[j-nsp] VRRP with Juniper, what is needed around?

Pekka Savola pekkas at netcore.fi
Fri Dec 14 17:03:59 EST 2007 

On Thu, 13 Dec 2007, Jeff Meyers wrote:
> Here is the way I think it works:
>
> - a second router needs to have at least one full-table upstream on it's own
> - the routers have to do iBGP with each other
> - I have to configure VRRP on both sides for specific subnets(just a
> few, not all)
> - the routers have to do some IGP with each other(which would you suggest?)

That's pretty much it.

Strictly speaking, you don't need full tables from upstream.  For 
example, a default route or default + some more specifics is also OK.

In your simple setup, you don't necessarily need IGP, because the only 
thing the other box needs to know is where is the other router's 
loopback address.  The rest can be propagated in iBGP.  You can 
configure host routes for loopback addresses statically if you want. 
The main benefit of the IGP comes from faster failure detection in 
case a link goes down in such a manner that both routers don't see it.

> The first step is only 2 routers for Layer3 redundancy. We consider that
> necessary because we had too many problems in the past with the juniper
> box. The Core-Switch is redundant in several ways(and doing it's job
> rock stable), so for now we won't install a 2nd Core-Switch. However, if
> we did: how would that affect the setup? Which extra links would be
> necessary in which configuration?
>
> As far as I know, the following links usually exist with this setup:
>
> - Router 1 <-> Router 2
>
> - Router 1 <-> Switch 1
> - Router 1 <-> Switch 2
>
> - Router 2 <-> Switch 1
> - Router 2 <-> Switch 2
>
> - Switch 1 <-> Switch 2
>
> Obviously, Router 1 and Router 2 share a more or less identical
> configuration for VRRP with the same VLAN-IDs and so on..
> But what about the link each router has to each switch? Since that is
> "real" router interfaces, VLAN 200 from Link #1(to Switch1) is not equal
> to VLAN 200 from Link #2(to Switch2).
>
> Which extra configuration(e.g. Spanning-Tree) should be done here?
>
> I suppose it's obvious that I am having some trouble here finding the
> correct solution. I hope some of you can help destroy some
> misunderstanding and enlighten me and maybe some other guys too ;)

I guess there are two main ways to build a redundant router/switch 
solution like this:

  R1-----R2
  |      |
  SW1---SW2

or:

  R1\ /R2
  |  X |
  | / \|
  SW1 SW2

in the latter diagram you can also add a direct link between routers 
and/or switches if you want but you can also live without it.

The former is simpler and is usually sufficient when the switches and 
routers are located in the same premises (i.e. you don't need to be 
too worried about fiber breaks etc. -- this assumes that if a link 
between switch and router fails, the router sees the link down event). 
In this scenario, you may want to use two links between SW1 and SW2 
(and run LACP or some such to bundle them up unless you just use STP) 
just in case a switch port fails.  Spanning tree is not required in 
this setup.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

More information about the juniper-nsp mailing list