[f-nsp] Brain bending VRRP question for Monday morning

Tuc tuc at ttsg.com
Tue Apr 19 19:41:34 EDT 2005 

> 
> Tuc, I think you may be overcomplicating this.....;)  
>
	Yup, I *KNOW* I am. ;)
>
> All you really
> need to do is join the FWS's on the same vlan, 100, on the trunk
> ports.  You also need to trunk those together, using the trunk e 47 to
> 48 command.  VRRP needs to have L2 connectivity, the hello's are L2
> multicast's, so the vrrp interfaces need to be on the same L2 domain
> (vlan).  I think the span tree issues you had before were because
> ports 47 and 48 were not trunked.  This would create a loop, if you
> dropped them onto the same vlan.
>
	ACTUALLY........

	Foundry called me about something, so I asked them, and they
told me I don't even NEED 47/48. The fact that on the SIXL side that
the 2 connections are in the same VLAN there, just by hooking it into
the FWS's...... Its accomplishing what I needed in the first place.

	So, all this for naught. Sorry to bother people.

		Thanks, Tuc 
> Mike
> 
> On 4/18/05, Tuc <tuc at ttsg.com> wrote:
> > Hi,
> > 
> >        Hopefully everyone has had their coffee. I think this is going to
> > warp some minds....
> > 
> >        Currently I have a FWS-4802p, it has a vlan and router-interface:
> > 
> > vlan 100 name SLBs by port
> > untagged ethe 17 to 24
> > router-interface ve 100
> > !
> > interface ve 100
> > ip address 192.136.64.1 255.255.255.0
> > 
> >        Attached to this I have 2 SIXL-8's. They are tied together on port 8
> > for active/standby, and both have port 1 in the FWS-4802p port 17-24 range.
> > They look like :
> > 
> > server backup ethe 8 00e0.5205.9cda
> > server router-ports 1
> > !
> > vlan 1 name DEFAULT-VLAN by port
> > no spanning-tree
> > !
> > vlan 5 name X-over by port
> > untagged ethe 8
> > no spanning-tree
> > !
> > interface e 1
> > port-name X-F4802-1p17
> > speed-duplex 100-full
> > !
> > interface e 8
> > port-name X-FSLB8-2p8
> > speed-duplex 100-full
> > 
> >                                and
> > 
> > server backup ethe 8 00e0.5205.9cda
> > server router-ports 1
> > !
> > vlan 1 name DEFAULT-VLAN by port
> > no spanning-tree
> > !
> > vlan 5 name X-over by port
> > untagged ethe 8
> > no spanning-tree
> > !
> > interface e 1
> > port-name X-F4802-1p18
> > speed-duplex 100-full
> > !
> > interface e 8
> > port-name X-FSLB-1p8
> > speed-duplex 100-full
> > 
> >        All is well and happy. Or should I say, all WAS all well and happy
> > until I decided not to make the FWS4802-p the single point of failure.
> > 
> >        So I looked for something to teach me about VRRP. I found :
> > 
> > http://www.foundrynet.com/services/documentation/ecmg/VRRP.html
> > 
> >        So I started to reconfigure my setup.  The first thing I
> > did was change the VLAN on the first FWS4802p to be :
> > 
> > interface ve 100
> > ip address 192.136.64.1 255.255.255.0
> > ip vrrp vrid 1
> >  owner
> >  ip-address 192.136.64.1
> >  activate
> > 
> >        and add a "router vrrp" statement into the general config. All seems
> > well and good. Now, the brain bending part. If you look at the picture of
> > http://www.foundrynet.com/services/documentation/ecmg/images/VRRP1_t.gif
> > it seems like its saying that you have to tie Router1 and Router2 together
> > with something that lets Host1 talk to both at the same time. That would
> > mean a switch usually. But if you do that, it becomes a single point of
> > failure again, defeating what I'm trying to do. What I want to do instead is
> > use ports 47+48 on the 2 FWS4802p's to make the connection between the two,
> > and while I'm at it pass (maybe OSPF and) BGP over it, and let this be
> > how the 2 FWS4802p's talk.
> > 
> >        So I put on each a VLAN for the 2 connections each, and IP'd them
> > while I was at it :
> > 
> > vlan 50 name Inter4802Trunk-1 by port
> > untagged ethe 48
> > router-interface ve 50
> > !
> > vlan 51 name Inter4802Trunk-2 by port
> > untagged ethe 47
> > router-interface ve 51
> > !
> > interface ethernet 47
> > port-name X-F4802p-2p47
> > speed-duplex 100-full
> > !
> > interface ethernet 48
> > port-name X-F4802p-2p48
> > speed-duplex 100-full
> > !
> > interface ve 50
> > port-name X-F4802p-2x1
> > ip address 165.254.97.25 255.255.255.248
> > !
> > interface ve 51
> > port-name X-F4802p-2x2
> > ip address 165.254.97.17 255.255.255.248
> > 
> >                        and
> > 
> > !
> > vlan 50 name Inter4802Trunk-1 by port
> > untagged ethe 48
> > router-interface ve 50
> > !
> > vlan 51 name Inter4802Trunk-2 by port
> > untagged ethe 47
> > router-interface ve 51
> > !
> > interface ethernet 47
> > port-name X-F4802p-1p47
> > speed-duplex 100-full
> > !
> > interface ethernet 48
> > port-name X-F4802p-1p48
> > speed-duplex 100-full
> > !
> > interface ve 50
> > port-name X-F4802p-1x1
> > ip address 165.254.97.26 255.255.255.248
> > !
> > interface ve 51
> > port-name X-F4802p-1x2
> > ip address 165.254.97.18 255.255.255.248
> > 
> >        So now they are connected.
> > 
> >        But its where to go from here that I'm a little lost. I can set up
> > another Vlan100 on the other FWS4802p, but not sure how to make it so that
> > the 2 Vlans feel like they are "tied together", or not cause spanning tree
> > issues (Which I had before I put ports 47+48 into a Vlan, but now since they
> > are untagged (I think this is why) I can't ping the other side....
> > 
> >        Have I confused everyone enough?
> > 
> >                Thanks, Tuc
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
> 
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

More information about the foundry-nsp mailing list