Re: [j-nsp] Using lo0 address as source in VRRP announcements

Mon, 17 Nov 2008 09:47:54 -0800

I believe you can set the interface address and the virtual address to the same IP on one side. The router can't source VRRP messages from a loopback as source mac of those messages is what's used to tell downstream switches who the current master is. 

Phil


On Nov 17, 2008, at 10:59 AM, Tore Anderson wrote:


Hi,
I am considering starting using two EX 4200 VCs as the access routers on 
a bunch of server VLANs in my data centre, replacing a pair of
home-brewn Linux software routers with Keepalived (a VRRP
implementation).

I've come up with the following configuration for VRRP (similar on the
other switch, only using 87.238.63.3/28 instead):

[edit interfaces ge-1/0/0 unit 0 family inet]
[EMAIL PROTECTED] show
address 87.238.63.2/28 {
   vrrp-group 0 {
       virtual-address 87.238.63.1;
   }
}

Now, the bad thing here is that JUNOS apparantly demands that I add a
static address to the interface (87.238.63.2/28), and that I cannot add 
a netmask to the virtual IP itself (it inherits the mask from the
static address instead). This means that every network segment running 
VRRP needs (at least) three addresses is consumed for the virtual
router:  one static per physical router, and one virtual address.

That seems rather wasteful in these days when IP(v4) addresses are
scarce.  With the Linux/Keepalived solution I could simply tell it to
use the loopback address as the source of the VRRP announcements, so
that I only had to reserve one IP address per network segment (the
virtual address, that is).

JUNOS won't let itself be fooled by me using a private address for the
static addresses either, e.g.:

address 169.254.63.2/28 {
   vrrp-group 0 {
       virtual-address 87.238.63.1;
   }
}

...results in the following error during commit:

 'vrrp-group 0'
   virtual address must share same mask with interface ip
error: configuration check-out failed
Not all of my server VLANs have two extra unused addresses, so this is a 
showstopper for my plans to get rid of the Linux boxes.  Is there any
other way round this apparant JUNOS limitation, I wonder?

Best regards,
--
Tore Anderson
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to