Re: [j-nsp] VRRP with Juniper, what is needed around?
On Sat, 15 Dec 2007, Jeff Meyers wrote: In your simple setup, you don't necessarily need IGP, because the only thing the other box needs to know is where is the other router's loopback address. The rest can be propagated in iBGP. You can Even if I don't do VRRP for every single customer? What happens if traffic transits the 2nd router and it does not know that the subnet is added on the 1st router in vlan 200? I guess in this case, traffic will be discarded. That's why you'd put your direct routes (and everything else as well) to iBGP. I guess there are two main ways to build a redundant router/switch solution like this: R1-R2 | | SW1---SW2 or: R1\ /R2 | X | | / \| SW1 SW2 in the latter diagram you can also add a direct link between routers and/or switches if you want but you can also live without it. I guess the first solution is what we want. I guess the direct link between R1 and R2 is just a logical link for iBGP and maybe IGP? It can be a logical link realized using a vlan. If it's a logical and not physical link, you'll want to run IGP to notice if some of the physical links break. Some outbound traffic is going to use that link depending on your BGP path selection and the choice of VRRP primar(y|ies). -- Pekka Savola You each name yourselves king, yet the Netcore Oykingdom bleeds. Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VRRP with Juniper, what is needed around?
Prasanna Kumar A.S schrieb: Hi, I guess your topology with two m10s will look this Uplink1 - +---+ - +-+ Uplink2 - | M10 1 |ae0| Core-Switch | - Customers +---+ - + | | | Uplink1 - +---+ - + | Uplink2 - | M10 2 |ae0| | +---+ - +-+ exactly, yes. And - You will have to replicate the BGP configurations on the second M10 box, ( hope you are advertising the ae-ifl's subnet into BGP) ^ What do you mean by that? What is ae-ifl? (aggregated ethernet interface l...?) - configure VRRP on the ae ifls of both the m10 boxes connecting to the core-switch and you can configure VRRP in two ways 1) Configure separate ip address as the VR-IP/VIP, Here only one router will be doing the FWding at any point of time At least outgoing, yes. As long as the customer does not use the IP of M10-2 as his default gateway. 2) configure two vrrp-groups on each ifl, one with interface ip of M10-1 as VIP and other group with interface ip of m10-2 as VIP, and here you can do load sharing by configuring 50% of the customers with gateway as m10-1 and rest with m10-2, this way you achieve load sharing (when both the boxes are up) as well as redundancy(when any one of the box is down) I guess we will go with option #1. I am not sure how we can provide redundancy at switch level as the costumer can connect to only one switch with one physical link. The next step will be a 2nd switch where a customer can get another uplink if he wants. Please get me the current configuration of your m10 box to understand your topology better Pretty basic stuff: - a couple of prefixes being announced to two transit providers - 2x GigE member links on ae0 - 1x GigE for Upstream #1 - Upstream #2 is connected to the core switch - All subnets are assigned to various vlans on ae0, e.g. ae0.100 for customer1, ae0.101 for customer2 and so on.. Just BGP, no IGP is running there. Only one router for everything and the Switch is doing Layer2 only. Best regards, Jeff ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VRRP with Juniper, what is needed around?
Pekka Savola schrieb: Hi, Strictly speaking, you don't need full tables from upstream. For example, a default route or default + some more specifics is also OK. of course, yes. But for a little traffic engineering we prefere full-tables here :-) In your simple setup, you don't necessarily need IGP, because the only thing the other box needs to know is where is the other router's loopback address. The rest can be propagated in iBGP. You can Even if I don't do VRRP for every single customer? What happens if traffic transits the 2nd router and it does not know that the subnet is added on the 1st router in vlan 200? I guess in this case, traffic will be discarded. I guess there are two main ways to build a redundant router/switch solution like this: R1-R2 | | SW1---SW2 or: R1\ /R2 | X | | / \| SW1 SW2 in the latter diagram you can also add a direct link between routers and/or switches if you want but you can also live without it. I guess the first solution is what we want. I guess the direct link between R1 and R2 is just a logical link for iBGP and maybe IGP? The former is simpler and is usually sufficient when the switches and routers are located in the same premises (i.e. you don't need to be too worried about fiber breaks etc. -- this assumes that if a link between switch and router fails, the router sees the link down event). In this scenario, you may want to use two links between SW1 and SW2 (and run LACP or some such to bundle them up unless you just use STP) just in case a switch port fails. Spanning tree is not required in this setup. Great, thanks for your detailled reply! Best regards, Jeff ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] VRRP with Juniper, what is needed around?
Hello list, we operate a relatively small network with one Juniper M10 router for everything. Since availability becomes more and more important, we want to raise this by installing a second M10 with VRRP. Our current setup is pretty simple: Uplink1 - +-+ - +-+ Uplink2 - | M10 |ae0| Core-Switch | - Customers +-+ - +-+ Where Uplink 2 is physically connected to the Core-Switch and the logical connection is done with dot1q Vlans. We just do very basic BGP and configure all default gateways for the customers directly on logical units on ae0. Unfortunately, my experience with VRRP and IGPs is very limited and I did not find helpful documentation on how a VRRP setup affects everything else. Here is the way I think it works: - a second router needs to have at least one full-table upstream on it's own - the routers have to do iBGP with each other - I have to configure VRRP on both sides for specific subnets(just a few, not all) - the routers have to do some IGP with each other(which would you suggest?) Please correct me here if I am wrong. The first step is only 2 routers for Layer3 redundancy. We consider that necessary because we had too many problems in the past with the juniper box. The Core-Switch is redundant in several ways(and doing it's job rock stable), so for now we won't install a 2nd Core-Switch. However, if we did: how would that affect the setup? Which extra links would be necessary in which configuration? As far as I know, the following links usually exist with this setup: - Router 1 - Router 2 - Router 1 - Switch 1 - Router 1 - Switch 2 - Router 2 - Switch 1 - Router 2 - Switch 2 - Switch 1 - Switch 2 Obviously, Router 1 and Router 2 share a more or less identical configuration for VRRP with the same VLAN-IDs and so on.. But what about the link each router has to each switch? Since that is real router interfaces, VLAN 200 from Link #1(to Switch1) is not equal to VLAN 200 from Link #2(to Switch2). Which extra configuration(e.g. Spanning-Tree) should be done here? I suppose it's obvious that I am having some trouble here finding the correct solution. I hope some of you can help destroy some misunderstanding and enlighten me and maybe some other guys too ;) Looking forward to your answers! Regards, Jeff ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
