[j-nsp] IPv6 VRRP issue on SRX100

Mark Kamichoff prox at prolixium.com
Sat Dec 29 10:23:25 EST 2012 

On Sat, Dec 29, 2012 at 09:28:53PM +0700, Try Chhay wrote:
> Problem: *Both SRX100 IPv6 VRRP are master role.*
> 
> The topology is that two SRX100 are connected to Cisco 2950 switch.
> After configure IPv4 and IPv6 VRRP ready getting IPv4 VRRP is working
> as normal, but IPv6 VRRP is not working. A PC is able to ping IPv6 on
> each SRX100 but it is unable to ping virtual IPv6 address. Please
> advice or comment to fix IPv6 VRRP to work on SRX100. Thanks!

The knee-jerk reaction is for me to tell you to "correctly configure
host inbound traffic configuration to allow vrrp."  However I remember
running into a similar situation several months back on a pair of
SRX210HEs and the conclusion was that IPv6 VRRP is not supported on the
SRX.  However, I believe it was only because we were running the boxes
in flow mode.  It's possible switching to packet mode may work (I can't
tell by the configuration what mode you're in), although that may not be
acceptable solution in your environment.

- Mark

> *SRX100-A# show interfaces vlan unit 90
> family inet {
>     address 192.168.147.2/24 {
>         vrrp-group 1 {
>             virtual-address 192.168.147.1;
>             priority 110;
>             preempt;
>             accept-data;
>         }
>     }
> }
> family inet6 {
>     address fe80::2/64;
>     address 2001::2/64 {
>         vrrp-inet6-group 2 {
>             virtual-inet6-address 2001::1;
>             virtual-link-local-address fe80::1;
>             priority 110;
>             preempt;
>             accept-data;
>         }
>     }
> }
> 
> 
> SRX100-B# show interfaces vlan unit 90
> family inet {
>     address 192.168.147.3/24 {
>         vrrp-group 1 {
>             virtual-address 192.168.147.1;
>             preempt;
>             accept-data;
>         }
>     }
> }
> family inet6 {
>     address fe80::3/64;
>     address 2001::3/64 {
>         vrrp-inet6-group 2 {
>             virtual-inet6-address 2001::1;
>             virtual-link-local-address fe80::1;
>             priority 100;
>             preempt;
>             accept-data;
>         }
>     }
> }
> Result:
> SRX100-A# run show vrrp
> Interface     State       Group   VR state VR Mode   Timer    Type   Address
> vlan.90       up              1   master   Active      A  0.196 lcl
> 192.168.147.2
>                                                                 vip
> 192.168.147.1
> vlan.90       up              2   master   Active      A  0.369 lcl
> 2001::2
>                                                                 vip
> fe80::1
>                                                                 vip
> 2001::1
> 
> SRX100# run show vrrp
> Interface     State       Group   VR state VR Mode   Timer    Type   Address
> vlan.90       up              1   backup   Active      D  3.310 lcl
> 192.168.147.3
>                                                                 vip
> 192.168.147.1
>                                                                 mas
> 192.168.147.2
> vlan.90       up              2   master   Active      A  0.734 lcl
> 2001::3
>                                                                 vip
> fe80::1
>                                                                 vip
> 2001::1
> *
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

-- 
Mark Kamichoff
prox at prolixium.com
http://www.prolixium.com/

More information about the juniper-nsp mailing list