Home > VRRP Questions

VRRP Questions

November 15th, 2019 Go to comments

Quick VRRP overview:

+ is IETF RFC 3768 standard
+ supports maximum 255 groups
+ 1 active and some backups
+ Use multicast address 224.0.0.18
+ Tracking via objects
+ 1 sec hello timer, 3 sec hold time
+ Authentication: plaintext or MD5 authentication
+ Preemption is enabled by default
+ Virtual IP address can be the same as physical IP address (which is running VRRP)
+ Default priority is 100

Question 1

Explanation

Unlike HSRP or GLBP, VRPP is an open standard.

Question 2

Explanation

In VRRP, the active router is referred to as the master virtual router.

Question 3

Question 4

Question 5

Question 6

Question 7

Explanation

From the output we learn that the current priority of the local device is 105 (via the “Priority is 105” line). But we need to notice that the tracking state is “Down” and the decrement is 15 (via the next line “Track object 1 state Down decrement 15”) so 105 is the priority after being deducted. Therefore the configured VRRP priority should be 105 + 15 = 120.

At the last line we see “Master Down interval is 3.531 sec”. We know that there is a common rule in which the backup devices should wait for three missed polls/keepalives before declaring something “down”. It is also true for VRRP but in fact VRRP adds an additional delay called “Skew time”. Therefore the default master down time is 3 x advertisement interval time + skew time (Down time = 3 x advertisement time + skew time). The Down time is 3.531 sec while the Advertisement time is 1.000 sec as shown in the output. So we can deduce the Skew time should be 0.531 sec (3.531 sec Down time = 3 x 1.000 sec Advertisement time + 0.531 sec Skew time).

Cisco uses this formula to calculate the Skew time: Skew time = (256-priority)/256

So you may ask “Why do we need the Skew time?”

Well, as we know only the Master sends hellos so when the Master goes offline all other devices in the VRRP group assume the master role simultaneously which causes some instability in the meantime. Therefore each device should wait for an additional time based on its priority, and it is the main role of Skew time.

Question 8

Explanation

VRRP has three authentication schemes:
+ No authentication
+ Plain text authentication
+ MD5 authentication

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4/fhp-12-4-book/fhp-vrrp.html

Question 9

Explanation

A VRRP router can use the same IP address of the physical interface (which is running that instance of VRRP) as the virtual IP address for the group so D is correct.

VRRP supports plaintext and MD5 authentications -> C is not correct.

Answer A is correct too, an example of configuring authentication is shown below:

Router(config)# interface Ethernet0/1
Router(config-if)# vrrp 1 ip 10.21.0.10
Router(config-if)# vrrp 1 priority 110
Router(config-if)# vrrp 1 authentication md5 key-string myVRRPKey timeout 30

So this question is a bit unclear about the number of correct answers. But answer A is not a distinguised feature of VRRP so we don’t choose it here.

Question 10

Question 11

Question 12

Explanation

To minimize network traffic, only the Master for each virtual router sends periodic VRRP Advertisement messages. A Backup router will not attempt to preempt the Master unless it has higher priority. This eliminates service disruption unless a more preferred path becomes
available.

Reference: https://tools.ietf.org/html/rfc3768

Question 13

Comments
  1. Anonymous
    January 16th, 2020

    where is ‘Zakaria’s material’ please.

  2. Kelvincenka
    January 19th, 2020

    @Anon could you please send the material here ? kelvincenka at gmail dot com

  1. No trackbacks yet.