Re: [j-nsp] limitation to vrrp-group inheritance on MX?
Ben, Thank you for the explanation. I verified that it works through some testing. I guess I am just accustomed to the Cisco way of doing things, where you can have a whole group of IP subnets on one vlan all sharing the same VRRP address, including the facilitating of MAC address learning. In that approach, there is no need for having a separate VRRP MAC for each subnet on the same vlan. It just seems inefficient and unnecessary on Juniper's part. Clarke Morledge College of William and Mary Information Technology - Network Engineering Jones Hall (Room 18) Williamsburg VA 23187 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] limitation to vrrp-group inheritance on MX?
It looks like there is a limitation as to the number of times you can
inherit settings from a particular vrrp-group on a single interface, but
is this correct?
Assume you have a single vlan with multiple IP subnets configured.
However, all you need is to have a single vrrp-group where all of the
other IP subnets can inherit vrrp config information from, let's say, the
vrrp group with the preferred address. For example:
[edit interfaces irb unit 100]
MX# show
family inet {
address 192.168.37.3/25 {
preferred;
vrrp-group 100 {
priority 125;
accept-data;
virtual-address 192.168.37.1;
}
}
address 192.168.38.3/25 {
vrrp-group 101 {
virtual-address 192.168.38.1;
vrrp-inherit-from {
active-interface irb.100;
active-group 100;
}
}
}
address 192.168.39.3/25 {
vrrp-group 102 {
virtual-address 192.168.39.1;
vrrp-inherit-from {
active-interface irb.100;
active-group 100;
}
}
}
}
For each IP address configured on the IRB interface (associated with one
particular vlan), you must have a DIFFERENT vrrp-group configured, even
though the inheriting addresses are only effectively using the
vrrp-group number as unique identifiers and place holders.
If you try to use the SAME vrrp-group number for each address; e.g. 100,
you get a configuration error upon commit:
Duplicate interface: irb unit: 100 vrrp-group: 100 for address:.
Vrrp has a limitation as to the nunmber of groups available per vlan, 255.
Granted, having more than 255 addresses per interface is a lot, but it
seems arbitrary that the MX limits you to only having 255 IP subnets per
vlan that can use VRRP.
Having a maximum of 255 VRRP active groups per vlan makes sense, as this
is what the VRRP standard specifies, but when you have a bunch of
basically inactive groups that inherit from one active group, it seems
bizarre that Junos says, NOPE, you can only have a maximum of 254
placeholders for inactive vrrp groups per interface.
Am I misunderstanding something here?
Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] limitation to vrrp-group inheritance on MX?
Hi Clarke,
Even though you have vrrp-inherit-from enabled, the interfaces are still
participating in VRRP, albeit at a much slower rate (just enough to keep
downstream ARP refreshed) so the MX is still allocating a specific VRRP MAC per
group and thus the 255 limit still applies per interface.
See
http://www.juniper.net/techpubs/en_US/junos11.4/topics/task/configuration/vrrp-inheritance-for-a-group-configuring.html
And in particular:
the groups that are inheriting the state do send out VRRP advertisements once
every 2 to 3 minutes so as to facilitate MAC address learning on the switches
placed between the VRRP routers.
Cheers,
Ben
On 23/07/2013, at 7:18 AM, Clarke Morledge chm...@wm.edu wrote:
It looks like there is a limitation as to the number of times you can inherit
settings from a particular vrrp-group on a single interface, but is this
correct?
Assume you have a single vlan with multiple IP subnets configured. However,
all you need is to have a single vrrp-group where all of the other IP subnets
can inherit vrrp config information from, let's say, the vrrp group with the
preferred address. For example:
[edit interfaces irb unit 100]
MX# show
family inet {
address 192.168.37.3/25 {
preferred;
vrrp-group 100 {
priority 125;
accept-data;
virtual-address 192.168.37.1;
}
}
address 192.168.38.3/25 {
vrrp-group 101 {
virtual-address 192.168.38.1;
vrrp-inherit-from {
active-interface irb.100;
active-group 100;
}
}
}
address 192.168.39.3/25 {
vrrp-group 102 {
virtual-address 192.168.39.1;
vrrp-inherit-from {
active-interface irb.100;
active-group 100;
}
}
}
}
For each IP address configured on the IRB interface (associated with one
particular vlan), you must have a DIFFERENT vrrp-group configured, even
though the inheriting addresses are only effectively using the vrrp-group
number as unique identifiers and place holders.
If you try to use the SAME vrrp-group number for each address; e.g. 100,
you get a configuration error upon commit:
Duplicate interface: irb unit: 100 vrrp-group: 100 for address:.
Vrrp has a limitation as to the nunmber of groups available per vlan, 255.
Granted, having more than 255 addresses per interface is a lot, but it seems
arbitrary that the MX limits you to only having 255 IP subnets per vlan that
can use VRRP.
Having a maximum of 255 VRRP active groups per vlan makes sense, as this is
what the VRRP standard specifies, but when you have a bunch of basically
inactive groups that inherit from one active group, it seems bizarre that
Junos says, NOPE, you can only have a maximum of 254 placeholders for
inactive vrrp groups per interface.
Am I misunderstanding something here?
Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
