[j-nsp] vrrp on fxp0

Dmitri Kalintsev dek at hades.uz
Thu Jan 23 08:49:38 EST 2003


Been there, done that, got a t-shirt. ;) What we've done is:

- re0 and re1 get their own IP address on their fxp0;
- Loopback0 IP addres is the same on both RE's (but of course);
- We run routing process (rip in our case) on fxp0, advertising the IP
address of Loopback0.

When RE is in stadby, rpd is not running on it and the Loopback0 is only
visible via master RE's fxp0.

Running vrrp was not good enough for us, as there is no mechanism (yet?) to
make the vrrp master to follow the active RE. Consider the case when your
master RE fails, so standby RE (and it's VRRP) takes over, then problem with
ex-master RE is fixed and somebody manually tells it to become master again
(for whatever reason we won't discuss here). VRRP master then stays with the
now-standby RE and your NMS ligts up like a christmas tree. 

Alternatively, the same situation occurs if vrrpd crashes on master RE.

SY,
--
 CCNP, CCDP (R&S)                          Dmitri E. Kalintsev
 CDPlayer at irc               Network Architect @ connect.com.au
 dek @ connect.com.au    phone: +61 3 8687 5954 fax: 8414 3115
 http://-UNAVAIL-         UIN:7150410    cell: +61 414 821 382

On Wed, Jan 22, 2003 at 07:51:12PM +0900, Hangu Jeong wrote:
> We use a management network via fxp0 with other devices. I know what you
> mean, But we don't want to change the router ip address on management
> server to telnet when RE changed case. If we run vrrp on fxp0 with
> interface tracking, we can access always router without ip address change.
> Of course we have to use predefined group re0 and re1 at that case.
> 
> Thanks
> 
> Han
> 
> -----Original Message-----
> From: Guy Davies [mailto:Guy.Davies at telindus.co.uk]
> Sent: Wednesday, January 22, 2003 7:39 PM
> To: 'Hangu Jeong'; juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] vrrp on fxp0
> 
> 
>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Why would you want to run vrrp on fxp0?  VRRP gives you a degree of
> resilience to a default route.  Since you can't route traffic via fxp0,
> this makes no sense at all.
> 
> The thing to do for the 2 REs is to have an IP address for each.  Both REs
> are live even though one is master and the other slave so you can log into
> both of them independently.  If you use the predefined groups re0 and re1,
> you can have an identical config on both REs which configures the IP
> address of fxp0 depending upon which RE slot the config is being installed
> on.
> 
> Regards,
> 
> Guy
> 
> > -----Original Message-----
> > From: Hangu Jeong [mailto:hgjeong at icraft21.com]
> > Sent: Wednesday, January 22, 2003 10:32 AM
> > To: juniper-nsp at puck.nether.net
> > Subject: [j-nsp] vrrp on fxp0
> > 
> > 
> > Hi all,
> > 
> > We have a M20 with 2 RE. 
> > Anybody tried to run vrrp on fxp0 for router management ?
> > Pls let me know, if anyabody have experience for that. 
> > 
> > Thaniks in advance
> > 
> > Han
> > 
> > 
> > 
> > 
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
> 
> iQA/AwUBPi501Y3dwu/Ss2PCEQKD6QCdEy20aYHGz26fiwu0MI61o+60ccIAnRTn
> WKY/cYap3Mic5JT1rruXyRaT
> =OJaz
> -----END PGP SIGNATURE-----
> 
> 
> This e-mail is private and may be confidential and is for the intended
> recipient only.  If misdirected, please notify us by telephone and confirm
> that it has been deleted from your system and any copies destroyed.  If you
> are not the intended recipient you are strictly prohibited from using,
> printing, copying, distributing or disseminating this e-mail or any
> information contained in it.  We use reasonable endeavors to virus scan all
> e-mails leaving the Company but no warranty is given that this e-mail and
> any attachments are virus free.  You should undertake your own virus
> checking.  The right to monitor e-mail communications through our network
> is reserved by us. 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
---end quoted text---

-- 
 CCNP, CCDP (R&S)                          Dmitri E. Kalintsev
 CDPlayer at irc               Network Architect @ connect.com.au
 dek @ connect.com.au    phone: +61 3 8687 5954 fax: 8414 3115
 http://-UNAVAIL-         UIN:7150410    cell: +61 414 821 382



More information about the juniper-nsp mailing list