[f-nsp] Brain bending VRRP question for Monday morning

Mike Allen mkallen at gmail.com
Tue Apr 19 19:12:20 EDT 2005 

Tuc, I think you may be overcomplicating this.....;)  All you really
need to do is join the FWS's on the same vlan, 100, on the trunk
ports.  You also need to trunk those together, using the trunk e 47 to
48 command.  VRRP needs to have L2 connectivity, the hello's are L2
multicast's, so the vrrp interfaces need to be on the same L2 domain
(vlan).  I think the span tree issues you had before were because
ports 47 and 48 were not trunked.  This would create a loop, if you
dropped them onto the same vlan.

Mike

On 4/18/05, Tuc <tuc at ttsg.com> wrote:
> Hi,
> 
>        Hopefully everyone has had their coffee. I think this is going to
> warp some minds....
> 
>        Currently I have a FWS-4802p, it has a vlan and router-interface:
> 
> vlan 100 name SLBs by port
> untagged ethe 17 to 24
> router-interface ve 100
> !
> interface ve 100
> ip address 192.136.64.1 255.255.255.0
> 
>        Attached to this I have 2 SIXL-8's. They are tied together on port 8
> for active/standby, and both have port 1 in the FWS-4802p port 17-24 range.
> They look like :
> 
> server backup ethe 8 00e0.5205.9cda
> server router-ports 1
> !
> vlan 1 name DEFAULT-VLAN by port
> no spanning-tree
> !
> vlan 5 name X-over by port
> untagged ethe 8
> no spanning-tree
> !
> interface e 1
> port-name X-F4802-1p17
> speed-duplex 100-full
> !
> interface e 8
> port-name X-FSLB8-2p8
> speed-duplex 100-full
> 
>                                and
> 
> server backup ethe 8 00e0.5205.9cda
> server router-ports 1
> !
> vlan 1 name DEFAULT-VLAN by port
> no spanning-tree
> !
> vlan 5 name X-over by port
> untagged ethe 8
> no spanning-tree
> !
> interface e 1
> port-name X-F4802-1p18
> speed-duplex 100-full
> !
> interface e 8
> port-name X-FSLB-1p8
> speed-duplex 100-full
> 
>        All is well and happy. Or should I say, all WAS all well and happy
> until I decided not to make the FWS4802-p the single point of failure.
> 
>        So I looked for something to teach me about VRRP. I found :
> 
> http://www.foundrynet.com/services/documentation/ecmg/VRRP.html
> 
>        So I started to reconfigure my setup.  The first thing I
> did was change the VLAN on the first FWS4802p to be :
> 
> interface ve 100
> ip address 192.136.64.1 255.255.255.0
> ip vrrp vrid 1
>  owner
>  ip-address 192.136.64.1
>  activate
> 
>        and add a "router vrrp" statement into the general config. All seems
> well and good. Now, the brain bending part. If you look at the picture of
> http://www.foundrynet.com/services/documentation/ecmg/images/VRRP1_t.gif
> it seems like its saying that you have to tie Router1 and Router2 together
> with something that lets Host1 talk to both at the same time. That would
> mean a switch usually. But if you do that, it becomes a single point of
> failure again, defeating what I'm trying to do. What I want to do instead is
> use ports 47+48 on the 2 FWS4802p's to make the connection between the two,
> and while I'm at it pass (maybe OSPF and) BGP over it, and let this be
> how the 2 FWS4802p's talk.
> 
>        So I put on each a VLAN for the 2 connections each, and IP'd them
> while I was at it :
> 
> vlan 50 name Inter4802Trunk-1 by port
> untagged ethe 48
> router-interface ve 50
> !
> vlan 51 name Inter4802Trunk-2 by port
> untagged ethe 47
> router-interface ve 51
> !
> interface ethernet 47
> port-name X-F4802p-2p47
> speed-duplex 100-full
> !
> interface ethernet 48
> port-name X-F4802p-2p48
> speed-duplex 100-full
> !
> interface ve 50
> port-name X-F4802p-2x1
> ip address 165.254.97.25 255.255.255.248
> !
> interface ve 51
> port-name X-F4802p-2x2
> ip address 165.254.97.17 255.255.255.248
> 
>                        and
> 
> !
> vlan 50 name Inter4802Trunk-1 by port
> untagged ethe 48
> router-interface ve 50
> !
> vlan 51 name Inter4802Trunk-2 by port
> untagged ethe 47
> router-interface ve 51
> !
> interface ethernet 47
> port-name X-F4802p-1p47
> speed-duplex 100-full
> !
> interface ethernet 48
> port-name X-F4802p-1p48
> speed-duplex 100-full
> !
> interface ve 50
> port-name X-F4802p-1x1
> ip address 165.254.97.26 255.255.255.248
> !
> interface ve 51
> port-name X-F4802p-1x2
> ip address 165.254.97.18 255.255.255.248
> 
>        So now they are connected.
> 
>        But its where to go from here that I'm a little lost. I can set up
> another Vlan100 on the other FWS4802p, but not sure how to make it so that
> the 2 Vlans feel like they are "tied together", or not cause spanning tree
> issues (Which I had before I put ports 47+48 into a Vlan, but now since they
> are untagged (I think this is why) I can't ping the other side....
> 
>        Have I confused everyone enough?
> 
>                Thanks, Tuc
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

More information about the foundry-nsp mailing list