Switching

Hello,

 

I'm relatively new to the world of EX switches and was wondering what's the best way to mimic a Cisco HSRP/L3 inteface configuration.  Most of our offices have two core switches that share a virtual IP across each.  The L3 (VLAN) interfaces are built out for management and routing, then assigned HSRP priorities so they failover between each switch and load balance.  How can I accomplish the same in JUNOS?

 

I went through the documentation and it's not clear to me why subinterface or L3 interfaces are bound to a physical interface.  Any assistance is appreciated.  Thank you.

 

-John

Hi John

 

As HSRP is Cisco Proprietary you can use the standard VRRP protocol to do the same on EX switches.

 

Here is a sample config lets say on two central switches:

 

Switch A: 

set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members V1

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members V1

set interfaces vlan unit 1 family inet address 10.0.0.254/24

set interfaces vlan unit 1 family inet address 10.0.0.254/24 vrrp-group 0 virtual-address 10.0.0.252

set interfaces vlan unit 1 family inet address 10.0.0.254/24 vrrp-group 0 priority 110

set vlans V1 l3-interface vlan.1

 

Switch B:

set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members V1

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members V1

set interfaces vlan unit 1 family inet address 10.0.0.253/24

set interfaces vlan unit 1 family inet address 10.0.0.253/24 vrrp-group 0 virtual-address 10.0.0.252

set vlans V1 l3-interface vlan.1 

 

In this case you have Switch A and B that have their two interfaces ge-0/0/0 and ge-0/0/1 in the same vlan (vlan V1) and share a virtual address on it (10.0.0.252) that can be the default gateway.

Switch A is the master as it has a changed default priority to 110 the default (on B) is 100.

 

Hope this will help you! 

Hi,

This is excellent, thanky you.  And just so I understand, the "set interfaces vlan unit 1" command is the virtual L3 peice and if we wanted to aggregate and trunk the two interfaces we could, yes?  The goal for us would be to create a LAG, set as trunk, then built out the VLAN/L3 interfaces + VRRP.  Thanks.

 

-John

Hi John,

Thanks for your reply

 

Yes if you want to aggregate two interfaces you have to do a config like this:

 

set chassis aggregated-devices ethernet device-count 2
set interfaces ge-0/0/0 ether-options 802.3ad ae0
set interfaces ge-0/0/1 ether-options 802.3ad ae0

set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options lacp passive
set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members V1

and after that the example I provided to configure the L3 interface and VRRP config

 

Hope this will Help You.

regards

 

Hi,

 

I have same problem with John especially at creating a LAG. Based on your last reply, is the configuration just for creating Virtual Chassis-1 (VC-1) to Virtual Chassis 2 (VC-2)? How about to creating a LAG between a VC to a standalone EX-4200 switching? Is that possible? Thanks.

 

regards,

Lukmana

Hi Lukmana,

 

my last answer has nothing to do with Virtual Chassis but is just to create a LAG.

 

The way to create a LAG is exactely the same on a standalone switch or on a virtual Chassis, and yes you can interconnect a LAG between a standalone switch and a virtual chassis.

 

The only difference in case you chose (you'd rather) on the virtual chassis two ports on different modules (line cards) the interfaces numbers will be far away from each other:

ie

set interfaces ge-0/0/0 ether-options 802.3ad ae0
set interfaces ge-1/0/0 ether-options 802.3ad ae0

set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options lacp passive
set interfaces ae0 unit 0 family ethernet-switching port-mode XXX

set interfaces ae0 unit 0 family ethernet-switching vlan members  ZZZ

 

Hope This Will Help You

Hi,

 

Is the "set ae0 unit 0 family inet address x.x.x.x/xx" required?  What is it for?

 

Thank you.

 

-John

Hi (again) John

 

The set ae ...

is to configure an IP address directly on the agregated interface.

I don't remember that I gave you an example like this.

 

This is required if you want to have a L3 interface on top of an aggregation of two interfaces that will be "bundled" together.

 

HTH

Hi Loup,

 

Is it safe to say that when running a 4200 VC VRRP is not needed since the routing engine redundancy is built-in?  If that's the case, should I just proceed with configuring L3 subinterfaces to provide intervlan routing?  I'm thinking I would want to use VRRP if I had two 3200's or two 4200's not part of a VC.  Thoughts?

 

Thank you.

 

-John

Hi John

 

Yes it's perfectly safe and much more intersting to have VC configured and avoiding using VRRP.

In this case you can have two links to different EX4200 (part of the same virtual chassis) and theses link wil both be used at the same time (non need for any loop-free protocol like spanning-tree).

