• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

VRRP on Junos

Started by lukec, January 26, 2011, 12:27:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

lukec

January 26, 2011, 12:27:31 PM
Anyone with experience using VRRP on Junos?

Secnario

R1------t------S1-----t-----S2------t------R2
                       |                  |
                       |                  |
                       H1               H2

Where
R1  = Router1
R2  = Router2
SW1 = Switch1
SW2 = Switch2
H1  = Static assigned IPv6 host on vlan 10
H2  = Static assigned IPv6 host on vlan 20

t   = trunk

ISIS v6 routing same area direct connect between R1 & R2


Supressing RA's on Router R1 & R2 on both vlan 10 & 20

Running VRRP on R1 & R2 on both vlan 10 & 20
Global v6 IP for vrrp on each vlan however the same link-local::1 on each vlan (link-local right)

Here's the question:
When
H1 (in vlan 10) pings global vrrp on own vlan = response recieved
H1 (in vlan 10) pings global vrrp on vlan20 = NO response recieved

UNTIL

from the vrrp standby router you ping all vrrp v6 global-addresses using "bypass-routing"...

After doing that H1 can ping both own and other vlan vrrp global addresses...why?

Thoughts?
Thinking - unsupress the RA's ?
Regards
Luke

jimb

#1
January 26, 2011, 02:50:32 PM
H1's ping of vlan 20s VRRP global should go through R1 then across the trunk if I'm understanding the architecture correctly.

Only thing I can think of is an incomplete routing table (doesn't know how to get to vlan20), a failure of ND for the global VRRP addr of the router on vlan 20, or some bug in VRRP implementation for IPv6.

Does the neighbor cache on R1 show the VRRP global MAC for R2 when this problem is happening?

lukec

#2
January 26, 2011, 04:23:02 PM
jimb
Thanks for the reply..couple of things to look at
R1 has both vlan10 and vlan20 interface so it's "direct" for both
R1 being master vrrp for vlan10 and backup vrrp for vlan20

Initially MAC's not there, however after issuing "ping ipv6address bypass-routing" to which you get a response then it does get entered into the cache...

The incomplete routing thing is where I'll look next as not only is there ISIS running between the two but I also run IBGP....so will look into that...
Thanks
Luke

jimb

#3
January 26, 2011, 05:55:45 PM
Yeh I figured it was such an arrangement.  But it sounds like R1 isn't getting a neighbor entry, which means either it's never tried because routing is being goofy (should have a connected route as you say), or ND isn't working for whatever reason.

Since ND uses multicasts, you may also want to check to see if for some reason multicasts aren't getting through the trunks for whatever reason.  Well, unless the VRRP address is the only IPv6 on that vlan that isn't responding, in which case that's obviously working, just not for the VRRP address.
Print
Go Up Pages1
User actions