Two Eudemon1000E make VRRP in routing modes, schematic diagram is as follows:
Two devices make VRRP respectively to the up and down layer 2 SW, and as the VRRP HRP heartbreak tunnel on two FW interconnection link, which E1000E - 1 VRRP added in the master VRRP group, E1000E - 2 VRRP added in the backup VRRP group. Normally E1000E – 1 is the Hrp master.
When customers configure a new group of VRRP under the port that in down state and without the configuration in E1000E -1, firewall HRP switching the master and slave.
Delete new VRRP configuration, E1000E - 1 priority turn into 65001, bigger than E1000E - 2 65000, HRP state switch back to normal condition.
According to the explanation of R&D, after enable HRP, HRP master firewall default priority is 65001, and slave firewall default priority is 65000. Suppose that a port that master add to VRRP master group is down, HRP priority will minus 2, turn into 64999 (if two ports down, decreases 4, and so on), less than the slave 65000, lead to the master and slave switching.
So when add or delete VRRP, double FW just according to own state to decide whether to change priority.
This will appear as follows scene: (1) when the port is down as above, and add a new group of VRRP in the master firewall; (2)when the same group of VRRP is down, delete this group of VRRP at salve FW. All can make master firewall priority less than the salve firewall, lead to the master and slave switching.
When the problem happened, use command display HRP to check state, and find the HRP priority is 64999 in E1000E - 1, less than E1000E - 2 HRP priority 65000, so lead to the switching.
When add new VRRP group at the live network double devices environment, need to pay attention to let the new VRRP group port up first.