[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[VRRP] Problems with VRRP and QinQ
Dear VRRP experts,
we are using VRRP for years and we are about to implement a new design with a high number of VLANs/VRRP Instances on a Juniper router. The router is connected to a switch running in IEEE 802.1Q VLAN double-tagging (QinQ) mode.
Now we encountered a serious problem with VRRP for the case the VRRP master is on different interfaces for different VLANs:
as the switch sees only the outer vlan (QinQ), it sees the same virtual MAC address on different ports. This leads to packet loss off about 50 % for all VLANs using that MAC address, as half of the packets are sent to the wrong interface.
We found that the problem can be avoided using different VRRP group ids. However this restricts us to 255 VLANs, because VRRP only allows 255 different groups.
We found that HSRP Version 2 (HSRPv2) allows 4096 groups. Another alternative could be to allow configuration of the virtual MAC address. Maybe it could be interesting for the VRRP working group to discuss this topic and have a solution in future versions ?
Or maybe someone has another idea how to solve this ?
Best Regards,
Christian Schuler
+-------------+ +-------------+
| Rtr1 | | Rtr2 |
|(VLAN 100 MR)| |(VLAN 100 BR)|
|(VLAN 101 BR)| |(VLAN 101 MR)|
+-------------+ +-------------+
| |
* <--- * <--- switch sees the same virtual
| | MAC on both interfaces !
| |
+------------------------------+
| Switch (Q1Q) |
| Outer VLANID 10 |
| |
VRID=1 +------------------------------+
|
|
------------------+------------+-----+--------+--------+--------+--
^ ^ ^ ^
| | | |
(IPvX A) (IPvX A) (IPvX B) (IPvX B)
| | | |
+--+--+ +--+--+ +--+--+ +--+--+
| H1 | | H2 | | H3 | | H4 |
+-----+ +-----+ +--+--+ +--+--+
PIRONET NDH AG
ITK Outsourcing
Dr.-Ing. Christian Schuler
Network Architect - Network Infrastructure Services
Von-der-Wettern-Straße 27,
51149 Köln, Deutschland
mailto:cschuler at pironet-ndh.com