Header Only - DO NOT REMOVE - Extreme Networks
Question

VRRP on 4 Routers, same VRID and MLAG


Userlevel 5
Hi,

Running this past the community to validate my understanding / configuration of a specific VRRP config.

In summary there are two separate buildings, each with a pair of cores switches that are MLAG'd together. Each building has its own set of VLAN's and therefore its own VRRP instance (VRID ) for that core pair i.e :

  • Building A is running VRRP on its onw pair of cores using VRID 101
  • Building B is running VRRP on its own pair of cores using VRID 102.
The configuration in question is that both buildings have a bunch of VLAN's in common (one shown below called "Hyper-V"), so have created another VRRP instance (VRID 10) that is configured (common) on all four cores, with priorities configured that make Core 1, then 2, then 3 then 4 master.

I think I'm seeing an issue with the common VRRP instance between each of these routers and so wanted to check if I'm doing things right.

I'm also running routing fabric mode on all the VRRP instances and OSPF between each of the core routers.

Below is a rough diagram:



Here is a snippet of the configuration on each of the cores:

### Core 1 ####

enable sharing 61 grouping 57,61 algorithm address-based L3_L4 lacp
enable sharing 48 grouping 47-48 algorithm address-based L2 lacp

create vlan MLAG-ISC
configure vlan MLAG-ISC tag 4000
configure vlan MLAG-ISC add ports 61 tagged
configure vlan MLAG-ISC ipaddress 10.0.254.1 255.255.255.252

create mlag peer MLAG-PEER-2
configure mlag peer "MLAG-PEER-2" ipaddress 10.0.254.2
enable mlag port 48 peer "MLAG-PEER-2" id 948

create vlan "Core1-Core2"
configure vlan "Core1-Core2" tag 4001
enable loopback-mode vlan "Core1-Core2"
configure vlan "Core1-Core2" add ports 61 tagged
configure vlan "Core1-Core2" ipaddress 10.0.254.201 255.255.255.252
enable ipforwarding vlan "Core1-Core2"

create vlan "Buidling-Building"
configure vlan "Buidling-Building" tag 4011
enable loopback-mode vlan "Buidling-Building"
configure vlan "Buidling-Building" add ports 48,61 tagged
configure vlan "Buidling-Building" ipaddress 10.0.254.145 255.255.255.252
enable ipforwarding vlan "Buidling-Building"

create vlan "Hyper-V"
configure vlan "Hyper-V" tag 100
configure vlan "Hyper-V" add ports 40,48,61 tagged
configure vlan "Hyper-V" ipaddress 10.0.0.253 255.255.255.0
enable ipforwarding vlan "Hyper-V"

enable bootprelay ipv4 vlan "Hyper-V"

create vrrp vlan "Hyper-V" vrid 10
configure vrrp vlan "Hyper-V" vrid 10 add 10.0.0.254
configure vrrp vlan "Hyper-V" vrid 10 priority 200
enable vrrp vlan "Hyper-V" vrid 10

configure ospf vlan "Hyper-V" priority 0
configure ospf add vlan "Hyper-V" area 0.0.0.0 passive

configure ospf routerid 10.0.255.201
configure ospf add vlan "Core1-Core2" area 0.0.0.0 link-type point-to-point
configure ospf add vlan "Buidling-Building" area 0.0.0.0 link-type broadcast

### Core 2 ####

enable sharing 61 grouping 57,61 algorithm address-based L3_L4 lacp
enable sharing 48 grouping 47-48 algorithm address-based L2 lacp

create vlan MLAG-ISC
configure vlan MLAG-ISC tag 4000
configure vlan MLAG-ISC add ports 61 tagged
configure vlan MLAG-ISC ipaddress 10.0.254.1 255.255.255.252

create mlag peer MLAG-PEER-1
configure mlag peer "MLAG-PEER-1" ipaddress 10.0.254.2
enable mlag port 48 peer "MLAG-PEER-1" id 948

create vlan "Core1-Core2"
configure vlan "Core1-Core2" tag 4001
enable loopback-mode vlan "Core1-Core2"
configure vlan "Core1-Core2" add ports 61 tagged
configure vlan "Core1-Core2" ipaddress 255.255.255.252
enable ipforwarding vlan "Core1-Core2"

create vlan "Buidling-Building"
configure vlan "Buidling-Building" tag 4011
enable loopback-mode vlan "Buidling-Building"
configure vlan "Buidling-Building" add ports 48,61 tagged
configure vlan "Buidling-Building" ipaddress 10.0.254.145 255.255.255.252
enable ipforwarding vlan "Buidling-Building"

create vlan "Hyper-V"
configure vlan "Hyper-V" tag 100
configure vlan "Hyper-V" add ports 40,48,61 tagged
configure vlan "Hyper-V" ipaddress 10.0.0.252 255.255.255.0
enable ipforwarding vlan "Hyper-V"

enable bootprelay ipv4 vlan "Hyper-V"

create vrrp vlan "Hyper-V" vrid 10
configure vrrp vlan "Hyper-V" vrid 10 add 10.0.0.254
configure vrrp vlan "Hyper-V" vrid 10 priority 175
enable vrrp vlan "Hyper-V" vrid 10

configure ospf vlan "Hyper-V" priority 0
configure ospf add vlan "Hyper-V" area 0.0.0.0 passive

configure ospf routerid 10.0.255.202
configure ospf add vlan "Core1-Core2" area 0.0.0.0 link-type point-to-point
configure ospf add vlan "Buidling-Building" area 0.0.0.0 link-type broadcast

