[f-nsp] Brain bending VRRP question for Monday morning
Tuc
tuc at ttsg.com
Mon Apr 18 09:42:13 EDT 2005
Hi,
Hopefully everyone has had their coffee. I think this is going to
warp some minds....
Currently I have a FWS-4802p, it has a vlan and router-interface:
vlan 100 name SLBs by port
untagged ethe 17 to 24
router-interface ve 100
!
interface ve 100
ip address 192.136.64.1 255.255.255.0
Attached to this I have 2 SIXL-8's. They are tied together on port 8
for active/standby, and both have port 1 in the FWS-4802p port 17-24 range.
They look like :
server backup ethe 8 00e0.5205.9cda
server router-ports 1
!
vlan 1 name DEFAULT-VLAN by port
no spanning-tree
!
vlan 5 name X-over by port
untagged ethe 8
no spanning-tree
!
interface e 1
port-name X-F4802-1p17
speed-duplex 100-full
!
interface e 8
port-name X-FSLB8-2p8
speed-duplex 100-full
and
server backup ethe 8 00e0.5205.9cda
server router-ports 1
!
vlan 1 name DEFAULT-VLAN by port
no spanning-tree
!
vlan 5 name X-over by port
untagged ethe 8
no spanning-tree
!
interface e 1
port-name X-F4802-1p18
speed-duplex 100-full
!
interface e 8
port-name X-FSLB-1p8
speed-duplex 100-full
All is well and happy. Or should I say, all WAS all well and happy
until I decided not to make the FWS4802-p the single point of failure.
So I looked for something to teach me about VRRP. I found :
http://www.foundrynet.com/services/documentation/ecmg/VRRP.html
So I started to reconfigure my setup. The first thing I
did was change the VLAN on the first FWS4802p to be :
interface ve 100
ip address 192.136.64.1 255.255.255.0
ip vrrp vrid 1
owner
ip-address 192.136.64.1
activate
and add a "router vrrp" statement into the general config. All seems
well and good. Now, the brain bending part. If you look at the picture of
http://www.foundrynet.com/services/documentation/ecmg/images/VRRP1_t.gif
it seems like its saying that you have to tie Router1 and Router2 together
with something that lets Host1 talk to both at the same time. That would
mean a switch usually. But if you do that, it becomes a single point of
failure again, defeating what I'm trying to do. What I want to do instead is
use ports 47+48 on the 2 FWS4802p's to make the connection between the two,
and while I'm at it pass (maybe OSPF and) BGP over it, and let this be
how the 2 FWS4802p's talk.
So I put on each a VLAN for the 2 connections each, and IP'd them
while I was at it :
vlan 50 name Inter4802Trunk-1 by port
untagged ethe 48
router-interface ve 50
!
vlan 51 name Inter4802Trunk-2 by port
untagged ethe 47
router-interface ve 51
!
interface ethernet 47
port-name X-F4802p-2p47
speed-duplex 100-full
!
interface ethernet 48
port-name X-F4802p-2p48
speed-duplex 100-full
!
interface ve 50
port-name X-F4802p-2x1
ip address 165.254.97.25 255.255.255.248
!
interface ve 51
port-name X-F4802p-2x2
ip address 165.254.97.17 255.255.255.248
and
!
vlan 50 name Inter4802Trunk-1 by port
untagged ethe 48
router-interface ve 50
!
vlan 51 name Inter4802Trunk-2 by port
untagged ethe 47
router-interface ve 51
!
interface ethernet 47
port-name X-F4802p-1p47
speed-duplex 100-full
!
interface ethernet 48
port-name X-F4802p-1p48
speed-duplex 100-full
!
interface ve 50
port-name X-F4802p-1x1
ip address 165.254.97.26 255.255.255.248
!
interface ve 51
port-name X-F4802p-1x2
ip address 165.254.97.18 255.255.255.248
So now they are connected.
But its where to go from here that I'm a little lost. I can set up
another Vlan100 on the other FWS4802p, but not sure how to make it so that
the 2 Vlans feel like they are "tied together", or not cause spanning tree
issues (Which I had before I put ports 47+48 into a Vlan, but now since they
are untagged (I think this is why) I can't ping the other side....
Have I confused everyone enough?
Thanks, Tuc
More information about the foundry-nsp
mailing list