what happens to traffic that is received on VRRP backup router in a vrrp group/domain ?
Refer to the diagram and failover scenario :
MX1 is master
MX2 is backup router
sw6 is where the servers are connected.
MX1, MX2 and SW6 are in VRRP domain.
Between MX1 <–> SW2 <–> QFX we have OSPF and also between MX2 <–> SW2 <–> QFX.
The path from QFX to MX1 to SW2 is primary and is achieved using OSPF cost higher on SW2 to MX2 OSPF interface. and QFX to MX2 OSPF interface.
Scenario 1 : Assuming the link between MX1 and QFX fails. we will enable vrrp interface tracking and so the mastership will failover to MX2
The packet destined to sw6 server goes like this
QFX to MX2 ( because link between MX1 and QFX is down and MX2 is the master for the VRRP grp ) and will MX2 forward it to sw6. The return path will obviously be from SW6 to MX2 ( vrrp master ) to QFX and this clear.
In the same failure scenario. what happens to traffic destined to server on SW6 coming from SW2 ?
Because of the OSPF metric, SW2 will have to forward the packet to MX1 so question.
What will MX1 ( VRRP backup ) do ?
Will it forward the traffic to SW6 and if yes the return traffic won’t come back in the same path as MX2 is the vrrp master and we will have asymmetric routing.
Yes, you are correct, you would have asymmetric routing in such a case. The solution here is to ensure that all traffic is going through the VRRP master. From my understanding in the diagram, the connections between the MX switches and SW2 are Layer 3, correct? If that is the case, then you must configure OSPF to route to the master VRRP switch so that all traffic, in both directions will be served by the master.
One way to do this is to adjust the cost of the route via MX1. MX1 can send a higher OSPF cost whenever it loses mastership, by using the same tracking mechanism used for VRRP. Then the route can be advertised to SW2 (and QFX, depending on what physical link actually failed) with a higher cost, so the lower cost would be chosen. This way, traffic in both directions will always use the master to be routed.
Hi Laz, yes MX switches and SW2 are Layer 3 ( run OSPF ) and so do from the MX switches to QFX.
MX devices are juniper and I don’t see an option to track the interfaces and change the OSPF cost advertisement if an interface fails. ( Not sure if its a Cisco only thing )
We were planning to add a link between MX1 and MX2, run OSPF between them and make sure to turn off the VRRP interface tracking at this point.
This will ensure the inbound path is same as outbound path in case of an interface failure between MX1 ( master ) to SW2 or MX1 ( master ) to QFX
Yes, if you are not able to make changes to your OSPF routing using tracking or some other mechanism, then the other solution would indeed be to create a Layer 3 link between MX1 and MX2 and run OSPF between them. That makes sense.
Let us know how you get along, and thanks for sharing the solution that you’re going to try out!