Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. foundry
Brain bending VRRP question for Monday morning
tuc at ttsg
Apr 18, 2005, 9:42 AM
Post #1 of 3 (781 views)
Permalink
Hi,

Hopefully everyone has had their coffee. I think this is going to
warp some minds....

Currently I have a FWS-4802p, it has a vlan and router-interface:

vlan 100 name SLBs by port
untagged ethe 17 to 24
router-interface ve 100
!
interface ve 100
ip address 192.136.64.1 255.255.255.0

Attached to this I have 2 SIXL-8's. They are tied together on port 8
for active/standby, and both have port 1 in the FWS-4802p port 17-24 range.
They look like :

server backup ethe 8 00e0.5205.9cda
server router-ports 1
!
vlan 1 name DEFAULT-VLAN by port
no spanning-tree
!
vlan 5 name X-over by port
untagged ethe 8
no spanning-tree
!
interface e 1
port-name X-F4802-1p17
speed-duplex 100-full
!
interface e 8
port-name X-FSLB8-2p8
speed-duplex 100-full

and

server backup ethe 8 00e0.5205.9cda
server router-ports 1
!
vlan 1 name DEFAULT-VLAN by port
no spanning-tree
!
vlan 5 name X-over by port
untagged ethe 8
no spanning-tree
!
interface e 1
port-name X-F4802-1p18
speed-duplex 100-full
!
interface e 8
port-name X-FSLB-1p8
speed-duplex 100-full

All is well and happy. Or should I say, all WAS all well and happy
until I decided not to make the FWS4802-p the single point of failure.

So I looked for something to teach me about VRRP. I found :

http://www.foundrynet.com/services/documentation/ecmg/VRRP.html

So I started to reconfigure my setup. The first thing I
did was change the VLAN on the first FWS4802p to be :

interface ve 100
ip address 192.136.64.1 255.255.255.0
ip vrrp vrid 1
owner
ip-address 192.136.64.1
activate

and add a "router vrrp" statement into the general config. All seems
well and good. Now, the brain bending part. If you look at the picture of
http://www.foundrynet.com/services/documentation/ecmg/images/VRRP1_t.gif
it seems like its saying that you have to tie Router1 and Router2 together
with something that lets Host1 talk to both at the same time. That would
mean a switch usually. But if you do that, it becomes a single point of
failure again, defeating what I'm trying to do. What I want to do instead is
use ports 47+48 on the 2 FWS4802p's to make the connection between the two,
and while I'm at it pass (maybe OSPF and) BGP over it, and let this be
how the 2 FWS4802p's talk.

So I put on each a VLAN for the 2 connections each, and IP'd them
while I was at it :

vlan 50 name Inter4802Trunk-1 by port
untagged ethe 48
router-interface ve 50
!
vlan 51 name Inter4802Trunk-2 by port
untagged ethe 47
router-interface ve 51
!
interface ethernet 47
port-name X-F4802p-2p47
speed-duplex 100-full
!
interface ethernet 48
port-name X-F4802p-2p48
speed-duplex 100-full
!
interface ve 50
port-name X-F4802p-2x1
ip address 165.254.97.25 255.255.255.248
!
interface ve 51
port-name X-F4802p-2x2
ip address 165.254.97.17 255.255.255.248


and

!
vlan 50 name Inter4802Trunk-1 by port
untagged ethe 48
router-interface ve 50
!
vlan 51 name Inter4802Trunk-2 by port
untagged ethe 47
router-interface ve 51
!
interface ethernet 47
port-name X-F4802p-1p47
speed-duplex 100-full
!
interface ethernet 48
port-name X-F4802p-1p48
speed-duplex 100-full
!
interface ve 50
port-name X-F4802p-1x1
ip address 165.254.97.26 255.255.255.248
!
interface ve 51
port-name X-F4802p-1x2
ip address 165.254.97.18 255.255.255.248

So now they are connected.

