[HCIE-R&S Interview experience sharing] Which vrrp priorities cannot be configured? Describe their usage scenarios. Highlighted

        I faced this interview question, this is my answer:

        VRRP priority value is 0-255, but value 0 is aborts the master role, for example, deletes the VRRP group on the device, and value 255 is reference IP address owner. so 0 and 255 can't be configured.

        and then an interviewer asked me what's the defaule priority, and I answered 100;

        and then an interviewer asked me if priority are same, who will be the master, and I answered If multiple VRRP devices switch to the Master state at the same time, the VRRP device with the highest priority becomes the master device after negotiation through VRRP advertisement packets. If the VRRP backup group has the same priority, the interface with a larger primary IP address becomes the master device.

        and then an interviewer asked me if master is down, and the standby up, how idoes client understand the gateway switchovered? and I answered the new master immediately sends the virtual MAC address of the virtual router (in the format: 00-00-5E-00-01-{VRID} )and the virtual IP address of the gratuitous ARP packet to update the MAC address entries of the connected host or device, and direct user traffic to the new master.

        and then another interviewer asked me if uplink is failed, how vrrp switchover? I answered that we can configure vrrp track, we can track interface status, track route, track vrrp and track NQA.

And then they did not ask me other questions about VRRP.

when I prepared my interview, I summarized VRRP, you can as reference.

1. Definition

The Virtual Router Redundancy Protocol (VRRP) combines several routing devices into a virtual routing device. When the next-hop routing device of a host fails, services are switched to the backup routing device in a timely manner, ensuring communication continuity and reliability.

2. VRRP protocol packets

VRRP packets are used to advertise the priority and status of the master device to all backup devices in the same backup group. VRRP packets are encapsulated in IP packets and sent to the IP multicast address assigned to VRRP. In the IP packet header, the source address is the primary IP address (not the virtual IP address) of the interface that sends the packet, and the destination address is

224.0.0.18: The TTL is 255 and the protocol number is 112.

Currently, VRRP has two versions: VRRPv2 and VRRPv3. Differences between VRRPv2 and VRRPv3

The values are as follows:

◆The supported network types are different. VRRPv3 applies to both IPv4 and IPv6 networks, whereas VRRPv2 applies only to IPv4 networks.

◆Authentication functions are different. VRRPv3 does not support authentication, whereas VRRPv2 supports authentication.

◆The unit of the interval for sending Advertisement packets is different. VRRPv3 supports cent second-level, whereas VRRPv2 supports second-level.

3. VRRP working process.

1. The initial VRRP device works in the Initialize state. After receiving a message indicating that the interface goes Up, the device switches to the Backup state if the priority of the device is lower than 255. If the priority of the device is 255 (that is, the virtual IP address is also the physical interface address of the device), the device directly switches to the Master state and periodically sends VRRP Advertisement packets.

2. For the device that switches to the backup state, the value of the Master_Down_Interval timer is (3×Advertisement_Interval) +Skew_time, and Skew_time = (256 – Priority of the backup device)/256. By default, the value of Advertisement_Interval is 1 second. After the timeout, the system switches to the Master state.

3. The device that switches to the Master state sends VRRP Advertisement packets. Other devices can learn their priorities. If a backup device has a higher priority than the master device and the backup device uses preemption, the backup device becomes the master device. In other cases, the backup device remains the master device.

4. If multiple VRRP devices switch to the Master state at the same time, the VRRP device with the highest priority becomes the master device after negotiation through VRRP advertisement packets. If the VRRP backup group has the same priority, the interface with a larger primary IP address becomes the master device.

5. The new master immediately sends the virtual MAC address of the virtual router (in the format:

00-00-5E-00-01-{VRID} (VRRP for IPv4); 00-00-5E-00-02-{VRID} (VRRP for IPv6)) and the virtual IP address of the gratuitous ARP packet to update the MAC address entries of the connected host or device, and direct user traffic to the new master.

6. When the original master device recovers, if the device is the IP address owner (priority 255), the master device directly switches to the master device.

Switch to the Master state.

7. Priority 0 and priority 255 cannot be manually set. Only when the virtual IP address and interface IP address are the same IP address,

The priority of the device is automatically adjusted to 255. The master device sends VRRP packets with the priority of 0 to exit the VRRP group.

Advertisement packet.

4. Method of monitoring the uplink

Master uplink detection method:

1) VRRP is associated with the interface status to implement the master/backup VRRP switchover.

Run the track command to associate the upstream link. If the upstream link is faulty, the priority of the upstream link decreases and the priority of the upstream link increases.

2) VRRP and route association to monitor the uplink

VRRP is used to monitor routes on the upstream forwarding path. When the upstream forwarding route is withdrawn or becomes inactive, the VRRP backup group is instructed to lower the priority of the master device, triggering a master/backup switchover. When the uplink link recovers, the original master device becomes the master device and continues to forward traffic.

The link switchover time depends on the convergence speed of the routing protocol associated with VRRP.

3) VRRP and BFD are associated to monitor the uplink.

You can configure association between VRRP and BFD on the master device so that BFD sessions can be used to detect the uplink status of the master device. When BFD detects an uplink fault, it instructs the VRRP backup group to lower the priority of the master device, triggering a master/backup switchover.

When the uplink link recovers, the original master device becomes the master device and continues to forward traffic.

BFD can detect faults in milliseconds. BFD can be associated with BFD to quickly detect faults, which speeds up the master/backup switchover. Create a BFD session on the link, and then bind the BFD session to the track.

4) VRRP and NQA are associated to monitor the uplink.

You can associate VRRP with NQA on the master device to monitor the uplink status of the device. When the NQA test instance detects an uplink fault, the VRRP backup group is instructed to lower the priority of the master device, triggering a master/backup switchover.

When the uplink link recovers, the original master device becomes the master device and continues to forward traffic.

Create an ICMP NQA test instance on the link, and then run the track command to bind the test instance to the NQA test instance. This function is similar to pinging the peer IP address. If the ping fails, the VRRP is notified.

5. heartbeat cable

When a Layer 3 switch is used for VRRP, a heartbeat link can be deployed between SwitchA and SwitchB to prevent link interruption or instability and inconsistent incoming and outgoing paths. This heartbeat link is a Layer 2 link and allows packets from related VLANIF interfaces to pass through.

To prevent loops, deploy a Layer 2 loop prevention protocol, such as STP, and ensure that the master device is the root bridge of STP.