Juniper VRRP setup

I know Cisco support VRRP and GRRP but I’ve always used HSRP as my redundant gateway of choice. In the scope of the JN0-348 the only redundant gateway is VRRP (Virtual Router Redundancy Protocol). Its similar to HSRP so should not pose much of a config challenge. Let’s run over a few facts:

Router Roles:
VRRP Router – any router participating in the VRRP process.
Master Router – the router doing the forwarding.
Backup Router – the router that will take the forwarding role on in the event of a failure
Virtual Router – the IP address which is the ‘dummy’

Communication:
All the VRRP routers must connect via a common LAN segment and uses multicast IP 224.0.0.18 with a TTL of 255. default timer is 1 second

Master Election:
By configurable priority with 100 being the default. Higher is better. The other option is to assign the Virtual IP to the physical interface of the box you want to be the master. Preemption is off by default and tuneable.

State:
Init – the router is still initialising. Matster, Backup and Transition (between master and backup etc).

Configuration:
The config is a subset of the ip address of the interface. The VRRP Group number must be consistent across all VRRP routers sharing the VIP.
On SRX1

root# set interfaces ge-0/0/5 unit 0 family inet address 172.16.55.251/24 vrrp-group 55 virtual-address 172.16.55.1
root# set interfaces ge-0/0/5 unit 0 family inet address 172.16.55.251/24 vrrp-group 55 priority 120
root# set interfaces ge-0/0/5 unit 0 family inet address 172.16.55.251/24 vrrp-group 55 preempt

On SRX2

root@SRX2# set interfaces fe-0/0/1 unit 0 family inet address 172.16.55.252/24 vrrp-group 55 virtual-address 172.16.55.1

Verification SRX1:

root> show vrrp summary  
Interface     State       Group   VR state       VR Mode    Type   Address 
ge-0/0/5.0    up             55   master          Active    lcl    172.16.55.251      
                                                            vip    172.16.55.1   

Verification SRX2:

root@SRX2> show vrrp summary    
Interface     State       Group   VR state       VR Mode    Type   Address 
fe-0/0/1.0    up             55   backup          Active    lcl    172.16.55.252      
                                                            vip    172.16.55.1     

Saving that 3rd IP address!
We now we can assign the ‘hot’ IP to an actual interface, so here is how it looks from SRX2 point of veiw:

root@SRX2# show interfaces fe-0/0/1          
description "*** LAN PORT ***";
unit 0 {
    family inet {
        address 172.16.55.1/24 {
            vrrp-group 55 {
                virtual-address 172.16.55.1;
                priority 255;
            }
        }
    }
}

Note that when I changed the IP on the fe-0/0/1 interface it ripped out all the VRRP config as its all ‘downstream’ of the IP address. The verification now looks like:

root@SRX2> show vrrp summary 
Interface     State       Group   VR state       VR Mode    Type   Address 
fe-0/0/1.0    up             55   master          Active    lcl    172.16.55.1        
                                                            vip    172.16.55.1     

and the SRX1 which was formerly the master looks like:

root> show vrrp summary 
Interface     State       Group   VR state       VR Mode    Type   Address 
ge-0/0/5.0    up             55   backup          Active    lcl    172.16.55.251      
                                                            vip    172.16.55.1        

So the final test was to pull the cable out of the master (SRX2) and check it fails over nicely. Here is the extract from the log file:

Sep 23 15:37:02   vrrpd[1972]: VRRPD_NEW_MASTER: Interface ge-0/0/5.0 (local address 172.16.55.251) became VRRP master for group 55 with master reason masterNoResponse
This entry was posted in Juniper and tagged , , , . Bookmark the permalink.