Routing
Highlighted
Routing

Inter vrrp-group routing

‎02-06-2018 03:17 AM

Hi All,

We are working on a migration project from Cisco to Juniper, under the Cisco devices, the HSRP groups were configured on a single interface and all could talk across to each other.  After porting the configuration to an MX device, the inter vrrp-group traffic is no longer working.  Inbound and outbound traffic from all groups is working as expected.

 

Juniper recommendation was to convert to trunk and units, however as this is a large architecture, modifying the downstream switches where these type of configs are in place is going to be tedious.

 

Anyone have any ideas?

 

interfaces {
  ge-106/0/21 {
    delete: disable;
    apply-groups [ CUSTOMER-IXXXX CUSTOMER-VRRP-XX-PRIMARY CUSTOMER-VRRP-XX-PRIMARY ];
    mtu 9000;
    description "xxxxx--";
    unit 0 {
      vlan-id 4094;
      family inet {
        policer {
          input LIMIT-200MEG;
          output LIMIT-200MEG;
        }	  
        address XXX.XXX.XXX.18/28 primary {
          vrrp-group 204 {
            virtual-address XXX.XXX.XXX.17;
	    authentication-key xxxxxx;
          }
        }
        address XXX.XXX.XXX.114/28 {
          vrrp-group 214 {
            virtual-address XXX.XXX.XXX.113;
	    authentication-key xxxxxx;
          }
        }
		address XXX.XXX.XXX.130/27 {
          vrrp-group 224 {
            virtual-address XXX.XXX.XXX.129;
	    authentication-key xxxxxx;
          }
        }
      }
      family inet6 {
        policer {
          input LIMIT-200MEG;
          output LIMIT-200MEG;
        }	  
      }
    }
  }
}
MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
4 REPLIES 4
Highlighted
Routing

Re: Inter vrrp-group routing

‎02-06-2018 10:37 PM

Hi,

 

When you say on Cisco you had all the groups under one interface, what interface type was that? By inter-group communication, I guess you mean inter-vlan communication because all the logical units will have separate vlans right. In that case, you can probably configure IRB interface on MX and have multiple logical units on IRB and configure different groups on those logical units and call those IRB units in bridge domain as routing-interface for inter-vlan communication.  Please check if following links can help:

https://www.juniper.net/documentation/en_US/junos/topics/example/layer-2-bridge-domain-environment-e...

 

Thanks

Hope this helps

--------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
--------------------------------------------------------------------------------------------------------
Highlighted
Routing

Re: Inter vrrp-group routing

[ Edited ]
‎02-07-2018 01:53 AM

Hi there,

The cisco HSRP config is attached.  This is a single VLAN, running 3 broadcast domains with a primary and 2 secondary IPs.  What I mean is for an IP in the primary IP subnet to be able to reach IPs in the secondary subnets and vice versa.  This behaviour works on the Cisco but not in the MX.

 

By inter VRRP-group communication, I mean for IPs within group 204, 214 and 224 to be able to communicate.

 

I get that this configuration is not ideal and I understand that I can easily achieve this by using sub interfaces and creating multiple VLANs, but this type of configuration exists on many interfaces so trying to avoid an overhaul of downstream switch re-configurations.

 

interface GigabitEthernet3/37
 description -xxx--
 ip address XXX.XXX.209.114 255.255.255.240 secondary
 ip address XXX.XXX.209.130 255.255.255.224 secondary
 ip address XXX.XXX.209.18 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 storm-control broadcast level 1.00
 storm-control multicast level 1.00
 no cdp enable
 standby 0 ip XXX.XXX.209.17
 standby 0 ip XXX.XXX.209.113 secondary
 standby 0 ip XXX.XXX.209.129 secondary
 standby 0 timers 1 3
 standby 0 priority 110
 standby 0 preempt delay minimum 300
 standby 0 authentication ipmh
 standby 0 name IxxxxxL
end

 

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Highlighted
Routing

Re: Inter vrrp-group routing

‎02-14-2018 08:39 AM

Just got back to this, anyone have any ideas?

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Highlighted
Routing

Re: Inter vrrp-group routing

‎02-15-2018 08:28 PM

Hi,

I was just thinking about it, if it is same unit on which you have 3 different groups configured on one primary and 2 secondary IP addresses, then from routing perspective all the routes will be in the global inet.0 routing table and will show them learnt via protocol direct.

 

So I think, it should still work? What does "show route forwarding-table destination x.x.x.x" show for the secondary IP address?

 

Thanks

 

Hope this helps

--------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
--------------------------------------------------------------------------------------------------------