Co-worker: How often do you clean your balls?
Me: out of context, that might seem like a peculiar question.
Once every couple months usually, otherwise whenver I notice they start to feel 'sticky'. ie; if there's any resistance starting from no motion.
Co-worker: That answer is better than the question, out of context :)
And now, I give you the context.
That out of the way, it's been one of those nights.
Suffered a colossal brain malfunction trying to redistribute static /32's into my stub area (derp).
Moved on from that and took a stab at trying to improve the efficiency of my VRRP setup, as well as work on ideas to only distribute subnets into OSPF based on VRRP status. While undertaking this task, I ran into a fun problem with scarecrone.
Trying to setup VRRP to use an address applied to a VLAN interface, doesn't appear to be supported. I've not found any documentation that explicitly states this fact either.
Disclaimer: Poorly obfuscated to prevent future confusion when I inevitably reference this.
-----e@scarecrone# run show configuration interfaces vlan.255
description "Public allocation from Initech"
family inet {
address 1.2.3.2/29 {
vrrp-group 255 {
virtual-address 1.2.3.2;
priority 255;
}
vrrp-group 254 {
virtual-address 1.2.3.1;
priority 128;
}
}
}
[edit interfaces vlan unit 255]
-----e@scarecrone# commit confirmed 1
[edit interfaces vlan unit 255 family inet address 1.2.3.2/29]
'vrrp-group 255'
IP address owner priority (255) not supported on this interface
error: configuration check-out failed
[edit interfaces vlan unit 255]
-----e@scarecrone#
This is the closest match to an explanation I've found so far today:
- You cannot configure a virtual IP address to be the same as the interface’s address for an aggregated Ethernet interface. This configuration is not supported.
ref: http://www.juniper.net/techpubs/software/junos/junos85/swconfig85-high-availability/configuring-basic-vrrp-support.html
Subject to finding a better explanation somewhere, I'm forced to assume that this includes those of the ethernet-switching flavour.
I also find it odd that the JunOS doesn't default to a priority of 255, regardless of what's configured on respective VRRP groups since the parser suggests they are RFC 3768 compliant.
That aside, further testing revealed that this sort of lunacy is at least allowed on subinterfaces performing VLAN encapsulation.
-----e@scarecrone> show configuration interfaces fe-0/0/1
vlan-tagging;
unit 0 {
vlan-id 0;
family inet;
}
unit 255 {
vlan-id 255;
family inet {
address 1.2.3.2/29 {
vrrp-group 255 {
virtual-address 1.2.3.2;
priority 255;
}
}
}
}
So, I guess that means the next step is to try building some bridge-groups off the sub-interface assuming such a thing is possible. Assuming it is, I expect this will raise all kinds of hell with the SRX' Zone Based Firewalling.
Amusingly enough, my 1811 had no problems at all using a VLAN interface parent IP address as a VRRP address.
Game point to Cisco.
Wee!
