VRRP / router issue?

a002694

Junior Member
Apr 15, 2016
2
0
0
hi all. i have a simple dual router (juniper) setup connected with each other via crosslink and running vrrp.. with the routers' lan interfaces connected to a cisco switch, which is in turn connected to a firewall as the next hop.

R1 IP 172.12.1.13
R2 IP 172.12.1.14
VRRP 172.12.1.12

The vrrp mac address is 00:00:5E:00:01:64.
R1 Lan mac address is 00:26:88:07:4f:XX
R2 Lan mac address is 00:24:dc:d7:d2:XX

as per my understanding, the vrrp master router router takes ownership of the vrrp mac address. However, when we tried running a "sho arp" from the firewall side, sometimes we get the following results...

VRRP IP 172.12.1.12 <-> 00:00:5E:00:01:64
R1 IP 172.12.1.13 <-> 00:00:0C:07:AC:0A
R2 IP 172.12.1.14 <-> 00:00:0C:07:AC:0A


I know the VRRP Mac address is correct, but what about the MAC address for both R1 and R2? Its totally different from the actual interface MAC address. What is this MAC address?

Incidentally, when this arp was taken, there was a connection issue.

The other time the arp was checked..

VRRP IP 172.12.1.12 <-> 00:00:5E:00:01:64
R1 IP 172.12.1.13 <-> 00:00:0C:07:AC:0A
R2 IP 172.12.1.14 <-> 00:24:dc:d7:d2:XX

So both VRRP IP and R2 IP had their expected mac addresses, but not R1.

There was no vrrp switch or event , nor interface flap from the routers.

Is this normal? If not, is this an issue with the routers? firewall? or connection?

Thanks.
 

Gryz

Golden Member
Aug 28, 2010
1,551
204
106
The 00:00:0C:07:AC:0A mac-address is used in HSRP. HSRP (Hot Standby Router Protocol) is a cisco proprietary protocol that has similar functionality to VRRP. HSRP was first. The IETF/industry responded by creating VRRP.
https://en.wikipedia.org/wiki/Hot_Standby_Router_Protocol

I'm not an expert on VRRP or HSRP. (Ask me anything about ISIS, BGP or OSPF, no problem there. :)). I don't know if Juniper's VRRP implementation does some HSRP stuff "on the side" as well.

I don't understand the description of your network. (A small jpg might have helped). Are the Cisco's on the same ethernet segment/vlan as the Junipers here ? Maybe it's the cisco's taking over those 172.12.1.1[34] addresses ?

Does the VRRP functionality work ? If so, maybe you shouldn't worry too much. Unless you are just curious. All you want to know about VRRP is in the RFC:
https://tools.ietf.org/html/rfc5798

Software sometimes has bugs. You might check release-notes, Juniper's bug-database, or call the J-TAC. If there's a bug, you could investigate for days, and never find out that something is actually wrong. Checking with the vendors is usually much quicker. A simple software-upgrade might fix your problem. Good luck.
 

a002694

Junior Member
Apr 15, 2016
2
0
0
That is what confuses me. Why is there an HSRP virtual mac address entry when i am using 2 juniper routers. The cisco switch is not supposed to be affecting that.

Yes, the switch is just a Layer 2 device connecting the dual routers and the firewall. All the same vlan/segment.

VRRP works well. However, i am troubleshooting a connection issue and I want to rule this thing out.

Thanks