### Core 3 ####

enable sharing 61 grouping 57,61 algorithm address-based L3_L4 lacp
enable sharing 48 grouping 47-48 algorithm address-based L2 lacp

create vlan MLAG-ISC
configure vlan MLAG-ISC tag 4000
configure vlan MLAG-ISC add ports 61 tagged
configure vlan MLAG-ISC ipaddress 10.0.254.3 255.255.255.252

create mlag peer MLAG-PEER-2
configure mlag peer "MLAG-PEER-2" ipaddress 10.0.254.4
enable mlag port 48 peer "MLAG-PEER-2" id 948

create vlan "Core3-Core4"
configure vlan "Core3-Core4" tag 4002
enable loopback-mode vlan "Core3-Core4"
configure vlan "Core3-Core4" add ports 61 tagged
configure vlan "Core3-Core4" ipaddress 10.0.255.205 255.255.255.252
enable ipforwarding vlan "Core3-Core4"

create vlan "Buidling-Building"
configure vlan "Buidling-Building" tag 4011
enable loopback-mode vlan "Buidling-Building"
configure vlan "Buidling-Building" add ports 48,61 tagged
configure vlan "Buidling-Building" ipaddress 10.0.254.146 255.255.255.252
enable ipforwarding vlan "Buidling-Building"

create vlan "Hyper-V"
configure vlan "Hyper-V" tag 100
configure vlan "Hyper-V" add ports 40,48,61 tagged
configure vlan "Hyper-V" ipaddress 10.0.0.251 255.255.255.0
enable ipforwarding vlan "Hyper-V"

enable bootprelay ipv4 vlan "Hyper-V"

create vrrp vlan "Hyper-V" vrid 10
configure vrrp vlan "Hyper-V" vrid 10 add 10.0.0.254
configure vrrp vlan "Hyper-V" vrid 10 priority 150
enable vrrp vlan "Hyper-V" vrid 10

configure ospf vlan "Hyper-V" priority 0
configure ospf add vlan "Hyper-V" area 0.0.0.0 passive

configure ospf routerid 10.0.255.203
configure ospf add vlan "Core3-Core4" area 0.0.0.0 link-type point-to-point
configure ospf add vlan "Buidling-Building" area 0.0.0.0 link-type broadcast

### Core 4 ####

enable sharing 61 grouping 57,61 algorithm address-based L3_L4 lacp
enable sharing 48 grouping 47-48 algorithm address-based L2 lacp

create vlan MLAG-ISC
configure vlan MLAG-ISC tag 4000
configure vlan MLAG-ISC add ports 61 tagged
configure vlan MLAG-ISC ipaddress 10.0.254.4 255.255.255.252

create mlag peer MLAG-PEER-2
configure mlag peer "MLAG-PEER-2" ipaddress 10.0.254.3
enable mlag port 48 peer "MLAG-PEER-2" id 948

create vlan "Core3-Core4"
configure vlan "Core3-Core4" tag 4002
enable loopback-mode vlan "Core3-Core4"
configure vlan "Core3-Core4" add ports 61 tagged
configure vlan "Core3-Core4" ipaddress 10.0.255.206 255.255.255.252
enable ipforwarding vlan "Core3-Core4"

create vlan "Buidling-Building"
configure vlan "Buidling-Building" tag 4011
enable loopback-mode vlan "Buidling-Building"
configure vlan "Buidling-Building" add ports 48,61 tagged
configure vlan "Buidling-Building" ipaddress 10.0.254.146 255.255.255.252
enable ipforwarding vlan "Buidling-Building"

create vlan "Hyper-V"
configure vlan "Hyper-V" tag 100
configure vlan "Hyper-V" add ports 40,48,61 tagged
configure vlan "Hyper-V" ipaddress 10.0.0.250 255.255.255.0
enable ipforwarding vlan "Hyper-V"

enable bootprelay ipv4 vlan "Hyper-V"

create vrrp vlan "Hyper-V" vrid 10
configure vrrp vlan "Hyper-V" vrid 10 add 10.0.0.254
enable vrrp vlan "Hyper-V" vrid 10

configure ospf vlan "Hyper-V" priority 0
configure ospf add vlan "Hyper-V" area 0.0.0.0 passive

configure ospf routerid 10.0.255.204
configure ospf add vlan "Core3-Core4" area 0.0.0.0 link-type point-to-point
configure ospf add vlan "Buidling-Building" area 0.0.0.0 link-type broadcast

Many thanks in advance

1 reply

Userlevel 5
So having looked at this it seems the principle is fine, the problem I experienced was getting the odd message appearing in the log:

Notify-threshold for L3 Protect packet count of 3500 reached

When I issued the following commands I could see the logs that where incrementing the most where related to VRRP

Clear log counters
show log counters all occurred

So to debug the L3 Protect issue I needed to debug the CPU which I did with the following command:

debug packet capture on interface Broadcom count 10000

What I was seeing was 96% of the traffic was VRRP announcements, which initially was concerning me and obviously causing an issue but not manifesting itself in any problems on the network and the switch CPU and all process where all very low.



When looking at the packet capture all the VRRP announcements seemed to be duplicated as v2 and V3.

I come across the following post:

https://community.extremenetworks.com/extreme/topics/vrrp-announcements-flooding

So decided to only enable v2.

When taking a further packet capture, although the majority of the packets going to the CPU was still VRRP traffic - which is essentially good as the CPU's where pretty quite otherwise. I filtered on just one source IP address and could see that the announcements where only be sent 1 per second - which is exactly what its meant to be doing and configured as default.



So hopefully this has resolved the L3 Protect issue, unless something else is happening at the time the alarm is generated, but least it looks like anyway that VRRP is behaving as expected and apart from setting VRRP to v2 only, the config seems sound too.

Thanks.

Reply