Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[J/SRX] How to delay VRRP primary role failover when a tracked interface goes down

0

0

Article ID: KB28774 KB Last Updated: 30 Mar 2021Version: 2.0
Summary:

This article explains how to make the Virtual Router Redundancy Protocol (VRRP) primary router delay the lower priority announcement when a tracked interface goes down.

Symptoms:

The configurations below on router-6 and router-4 show the issue:

router-6:

root@router-6# show interfaces fe-0/0/0
unit 0 {
    family inet {
        address 192.168.1.1/24 {
            vrrp-group 141 {
                virtual-address 192.168.1.2;
                priority 250;
                preempt {
                    hold-time 300;
                }
                accept-data;
                track {
                    interface fe-0/0/1.0 {
                        priority-cost 50;
                    }
                }
            }
        }
    }
}


router-4:

root@router-4# show interfaces fe-0/0/0
unit 0 {
    family inet {
        address 192.168.1.3/24 {
            vrrp-group 141 {
                virtual-address 192.168.1.2;
                priority 210;
                preempt {
                    hold-time 300;
                }
                accept-data;
                track {
                    interface fe-0/0/5.0 {
                        priority-cost 50;
                    }
                }
            }
        }
    }
}


Normally, VRRP primary role is attained by router-6 because it has higher VRRP group priority.

When the fe-0/0/1 interface (which is monitored by router-6) goes down, VRRP primary role changes, as router-6 will announce a lower priority (250-50).

The goal here is to delay the announcement of new priority, so the VRRP primary role change is delayed.

Cause:

The preempt hold time as configured above only holds state, due to preemption. When a track interface goes down, and you want the primary to keep the current state for a period of time, you must configure the tracking interface priority-hold-time.

Solution:

The sample configuration below tracks interface priority hold time for 300 seconds:

root@router-6# show interfaces fe-0/0/0
unit 0 {
    family inet {
        address 192.168.1.1/24 {
            vrrp-group 141 {
                virtual-address 192.168.1.2;
                priority 250;
                preempt {
                    hold-time 300;
                }
                accept-data;
                track {
                    priority-hold-time 300;
                    interface fe-0/0/1.0 {
                        priority-cost 50;
                    }
                }
            }
        }
    }
}


Now, when the fe-0/0/1 interface goes down, the router-6 will wait for 300 seconds before announcing its lower priority of 200, as shown below:

root@router-6# run show vrrp detail
Physical interface: fe-0/0/0, Unit: 0, Address: 192.168.1.1/24
  Index: 71, SNMP ifIndex: 589, VRRP-Traps: enabled
  Interface state: up, Group: 141, State: master, VRRP Mode: Active <------ Still primary
  Priority: 250, Advertisement interval: 1, Authentication type: none
  Advertisement threshold: 3, Delay threshold: 100, Computed send rate: 0
  Preempt: yes, Preempt hold time: 300
  Accept-data mode: yes, VIP count: 1, VIP: 192.168.1.2
  Advertisement Timer: 0.284s, Master router: 192.168.1.1
  Virtual router uptime: 00:16:41, Master router uptime: 00:08:27
  Virtual Mac: 00:00:5e:00:01:8d
  Tracking: enabled
    Current priority: 250, Configured priority: 250
    Priority hold time: 300, Remaining: 280.176, Pending priority: 200 <------ 280.176s remaining before announcing pending priority of 200
    Interface tracking: enabled, Interface count: 1
      Interface     Int state   Int speed   Incurred priority cost
      fe-0/0/1.0    down                0                      50
    Route tracking: disabled
Modification History:
2021-03-24: Updated the article terminology to align with Juniper's Inclusion & Diversity initiatives.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search