[j-nsp] IPv6 VRRP issue on SRX100

Sat Dec 29 11:08:40 EST 2012

On Sat, Dec 29, 2012 at 09:28:53PM +0700, Try Chhay wrote:
> Problem: *Both SRX100 IPv6 VRRP are master role.*
> 
> The topology is that two SRX100 are connected to Cisco 2950 switch. After
> configure IPv4 and IPv6 VRRP ready getting IPv4 VRRP is working as normal,
> but IPv6 VRRP is not working. A PC is able to ping IPv6 on each SRX100 but
> it is unable to ping virtual IPv6 address. Please advice or comment to fix
> IPv6 VRRP to work on SRX100. Thanks!

> Result:
> SRX100-A# run show vrrp
> Interface     State       Group   VR state VR Mode   Timer    Type   Address
,,,
> vlan.90       up              2   master   Active      A  0.369 lcl  2001::2
>                                                                 vip  fe80::1
>                                                                 vip  2001::1
> 
> SRX100# run show vrrp
> Interface     State       Group   VR state VR Mode   Timer    Type   Address
...
> vlan.90       up              2   master   Active      A  0.734 lcl  2001::3
>                                                                 vip  fe80::1
>                                                                 vip  2001::1

It seems like the SRXes aren't seeing each others' IPv6 VRRPv3
advertisements.  Do a "show vrrp interface vlan.90" and look at
Advertisement sent and Advertisement received counters on both SRXes
to verify if that is the case.

If so, check the Cisco 2950 switch to be sure it isn't blocking IPv6
multicast VRRPv3 packets.  Try turning off IPv4 IGMP Snooping on the
Cisco.  IGMP Snooping implementations in general have been known to
interfere with non-IPv4 multicast transmission which usually doesn't
get noticed or cause problems unless you are using IPv6 or IS-IS.  See
RFC 4541.