Routing
Reply
Contributor
alex14
Posts: 12
Registered: ‎04-10-2012
0

vrrp

i have 2 juniper m7is setup with bgp and vrrp and when i unplug one of the interfaces on the backup router, for some reason, that router becomes the master vrrp and i have no idea why. can someone help me? thanks!

 

router 1

 

interfaces {
    fe-0/2/0 {                          
        unit 0 {
            description "Local LAN 192 vrrp";
            family inet {
                filter {
                    output ioffer-inbound;
                }
                address 192.168.0.1/24 {
                    vrrp-group 100 {
                        virtual-address 192,168.0.100;
                        priority 110;
                        preempt;
                        accept-data;
                        track {
                            interface fe-0/3/0 {
                                priority-cost 50;
                            }
                            interface fe-0/3/1 {
                                priority-cost 50;
                            }
                        }
                    }
                }
            }                           
        }
    }

 

Router 2

 

interfaces {                            
    fe-0/2/0 {
        unit 0 {
            description "Local LAN 192 vrrp Network";
            family inet {
                filter {
                    output ioffer-inbound;
                }
                address 192.168.0.2/24 {
                    vrrp-group 100 {
                        virtual-address 192.168.0.100;
                        priority 100;
                        preempt;
                        accept-data;
                        track {
                            interface fe-0/3/0 {
                                priority-cost 50;
                            }
                            interface ge-1/3/0 {
                                priority-cost 50;
                            }
                        }
                    }
                }                       
            }
        }
    }

Juniper Employee
jstar
Posts: 22
Registered: ‎04-28-2008
0

Re: vrrp

Hi Alex,

 

  1. Do you see issue when you unplugged *any* interfaces or any specific tracking interfaces ? Is this consistent.
  2. Any other protocol flaps?
  3.  How about the CPU utilization after you unplug?

 

It may be becoming master when it’s not seeing vrrp hello from master , so may be dropping the incoming vrrp hello’s !!!

You can take a tcpdump from both end at that point and check.

 

- Arun Kumar S

Contributor
masagung
Posts: 19
Registered: ‎01-20-2011
0

Re: vrrp

Hi, Which interface did u unplug ?

is it one of the track interface ?

-= JNCIP-SP JNCIS-M/T JNCIS-ENT JNCIA-ER JNCIA-FWV JNSS-ANI JNSS-R=-
Contributor
alex14
Posts: 12
Registered: ‎04-10-2012
0

Re: vrrp

yes i am unplugging one of the tracked interfaces

 

no other protocols flap and cpu load does not change.

 

Contributor
masagung
Posts: 19
Registered: ‎01-20-2011
0

Re: vrrp

Hi,

have you tried to change the priority-cost one of the interface ?

for example :

 

interface fe-0/3/0 in router 1 priority-cost 50

interface fe-0/3/0 in router 2 priority-cost 100

 

then let see what happen.

 

-= JNCIP-SP JNCIS-M/T JNCIS-ENT JNCIA-ER JNCIA-FWV JNSS-ANI JNSS-R=-
Contributor
alex14
Posts: 12
Registered: ‎04-10-2012
0

Re: vrrp

the fe-0/3/0 interface on both routers are connected to different lines.

 

what i did try was to set the priority-cost to both tracked interfaces on the backup router to 10

                        track {         
                            interface fe-0/3/0 {
                                priority-cost 10;
                            }
                            interface ge-1/3/0 {
                                priority-cost 10;
                            }
                        }

 

and now it doesnt happen but i still dont really know why.

Contributor
masagung
Posts: 19
Registered: ‎01-20-2011
0

Re: vrrp

and now is it running well ?

weird huh :smileytongue:

-= JNCIP-SP JNCIS-M/T JNCIS-ENT JNCIA-ER JNCIA-FWV JNSS-ANI JNSS-R=-
Contributor
alex14
Posts: 12
Registered: ‎04-10-2012
0

Re: vrrp

we are trying to setup a fortinet firewall behind our two m7i routers and for testing when i unplug the backup vrrp interface and plug it into the fortinet firewall to bypass, it becomes active.

 

the original active router stays active but the backup router becomes active as well.

 

i assume its not normal to have both vrrp routers as master? in the juniper logs, i am seeing that the vrrp advertisements are going through but not sure why the backup is becoming active.

 

when i plug it back the way it was, it becomes backup again.

Trusted Contributor
acecanal
Posts: 149
Registered: ‎07-05-2011
0

Re: vrrp

 

  Hi Alex.

 

  You cant plug again the backup interface, if not it will become vrrp master because this link is active, but dont see any other vrrp router in that link.

 

  If you want to be sure will never become master, will have to add other interface between R1 and R2. Create other VRRP group, and join all vrrp groups with the inherit command like in the following example but using several units or interfaces.

 

  What vrrp-inherit-from will do is group all vrrp groups status, so R1 or R2 will be master or backup for all groups and interfaces at the same time. This way, if backup router is reachable through some other interface, will not become master while it see the master router through that interface. So master router will be always master, and backup will be always backup, unless it dont see the master router through any interface.

 

unit 0 {
    family inet {
        address 10.10.10.1/24 {
            vrrp-group 2 {
                virtual-address 10.10.10.10;
            }
        }
        address 20.20.20.1/24 {
            vrrp-group 1 {
                virtual-address 20.20.20.20;
                vrrp-inherit-from {
                    active-interface ge-0/2/0.0;
                    active-group 2;
                }
            }
        }
    }
}

 

 

 

 

Br
Alex

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you want to say thanks, the word is Kudos!!.

Thx.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JNCIA-JUNOS, JNCIS-ENT, JNCIS-SP, JNCIP-SP.
CCNA, CCNP, Written CCIE.
Contributor
alex14
Posts: 12
Registered: ‎04-10-2012
0

Re: vrrp

im not sure if i completely understand it, is the below sample config right?

 

so would the master and backup have its own vrrp-group first, and then share a vrrp-group to track the active route?

 

so if i wanted to make the backup router the master, would i just change the active-group #?

 

thanks

 

active router
   fe-0/3/2 {
        unit 0 {
            family inet {
                address 192.168.0.1/24 {
                    vrrp-group 2 {
                        virtual-address 192.168.0.100;
                        priority 100;
                        preempt;
                        accept-data;
            address 192.168.2.1/24 {
                vrrp-group 1 {
                    virtual-address 192.168.0.200;
                    vrrp-inherit-from {
                            active-interface ge-0/3/2.0;
                            active-group 2;

backup router
    fe-0/3/2 {
        unit 0 {                        
            family inet {
                address 192.168.0.2/24 {
                    vrrp-group 3 {
                        virtual-address 192.168.0.100;
                        priority 110;
                        preempt;
                        accept-data;
            address 192.168.2.2/24 {
                vrrp-group 1 {
                    virtual-address 192.168.0.200;
                    vrrp-inherit-from {
                            active-interface ge-0/3/2.0;
                            active-group 2;



Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.