Hi,
We have two Routers (A and B)
Two Upstream Networks (same ISP) /30 on each of the Wans
Same /29 on the Lan of each Router (VRRP) with eBGP to both Upstream Networks
Failover works very good if a rouer was to go down, the Lan IP address moves over.
However, what if the Wan goes down on one of the routers?
BGP Session will fail, but i guess the Virtual IPs on the VRRP will not move over?
What is the best way to ensure if the wan fails on router a, that the IP Range on Lan moves to Rouer 2?
Re: Advanced VRRP Setup
Are you using one of the /29 LAN address as the VRRP address (as a /32), and each router has it unique one from same /29? That all it should take for the VRRP part here.
The upstream would see with RouterA or RouterB's MAC, but always get the VRRP address. This means one router is handling all the LAN traffic, but that just how VRRP works (e.g. one is the master). But VRRP doesn't concern itself with route liveness, VRRP helps more with link failures between routers, not the upstream.
Either router should have BGP peers, so not sure where the concern over the WAN be - kind why your using BGP.
Just a thought, I've never combined VRRP and eBGP, and exactly what going on the with /29 and /30s matters. But this strikes me as something iBGP might be better suited for. But I might be missing something where the VRRP fits in here.
The upstream would see with RouterA or RouterB's MAC, but always get the VRRP address. This means one router is handling all the LAN traffic, but that just how VRRP works (e.g. one is the master). But VRRP doesn't concern itself with route liveness, VRRP helps more with link failures between routers, not the upstream.
Either router should have BGP peers, so not sure where the concern over the WAN be - kind why your using BGP.
Just a thought, I've never combined VRRP and eBGP, and exactly what going on the with /29 and /30s matters. But this strikes me as something iBGP might be better suited for. But I might be missing something where the VRRP fits in here.
Re: Advanced VRRP Setup
hello.
afaik, vrrp is built mostly as lan switching technology, even though it bears the name redundant router. where you have abundant of layer 3 switches, ip blocks and reliable connection like Ethernet. which your lan can be easily set for vrrp gateway config. it is more like a layer 2 technology.
second, dynamic routing protocol such as ebgp has its own gateway probe mechanism, with its specific attributes tuning. it is a pure layer 3 technology.
third, your internal network should rely on 3rd device aside from those 2 routers a and b which runs ebgp, underneath those routers. maybe a basic switch will do just fine. to utilize the vrrp as lan gateway.
and from those lan gateway to 2 ebgp gateways, which again requires extra routing config, either a full ip routing or do some nats.
hope this helps.
first, i really find it hard to get the benefits of vrrp over ebgp.Failover works very good if a rouer was to go down, the Lan IP address moves over.
However, what if the Wan goes down on one of the routers?
BGP Session will fail, but i guess the Virtual IPs on the VRRP will not move over?
afaik, vrrp is built mostly as lan switching technology, even though it bears the name redundant router. where you have abundant of layer 3 switches, ip blocks and reliable connection like Ethernet. which your lan can be easily set for vrrp gateway config. it is more like a layer 2 technology.
second, dynamic routing protocol such as ebgp has its own gateway probe mechanism, with its specific attributes tuning. it is a pure layer 3 technology.
third, your internal network should rely on 3rd device aside from those 2 routers a and b which runs ebgp, underneath those routers. maybe a basic switch will do just fine. to utilize the vrrp as lan gateway.
and from those lan gateway to 2 ebgp gateways, which again requires extra routing config, either a full ip routing or do some nats.
hope this helps.
Re: Advanced VRRP Setup
The Upstream links have a single /30 on each of the routers
The customer facing port is a /29 Public Addresses, announed via eBGP to the upstream routers.
The Single /29 is setup for VRRP for router failover protection and seems to work fine.
However, we are now looking to ensure The /29 moves over to the other router should the upstream provider goes down on the 1st primary router. (Cable fault etc)
Ont the upstream default gateyway, we have it set to check the gateway and drop the route if it cannot be reached.
The eBGP at this point would fail, but the VRRP would still be on the router so needs moving to the other router automatically.
The customer facing port is a /29 Public Addresses, announed via eBGP to the upstream routers.
The Single /29 is setup for VRRP for router failover protection and seems to work fine.
However, we are now looking to ensure The /29 moves over to the other router should the upstream provider goes down on the 1st primary router. (Cable fault etc)
Ont the upstream default gateyway, we have it set to check the gateway and drop the route if it cannot be reached.
The eBGP at this point would fail, but the VRRP would still be on the router so needs moving to the other router automatically.
Re: Advanced VRRP Setup
hi.
well, like I said previously. vrrp is more like lan technology. you should look at vrrp from internal lan going outside.
and the ebgp, is more like the external going inside.
vrrp implementation only deals between 2 lan routers or 2 lan layer 3 switches. they both send physical probe to each other. heart beat. hello message etc. what vrrp cares was among vrrp members physical condition to forward lan traffic. so vrrp need reliable environment. think of vrrp as lacp bonding. physical.
on the other hand, your bgp don't really care about your vrrp physical condition. bgp can detect interface flapping, dead gateway, dead peer etc. that is why I hardly can't find the benefits of vrrp over ebgp other than more complexity.
if you want to try, how about this schema
put your clients on those 2 vrrp switches.
set the vrrp switches as lan gateway.
and set the bgp routers as the vrrp upstream.
don't put the bgp and vrrp in single device.
have a try and good luck
well, like I said previously. vrrp is more like lan technology. you should look at vrrp from internal lan going outside.
and the ebgp, is more like the external going inside.
vrrp implementation only deals between 2 lan routers or 2 lan layer 3 switches. they both send physical probe to each other. heart beat. hello message etc. what vrrp cares was among vrrp members physical condition to forward lan traffic. so vrrp need reliable environment. think of vrrp as lacp bonding. physical.
on the other hand, your bgp don't really care about your vrrp physical condition. bgp can detect interface flapping, dead gateway, dead peer etc. that is why I hardly can't find the benefits of vrrp over ebgp other than more complexity.
if you want to try, how about this schema
Code: Select all
isp1 to ebgp1 to vrrp1.
vrrp1 to vrrp2.
isp2 to ebgp2 to vrrp2
put your clients on those 2 vrrp switches.
set the vrrp switches as lan gateway.
and set the bgp routers as the vrrp upstream.
don't put the bgp and vrrp in single device.
have a try and good luck
Who is online
Users browsing this forum: Amazon [Bot] and 88 guests