Is VRRP working in 6.38.5?

Wyz4k · April 3, 2017, 7:30am

Hi there,

I’m trying to implement VRRP on three routers. They have unique IP addresses on the network and then share one IP address on the VRRP interface.

I’ve tried:

Making the VRID the same, or different on all devices
Making the VRRP IP /32 or /24
Changing the master interface from a mesh interface to a LAN interface.
I’ve tried v2 and v3.
I’ve tried with authentication and without.
I’ve tried deleting the interfaces and recreating them.

I can’t get it to work. They all start up as backup, but then after a few seconds they are all running and master.

Sometimes after repeatedly enabling and disabling the interfaces I can get 2 of the three to behave properly in a master/slave relationship.

mavink · April 12, 2017, 5:32am

From your description it sounds like the VRRP broadcasts don’t make it to the other routers. Might there be a firewall for inbound traffic on these firewalls that blocks this?

Wyz4k · April 28, 2017, 2:07am

Hi mavink,

I’m back on this topic again. I’ve looked for which ports / protocols need to be opened for VRRP and there isn’t a lot of info. So I went the other way and managed to get one setup which works and then tried to break it. Ironically, I’m not able to break it now…

Do you know which ports / protocols VRRP needs?

mrz · April 28, 2017, 9:57am

VRRP uses multicast. If you have devices between both routers that cannot forward multicast then you will have a problem.

Wyz4k · May 1, 2017, 1:07am

The devices are directly connected either through mesh, or through Ethernet with an unmanaged switch. There isn’t anything else in-between. What concerns me is that I’m not able to stop multicast going out even if I try. a reject/drop rule on the multicast dest ip and output chain doesn’t trigger at all.