Extreme Networks

Jon_Haas · ‎03-26-2014

I have two BD 8810's. I have mlag and vrrp working well. It is currently in the standard active/backup. I have all my vlans on vrid 1 and the Virtual IP and the master are Core 1. We set the VIP to the IP of Core 1. My question is to get Active/Active what do I need to change?

Do I need to join all of the vlans to a vrid 2 and set the master and VIP on Core two then apply the ACL from the concepts guide?

Any help would be great. If you need more info let me know thanks.

Sathish_Arul · ‎03-27-2014

Yes, its correct - with LAG & EAPS design on Access switches VRRP hellos are not forwarded front & back, but its recommended as a best practice to keep the ACL on all ports to overcome some worst case scenario's.

Sumit_Tokle · ‎03-27-2014

My understanding would say, If we apply this policy only on ISC port then also it would be fine. As access switch will not send the vrrp hello packets from core 1 to core 2 or vice versa, according to access switch it is only one virtual bundle(sharing).

Sathish_Arul · ‎03-27-2014

edit policy vrrp-hello-block
entry vrrp-block { if match all {
destination-address 224.0.0.18/32 ;
} then {
deny ;
}
}
config access-list vrrp-hello-block port x,y,z ingress

This policy should be applied in all ports - ports between core & downlink to Access Switches - where the access switches are connected dual home to both cores.

Sumit_Tokle · ‎03-27-2014

You have to configure the virtual IP address to be a different address from either of the MLAG peer interface addresses.

Lets say Core 1 & Core 2 has physical IP address 10.0.0.2 and 10.0.0.3 respectively then you have to configure VIP address as 10.0.0.1 on both core 1 and core 2 switch and apply the policy on both core's ISC port

entry vrrp-act { if match all {
destination-address 224.0.0.18/32 ;
} then {
deny ;
}
}

Please have latest software on both the core.

Extreme Networks

Active/Active VRRP with Mlag

Active/Active VRRP with Mlag