[j-nsp] VRRP with Juniper, what is needed around?

Jeff Meyers Jeff.Meyers at gmx.net
Thu Dec 13 17:01:39 EST 2007 

Hello list,

we operate a relatively small network with one Juniper M10 router for 
everything. Since availability becomes more and more important, we want 
to raise this by installing a second M10 with VRRP.

Our current setup is pretty simple:


Uplink1 - +-----+ - +-------------+
Uplink2	- | M10 |ae0| Core-Switch | - Customers
           +-----+ - +-------------+


Where Uplink 2 is physically connected to the Core-Switch and the 
logical connection is done with dot1q Vlans.

We just do very basic BGP and configure all default gateways for the 
customers directly on logical units on ae0. Unfortunately, my experience 
with VRRP and IGPs is very limited and I did not find helpful 
documentation on how a VRRP setup affects everything else.

Here is the way I think it works:

- a second router needs to have at least one full-table upstream on it's own
- the routers have to do iBGP with each other
- I have to configure VRRP on both sides for specific subnets(just a 
few, not all)
- the routers have to do some IGP with each other(which would you suggest?)

Please correct me here if I am wrong.


The first step is only 2 routers for Layer3 redundancy. We consider that 
necessary because we had too many problems in the past with the juniper 
box. The Core-Switch is redundant in several ways(and doing it's job 
rock stable), so for now we won't install a 2nd Core-Switch. However, if 
we did: how would that affect the setup? Which extra links would be 
necessary in which configuration?

As far as I know, the following links usually exist with this setup:

- Router 1 <-> Router 2

- Router 1 <-> Switch 1
- Router 1 <-> Switch 2

- Router 2 <-> Switch 1
- Router 2 <-> Switch 2

- Switch 1 <-> Switch 2


Obviously, Router 1 and Router 2 share a more or less identical 
configuration for VRRP with the same VLAN-IDs and so on..
But what about the link each router has to each switch? Since that is 
"real" router interfaces, VLAN 200 from Link #1(to Switch1) is not equal 
to VLAN 200 from Link #2(to Switch2).

Which extra configuration(e.g. Spanning-Tree) should be done here?


I suppose it's obvious that I am having some trouble here finding the 
correct solution. I hope some of you can help destroy some 
misunderstanding and enlighten me and maybe some other guys too ;)


Looking forward to your answers!

Regards,
Jeff

More information about the juniper-nsp mailing list