Wireless Access

Team,

We are trying to understand the various use cases of VRRP pre-emption delay timer in Aruba controllers. Could you please share your experience on how VRRP preemption timer is used in your installation?

I use controllers for IPSEC mostly.  When using master redundancy I setup VRRP on outside (where IPSEC is coming from untrusted) and inside (where IPSEC is going or trusted).  I set the pre-empt for zero. 

vrrp 1
vlan 499
ip address 172.22.201.1 255.255.255.0
priority 255
preempt
authentication password
description Preferred-Master-Outside
tracking interface gigabitethernet 0/0/2 sub 3

In my case if the outside interface is down, I need the inside to go down just as fast.  That way return traffic can return immediately instead of waiting.  Hence I subtract three from the inside.  I always set priority for the preferred-master as 255 and the secondary as 254. 

The preempt delay timer delays VRRP transition to the master by the number of seconds specified in the configuration. This knob has been introduced to prevent the backup from becoming the master very frequently, in cases of network flapping.

Whenever VRRP state is triggered to transition to the master state, if the timer is configured, VRRP does not transition to master. Instead a flag is set to indicate processing of this timer. VRRP timer checks this flag and the configured delay. When the timer expires, VRRP is transitioned to the master state.

read more info here:

https://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-VRRP-preempt-delay/ta-p/179208