720HI, S6720EI, and modular switches). When user hosts are directly connected to the gateway, configure this function on the gateway. # Enable ARP gateway anti-collision. [HUAWEI] arp anti-attack gateway-duplicate enable - Configure the switch to actively discard gratuitous ARP packets (only available on modular switches). If you confirm that the gratuitous ARP packets are from attackers, enable the gateway to actively discard gratuitous ARP packets. # Enable the switch to actively discard gratuitous ARP packets globally. [HUAWEI] arp anti-attack gratuitous-arp drop

How to set an interval for sending LBDT packets on an S series switches and how to distinguish LBDT packets sent by different interfaces
S series (except the S1700) and E series switches send LBDT packets in the following modes: 1. For fixed switches in V100R005 - An LBDT packet is sent every 100 ms. You can run the loopback-detect interval interval-time command to set an interval for sending LBDT packets. In the command, the value of interval-time ranges from 5 to 300, in seconds. By default, the interval for sending LBDT packets is 30s. - LBDT packets sent by different interfaces are distinguished based on protocol IDs carried in the packets. By default, the protocol ID of interface 1 on the S3700 is 0x606 and the protocol IDs of the other interfaces are incremented. You can run the loopback-detect protocol protocol-id command to manually set a protocol ID. Note that the protocol ID cannot be the same as an existing protocol ID. For details, see the command reference. 2. For fixed switches in V100R006 and later versions, modular switches, and E series switches - An LBDT packet is sent every 5s. You can run the loopback-detect packet-interval packet-interval-time command to set an interval for sending LBDT packets. The value of packet-interval-time ranges from 1 to 300, in seconds. - LBDT packets sent by different interfaces are distinguished based on interface indexes carried in the packets. Note: LBDT packets are sent frequently. Therefore, the CPU usage will increase if the LBDT function is enabled on all interfaces.

How to configure the timeout interval for VRRP packets
In a VRRP group, if the backup device does not receive VRRP packets from the master device within the timeout interval, it considers that the master device fails, and then become the master.

CE series switches do not support setting of the VRRP protocol packet timeout interval. The VRRP packet timeout interval is calculated as follows: (3*Advertisement_Interval) + Skew_time. Advertisement_Interval is the interval for sending VRRP protocol packets. The default value is 1s. Skew_Time = (256-Priority)/256 , whose value can be 0 or 1. You can run the vrrp vrid timer advertise command to change the interval for sending VRRP protocol packets to adjust the timeout interval.

After the configuration is complete, the TimerConfig field in the command output of the display vrrp verbose command shows the configured interval for sending VRRP protocol packets.
<HUAWEI> display vrrp verbose
Vlanif100 | Virtual Router 1
State             : Master
Virtual IP        : 10.1.1.100
Master IP         : 10.1.1.2
Send VRRP Packet To Subvlan : all
PriorityRun       : 120
PriorityConfig    : 120
MasterPriority    : 120
Preempt           : YES   Delay Time : 20 s   Remain : --
TimerRun          : 2 s
TimerConfig       : 2 s
Auth Type         : MD5   Auth Key : ******
Virtual MAC       : 0000-5e00-0101
Check TTL         : YES
Config Type       : Normal
Track BFD         : atob             Priority Reduced :20
BFD-session State : UP
Create Time       : 2014-10-07 15:43:42
Last Change Time  : 2014-10-07 15:44:03 

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top