Page 1 of 1

VRRP is working on VLANs properly ;)

Posted: Mon Aug 13, 2007 8:26 pm
by phendry
Hi all. For a long time we had been hoping to use VRRP on VLAN interfaces but never worked correctly as the vlan interface always had the same mac as the real ethernet interface it was on and couldn't be changed to a virtual address. Every now and then I upgrade a couple of test boxes we have and see if it has been resolved. Today I tried 2.9.45 but still no joy however I noticed in the changelog for V3 that there was a "new VRRP implementation" so I stuck RC2 on and it worked. I have tried all sorts of fail-over testing and seems perfect. I was wondering what is being done differently to get round the original issue.

Great work BTW ;)

Re: VRRP is working on VLANs properly ;)

Posted: Mon Aug 13, 2007 8:49 pm
by savage
Strangely enough, I'm sitting here playing with the exact same thing currently :)

One stupid question if you don't mind though... Where in V3 do you specify the virtual IP addresses? :? I must have missed it somewhere in RC2...

Re: VRRP is working on VLANs properly ;)

Posted: Mon Aug 13, 2007 9:08 pm
by phendry
The VRRP shows up as a new interface so you add it the same way you add any other ip address to an interface.

Re: VRRP is working on VLANs properly ;)

Posted: Mon Aug 13, 2007 9:22 pm
by savage
Hmm yeah, figured that one out a few seconds after posting my Silly Tosser(TM) question... The IP isn't showed as a dynamic address however, I guess that's what confused me a bit....

Re: VRRP is working on VLANs properly ;)

Posted: Mon Aug 13, 2007 9:35 pm
by phendry
Nope but looks to behave as per design which is the important bit. Just need to test various other parts of V3 now before leaving for a week then roling out on a small section of the network ;) Let me know how your testing goes too.

Re: VRRP is working on VLANs properly ;)

Posted: Tue Aug 14, 2007 1:33 am
by savage
Phendry, can you possibly post your config?

I'm having issues - one router does not seem to transmit the VRRP advertisements... Not quite sure if it's my gear or not (swears @ VMWare)

Router 1:
# aug/14/2007 00:27:20 by RouterOS 3.0rc2
# software id = 4TPB-QRN
#
/interface vlan
add arp=enabled comment="" disabled=no interface="Internal Network" mtu=1500 name="VLAN0970" vlan-id=970

/interface vrrp
add arp=enabled authentication=none comment="" disabled=no interface=VLAN0970 interval=1 mtu=1500 name="VRRP - VLAN0970" on-backup="" on-master="" \
    password="" preemption-mode=yes priority=100 vrid=97

/ip address
add address=198.19.3.3/29 broadcast=198.19.3.7 comment="" disabled=no interface=VLAN0970 network=198.19.3.0
add address=198.19.3.1/32 broadcast=198.19.3.1 comment="" disabled=no interface="VRRP - VLAN0970" network=198.19.3.1

/ip arp print
...
10 D 198.19.3.2      00:0C:29:89:57:3C VLAN0970

/ping 198.19.3.2
198.19.3.2 ping timeout

/interface vrrp print detail
...
98    B name="VRRP - VLAN0970" mtu=1500 mac-address=00:00:5E:00:01:61 arp=enabled interface=VLAN0970 vrid=97 priority=100 interval=1 preemption-mode=yes
        authentication=none password="" on-backup="" on-master=""
...
Router 2:
# aug/14/2007 02:32:09 by RouterOS 3.0rc2
# software id = W3XA-ELN
#
/interface vlan
add arp=enabled comment="" disabled=no interface="Internal Network" mtu=1500 name="VLAN0970" vlan-id=970

/interface vrrp
add arp=enabled authentication=none comment="" disabled=no interface=VLAN0970 interval=1 mtu=1500 name="VRRP - VLAN0970" on-backup="" on-master="" \
    password="" preemption-mode=yes priority=255 vrid=97

