[f-nsp] Cannot ping VRRP IP when backup active

Tamas Csillag tcsillag at interware.hu
Mon May 14 17:55:48 EDT 2012 

No, it's stated by the RFC, that one router is the 'owner':

    IP Address Owner       The VRRP router that has the virtual router's
                           IP address(es) as real interface address(es).
                           This is the router that, when up, will respond
                           to packets addressed to one of these IP
                           addresses for ICMP pings, TCP connections,
                           etc.

    Virtual Router Master  The VRRP router that is assuming the
                           responsibility of forwarding packets sent to
                           the IP address(es) associated with the virtual
                           router, and answering ARP requests for these
                           IP addresses.  Note that if the IP address
                           owner is available, then it will always become
                           the Master.

    Virtual Router Backup  The set of VRRP routers available to assume
                           forwarding responsibility for a virtual router
                           should the current Master fail.


On 05/14/2012 10:51 PM, Tim Warnock wrote:
> Is this a brocadeism to have to use the same IP as the master and floating?
>
> What happens if you set master ip to 10.99.99.2, secondary to 10.99.99.3 and
> floating ip to 10.99.99.1? Or is this not valid?
>
> When you fail over to backup, have you tried clearing your ARP cache to see
> if that's why you can't ping?
>
>> -----Original Message-----
>> From: foundry-nsp-bounces at puck.nether.net [mailto:foundry-nsp-
>> bounces at puck.nether.net] On Behalf Of Tamas Csillag
>> Sent: Tuesday, 15 May 2012 6:39 AM
>> To: Steven Raymond
>> Cc: foundry-nsp at puck.nether.net
>> Subject: Re: [f-nsp] Cannot ping VRRP IP when backup active
>>
>> As I know, VRRP does not support icmp echo replies on the virtual IP.
>> The owner replies because it has a physical interface with the same IP,
>> however if a backup becomes active, it'll only have the virtual IP, so
>> it won't answer.
>> One of the things Brocade always announces about it's VRRP-E is that it
>> always replies to ping.
>> Most vendors provide a config statement to enable pinging the virtual
>> IP, but that's not strictly following the RFC.
>>
>> Tamas
>>
>>
>> On 05/14/2012 09:26 PM, Steven Raymond wrote:
>>> Two routers, MLXe, simple VRRP configuration.  The master has my .1
>> address, and all works fine,  If I shutdown the VE interface on the master
> for
>> testing, in a few seconds routing resumes on the VE interface of my backup
>> router.  However, I never can ping the same .1 address while the backup
>> router is active.  Re-enable the master VE interface and I can ping .1
> again,
>> and of course the hosts are still happy.
>>>
>>> Is that expected behavior?
>>>
>>> Thanks
>>>
>>> ! master
>>> interface ve 205
>>>    port-name admin-swts
>>>    ip address 10.99.99.1/22
>>>    disable
>>>    ip vrrp vrid 1
>>>     version v3
>>>     owner
>>>     ip-address 10.99.99.1
>>>     activate
>>> !
>>>
>>> ! backup
>>> interface ve 205
>>>    port-name admin-swts
>>>    ip address 10.99.99.5/22
>>>    ip vrrp vrid 1
>>>     version v3
>>>     backup
>>>     ip-address 10.99.99.1
>>>     advertise backup
>>>     activate
>>> !
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp at puck.nether.net
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

More information about the foundry-nsp mailing list