hi, thanks for you quick answer. we already tried.

setting priority to 100 in both nodes NO split-brain situation.

Fortinet A --> Priority 100
Fortinet B --> Priority 100
=

No split-brain

Why I don't get the same behavior with priority 255?

It should be related to the preempt logic, the node that has 255 will not give up to the role.
I think it's mentioned here: VRRP routers backing up a virtual router MUST use priority values between 1-254 (decimal).

ok. so in FortiOS the definition of preempt is when I manually configure priority=255 via CLI; is that right?

In this case, what's the utility of "preempt" option in FortiOS?

I suggest your to remove the "preempt" option from FortiOS and just allow users to configure priority=255 via CLI; this should be more clear and not leads into the problems/misunderstanding we have had.

No, I think that "priority 255" is treated the same for all the vendors that use standard VRRP. You can still configure preempt as shown in the guide, (I may have choose the wrong word to describe the logic), this should be related to the Master election.

A node that has 255 will always think that is the master. If both routers will have the same priority (other than 255), an election is triggered and a master is chosen, the losing node will accept the result :)

hi, I mostly agree with you - other than the word "loosing", I don't know what it means.

>> No, I think that "priority 255" is treated the same for all the vendors that use standard VRRP. 

I don't know how others vendors thread VRRP protocol implementation or the Primary election, but I was not aware that 255 has a different meaning for FortiOS.

For the moment I will not mark this post as "Solved", before, I will try your suggestion with one FortiOS router and Cisco. VRRP is a interop protocol so it must work in the same manner.

Based on RFC 5798, priority value 255 and 0 are reserved.
https://datatracker.ietf.org/doc/html/rfc5798

   Priority                    Priority value to be used by this VRRP
                               router in Master election for this
                               virtual router.  The value of 255
                               (decimal) is reserved for the router that
                               owns the IPvX address associated with the
                               virtual router.  The value of 0 (zero) is
                               reserved for the Master router to
                               indicate it is releasing responsibility
                               for the virtual router.  The range 1-254
                               (decimal) is available for VRRP routers
                               backing up the virtual router.  Higher
                               values indicate higher priorities.  The
                               default value is 100 (decimal).

Cisco's doc says below:
"If a VRRP router owns the virtual IP address and the IP address of the physical interface, this router functions
as the primary. The priority of the primary is 255"
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/unicast/configuration/gui...

So if one of member routers have priority 255, the others can't have the same 255. I never knew about this spec until now (for last 20 years).

You'd better not using 255 but stick to 1-254 range.


Toshi

>> So if one of member routers have priority 255, the others can't have the same 255.

How FortiOS prevent this situation?

In this case it should be treated as a misconfiguration and since both nodes are configured separately, it can't be prevented. If the design doesn't need this feature "always primary/master" than it should not be configured with priority 255.