[j-nsp] VRRP and IPv6 router advertisements

Chris Spears cspears at eng.oar.net
Tue Oct 13 11:27:50 EDT 2009 

Set "virtual-router-only" under your router-advertisement; then only the 
VRRP master will send RA's.

http://www.juniper.net/techpubs/en_US/junos9.5/information-products/topic-collections/swconfig-high-availability/vrrp-master-router-advertisement-interval-configuring.html


--Chris


Tore Anderson wrote:
> Hi,
> 
> I've got some problems getting VRRP and router advertisements to play
> nice.  I configured my MXes like this (based on the example in the High
> Availability Configuration Guide):
> 
> On router A:
> 
> [edit interfaces xe-1/1/0 unit 524 family inet6]
> rpf-check;
> address fe80::221:5900:3e0e:633a/64;
> address 2a02:c0:1011:0:ffff::2/64 {
>     vrrp-inet6-group 0 {
>         virtual-inet6-address 2a02:c0:1011:0:ffff::1;
>         virtual-link-local-address fe80::200:5e00:3e00:0200;
>     }
> }
> 
> On router B:
> 
> [edit interfaces xe-1/1/0 unit 524 family inet6]
> rpf-check;
> address fe80::221:5900:3e0e:933a/64;
> address 2a02:c0:1011:0:ffff::3/64 {
>     vrrp-inet6-group 0 {
>         virtual-inet6-address 2a02:c0:1011:0:ffff::1;
>         virtual-link-local-address fe80::200:5e00:3e00:0200;
>     }
> }
> 
> On both routers:
> 
> [edit protocols router-advertisement interface xe-1/1/0.524]
> max-advertisement-interval 4;
> prefix 2a02:c0:1011:0::/64;
> 
> It all seems to work fine, one of the routers gets to be master, the
> other on backup, and so on.  However both routers are sending out RAs
> for the static link-local addresses on their interfaces (the master is
> sending out for the virtual one as well), so the routing table of a
> host (running Linux) on this network ends up looking like this:
> 
> $ ip -6 r l default
> default via fe80::221:5900:3e0e:933a dev bond0.524  proto kernel  metric 1024  expires 10sec mtu 1500 advmss 1440 hoplimit 64
> default via fe80::221:5900:3e0e:633a dev bond0.524  proto kernel  metric 1024  expires 9sec mtu 1500 advmss 1440 hoplimit 64
> default via fe80::200:5e00:3e00:200 dev bond0.524  proto kernel  metric 1024  expires 10sec mtu 1500 advmss 1440 hoplimit 64
> 
> So it's just pure luck if the host actually uses the highly available
> address as it's default router or not (here the outbound path is
> constantly changing).  Since the RAs are sent so often and the routes
> expire so fast, I do get some sort of router redundancy, but VRRP
> itself doesn't appear to do anthing useful here at all.
> 
> I have a hard time believing this is how it is supposed to work...  I
> would assume that the RAs should have been sent only from the virtual
> router address by the master router and not from the static addresses,
> or that the ones sent from the static addresses would be marked with a
> higher metric or lower preference or something like that (if that is
> indeed possible).  Can't figure out how, though.
> 
> I'd appreciate any suggestions or other input!
> 
> Also I'm wondering about a couple of other related things:
> 
> 1) virtual-inet6-address mandatory, a configuration without it won't
> commit.  Anyone have any idea why that is?  It's the link-local address
> that's used by the host as the next-hop anyway, so that address seems
> quite pointless to me.
> 
> 2) Use of EUI-64 is disallowed when VRRP is configured.  Why is that?
> 
> Best regards,

More information about the juniper-nsp mailing list