But its where to go from here that I'm a little lost. I can set up
another Vlan100 on the other FWS4802p, but not sure how to make it so that
the 2 Vlans feel like they are "tied together", or not cause spanning tree
issues (Which I had before I put ports 47+48 into a Vlan, but now since they
are untagged (I think this is why) I can't ping the other side....

Have I confused everyone enough?

Thanks, Tuc
Brain bending VRRP question for Monday morning [ In reply to ]
mkallen at gmail
Apr 19, 2005, 7:12 PM
Post #2 of 3 (747 views)
Permalink
Tuc, I think you may be overcomplicating this.....;) All you really
need to do is join the FWS's on the same vlan, 100, on the trunk
ports. You also need to trunk those together, using the trunk e 47 to
48 command. VRRP needs to have L2 connectivity, the hello's are L2
multicast's, so the vrrp interfaces need to be on the same L2 domain
(vlan). I think the span tree issues you had before were because
ports 47 and 48 were not trunked. This would create a loop, if you
dropped them onto the same vlan.

Mike

On 4/18/05, Tuc <tuc at ttsg.com> wrote:
> Hi,
>
> Hopefully everyone has had their coffee. I think this is going to
> warp some minds....
>
> Currently I have a FWS-4802p, it has a vlan and router-interface:
>
> vlan 100 name SLBs by port
> untagged ethe 17 to 24
> router-interface ve 100
> !
> interface ve 100
> ip address 192.136.64.1 255.255.255.0
>
> Attached to this I have 2 SIXL-8's. They are tied together on port 8
> for active/standby, and both have port 1 in the FWS-4802p port 17-24 range.
> They look like :
>
> server backup ethe 8 00e0.5205.9cda
> server router-ports 1
> !
> vlan 1 name DEFAULT-VLAN by port
> no spanning-tree
> !
> vlan 5 name X-over by port
> untagged ethe 8
> no spanning-tree
> !
> interface e 1
> port-name X-F4802-1p17
> speed-duplex 100-full
> !
> interface e 8
> port-name X-FSLB8-2p8
> speed-duplex 100-full
>
> and
>
> server backup ethe 8 00e0.5205.9cda
> server router-ports 1
> !
> vlan 1 name DEFAULT-VLAN by port
> no spanning-tree
> !
> vlan 5 name X-over by port
> untagged ethe 8
> no spanning-tree
> !
> interface e 1
> port-name X-F4802-1p18
> speed-duplex 100-full
> !
> interface e 8
> port-name X-FSLB-1p8
> speed-duplex 100-full
>
> All is well and happy. Or should I say, all WAS all well and happy
> until I decided not to make the FWS4802-p the single point of failure.
>
> So I looked for something to teach me about VRRP. I found :
>
> http://www.foundrynet.com/services/documentation/ecmg/VRRP.html
>
> So I started to reconfigure my setup. The first thing I
> did was change the VLAN on the first FWS4802p to be :
>
> interface ve 100
> ip address 192.136.64.1 255.255.255.0
> ip vrrp vrid 1
> owner
> ip-address 192.136.64.1
> activate
>
> and add a "router vrrp" statement into the general config. All seems
> well and good. Now, the brain bending part. If you look at the picture of
