this intrigued me as well as your setup should’ve worked, even if the dhcpoffer coming back through the backup vrrp member. actually, vrrp doesn’t even come into play during initial dhcp. the client broadcasts the dhcpdiscover msg and either vrrp member can relay that msg to the dhcp server as both switches participate in the same user vlan. the unicast back from the dhcp server would have a dip of either interface ip, not the vrrp ip.
seems something else was broken. what did you do to get it working? mike From: bounce-29047156-33657...@listserv.unc.edu [mailto:bounce-29047156-33657...@listserv.unc.edu] On Behalf Of Stephen Wilson Sent: Wednesday, April 20, 2011 10:50 AM To: Enterasys Customer Mailing List Subject: RE: [enterasys] General VRRP question Walt, I wish I could give you a definitive answer, but we never determined exactly why it wouldn’t work. We spent around 4 hours with an Enterasys engineer troubleshooting the issue but never nailed down the exact cause. My best guess is this: VRRP only answers for the virtual address, it originates any traffic as the real address on the interface. So in the case of a DHCP relay, if .1 is your VRRP address and .2 and .3 are your real interface addresses, the Relay IP Address in the DHCP packets will be either .2 or .3, depending on which router is master at that time. However, when the DHCP server sends traffic to the client it could go to either the .2 or .3 router, depending on which of the equal cost routes was chosen by the upstream router. If the receiving router is not the router that originally relayed the packet, the Relay IP address field doesn’t match any interface address, and is dropped. Again, I never proved this theory but it is the best explanation I’ve come up with. If my assumption is incorrect hopefully someone on the list will correct me. Stephen Wilson Network Manager WCU Networking and Telecommunications 828-227-3215 From: Walter Witkowski [mailto:wwitk...@dccc.edu] Sent: Tuesday, April 19, 2011 4:01 PM To: Enterasys Customer Mailing List Subject: RE: [enterasys] General VRRP question Stephen, Thanks for the response. I not sure I understand why you're situation would not work. I would think that it didn't matter which path was used back to the user with the DHCP response as long as their gateway was programmed with the VRRP address that was being used. Can you expand further as I am working in an educational environment with student and adminstrative subnets and DHCP scopes for each. thanks in advance walt >>> Stephen Wilson <swil...@email.wcu.edu> 4/19/2011 3:46 PM >>> Walt, I haven’t had the opportunity to test but based off past experience your first assumption is correct. Any traffic that originates within the subnet will exit through the Master VRRP router. When traffic originates from outside the subnet it could enter the subnet using either router, but all responses to that traffic will exit using the Master router. You could have asymmetric routing of traffic occur if you have equal cost paths from outside of the subnet and don’t do anything to make traffic prefer the path through the master. We had a situation similar to this when we first implemented VRRP… A client would send a DHCP request to a remote subnet, but the response would come back through the other VRRP router, which resulted in DHCP not working for those clients. Hope this helps. Stephen Wilson Network Manager WCU Networking and Telecommunications 828-227-3215 From: Walter Witkowski [mailto:wwitk...@dccc.edu] Sent: Tuesday, April 19, 2011 3:38 PM To: Enterasys Customer Mailing List Subject: [enterasys] General VRRP question Hi all! Just need some clarification here. Here's an example of a subnet connected to 2 Cores. Core 1 Vlan 717 interface x.x.x.3 Core 2 Vlan 717 interface x.x.x.2 Vrrp address x.x.x.1 (GW address for users) 1) Is the vrrp address only used when a subnet user originates a connection to another network? Which means all communications originated from this subnet flows through the core that holds the VRRP address? I believe this is correct. 2) When configured with VRRP, a connection can originate and enter the subnet from either core. Will the response always exit via the core that was the origination point? thanks in advance ww Walt Witkowski Primary Network Specialist - Sungard Higher Education Office of Information Technology - Delaware County Community College 610-359-5017(phone) / 610-359-4123 (fax)/856-217-4430(cell) wwitkow...@dccc.edu * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys swil...@email.wcu.edu * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys wwitk...@dccc.edu * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys swil...@email.wcu.edu * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys Michael.D'estie...@dhs.gov --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys arch...@mail-archive.com
