Junos OS

Expand all | Collapse all

VRRP: Can not ping all 3 addresses, is that normal? (virtual ip, physical, physical)

  • 1.  VRRP: Can not ping all 3 addresses, is that normal? (virtual ip, physical, physical)

    Posted 06-25-2018 08:50

    Hello

    I have configured VRRP between two Juniper MX and I want to ping all three addresses (virtual ip, physical, physical) from the OUTSIDE of my network.


    From the inside I can ping all three and everything works fine.
    From the outside, I can only ping two of the addresses:
    *the virtual ip
    *and the address of the router where the EBGP traffic enters my network

    If I steer the traffic via BGP MED to router2, then the router2 physical ip will become reachable and router1 physical ip will stop responding to ping.

     

    Is that normal?
    Why can't the the routers reach each other on the vrrp interface?



  • 2.  RE: VRRP: Can not ping all 3 addresses, is that normal? (virtual ip, physical, physical)

    Posted 06-25-2018 23:23

    i'd think of some broken routing and/or rpf.  For example if you're not announcing the route to your provider on the inactive router, the provider might be filtering traffic coming from you because of RPF.

     

    diag:

    run traceroute to the IP to see where the traffic to the (inactive router) IP goes and where it stops answerring, 

    check on the last hop that is answerring that the route TO your inactive router is correct,

    then check the reverse path: where is the route to your OUTSIDE ip (from where you are pinging) pointing to? what kind of devices are there, who owns them? can you traceroute from the inactive device to the outside? Whats the path?

     

    come back with these details if that steps don't enlighten you by yourself.



  • 3.  RE: VRRP: Can not ping all 3 addresses, is that normal? (virtual ip, physical, physical)

    Posted 06-26-2018 02:31

    Hello

     

    let me say first that VRRP works correctly and everything is online. This is just a cosmetic issue (not being able to ping all three addresses from the outside) that sparked my curiosity.

     

    By default the route from router1 to the vrrp physical address of router2 will point downstream to my switches. In that case I can observe the behaviour described in my first post (only 2 of 3 addresses can be reached from the outside). If I configure the following:

     

    set routing-options interface-routes family inet export point-to-point lan

     

    on both routers then I can ping all three addresses from the outside. This is because the interface routes will export via ibgp from router1 to router2 and vice versa. With this option the route from router1 to the vrrp physical address of router2 will point to the IBGP link between the two routers and I can ping all three addresses.

     

    I just don't understand why I need to export interface-routes in routing-options for this to work - technically router1 should be able to reach router2 by sending my ping packet downstream to my switch and then it should go through the broadcast domain on the switch up to router2.



  • 4.  RE: VRRP: Can not ping all 3 addresses, is that normal? (virtual ip, physical, physical)

     
    Posted 06-30-2018 11:22

    Hi folks,

    Do you have accept-data statement included in the configuration?

     

     



  • 5.  RE: VRRP: Can not ping all 3 addresses, is that normal? (virtual ip, physical, physical)

    Posted 06-30-2018 11:39

    Hi,

    It would be helpful if you share the relevant config from your routers.

    //Regards

    AD