[j-nsp] VRRP packets neither counted nor logged

Bit Gossip bit.gossip at chello.nl
Wed Nov 11 12:55:51 EST 2009 

Experts, any idea why?

The firewall term VRRP matches packets because if I change the action to
reject the vrrp status changes to master because vrrp from the other
router are not heard anymore.

Nevertheless matched packet are neither counted nor logged :-(

 

lab at jr4> show configuration firewall filter LUCA

term VRRP {

    from {

        protocol vrrp;

    }

    then {

        count RT-VRRP;

        log;

        accept;

    }

}

term FXP0-ACCEPT {

    from {

        interface fxp0.0;

    }

    then {

        count FXP0-ACCEPT;

        accept;

    }

}

 

lab at jr4> show firewall log

 

lab at jr4> show firewall filter LUCA

 

Filter: LUCA

Counters:

Name                                                Bytes
Packets

RT-VRRP                                                 0
0

FXP0-ACCEPT                                         43570
802

 

lab at jr4> show vrrp detail

Physical interface: ge-1/3/0, Unit: 1, Vlan-id: 1, Address:
10.15.4.74/26

  Index: 71, SNMP ifIndex: 135, VRRP-Traps: disabled

  Interface state: up, Group: 126, State: backup

  Priority: 100, Advertisement interval: 1, Authentication type: none

  Delay threshold: 100, Computed send rate: 0

  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 10.15.4.126

  Dead timer: 2.833s, Master priority: 100, Master router: 10.15.4.75

  Virtual router uptime: 00:47:44

  Tracking: disabled

 

lab at jr4> monitor traffic interface ge-1/3/0 no-resolve matching "dst
host 224.0.0.18" detail count 1

Address resolution is OFF.

Listening on ge-1/3/0, capture size 1514 bytes

 

14:47:32.936935  In IP (tos 0xc0, ttl 255, id 0, offset 0, flags [none],
proto: VRRP (112), length: 40) 10.15.4.75 > 224.0.0.18:
VRRPv2-advertisement 20: vrid=126 prio=100 authtype=none intvl=1 addrs:
10.15.4.126

 

lab at jr4> show configuration interfaces lo0

unit 0 {

    family inet {

        filter {

            input LUCA;

        }

        address 127.0.0.1/32;

        address 1.1.1.1/32 {

            primary;

            preferred;

        }

    }

    family iso {

        address 49.6666.0000.0000.0000.0000.0001.00;

    }

}

 

lab at jr4> show configuration interfaces ge-1/3/0

vlan-tagging;

link-mode full-duplex;

gigether-options {

    no-flow-control;

}

unit 1 {

    vlan-id 1;

    family inet {

        no-redirects;

        policer {

            arp ARP-POLICER;

        }

        address 10.15.4.74/26 {

            vrrp-group 126 {

                virtual-address 10.15.4.126;

                advertise-interval 1;

                accept-data;

            }

        }

    }

    family iso;

    family mpls;

}

More information about the juniper-nsp mailing list