Ethernet Switching
Reply
Contributor
shingane
Posts: 23
Registered: ‎04-08-2010
0

Multiple VRRP group and VRRP tracking

[ Edited ]

Hi All

 

I have configured VRRP successfully on  two Ex3200 but I am not able load balancing between  two core.

 

Example

Core 1                                          Core2

Master for vlan 10                     Backup for Vlan 10

Backup for Vlan 20                   Master for Vlan 20

 

When I configured core 1 is master for all  vlan is working fine. But if  I configured One VLAN is master  for Core 1 and other VLAN is mster  for Core 2. Then uplink for connected to access and both core stop working.

I have tested with load balancing by doing this activity but no luck .

  • Core 1 to Core 2 ----------- Trunk. Trunk port without RSTP.
  • Access to Core 1----------- Trunk . Both side trunk without RSTP.
  • Access to Core 2----------- Trunk . Both side trunk without RSTP.

 

Sample configuration.

 

Core 1 :-

set vlans SERVER-VLAN vlan-id 20

set vlans SERVER-VLAN  l3-interface vlan.20

set interfaces vlan unit 20 family inet address 192.168.1.2/24

set interfaces vlan unit 20 family inet address 192.168.1.2/24 vrrp-group 20 virtual-address 192.168.1.1

set interfaces vlan unit 20 family inet address 192.168.1.2/24 vrrp-group 20 priority 200

set interfaces vlan unit 20 family inet address 192.168.1.2/24 vrrp-group 20 preempt

set interfaces vlan unit 20 family inet address 192.168.1.2/24 vrrp-group 20 accept-data

 

set interfaces vlan unit 30 family inet address 192.168.3.2/24

set vlans Wi-Fi-VLAN l3-interface vlan.30

set vlans Wi-Fi-VLAN vlan-id 30

set interfaces vlan unit 30 family inet address 192.168.3.2/24 vrrp-group 30 virtual-address 192.168.3.1

set interfaces vlan unit 30 family inet address 192.168.3.2/24 vrrp-group 30 priority 100

set interfaces vlan unit 30 family inet address 192.168.3.2/24 vrrp-group 30 accept-data

 

Core 2 :-

 

 

set vlans SERVER-VLAN vlan-id 20

set vlans SERVER-VLAN  l3-interface vlan.20

set interfaces vlan unit 20 family inet address 192.168.1.3/24

set interfaces vlan unit 20 family inet address 192.168.1.3/24 vrrp-group 20 virtual-address 192.168.1.1

set interfaces vlan unit 20 family inet address 192.168.1.3/24 vrrp-group 20 priority 100

set interfaces vlan unit 20 family inet address 192.168.1.3/24 vrrp-group 20 accept-data

 

set interfaces vlan unit 30 family inet address 192.168.3.3/24

set vlans Wi-Fi-VLAN l3-interface vlan.30

set vlans Wi-Fi-VLAN vlan-id 30

set interfaces vlan unit 30 family inet address 192.168.3.3/24 vrrp-group 30 virtual-address 192.168.3.1

set interfaces vlan unit 30 family inet address 192.168.3.3/24 vrrp-group 30 priority 200

set interfaces vlan unit 30 family inet address 192.168.3.3/24 vrrp-group 30 preempt

set interfaces vlan unit 30 family inet address 192.168.3.3/24 vrrp-group 30 accept-data

 

Core 1 to  primary SRX

set interfaces 0/0/24 unit 0 family inet address 10.10.10.3/29 vrrp-group 1 virtual-address 10.10.10.2

set interfaces 0/0/24 unit 0 family inet address 10.10.10.3/29 vrrp-group 1 priority 200

set interfaces 0/0/24 unit 0 family inet address 10.10.10.3/29 vrrp-group 1 preempt

set interfaces 0/0/24 unit 0 family inet address 10.10.10.3/29 vrrp-group 1 accept-data

set routing-options static route 0.0.0.0/0 next-hop 10.10.10.1

 

Core 2 to  Secondary SRX.

 

set interfaces 0/0/24 unit 0 family inet address 10.10.10.4/29 vrrp-group 1 virtual-address 10.10.10.2

set interfaces 0/0/24 unit 0 family inet address 10.10.10.4/29 vrrp-group 1 priority 100

set interfaces 0/0/24 unit 0 family inet address 10.10.10.4/29 vrrp-group 1 accept-data

set routing-options static route 0.0.0.0/0 next-hop 10.10.10.1

 

 

Secondly I want to track  vrrp . My both core is connected to two SRX . SRX is running HA mode. But  whenever primary SRX is fail. My interesting traffic is not passing  from core 1 to core 2 to secondary SRX.