Be carrefull VC is available on EX4200 only.

Hi Loup,

 

Came across another issue.  With HSRP, we build Virtual Interfaces.  However, in all the VRRP configuration examples I can find, they're either applied ge-0/0/0 and ge-0/0/1 or ae0.  If we didn't want to use physicaly interfaces, are LAG's the only option?  When trying to apply my VRRP config to the switch it failed (see below).  If I changed the family to inet, could I still use it as a trunk?

 

[edit interfaces ae0 unit 0]
  'family'
    When ethernet-switching family is configured on an interface, no other family type can be configured on the same interface.
error: configuration check-out failed

 

Config:

    ae0 {
        aggregated-ether-options {
            minimum-links 1;
            link-speed 1g;
        }
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members all;
                }
            }
        }
    }

Hi

 

I am not sure to understand your question but if you want to have an example of a vrrp configuration on a virtual interface (vlan interface) here is one :

 

set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members TEST

set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members TEST

set interfaces vlan unit 300 family inet address 10.0.0.1/24 vrrp-group 0 virtual-address 10.0.0.254

set vlans TEST l3-interface vlan.300

set vlans TEST vlan-id 300 

 

In this configuration you have vrrp active on vlan TEST , the interfaces 10 and 11 are part of this vlan.

The real L3 address is 10.0.0.1 and VRRP gateway address is 10.0.0.254

 

Hope this example will help you! 

Hi,

Still I little confused.  I built our VRRP on two 4200's.  The ae0 port is working fine, VLAN's setup and assigned to access ports, and I could ping both VLAN IP's, but not the virtual IP.  In the documentation, they mention "Create the subnet for the VLAN’s broadcast domain", so I added " root@4200-1# set interfaces vlan unit 201 family inet address 10.10.201.1/24" and could ping the virtual IP from both switches, including an access 3200 hanging off a trunk.  What am I missing?  Thanks.

Switch A:

root@4200-1# set interfaces vlan unit 201 family inet address 10.10.201.2/24

root@4200-1# set interfaces vlan unit 201 family inet address 10.10.201.2/24 vrrp-group 0 virtual-address 10.10.201.1

root@4200-1# set interfaces vlan unit 201 family inet address 10.10.201.2/24 vrrp-group 0 priority 110                 

root@4200-1# set vlans v201 l3-interface vlan.201

Switch B:

root@4200-2# set interfaces vlan unit 201 family inet address 10.10.201.3/24

root@4200-2# set interfaces vlan unit 201 family inet address 10.10.201.3/24 vrrp-group 0 virtual-address 10.10.201.1

root@4200-2# set vlans v201 l3-interface vlan.201


-John

Hi

 

You have to add the keyword "accept-data" after the virtual address if you want to be able to ping the virtual address.

 

HTH

 

Excellent, thank you!

Hi 

 

This is due to the VRRP RFC stating that the virtual address should reply to ICMP requests.

The option is just to workaround what states the RFC!

 

On quite all vendors the behaviour is the same.

Regards

 

Hi,

 

I find that odd since the virtual IP will be used as the Default Gateway on PC's and Servers and pinging the default gateway is a common first step at troubleshooting.  If I was to Ping a Cisco HSRP IP, it responds by default.  Anyway, thanks for the info!

 

-John

You can do the same with L3 interfaces (without VLAN):

 

Switch A:

 

set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.254/24

set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.254/24 vrrp-group 0 virtual-address 10.0.0.252

set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.254/24 vrrp-group 0 priority 110

 

Switch B:

 

set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.253/24

set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.253/24 vrrp-group 0 virtual-address 10.0.0.252

 

 But in this case the switch has no Vlan configured so you need to have an external switch to interconnect A and B

 

 

any1 experienced implementing EX series VRRP and integrating with SSG series NSRP?

hello everyone, is there any HA protocol in EX series that that tracks interfaces just like HSRP and ScreenOS's NSRP

 

or, there is no tracking interface on VRRP right?

Hi

 

You could perhaps post this question in a new tread, but

 

Yes there is VRRP tracking, here is the docs:

 http://www.juniper.net/techpubs/en_US/junos9.5/information-products/topic-collections/swconfig-high-availability/frameset.html

 

And here is a sample of the statements:

 

User@EX3200# set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/24 vrrp-group 0 virtual-address 10.0.0.254 track ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> interface            Interface to track in VRRP group
  priority-hold-time   Priority hold time (0..3600 seconds)
> route                Route to track in VRRP group

 

you can track an interface or a route.

 

HTH