Solved

JUniper router vrrp issue.  both routers remain master

Posted on 2013-01-25
7
2,938 Views
Last Modified: 2013-01-31
I am having an issue with 2 Juniper routers where all of the vrrp groups between them are in a master state despite the fact I have given one router higher priority than the other.
The one exception is the fxp0.0 port.  This started to happen after rebooting both routers as part of maintenance test.   Can someone help me determine why this is happening? or how I can fix it?

here is a sample of config router 1:
set interfaces ge-1/0/2 unit 1700 family inet address 10.66.251.66/28 vrrp-group 5 virtual-address 10.66.251.65
set interfaces ge-1/0/2 unit 1700 family inet address 10.66.251.66/28 vrrp-group 5 priority 110
set interfaces ge-1/0/2 unit 1700 family inet address 10.66.251.66/28 vrrp-group 5 preempt
set interfaces ge-1/0/2 unit 1700 family inet address 10.66.251.66/28 vrrp-group 5 accept-data

router 2:
set interfaces ge-1/0/2 unit 1700 family inet address 10.66.251.67/28 vrrp-group 5 virtual-address 10.66.251.65
set interfaces ge-1/0/2 unit 1700 family inet address 10.66.251.67/28 vrrp-group 5 priority 105
set interfaces ge-1/0/2 unit 1700 family inet address 10.66.251.67/28 vrrp-group 5 preempt
set interfaces ge-1/0/2 unit 1700 family inet address 10.66.251.67/28 vrrp-group 5 accept-data

router 1 vrrp status:
ge-1/0/2.1700 up              5   master   Active      A  0.832 lcl    10.66.251.66
                                                                vip    10.66.251.65

router 2 vrrp status:
ge-1/0/2.1700 up              5   master   Active      A  0.531 lcl    10.66.251.67
                                                                vip    10.66.251.65


Model: mx80
JUNOS Base OS boot [10.3R2.11]
JUNOS Base OS Software Suite [10.3R2.11]
JUNOS Kernel Software Suite [10.3R2.11]
JUNOS Crypto Software Suite [10.3R2.11]
JUNOS Packet Forwarding Engine Support (MX80) [10.3R2.11]
JUNOS Online Documentation [10.3R2.11]
JUNOS Routing Software Suite [10.3R2.11]


thanks
0
Comment
Question by:FREDARCE
7 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 38822114
try deleting the pre empt on the back up node, it does nothing here

also is there anything in between the 2 routers that may be stopping the VRRP multicast cos both nodes that think they are master normally means that VRRP isnt getting through
0
 

Author Comment

by:FREDARCE
ID: 38822497
I deleted the preempt on the backup node but still no difference.  I also spanned the ports on the switch the routers are connected to and i can see VRRP advertisements from borh routers.  Strange part is the vrrp stats on the router only show that the router is sending vrrp and showing 0 for recieved?
0
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 38823089
Check the switch between the routers and make sure it's passing the multicast packets for VRRP. What you describe is a failure of the vrrp packets bud.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 17

Expert Comment

by:rochey2009
ID: 38823161
Hi,

Can you ping 10.66.251.67 from 10.66.251.66?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 38823270
Not sure about the Juniper implementation, but unlike HSRP, in VRRP the preferred master router should be the "IP address owner", meaning that the physical interface address is the virtual address (RFC5798).
Did you change the JunOS version by chance during that maintenance reboot, so the behavior might have changed?

Tamas
0
 

Author Closing Comment

by:FREDARCE
ID: 38840823
appears to be a bug in Cisco switch that doesn't forward the multicast packets.  Another reboot of switch is a workaround.  Fix is to upgrade IOS.

thanks
0
 
LVL 18

Expert Comment

by:deimark
ID: 38840939
Glad I could help bud  :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now