Can someone please help in understanding the meaning of accept-data keyword in vrrp in juniper router.
set interfaces <name> unit <name> family inet address x.x.x.x/y vrrp-group 2 accept-data
Determine whether or not a router that is acting as the master router accepts all packets destined for the virtual IP address.
Check this link:
=====If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
I had gone thorugh this links but facing some issue in understanding this
In a Virtual Router Redundancy Protocol (VRRP) configuration, determine whether or not a router that is acting as the master router accepts all packets destined for the virtual IP address.
# here what is meaning by all packets, is all packets are (traffic OAM and ARP request) packet.
# if i use no-accept-data, so how the traffic will be processed.
If the router acting as the master router is the IP address owner or has its priority set to 255, the master router, by default, responds to all packets sent to the virtual IP address. However, if the router acting as the master router does not own the IP address or has its priority set to a value less than 255, the master router responds only to ARP requests.
# if the router is not owning the ip address or the priority is less then 255 then master will only respond to arp request, does that mean it will not proccess other packets apart from arp, if so will it be dropped or proccessed by secondary router.
Please help in understanding this. Thanks!!
just short comment: without accept-data the VRRP master (not address owner, priority < 255) will no answer ping/ssh/etc to VRRP address. It's VRRP RFC behaviour.
Without accept-data you will not able to ping VRRP address, also it will no accept ssh/telnet on it.
In many cases I enable accept-data, so users can ping default gateway address.
so should i always set priority to 255 or just configure accept data...what is the best practice....Thank goodness i found this post ..as i could not ping my vrrp address!!!!
You need to have accept data enabled for the ping response to work.
This is the most common deploy that I've seen. Never worked anywhere where this was not implemented.
jtb is correct. By default, if you wanted to run some ping test from a client to see if it can reach the default gateway (VIP addres), it will not respond; that is by the design of the VRRP protocol. So in order to allow the virtual IP address to respond to ping tests, you must configure the accept-data option.
Accept_Mode Controls whether a virtual router in
Master state will accept packets
addressed to the address owner's IPvX
address as its own if it is not the IPvX
address owner. The default is False.
Deployments that rely on, for example,
pinging the address owner's IPvX address
may wish to configure Accept_Mode to