> http://www.foundrynet.com/services/documentation/ecmg/images/VRRP1_t.gif
> it seems like its saying that you have to tie Router1 and Router2 together
> with something that lets Host1 talk to both at the same time. That would
> mean a switch usually. But if you do that, it becomes a single point of
> failure again, defeating what I'm trying to do. What I want to do instead is
> use ports 47+48 on the 2 FWS4802p's to make the connection between the two,
> and while I'm at it pass (maybe OSPF and) BGP over it, and let this be
> how the 2 FWS4802p's talk.
>
> So I put on each a VLAN for the 2 connections each, and IP'd them
> while I was at it :
>
> vlan 50 name Inter4802Trunk-1 by port
> untagged ethe 48
> router-interface ve 50
> !
> vlan 51 name Inter4802Trunk-2 by port
> untagged ethe 47
> router-interface ve 51
> !
> interface ethernet 47
> port-name X-F4802p-2p47
> speed-duplex 100-full
> !
> interface ethernet 48
> port-name X-F4802p-2p48
> speed-duplex 100-full
> !
> interface ve 50
> port-name X-F4802p-2x1
> ip address 165.254.97.25 255.255.255.248
> !
> interface ve 51
> port-name X-F4802p-2x2
> ip address 165.254.97.17 255.255.255.248
>
> and
>
> !
> vlan 50 name Inter4802Trunk-1 by port
> untagged ethe 48
> router-interface ve 50
> !
> vlan 51 name Inter4802Trunk-2 by port
> untagged ethe 47
> router-interface ve 51
> !
> interface ethernet 47
> port-name X-F4802p-1p47
> speed-duplex 100-full
> !
> interface ethernet 48
> port-name X-F4802p-1p48
> speed-duplex 100-full
> !
> interface ve 50
> port-name X-F4802p-1x1
> ip address 165.254.97.26 255.255.255.248
> !
> interface ve 51
> port-name X-F4802p-1x2
> ip address 165.254.97.18 255.255.255.248
>
> So now they are connected.
>
> But its where to go from here that I'm a little lost. I can set up
> another Vlan100 on the other FWS4802p, but not sure how to make it so that
> the 2 Vlans feel like they are "tied together", or not cause spanning tree
> issues (Which I had before I put ports 47+48 into a Vlan, but now since they
> are untagged (I think this is why) I can't ping the other side....
>
> Have I confused everyone enough?
>
> Thanks, Tuc
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
Brain bending VRRP question for Monday morning [ In reply to ]
tuc at ttsg
Apr 19, 2005, 7:41 PM
Post #3 of 3 (744 views)
Permalink
>
> Tuc, I think you may be overcomplicating this.....;)
>
Yup, I *KNOW* I am. ;)
>
> All you really
> need to do is join the FWS's on the same vlan, 100, on the trunk
> ports. You also need to trunk those together, using the trunk e 47 to
> 48 command. VRRP needs to have L2 connectivity, the hello's are L2
> multicast's, so the vrrp interfaces need to be on the same L2 domain
> (vlan). I think the span tree issues you had before were because
> ports 47 and 48 were not trunked. This would create a loop, if you
> dropped them onto the same vlan.
>
ACTUALLY........

