[j-nsp] vrrp groups

Jonathan Brashear Jonathan.Brashear at hq.speakeasy.net
Fri Oct 30 12:10:35 EDT 2009

Just to verify, the /28 isn't a sub-set of the /27 is it?  Junipers tend not to like setting up multiple netblocks(like a /28 that's inside a previously-configured /27) within the same interface, especially if you attempt to set them both using the same virtual-address.

Network Engineer, JNCIS-M
> 214-981-1954 (office) 
> 214-642-4075 (cell)
> jbrashear at hq.speakeasy.net 
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Niels Ardts
Sent: Friday, October 30, 2009 10:02 AM
To: 'Terry Baranski'; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] vrrp groups

Until now we've always used a seperate vrrp groupid for each vlan.

But after reading this message I decided to give it a try, since I totally agree that it adds some complexity.

If I understand the post correct something like this should work:

noc at XX# show
vlan-id 241;
family inet {
    filter {
        input netflow;
        output netflow;
    address xx/27 {
        vrrp-group 241 {
            virtual-address aaaa;
            priority 250;
            advertise-interval 2;
    address yy/28 {
        vrrp-group 241 {
            virtual-address bbbb;
            priority 250;
            advertise-interval 2;

However, an error is returned:

edit interfaces ae1 unit 241 family inet address yy]
   'vrrp-group 241'
     Duplicate interface: ae1 unit: 241 vrrp-group: 241 for address: bbbb and address: aaaa
error: configuration check-out failed
[edit interfaces ae1 unit 241]

We're running JunOS 8.0R2.8 on a M7i.

Any ideas?



-----Oorspronkelijk bericht-----
Van: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] Namens Terry Baranski
Verzonden: dinsdag 29 september 2009 1:52
Aan: juniper-nsp at puck.nether.net
Onderwerp: Re: [j-nsp] vrrp groups

On Mon, Sep 28, 2009 at 19:10:59, Harry Reynolds wrote:

> Note that while you can assign the same group number to multiple ifls
> on the same IFD best practice is not to as this can cause some issues
> with learning bridges as noted below, each group shares the same v-mac.

I have to say -- this is a recommendation from Juniper that I've never
understood.  We've used group 1 exclusively for years (with hundreds of
VLANs per interface in some cases) without issue.  Using separate group IDs
seems overly complex and unnecessary.  As long as your switches aren't
bleeding VLANs together there's no conceivable harm. (And if they do, having
the same group ID ensures you'll discover the problem quickly. :-)

To clarify for the original poster: there's no *hard limit* which will
prevent you from configuring 300 VRRP groups (with non-unique group IDs) on
one physical interface. (Even though the documentation said otherwise up
until 9.6.)  I would expect things to generally be okay with default timers
but I've never tried group counts in the hundreds with anything smaller than
an m40e.


juniper-nsp mailing list juniper-nsp at puck.nether.net

Tenzij schriftelijk anders is overeengekomen, zijn op al onze rechtsbetrekkingen de Algemene Voorwaarden van Intermax van toepassing. Deze zijn middels deze directe link http://www.intermax.nl/algemenevoorwaardenintermax.pdf in te zien en/of kunnen op verzoek worden toegezonden. Toepasselijkheid van eventuele inkoop- of andere voorwaarden van opdrachtgever dan wel van derden wordt dan ook uitdrukkelijk van de hand gewezen. Nederlands recht is exclusief van toepassing.

De informatie verzonden met dit E-mail bericht is uitsluitend bestemd voor de geadresseerde. Gebruik van deze informatie door anderen dan de geadresseerde is verboden. Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking van deze informatie aan derden is niet toegestaan. Intermax staat niet in voor de juiste en volledige overbrenging van de inhoud van een verzonden E-mail, noch voor tijdige ontvangst daarvan.

Please consider the environment before printing this e-mail.

juniper-nsp mailing list juniper-nsp at puck.nether.net

More information about the juniper-nsp mailing list