[j-nsp] Using lo0 address as source in VRRP announcements

[Tore Anderson]

Hi,

I am considering starting using two EX 4200 VCs as the access routers on 
a bunch of server VLANs in my data centre, replacing a pair of 
home-brewn Linux software routers with Keepalived (a VRRP 
implementation).

I've come up with the following configuration for VRRP (similar on the 
other switch, only using 87.238.63.3/28 instead):

[edit interfaces ge-1/0/0 unit 0 family inet]
tore at sw0# show 
address 87.238.63.2/28 {
    vrrp-group 0 {
        virtual-address 87.238.63.1;
    }
}

Now, the bad thing here is that JUNOS apparantly demands that I add a 
static address to the interface (87.238.63.2/28), and that I cannot add 
a netmask to the virtual IP itself (it inherits the mask from the 
static address instead).  This means that every network segment running 
VRRP needs (at least) three addresses is consumed for the virtual 
router:  one static per physical router, and one virtual address.

That seems rather wasteful in these days when IP(v4) addresses are 
scarce.  With the Linux/Keepalived solution I could simply tell it to 
use the loopback address as the source of the VRRP announcements, so 
that I only had to reserve one IP address per network segment (the 
virtual address, that is).

JUNOS won't let itself be fooled by me using a private address for the 
static addresses either, e.g.:

address 169.254.63.2/28 {
    vrrp-group 0 {
        virtual-address 87.238.63.1;
    }
}

...results in the following error during commit:

  'vrrp-group 0'
    virtual address must share same mask with interface ip
error: configuration check-out failed

Not all of my server VLANs have two extra unused addresses, so this is a 
showstopper for my plans to get rid of the Linux boxes.  Is there any 
other way round this apparant JUNOS limitation, I wonder?

Best regards,
-- 
Tore Anderson