Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] VRRP for IPv6 group and link local address configuration

1

0

Article ID: KB19789 KB Last Updated: 06 Apr 2021Version: 2.0
Summary:

You must explicitly define a virtual link local address for each VRRP for IPv6 group. Otherwise, when you attempt to commit the configuration, the commit request fails. The virtual link local address must be on the same subnet as the physical interface address.

This article provides more information.

Symptoms:

The two switches that are connected via trunk ports and configured for VRRP with the IPv6 address will show themselves as the primary if the link local address is not the same.

BR1 - border router 1:

user@host-br01> show configuration interfaces vlan unit 20
family inet {
    address 199.47.216.67/26 {
        vrrp-group 8 {
            virtual-address 199.47.216.65;
            priority 200;
            preempt;
        }
        vrrp-group 9 {
            virtual-address 199.47.216.66;
            priority 100;
        }
    }
}
family inet6 {
    address 2620:0100:6000:0216::3/64 {
        vrrp-inet6-group 104 {
            virtual-inet6-address 2620:0100:6000:0216::1;
            virtual-link-local-address fe80::0800:2000:104:01;
            priority 200;
            preempt;
        }

        vrrp-inet6-group 105 {
            virtual-inet6-address 2620:0100:6000:0216::2;
            virtual-link-local-address fe80::0800:2000:105:01;
            priority 100;
            preempt;
        }
    }
    address fe80::0800:2000:0020:0001/64;
}

BR2 - border router #2

user@host-br02> show configuration interfaces vlan unit 20
family inet {
    address 199.47.216.68/26 {
        vrrp-group 8 {
            virtual-address 199.47.216.65;
            priority 100;
            preempt;
        }
        vrrp-group 9 {
            virtual-address 199.47.216.66;
            priority 200;
        }
    }
}
family inet6 {
    address 2620:0100:6000:0216::4/64 {
        vrrp-inet6-group 104 {
            virtual-inet6-address 2620:0100:6000:0216::1;
            virtual-link-local-address fe80::0800:2000:104:02;
            priority 100;
            preempt;
        }
        vrrp-inet6-group 105 {
            virtual-inet6-address 2620:0100:6000:0216::2;
            virtual-link-local-address fe80::0800:2000:105:02;
            priority 200;
            preempt;
        }
    }
    address fe80::0800:2000:0020:0002/64;
}

Output of show vrrp summary (BR1)

vlan.20 up      8     master             Active            lcl 199.47.216.67
                                                                               vip 199.47.216.65
vlan.20 up      9     backup            Active lcl 199.47.216.67
                                                                               vip 199.47.216.66
vlan.20 up      104   master              Active lcl 2620:100:6000:216::3
                                                                           vip fe80::800:2000:104:1
                                                                           vip 2620:100:6000:216::1
vlan.20 up      105   master            Active lcl 2620:100:6000:216::3
                                                                          vip fe80::800:2000:105:1
                                                                          vip 2620:100:6000:216::2

Output of show vrrp summary (BR2)

vlan.20 up    8      backup      Active lcl 199.47.216.68
                                                        vip 199.47.216.65
vlan.20 up    9      master      Active lcl 199.47.216.68
                                                      vip 199.47.216.66
vlan.20 up 104     master     Active lcl 2620:100:6000:216::4
                                                      vip fe80::800:2000:104:1
                                                      vip 2620:100:6000:216::2
vlan.20 up 105     master      Active lcl 2620:100:6000:216::4
                                                     vip fe80::800:2000:105:2
                                                     vip 2620:100:6000:216::2

VRRP advertisements on VLAN 20 will work for IPv4, but not for IPv6 (as both switches show they are the primary.)

Solution:

The solution is to assign the same link local address for both the routers.

BR1 - border router 1:

user@host-br01> show configuration interfaces vlan unit 20
family inet {
    address 199.47.216.67/26 {
        vrrp-group 8 {
            virtual-address 199.47.216.65;
            priority 200;
            preempt;
        }
        vrrp-group 9 {
            virtual-address 199.47.216.66;
            priority 100;
        }
    }
}
family inet6 {
    address 2620:0100:6000:0216::3/64 {
        vrrp-inet6-group 104 {
            virtual-inet6-address 2620:0100:6000:0216::1;
            virtual-link-local-address fe80::0800:2000:104:01;
            priority 200;
            preempt;
        }
        vrrp-inet6-group 105 {
            virtual-inet6-address 2620:0100:6000:0216::2;
            virtual-link-local-address fe80::0800:2000:105:01;
            priority 100;
            preempt;
        }
    }
    address fe80::0800:2000:0020:0001/64;
}

BR2 - border router #2

user@host-br02> show configuration interfaces vlan unit 20
family inet {
    address 199.47.216.68/26 {
        vrrp-group 8 {
            virtual-address 199.47.216.65;
            priority 100;
            preempt;
        }
        vrrp-group 9 {
            virtual-address 199.47.216.66;
            priority 200;
        }
    }
}
family inet6 {
    address 2620:0100:6000:0216::4/64 {
        vrrp-inet6-group 104 {
            virtual-inet6-address 2620:0100:6000:0216::1;
            virtual-link-local-address fe80::0800:2000:104:01;
            priority 100;
            preempt;
        }
        vrrp-inet6-group 105 {
            virtual-inet6-address 2620:0100:6000:0216::2;
            virtual-link-local-address fe80::0800:2000:105:01;
            priority 200;
            preempt;
        }
    }
    address fe80::0800:2000:0020:0002/64;
}

Output of show vrrp summary (BR1)


vlan.20 up      8      master         Active lcl 199.47.216.67
                                                             vip 199.47.216.65
vlan.20 up      9      backup         Active lcl 199.47.216.67
                                                             vip 199.47.216.66
vlan.20 up     104     backup          Active lcl 2620:100:6000:216::3
                                                             vip fe80::800:2000:104:1
                                                             vip 2620:100:6000:216::1
vlan.20 up     105     backup          Active lcl 2620:100:6000:216::3
                                                             vip fe80::800:2000:105:1
                                                             vip 2620:100:6000:216::2

Output of show vrrp summary (BR2)

 
vlan.20 up   8       backup              Active lcl 199.47.216.68
                                                            vip 199.47.216.65
vlan.20 up   9       master             Active lcl 199.47.216.68
                                                            vip 199.47.216.66
vlan.20 up 104       master             Active lcl 2620:100:6000:216::4
                                                            vip fe80::800:2000:104:1
                                                            vip 2620:100:6000:216::1
vlan.20 up  105      master           Active lcl 2620:100:6000:216::4
                                                            vip fe80::800:2000:105:1
                                                            vip 2620:100:6000:216::2
Modification History:

2021-04-06: Updated the article terminology to align with Juniper's Inclusion & Diversity initiative

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search