Sofware-Defined Networking

Reply
Occasional Contributor
Posts: 10
Registered: ‎10-12-2017

vrrp vrrp-group rfc-compability

Hello,

 

I have a problem that I don´t understand or can fix. I have a cluster of two Vyatta firewall with a VRRP configuration with a few virtual address binded.

If the command "set interfaces bonding dp0bond0 vif 884 vrrp vrrp-group 1 'rfc-compatibility'" I can not ping a machine in the local connected network but from the standby firewall.

 

set interfaces bonding dp0bond0 vif 884 vrrp vrrp-group 1 virtual-address '10.127.188.1/26'

config of Vyatta1:

interfaces {
        bonding dp0bond0 {
                address 10.126.36.88/26
                mode lacp
                vif 884 {
                        address 192.168.210.1/30
                        description Management
                        vlan 884
                        vrrp {
                                vrrp-group 1 {
                                        preempt false
                                        priority 254

                                        rfc-compatibility
                                        sync-group vgroup1
                                        virtual-address 10.126.97.209/28
                                        virtual-address 10.126.42.1/26
                                        virtual-address 10.127.112.128/28
                                        virtual-address 10.127.188.1/26q

 

Test and show:

Vyatta1:~$ sh vrrp
                                 RFC        Addr   Last        Sync
Interface         Group  State   Compliant  Owner  Transition  Group
---------         -----  -----   ---------  -----  ----------  -----
dp0bond0          1      MASTER  dp0vrrp3   no     1h49m37s    vgroup1
dp0bond0.884      1      MASTER  dp0vrrp5   no     1h49m37s    vgroup1
dp0bond0.932      1      MASTER  dp0vrrp4   no     1h49m37s    vgroup1
dp0bond0.1533     1      MASTER  dp0vrrp1   no     1h49m37s    vgroup1
dp0bond1          1      MASTER  dp0vrrp2   no     1h49m37s    vgroup1

 

Vyatta1:~$ ping 10.127.188.32
PING 10.127.188.32 (10.127.188.32) 56(84) bytes of data.
From 10.127.188.1 icmp_seq=1 Destination Host Unreachable
From 10.127.188.1 icmp_seq=2 Destination Host Unreachable
From 10.127.188.1 icmp_seq=3 Destination Host Unreachable
^C
--- 10.127.188.32 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4146ms
pipe 4
Vyatta1:~$ sh arp
IP Address         HW address        Dataplane  Controller Device
10.126.36.65       00:00:0c:9f:f0:01 VALID      VALID      dp0bond0
159.8.84.49        00:00:0c:9f:f0:01 VALID      VALID      dp0bond1
10.127.188.35      0c:c4:7a:a4:97:54 VALID      VALID      dp0bond0.884
10.127.188.51      0c:c4:7a:66:2b:f2 VALID      VALID      dp0bond0.884
10.127.188.29      0c:c4:7a:a3:cd:da VALID      VALID      dp0bond0.884
10.127.188.32      06:74:8d:f1:3d:fc VALID      VALID      dp0bond0.884
10.127.188.16      0c:c4:7a:a3:fe:56 VALID      VALID      dp0bond0.884
10.126.42.8        00:50:56:9c:d9:a5 VALID      VALID      dp0vrrp5
10.127.188.29      0c:c4:7a:a3:cd:da VALID      VALID      dp0vrrp5
10.127.188.35      0c:c4:7a:a4:97:54 VALID      VALID      dp0vrrp5
10.127.188.51      00:00:00:00:00:00 PENDING    PENDING    dp0vrrp5
10.127.188.32      00:00:00:00:00:00 PENDING    PENDING    dp0vrrp5

 

Vyatta2:

Vyatta2:~$ sh vrrp
                                 RFC        Addr   Last        Sync
Interface         Group  State   Compliant  Owner  Transition  Group
---------         -----  -----   ---------  -----  ----------  -----
dp0bond0          1      BACKUP  dp0vrrp3   no     8h3m34s     vgroup1
dp0bond0.884      1      BACKUP  dp0vrrp5   no     8h3m34s     vgroup1
dp0bond0.932      1      BACKUP  dp0vrrp4   no     8h3m34s     vgroup1
dp0bond0.1533     1      BACKUP  dp0vrrp1   no     8h3m34s     vgroup1
dp0bond1          1      BACKUP  dp0vrrp2   no     8h3m34s     vgroup1

Vyatta2:~$ ping 10.127.188.32
PING 10.127.188.32 (10.127.188.32) 56(84) bytes of data.
64 bytes from 10.127.188.32: icmp_seq=1 ttl=128 time=0.920 ms
64 bytes from 10.127.188.32: icmp_seq=2 ttl=128 time=0.742 ms
64 bytes from 10.127.188.32: icmp_seq=3 ttl=128 time=0.803 ms
^C
--- 10.127.188.32 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2097ms
rtt min/avg/max/mdev = 0.742/0.821/0.920/0.080 ms
Vyatta2:~$ sh arp
IP Address         HW address        Dataplane  Controller Device
159.8.84.49        00:00:0c:9f:f0:01 VALID      VALID      dp0bond1
10.126.36.65       00:00:0c:9f:f0:01 VALID      VALID      dp0bond0
10.126.36.88       0c:c4:7a:63:2f:34 VALID      VALID      dp0bond0

 

