1 Reply Latest reply on Feb 28, 2017 8:50 PM by jayh

    VRRP and BGP design concerns

    vmaxdawg05 Past_Featured_Member

      I am planning a configuration to use two NetVanta 3140 routers with VRRP at the main location of a MPLS network. 

      I have two concerns that I need to address.  All of the other locations use the main location for Internet and VoIP.

      1. Since a given IP interface has an IP address of it's own as well as the shared VRRP IP, I am concerned that it will advertise routes with that base IP address even when it is acting as backup.  That would not be good as the Master would also be advertising the same routes with the VRRP IP.

      2. My MPLS CE IP address is on a /30 network allowing only two IP addresses with one of them belonging to the carrier.  I assume I will need a larger network range to work with in the VRRP environment.  I was wondering if anyone has a workaround for that.

      Any pointers in the right direction would be greatly appreciated.

       

      Thanks

        • Re: VRRP and BGP design concerns
          jayh Hall_of_Fame

          For question 1 you really want to set up two BGP sessions and peer with the physical addresses of both routers. No need to even run VRRP on that link, just peer with both. Your update-source command only allows you to specify an interface, not an IP. Even if you could somehow configure things to peer with the virtual IP, on failover the standby router wouldn't have TCP session or BGP table populated or local routes advertised and there could be a significant delay getting the TCP session up and routes learned/advertised. Set up peering with both, let them both learn the routes advertised from the PE. Use VRRP on the LAN side to protect against a hardware router failure. Both will always be able to reach the PE and know all routes so failover will be snappy. Use localpref or another BGP metric on the WAN side to mirror the priority on the VRRP LAN side if you're doing stateful inspection, or just let them share.

           

          For question 2 you will need at least a /29 on that link. This also allows for the PE end to have a redundant pair and set up four peering sessions if needed.

           

          From a practical standpoint, the MPLS WAN PE-CE connection is probably to be a much weaker link that the hardware in most deployments. I bet your MPLS provider is only going to give you a single physical connection so you'll be adding a switch between your VRRP pair and the provider's interface which is yet another single point of failure. If you really want it robust, get a second link. Put it in a different conduit so the backhoe has to make two trips. :-)

          1 of 1 people found this helpful