Foundry called me about something, so I asked them, and they
told me I don't even NEED 47/48. The fact that on the SIXL side that
the 2 connections are in the same VLAN there, just by hooking it into
the FWS's...... Its accomplishing what I needed in the first place.

So, all this for naught. Sorry to bother people.

Thanks, Tuc
> Mike
>
> On 4/18/05, Tuc <tuc at ttsg.com> wrote:
> > Hi,
> >
> > Hopefully everyone has had their coffee. I think this is going to
> > warp some minds....
> >
> > Currently I have a FWS-4802p, it has a vlan and router-interface:
> >
> > vlan 100 name SLBs by port
> > untagged ethe 17 to 24
> > router-interface ve 100
> > !
> > interface ve 100
> > ip address 192.136.64.1 255.255.255.0
> >
> > Attached to this I have 2 SIXL-8's. They are tied together on port 8
> > for active/standby, and both have port 1 in the FWS-4802p port 17-24 range.
> > They look like :
> >
> > server backup ethe 8 00e0.5205.9cda
> > server router-ports 1
> > !
> > vlan 1 name DEFAULT-VLAN by port
> > no spanning-tree
> > !
> > vlan 5 name X-over by port
> > untagged ethe 8
> > no spanning-tree
> > !
> > interface e 1
> > port-name X-F4802-1p17
> > speed-duplex 100-full
> > !
> > interface e 8
> > port-name X-FSLB8-2p8
> > speed-duplex 100-full
> >
> > and
> >
> > server backup ethe 8 00e0.5205.9cda
> > server router-ports 1
> > !
> > vlan 1 name DEFAULT-VLAN by port
> > no spanning-tree
> > !
> > vlan 5 name X-over by port
> > untagged ethe 8
> > no spanning-tree
> > !
> > interface e 1
> > port-name X-F4802-1p18
> > speed-duplex 100-full
> > !
> > interface e 8
> > port-name X-FSLB-1p8
> > speed-duplex 100-full
> >
> > All is well and happy. Or should I say, all WAS all well and happy
> > until I decided not to make the FWS4802-p the single point of failure.
> >
> > So I looked for something to teach me about VRRP. I found :
> >
> > http://www.foundrynet.com/services/documentation/ecmg/VRRP.html
> >
> > So I started to reconfigure my setup. The first thing I
> > did was change the VLAN on the first FWS4802p to be :
> >
> > interface ve 100
> > ip address 192.136.64.1 255.255.255.0
> > ip vrrp vrid 1
> > owner
> > ip-address 192.136.64.1
> > activate
> >
> > and add a "router vrrp" statement into the general config. All seems
> > well and good. Now, the brain bending part. If you look at the picture of
> > http://www.foundrynet.com/services/documentation/ecmg/images/VRRP1_t.gif
> > it seems like its saying that you have to tie Router1 and Router2 together
> > with something that lets Host1 talk to both at the same time. That would
> > mean a switch usually. But if you do that, it becomes a single point of
> > failure again, defeating what I'm trying to do. What I want to do instead is
> > use ports 47+48 on the 2 FWS4802p's to make the connection between the two,
> > and while I'm at it pass (maybe OSPF and) BGP over it, and let this be
> > how the 2 FWS4802p's talk.
> >
> > So I put on each a VLAN for the 2 connections each, and IP'd them
> > while I was at it :
> >
> > vlan 50 name Inter4802Trunk-1 by port
> > untagged ethe 48
> > router-interface ve 50
> > !
> > vlan 51 name Inter4802Trunk-2 by port
> > untagged ethe 47
> > router-interface ve 51
> > !
> > interface ethernet 47
> > port-name X-F4802p-2p47
> > speed-duplex 100-full
> > !
> > interface ethernet 48
> > port-name X-F4802p-2p48
> > speed-duplex 100-full
> > !
> > interface ve 50
> > port-name X-F4802p-2x1
> > ip address 165.254.97.25 255.255.255.248
> > !
> > interface ve 51
> > port-name X-F4802p-2x2
> > ip address 165.254.97.17 255.255.255.248
> >
> > and
> >
> > !
> > vlan 50 name Inter4802Trunk-1 by port
> > untagged ethe 48
> > router-interface ve 50
> > !
> > vlan 51 name Inter4802Trunk-2 by port
> > untagged ethe 47
> > router-interface ve 51
> > !
> > interface ethernet 47
> > port-name X-F4802p-1p47
> > speed-duplex 100-full
> > !
> > interface ethernet 48
> > port-name X-F4802p-1p48
> > speed-duplex 100-full
> > !
> > interface ve 50
> > port-name X-F4802p-1x1
> > ip address 165.254.97.26 255.255.255.248
> > !
> > interface ve 51
> > port-name X-F4802p-1x2
> > ip address 165.254.97.18 255.255.255.248
> >
> > So now they are connected.
> >
> > But its where to go from here that I'm a little lost. I can set up
> > another Vlan100 on the other FWS4802p, but not sure how to make it so that
> > the 2 Vlans feel like they are "tied together", or not cause spanning tree
> > issues (Which I had before I put ports 47+48 into a Vlan, but now since they
> > are untagged (I think this is why) I can't ping the other side....
> >
> > Have I confused everyone enough?
> >
> > Thanks, Tuc
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal