cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

VRRP and BGP design concerns

I am planning a configuration to use two NetVanta 3140 routers with VRRP at the main location of a MPLS network. 

I have two concerns that I need to address.  All of the other locations use the main location for Internet and VoIP.

  1. Since a given IP interface has an IP address of it's own as well as the shared VRRP IP, I am concerned that it will advertise routes with that base IP address even when it is acting as backup.  That would not be good as the Master would also be advertising the same routes with the VRRP IP.

  2. My MPLS CE IP address is on a /30 network allowing only two IP addresses with one of them belonging to the carrier.  I assume I will need a larger network range to work with in the VRRP environment.  I was wondering if anyone has a workaround for that.

Any pointers in the right direction would be greatly appreciated.

Thanks

Labels (3)
Tags (2)
0 Kudos
1 Reply
jayh
Honored Contributor
Honored Contributor

Re: VRRP and BGP design concerns

For question 1 you really want to set up two BGP sessions and peer with the physical addresses of both routers. No need to even run VRRP on that link, just peer with both. Your update-source command only allows you to specify an interface, not an IP. Even if you could somehow configure things to peer with the virtual IP, on failover the standby router wouldn't have TCP session or BGP table populated or local routes advertised and there could be a significant delay getting the TCP session up and routes learned/advertised. Set up peering with both, let them both learn the routes advertised from the PE. Use VRRP on the LAN side to protect against a hardware router failure. Both will always be able to reach the PE and know all routes so failover will be snappy. Use localpref or another BGP metric on the WAN side to mirror the priority on the VRRP LAN side if you're doing stateful inspection, or just let them share.

For question 2 you will need at least a /29 on that link. This also allows for the PE end to have a redundant pair and set up four peering sessions if needed.

From a practical standpoint, the MPLS WAN PE-CE connection is probably to be a much weaker link that the hardware in most deployments. I bet your MPLS provider is only going to give you a single physical connection so you'll be adding a switch between your VRRP pair and the provider's interface which is yet another single point of failure. If you really want it robust, get a second link. Put it in a different conduit so the backhoe has to make two trips. 🙂