headers
Changming Liu | 1 Feb 2005 01:03
Favicon

do we need number of retries in VRRP3?

Hi all,

 

Although I’m quite familiar with VRRPv2 but new to VRRPv3 because there is no such demand till recently. We had implemented VRRP like protocol in our product for long time and have added lots of enhancements to the basic protocol.  VRRP is a simple protocol working well for a simple network topology, which it is designed for. But it has some significant drawbacks in any production network with some level of complexity.  

 

After reading the draft <draft-ietf-vrrp-ipv6-spec-07.txt>, I have some questions and post here one by one hoping they can get answered.  

 

1)       The draft changes the advertisement interval from unit of second in VRRPv2 to centi-second. This is great improvement. Thanks for the change. One of the big operation issues with VRRPv2 is the minimum 3 seconds fail-over time while our customers are asking sub-second failover. But the operational experience tells us that if we shorten the interval (say 200ms), we may want to increase the number of retries (say from 3 to 4 or even 5) to compensate the potential delay or loss. So the fixed retry of 3 times (as defined in master_down_time) sometimes may not be good. Is it possible to use the 4-bit rsvd field to carry this info?   

2)       In section 6.4.3 it states the master

-        MUST respond to ND Router Solicitation message for the virtualBut in section 6.4.2 it does not state the backup-        MUST NOT respond to ND Router Solicitation message for the virtual Has the author left that out for any good reason? Otherwise, developers may get confused because everything else is kind of opposite in the two sections. 3) In section 7.4 for the interface ID, there is one restriction about using the virtual MAC to derive the interface ID. But it dose not state the reason. I was thinking exactly to derive the interface ID from the VMAC. This is to leave the interface ID derived in the normal manner for addresses of local management. What is the harm of this approach?  Thanks in advance.

 

 

Changming Liu

 

 

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Changming Liu | 1 Feb 2005 01:20
Favicon

address Owner exception in preempt mode

The other question I have for VRRP is the exception in the preempt_mode. Does anybody know the background about this exception? It creates some confusions for the customers, especially where they don’t want minimum service interruption. Whenever the address owner comes up, it will always pre-empt and thus interrupt the service. So in VRRPv3, should we remove such an exception?  

 

 

Changming

 

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Changming Liu | 1 Feb 2005 02:15
Favicon

Accept_mode and preempt timer

VRRPv3 draft adds an accept mode, which I think is a very good thing although it is a local matter to each router.

 

Following the same line, should we also add a “preempt timer” in the timer section? What happens is like this. When a backup comes up (or just recovers from some partial failure) and assumes the preempt is enabled or it has higher priority now (due to either recovered failure or initial configured value), it does not become master right away. It holds for certain time before it pre-empts. It is a very useful feature and have been asked a lot.  By the current spec, the interval for preempt timer is the master_down_interval. It will be good if this is configurable and documented in the spec so that all the routers can do it in the same way. One of the potential workarounds is to hold the user configured preempt interval before declaring the backup up to the VRRP engine. It works but not clean. It may also have interoperability issues with routers implemented in different way.

 

Thanks.

 

Changming

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Changming Liu | 2 Feb 2005 20:02
Favicon

out-of-band VRRP advertisement messages

Do we see a need for OOB channel/link VRRP advertisement messages? The current draft, like the VRRPv2, still assumes that the message is sent out of the interface which VRRP is enabled. This is generally true assumption. But in case of a DOS attack or under heavy volume of traffic, the Advertisement message may get lost. This will caused what our customer described as “split brain syndrome”: both routers become active the same time.

 

This is the same issue with routing protocol, like OSPF and BGP. Alex has a draft to deal with this situation for oob routing. For VRRP, because devices may have dedicated HA links. This will make this situation relatively easily to deal with. Only some minor modification is need to the current draft in order to make this work. Anyone is interested in working in this area?

 

Thanks.

