Hi,
I've got some problems getting VRRP and router advertisements to play
nice. I configured my MXes like this (based on the example in the High
Availability Configuration Guide):
On router A:
[edit interfaces xe-1/1/0 unit 524 family inet6]
rpf-check;
address fe80::221:5900:3e0e:633a/64;
address 2a02:c0:1011:0:ffff::2/64 {
vrrp-inet6-group 0 {
virtual-inet6-address 2a02:c0:1011:0:ffff::1;
virtual-link-local-address fe80::200:5e00:3e00:0200;
}
}
On router B:
[edit interfaces xe-1/1/0 unit 524 family inet6]
rpf-check;
address fe80::221:5900:3e0e:933a/64;
address 2a02:c0:1011:0:ffff::3/64 {
vrrp-inet6-group 0 {
virtual-inet6-address 2a02:c0:1011:0:ffff::1;
virtual-link-local-address fe80::200:5e00:3e00:0200;
}
}
On both routers:
[edit protocols router-advertisement interface xe-1/1/0.524]
max-advertisement-interval 4;
prefix 2a02:c0:1011:0::/64;
It all seems to work fine, one of the routers gets to be master, the
other on backup, and so on. However both routers are sending out RAs
for the static link-local addresses on their interfaces (the master is
sending out for the virtual one as well), so the routing table of a
host (running Linux) on this network ends up looking like this:
$ ip -6 r l default
default via fe80::221:5900:3e0e:933a dev bond0.524 proto kernel metric 1024
expires 10sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::221:5900:3e0e:633a dev bond0.524 proto kernel metric 1024
expires 9sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::200:5e00:3e00:200 dev bond0.524 proto kernel metric 1024
expires 10sec mtu 1500 advmss 1440 hoplimit 64
So it's just pure luck if the host actually uses the highly available
address as it's default router or not (here the outbound path is
constantly changing). Since the RAs are sent so often and the routes
expire so fast, I do get some sort of router redundancy, but VRRP
itself doesn't appear to do anthing useful here at all.
I have a hard time believing this is how it is supposed to work... I
would assume that the RAs should have been sent only from the virtual
router address by the master router and not from the static addresses,
or that the ones sent from the static addresses would be marked with a
higher metric or lower preference or something like that (if that is
indeed possible). Can't figure out how, though.
I'd appreciate any suggestions or other input!
Also I'm wondering about a couple of other related things:
1) virtual-inet6-address mandatory, a configuration without it won't
commit. Anyone have any idea why that is? It's the link-local address
that's used by the host as the next-hop anyway, so that address seems
quite pointless to me.
2) Use of EUI-64 is disallowed when VRRP is configured. Why is that?
Best regards,
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/
Tel: +47 21 54 41 27
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
