Wired Intelligent Edge

 View Only
last person joined: 8 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Pinging a VRRP IP

This thread has been viewed 13 times

  • 1.  Pinging a VRRP IP

    Posted May 12, 2022 01:47 PM
    I have two 6300 switches setup with VRRP

    Switch1:
    interface vlan60
    ip address 192.168.60.2/24
    ip ospf 1 area 0.0.0.0
    ip ospf passive
    vrrp 1 address-family ipv4
        address 192.168.60.1 primary
        version 3
        no preempt
        no shutdown
        exit
​

    Switch2:
    interface vlan60
    ip address 192.168.60.3/24
    ip ospf 1 area 0.0.0.0
    ip ospf passive
    vrrp 1 address-family ipv4
        address 192.168.60.1 primary
        version 3
        no preempt
        no shutdown
        exit
​


    I use the .1 virtual address as the default gateway for the subnet and everything routes as expected.  The only issue is that I'm unable to ping the .1 virtual address even though both the .2 and .3 addresses ping fine.  Is that normal or am I missing a configuration item that would enable it?  It's not critical for my setup but it seemed odd today when I was troubleshooting an issue and couldn't ping my gateway.

    ------------------------------
    David King
    ------------------------------


  • 2.  RE: Pinging a VRRP IP
    Best Answer

    EMPLOYEE
    Posted May 12, 2022 02:42 PM
    Hi David,

    According to RFC3768 https://www.ietf.org/rfc/rfc3768.txt :

    --------------------------------------------
    6.4.3. Master

    While in the {Master} state the router functions as the forwarding router for the IP address(es) associated with the virtual router.
    While in this state, a VRRP router MUST do the following:
    - MUST respond to ARP requests for the IP address(es) associated with the virtual router.
    - MUST forward packets with a destination link layer MAC address equal to the virtual router MAC address.
    - MUST NOT accept packets addressed to the IP address(es) associated with the virtual router if it is not the IP address owner.
    - MUST accept packets addressed to the IP address(es) associated with the virtual router if it is the IP address owner.
    --------------------------------------------

    So it is absolutely normal for the router to not respond to pings on VIP if VIP is not the same as the "real" interface IP address. Some vendors enable ICMP "listening" on VRRP VIP to respond for ICMP echo packets thus making our life easier :-) Some don't. Just keep in mind that VIP is not for communitaction with the router itself, it's just for transit traffic out of the network (so called 'default gateway').

    ------------------------------
    Ivan Bondar
    ------------------------------

    Original Message


  • 3.  RE: Pinging a VRRP IP

    Posted May 12, 2022 03:38 PM
    That makes sense.  Thanks!

    ------------------------------
    David King
    ------------------------------

    Original Message