[j-nsp] Using lo0 address as source in VRRP announcements

Phil Bedard philxor at gmail.com
Mon Nov 17 12:43:28 EST 2008 

I believe you can set the interface address and the virtual address to  
the same IP on one side.  The router can't source VRRP messages from a  
loopback as source mac of those messages is what's used to tell  
downstream switches who the current master is.

Phil


On Nov 17, 2008, at 10:59 AM, Tore Anderson wrote:

> Hi,
>
> I am considering starting using two EX 4200 VCs as the access  
> routers on
> a bunch of server VLANs in my data centre, replacing a pair of
> home-brewn Linux software routers with Keepalived (a VRRP
> implementation).
>
> I've come up with the following configuration for VRRP (similar on the
> other switch, only using 87.238.63.3/28 instead):
>
> [edit interfaces ge-1/0/0 unit 0 family inet]
> tore at sw0# show
> address 87.238.63.2/28 {
>    vrrp-group 0 {
>        virtual-address 87.238.63.1;
>    }
> }
>
> Now, the bad thing here is that JUNOS apparantly demands that I add a
> static address to the interface (87.238.63.2/28), and that I cannot  
> add
> a netmask to the virtual IP itself (it inherits the mask from the
> static address instead).  This means that every network segment  
> running
> VRRP needs (at least) three addresses is consumed for the virtual
> router:  one static per physical router, and one virtual address.
>
> That seems rather wasteful in these days when IP(v4) addresses are
> scarce.  With the Linux/Keepalived solution I could simply tell it to
> use the loopback address as the source of the VRRP announcements, so
> that I only had to reserve one IP address per network segment (the
> virtual address, that is).
>
> JUNOS won't let itself be fooled by me using a private address for the
> static addresses either, e.g.:
>
> address 169.254.63.2/28 {
>    vrrp-group 0 {
>        virtual-address 87.238.63.1;
>    }
> }
>
> ...results in the following error during commit:
>
>  'vrrp-group 0'
>    virtual address must share same mask with interface ip
> error: configuration check-out failed
>
> Not all of my server VLANs have two extra unused addresses, so this  
> is a
> showstopper for my plans to get rid of the Linux boxes.  Is there any
> other way round this apparant JUNOS limitation, I wonder?
>
> Best regards,
> -- 
> Tore Anderson
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list