Now I delete the command "delete interfaces bonding dp0bond0 vif 884 vrrp vrrp-group 1 'rfc-compatibility" from both firewalls:

 

interfaces {
        bonding dp0bond0 {
                address 10.126.36.88/26
                mode lacp
                vif 884 {
                        address 192.168.210.1/30
                        description Management
                        vlan 884
                        vrrp {
                                vrrp-group 1 {
                                        preempt false
                                        priority 254
                                        sync-group vgroup1
                                        virtual-address 10.126.97.209/28
                                        virtual-address 10.126.42.1/26
                                        virtual-address 10.127.112.128/28
                                        virtual-address 10.127.188.1/26

 

vyatta1:~$ sh vrrp
                                 RFC        Addr   Last        Sync
Interface         Group  State   Compliant  Owner  Transition  Group
---------         -----  -----   ---------  -----  ----------  -----
dp0bond0          1      MASTER  dp0vrrp3   no     2m7s        vgroup1
dp0bond0.884      1      MASTER  no         no     2m7s        vgroup1
dp0bond0.932      1      MASTER  dp0vrrp4   no     2m7s        vgroup1
dp0bond0.1533     1      MASTER  dp0vrrp1   no     2m7s        vgroup1
dp0bond1          1      MASTER  dp0vrrp2   no     2m7s        vgroup1

vyatta1:~$ ping 10.127.188.32
PING 10.127.188.32 (10.127.188.32) 56(84) bytes of data.
64 bytes from 10.127.188.32: icmp_seq=1 ttl=128 time=0.894 ms
64 bytes from 10.127.188.32: icmp_seq=2 ttl=128 time=0.990 ms
64 bytes from 10.127.188.32: icmp_seq=3 ttl=128 time=1.01 ms
^C
--- 10.127.188.32 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2032ms
rtt min/avg/max/mdev = 0.894/0.965/1.012/0.057 ms
vyatta1:~$ sh arp
IP Address         HW address        Dataplane  Controller Device
10.126.36.97       0c:c4:7a:a4:35:6c VALID      VALID      dp0bond0
10.126.36.65       00:00:0c:9f:f0:01 VALID      VALID      dp0bond0
159.8.84.49        00:00:0c:9f:f0:01 VALID      VALID      dp0bond1
10.127.188.35      0c:c4:7a:a4:97:54 VALID      VALID      dp0bond0.884
10.127.188.51      0c:c4:7a:66:2b:f2 VALID      VALID      dp0bond0.884
10.127.188.29      0c:c4:7a:a3:cd:da VALID      VALID      dp0bond0.884
10.127.188.32      06:74:8d:f1:3d:fc VALID      VALID      dp0bond0.884
10.127.188.16      0c:c4:7a:a3:fe:56 VALID      VALID      dp0bond0.884
10.127.112.129     00:00:00:00:00:00 PENDING    PENDING    dp0bond0.884
10.127.112.131     00:50:56:60:70:2b VALID      VALID      dp0bond0.884
10.126.42.2        00:0c:29:09:c4:20 VALID      VALID      dp0bond0.884
10.126.42.8        00:50:56:9c:d9:a5 VALID      VALID      dp0bond0.884
10.126.42.3        00:0c:29:44:d6:96 VALID      VALID      dp0bond0.884
192.168.211.2      0c:c4:7a:a4:35:6c VALID      VALID      dp0bond0.932

 


Vyatta2:~$ sh vrrp
                                 RFC        Addr   Last        Sync
Interface         Group  State   Compliant  Owner  Transition  Group
---------         -----  -----   ---------  -----  ----------  -----
dp0bond0          1      BACKUP  dp0vrrp3   no     3m52s       vgroup1
dp0bond0.884      1      BACKUP  no         no     3m52s       vgroup1
dp0bond0.932      1      BACKUP  dp0vrrp4   no     3m51s       vgroup1
dp0bond0.1533     1      BACKUP  dp0vrrp1   no     3m51s       vgroup1
dp0bond1          1      BACKUP  dp0vrrp2   no     3m52s       vgroup1


Vyatta2:~$ ping 10.126.97.228
PING 10.126.97.228 (10.126.97.228) 56(84) bytes of data.
^C
--- 10.126.97.228 ping statistics ---
14 packets transmitted, 0 received, 100% packet loss, time 13488ms


Vyatta2:~$ ping 10.127.188.32
PING 10.127.188.32 (10.127.188.32) 56(84) bytes of data.
^C
--- 10.127.188.32 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2043ms


Vyatta2:~$ ping 10.127.188.51
PING 10.127.188.51 (10.127.188.51) 56(84) bytes of data.
^C
--- 10.127.188.51 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms


Vyatta2:~$ sh arp
IP Address         HW address        Dataplane  Controller Device
159.8.84.49        00:00:0c:9f:f0:01 VALID      VALID      dp0bond1
10.126.36.88       0c:c4:7a:63:2f:34 VALID      VALID      dp0bond0
10.126.36.65       00:00:0c:9f:f0:01 VALID      VALID      dp0bond0
10.126.42.2        00:0c:29:09:c4:20 VALID      VALID      dp0bond0.884
Vyatta2:~$ ping 10.126.42.2
PING 10.126.42.2 (10.126.42.2) 56(84) bytes of data.
^C
--- 10.126.42.2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2083ms

 

Perhaps somebody knows the problem and the solution or workaround.

 

Best regards

Roger

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook