SRX Services Gateway
Highlighted
SRX Services Gateway

VRRP for vSRX 20.1R1.11 bug?

[ Edited ]
‎05-08-2020 02:46 AM

Hello, everyone! 

 

I have two vSRX 20.1R1.11 and VRRP between them. They can see each other:

 

vSRX-IAP01> show vrrp summary 
Interface    State   Group    VR state  VR Mode       Type    Address 
ge-0/0/1.0    up      100      master   Active        lcl     172.31.255.252 
                                                      vip     172.31.255.250 
vSRX-IAP02> show vrrp summary 
Interface     State       Group   VR state       VR Mode    Type   Address 
ge-0/0/1.0    up            100   backup          Active    lcl    172.31.255.253     
                                                            vip    172.31.255.250 

But I cannot ping VIP 172.31.255.250 and traffic does not flow through it, though I have accept-data.

 

When I'm issuing monitor traffic interface ge-0/0/1, ping and traffic start flowing, though, I do not see them in monitor.

Config for both vrrp:

Master:

vSRX-IAP01> show configuration interfaces ge-0/0/1  
mtu 9000;
unit 0 {
    family inet {
        address 172.31.255.252/24 {
            vrrp-group 100 {
                virtual-address 172.31.255.250;
                priority 150;
                preempt {
                    hold-time 15;
                }
                accept-data;
                authentication-type md5;
                authentication-key "$9$uqXOBRcKMXbs4yls4aZkquO1hv8dbY4JU/Clv"; ## SECRET-DATA
                track {
                    interface lo0 {
                        priority-cost 100;
                    }
                }
            }
        }
    }
}

Backup:

vSRX-IAP02> show configuration interfaces ge-0/0/1  
mtu 9000;
unit 0 {
    family inet {
        address 172.31.255.253/24 {
            vrrp-group 100 {
                virtual-address 172.31.255.250;
                priority 100;
                preempt {
                    hold-time 15;
                }
                accept-data;
                authentication-type md5;
                authentication-key "$9$Sh1lv8-VYZUHX7UHqmF3SreWdwaZDH.f1R7d"; ## SECRET-DATA
            }
        }
    }
}

 

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: VRRP for vSRX 20.1R1.11 bug?

‎05-08-2020 02:56 AM

Have you put this into packet mode?

 

If not you also need to assign the interfaces to a zone and allow the protocol traffic for the zone

security zones security-zone NAME host-inbound-traffic protocols vrrp

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: VRRP for vSRX 20.1R1.11 bug?

‎05-08-2020 03:04 AM

Hello, thanks for your reply.

 

Yes, interfaces in the zones and vrrp is allowed:

vSRX-IAP01> show configuration security zones security-zone trust 
tcp-rst;
interfaces {
    ge-0/0/1.0 {
        host-inbound-traffic {
            system-services {
                ping;
                ssh;
                https;
                dns;
            }
            protocols {
                vrrp;
            }
        }
    }
}