/ip address
add address=198.19.3.2/29 broadcast=198.19.3.7 comment="" disabled=no interface=VLAN0970 network=198.19.3.0
add address=198.19.3.1/32 broadcast=198.19.3.1 comment="" disabled=no interface="VRRP - VLAN0970" network=198.19.3.1

/ip arp print
 0 D 192.168.1.10    00:17:31:C4:63:62 Internal Network
^^ Yes, NO arp entry for 198.19.3.3 :(

/ping 198.19.3.3
198.19.3.3 ping timeout

/interface vrrp print detail
96   RM name="VRRP - VLAN0970" mtu=1500 mac-address=00:00:5E:00:01:61 arp=enabled interface=VLAN0970 vrid=97 priority=255 interval=1 preemption-mode=yes
        authentication=none password="" on-backup="" on-master=""
Looking at packet dumps, I see VRRP Advertisements from 198.19.3.2 -> 224.0.0.18, but no traffic from 198.19.3.3 -> 224.0.0.18... Argh!!!

Re: VRRP is working on VLANs properly ;)

Posted: Tue Aug 14, 2007 1:58 am
by phendry
Why are you using 198.19.3.1/32 as the VRRP address? With a /32 netmask you wont get any other devices on that vlan to reach it. Try using a /24 class C with .251 on one vlan interface, .252 on the other and .254 as the VRRP address.

Re: VRRP is working on VLANs properly ;)

Posted: Wed Feb 20, 2008 10:00 am
by brotherdust
phendry, could you please tell me how you managed to get vrrp and vlans to play nice? Perhaps a sample config? I greatly appreciate it.
-Dust

Re: VRRP is working on VLANs properly ;)

Posted: Wed Feb 20, 2008 11:09 am
by piwi3910
i also have vrrp and vlans working correctly...
i only had to do 1 thing...

i put in the script section
a disable and enable script of the interfaces.
if i don't do that it doesn't work.

in the on master i have
/interface vlan set VLAN300-VmwareInstallNetwork disabled=yes
/interface vlan set VLAN300-VmwareInstallNetwork disabled=no

/interface vlan set VLAN900-Management disabled=yes
/interface vlan set VLAN900-Management disabled=no

/interface vlan set VLAN100-Exchange disabled=yes
/interface vlan set VLAN100-Exchange disabled=no

/interface vlan set VLAN101-NS disabled=yes
/interface vlan set VLAN101-NS disabled=no

/interface vlan set VLAN102-MAIL disabled=yes
/interface vlan set VLAN102-MAIL disabled=no

/interface vlan set VLAN103-NTHOSTING disabled=yes
/interface vlan set VLAN103-NTHOSTING disabled=no

/interface vlan set VLAN104-LNXHOSTING disabled=yes
/interface vlan set VLAN104-LNXHOSTING disabled=no

/interface vlan set VLAN501-COLO-VMWARE-piwi disabled=yes
/interface vlan set VLAN501-COLO-VMWARE-piwi disabled=no

/interface vlan set VLAN105-STORAGE disabled=yes
/interface vlan set VLAN105-STORAGE disabled=no

/interface vlan set VLAN106-SHARED-EXCHANGE disabled=yes
/interface vlan set VLAN106-SHARED-EXCHANGE disabled=no

in the on backup i have the same.

if i run this now, and unplug one router; evrything switches over perfectly and works.
without the enable and disable of the vlans, thay stay red and don't work.

Re: VRRP is working on VLANs properly ;)

Posted: Wed Feb 20, 2008 5:59 pm
by brotherdust
Interesting! The only way I can get my vrrp interfaces from being red is by giving an IP to it's parent interface as well as assigning an IP to the vrrp interface. Ok.. I'm going to try this.

Re: VRRP is working on VLANs properly ;)

Posted: Wed Mar 12, 2008 9:25 am
by Alligator
We are also using VRRP and vlans, i had to add the disable on/off to vrrp "on master" and "on backup" script.
(not needed in some early 3.0rc.. nevermind it works anyway)

Actually we are running 2 RSTP Switches -> bonding -> VRRP -> 10 VLANS to eliminate SPOF´s. :)