ESRP vs VRRP

  • 0
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: Sep 20 2012 2:40PM


Hopefully you can see the pic? (forum wouldn't accept it)

As you (hopefully ;)) can see i have 2x670's as a core and MLAG'd links to cabinets, (SOME Cabinets are not MLAG'd and are just linked to 1 x670 until next budget)

I want to use the x670's for layer 3 / ip routing. should i use esrp or vrrp. I think esrp is not possible as the member vlan ports get disabled on the slave switch, or am i wrong here.

any way let me know your thoughts please. any questions

 
(from conrad_jones)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Sep 21 2012 12:30PM

went for vrrp piece of cake

(from conrad_jones)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Sep 21 2012 12:44PM

Hello OxideGood choice. ESRP is a great solution when there is no other L2 redundancy option and you need to protect for L2 and L3 redundancy. This was more of an issue 5 years ago when the only other option was STP or if you needed to connect other vendor products and wanted a central control.With EAPS and MLAG no options for the L2 protection the need for ESRP is less and less. The reason is because to use ESRP for purely a L3 redundancy protocol you have to do a lot of configuring on the ports. If L3 is the only redundancy needed in the core I recommend VRRP all the time.In regards to VRRP as you are probably aware our only supported capability right now is active/backup (this would be no different with ESRP so no loss) We are suppose to be getting Active/Active VRRP by Feb if I remember correctly. (Please do not hold me to that as things can slip from any roadmap) which will make your solution much more robust.I just wanted to provide you with some added commentary.P

(from Paul_Russo)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Sep 27 2012 3:16PM

Hey OxideGoodHere's an update with 15.2 code we can use the following ACL on the ISC ports to provide active/active VRRP support.entry v4active { if match all { destination-address 224.0.0.18/32 ;} then { deny ;}}Hope that helpsP

(from Paul_Russo)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Sep 28 2012 7:52PM

good work prusso.

if i knew who to talk to i would suggest they gave you a payrise!

(from conrad_jones)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 8 2013 2:03PM

hi prusso,

Can you inform me if the Active-Active VRRP is already available?? 

Thank you.

Best Regards,

G

(from gondu)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 31 2013 8:11PM

hi prussodoes the prioriy of the vrrp matter if i use this acl?oxide54

(from conrad_jones)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Apr 1 2013 1:15PM

Hey oxide54

The only requirements for the Priority is to not set it to 255.  Also remember this is for 15.2 and higher code and do not set the VIP to either actual IP addresses on the VLANs.


Let me know if there are any more questions.

Thanks
P

(from Paul_Russo)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Apr 30 2013 6:59PM

Quick question I also see the multicast on any machine on that VLAN is that right? i think it is only necessary between the switches and this blocks it between them anyway so can i just block the broadcast completely? or am i missing something here.didn't really think about the broadcast until i was wiresharking some machines to troubleshoot an internet problem.

(from conrad_jones)

This conversation is no longer open for comments or replies.