[j-nsp] IPv6 VRRP issue on SRX100

Try Chhay try at eintellego.asia
Mon Dec 31 03:11:37 EST 2012 

Thanks for all advice.

>[edit interfaces ]

>ge-0/0/1 {

>promiscuous-mode;

 >unit 0 family ethernet-switching etc etc

no luck for above command on SRX100.

After changing to *packet base *for IPv6, the IPv6 VRRP seems to be working
as expected. The higher priority is master and lower priority is backup.
However, client still can not ping virtual IPv6 address while it can ping
to each IPv6 on both SRX100. I have disabled igmp snooping on Cisco switch
ready, but still no luck. Please help to advice or comments. Thanks!

*To enable packet mode for IPv6 on each SRX100
*

*# show security forwarding-options
family {
    inet6 {
        mode packet-based;
    }
}
*

*To enable the virtual IPv6 address to advertisement on each SRX100
*

*# show protocols router-advertisement
interface vlan.90 {
    max-advertisement-interval 4;
    virtual-router-only;
    prefix 2001::/64;
}*

On Sat, Dec 29, 2012 at 11:08 PM, Chuck Anderson <cra at wpi.edu> wrote:

> On Sat, Dec 29, 2012 at 09:28:53PM +0700, Try Chhay wrote:
> > Problem: *Both SRX100 IPv6 VRRP are master role.*
> >
> > The topology is that two SRX100 are connected to Cisco 2950 switch. After
> > configure IPv4 and IPv6 VRRP ready getting IPv4 VRRP is working as
> normal,
> > but IPv6 VRRP is not working. A PC is able to ping IPv6 on each SRX100
> but
> > it is unable to ping virtual IPv6 address. Please advice or comment to
> fix
> > IPv6 VRRP to work on SRX100. Thanks!
>
> > Result:
> > SRX100-A# run show vrrp
> > Interface     State       Group   VR state VR Mode   Timer    Type
> Address
> ,,,
> > vlan.90       up              2   master   Active      A  0.369 lcl
>  2001::2
> >                                                                 vip
>  fe80::1
> >                                                                 vip
>  2001::1
> >
> > SRX100# run show vrrp
> > Interface     State       Group   VR state VR Mode   Timer    Type
> Address
> ...
> > vlan.90       up              2   master   Active      A  0.734 lcl
>  2001::3
> >                                                                 vip
>  fe80::1
> >                                                                 vip
>  2001::1
>
> It seems like the SRXes aren't seeing each others' IPv6 VRRPv3
> advertisements.  Do a "show vrrp interface vlan.90" and look at
> Advertisement sent and Advertisement received counters on both SRXes
> to verify if that is the case.
>
> If so, check the Cisco 2950 switch to be sure it isn't blocking IPv6
> multicast VRRPv3 packets.  Try turning off IPv4 IGMP Snooping on the
> Cisco.  IGMP Snooping implementations in general have been known to
> interfere with non-IPv4 multicast transmission which usually doesn't
> get noticed or cause problems unless you are using IPv6 or IS-IS.  See
> RFC 4541.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list