 

 

SRX to  Core side :-

 

set interfaces reth0 unit 0 family inet address 10.10.10.1/30

set interfaces reth0 unit 0

set security zones security-zone trust interfaces reth0.0

set routing-options static route 192.168.0.0/19 next-hop 10.10.10.2

 

If any body having solution help me resolve. Thanks in advance.

 

 Thanks & Regards

 Hemant Shingane

 

 

Distinguished Expert
dfex
Posts: 642
Registered: ‎04-17-2008
0

Re: Multipal VRRP group and VRRP tracking

Firstly, you will need RSTP turned on all interfaces otherwise a loop will be formed between your cores and each of your access switches. 

 

Make sure the bridge priority is set to something low like 4k on Core 1 and 8k on Core 2 and that the access VLAN 20 and 30 are both tagged across the link between the core switches (so VRRP messages can still get to both switches when RSTP is blocking on of the uplinks from the client switches).

 

Hope this helps,

 

Ben

 

 

Ben Dale
JNCIP-ENT, JNCIS-SP, JNCIE-SEC #63
Juniper Ambassador
Follow me @labelswitcher
Contributor
shingane
Posts: 23
Registered: ‎04-08-2010
0

Re: Multiple VRRP group and VRRP tracking

Once i have turn off  RSTP on core and access switch network loop is happen and my network is down. So turn on RSTP on core and access and my network is resume working fine.  In that case one of my uplink is always blocking mode and in that case vlan can not loadbalance between two cores. I need solution both core should be active for vlans. 

 

Secondly i want to track  VRRP failure of link to switchover to another core. 

 

Thanks

Hemant Shingane

 

 

 

 

Super Contributor
achadha
Posts: 130
Registered: ‎09-27-2011
0

Re: Multiple VRRP group and VRRP tracking

Hi Hemant,

For the most part, the config looks good. With that said, I've mostly seen a trunk between the 2 VRRP running aggregation devices (the idea to make sure that one of the links between the access and one of the cores (preferably the backup for that vlan) is in xSTP blocking state).

Your VRRP config between the 2 cores switches should take care of the classic FHRP solution. To include tracking, you need to have the following config in place:

root@HULK# ...family inet address 9.9.9.9/24 vrrp-group 99 track ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> interface Interface to track in VRRP group <<<<<<
priority-hold-time Priority hold time (0..3600 seconds)
> route Route to track in VRRP group

Please note that STP needs to be running all along.

You mentioned this:
"When I configured core 1 is master for all vlan is working fine. But if I configured One VLAN is master for Core 1 and other VLAN is mster for Core 2. Then uplink for connected to access and both core stop working."

Does it mean that when core-1 is master for both vlan-20 and vlan-30, then everything works fine. But if core-1 is master for vlan-20 and core-2 is master for vlan-30, then none of the vlans work at all? How do you validate your vrrp (i mean to ask if you have constant traffic streams running or a ping to the gateway/behind-the-gateway etc)?

VRRP works beautifully in JUNOS. Provide us the details and we should be able to sort it out.

thanks,
ankit
Visitor
Sgeine
Posts: 6
Registered: ‎08-14-2012
0

Re: Multiple VRRP group and VRRP tracking

This post may be a bit rough because the issues you are running into are architectural. Based on what you're saying your needs are your network is poorly designed. Why you are making the link between you're "core" and your SRX's Layer 2 at all? Route that layer. VRRP doesn't load balance. It will only mildly load share, whereas you assign vlan20 as primary on one switch and vlan 30 as primary on the other. This is not load balancing. Here's the appropriate way to design this (i'm sorry using EX3200's was a poor choice to accomplish what you're trying).

 

the EX3200's should have been EX3300's. You need a stackable switch in your core. You're just making your life hard and throwing away half your bandwidth doing it the way you are. Given that you are trying to "load balance" with VRRP tells me you place a premium on throughput.

 

2 stacked EX3300's in your core with your L3 vlan interfaces. Since they are stacked they will be on both. No need at all for VRRP or Spanning Tree.

 

Your EX2200's all have a 2 port LAG to each 3200 (gives you subsecond, uncomplicated redundancy, and full uplink throughput)

 

Cluster your SRX's and ditch the RETH's. Use SWFAB's. and AE interfaces that tag 2 public and 1 private l3 vlans.

plug your ISP's into each EX3300 untagged on 2 seperate LAYER2 vlans through to your SRX

 

Tag a private vlan with a /30 between your SRX cluster with the private SRX vlan as the default route for the "core" cluster. You can do OSPF here but it's not necessary since your network is tiny.

 

Since your ISP's are plugged into the "core" at Layer2 this will allow you to completely ditch that useless layer of EX2200-C switches at the top.

 

Logically you will have a network that is tiered. Physically you will have a network with everything plugged into your "core". Your firewalls and your access layer switches. Isn't that what a "core" is supposed to be anyway though?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.