 

Changming Liu

 

Juniper Networks

1194 N. Mathilda Ave.

Sunnyvale, CA 94089-1213

Http: www.juniper.net

Tel:  (408) 936-8010

 

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Nikhil Utane | 11 Feb 2005 08:02
Favicon

VRRP-OSPF Interoperability

Hi All,

 

Is there any need to carry out VRRP-OSPF Interoperability testing, such that one protocol does that cause any unexpected behavior in the other?

I have been doing some searching on the net but could not find anything conclusive.

 

Has anyone attempted something of this sort?

 

-Thanks and Regards

Nikhil

 

"This mail was sent with 100% recycled electrons"

 

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 3 comments |
headers
Don Provan | 11 Feb 2005 18:58
Favicon

RE: VRRP-OSPF Interoperability

From Nikhil Utane
>Is there any need to carry out VRRP-OSPF Interoperability testing,
>such that one protocol does that cause any unexpected behavior in the other?
>I have been doing some searching on the net but could not find anything conclusive.

My claim would be that neither protocol should have any effect
on the other, and that OSPF should never ever reference a VR
IP address. Is anyone trying to play around with OSPF identity
by "running" OSPF on a virtual router (as opposed running it
separately on each physical router)? I concluded that was a
logical dead end, but, then, I don't actually have any real
life OSPF networks I have to deal with.
-don
_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 2 comments |
headers
Jeffrey Haas | 10 Feb 2005 15:48

Re: VRRP-OSPF Interoperability

On Tue, Apr 01, 1975 at 06:13:24AM -0800, Don Provan wrote:
> From Nikhil Utane
> >Is there any need to carry out VRRP-OSPF Interoperability testing,
> >such that one protocol does that cause any unexpected behavior in the other?
> >I have been doing some searching on the net but could not find anything conclusive.
> 
> My claim would be that neither protocol should have any effect
> on the other, and that OSPF should never ever reference a VR
> IP address.

These are two somewhat conflicting statements. :-)

I'll offer some food for thought:

What happens when you run ospf in your implementation on an interface
that contains VRs? 

What hapens if you were to configure OSPF such that it uses a VR
address?  (This is different than "should you".)

Given that OSPF is uses layer-3 transport and can be configured
in a non-multicast environment (as could RIP), what happens if you
use the VR address as the target of your adjacency?

Many of these would fall into a section that's unwritten in many manuals
called "Things you could do, but probably shouldn't."  While testing
the interop of these "shouldn't do" situations, you'll probably fine
that the results are unexpected and provide some entertaining fault
scenarios for OSPF. :-)

--

-- 
Jeff Haas 
NextHop Technologies

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 1 comment |
headers
Changming Liu | 11 Feb 2005 22:03
Favicon

RE: VRRP-OSPF Interoperability

Normally they don’t run on the same interface. But if they do, for active-passive configuration, it usually works fine. But to support active-active (2 VRIDs), OSPF need some special handlings in this code to make this work. So don’t expect OSPF out of box without that special handling will work.

 

That is just our experience in dealing with this situation in the past several years. Hope it helps.

 

Changming

 

-----Original Message-----
From: vrrp-bounces <at> ietf.org [mailto:vrrp-bounces <at> ietf.org] On Behalf Of Nikhil Utane
Sent: Thursday, February 10, 2005 11:02 PM
To: vrrp <at> ietf.org
Subject: [VRRP] VRRP-OSPF Interoperability

 

Hi All,

 

Is there any need to carry out VRRP-OSPF Interoperability testing, such that one protocol does that cause any unexpected behavior in the other?

I have been doing some searching on the net but could not find anything conclusive.

 

Has anyone attempted something of this sort?

 

-Thanks and Regards

Nikhil

 

"This mail was sent with 100% recycled electrons"

 

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Don Provan | 12 Feb 2005 00:02
Favicon

RE: VRRP-OSPF Interoperability

> > My claim would be that neither protocol should have any effect
> > on the other, and that OSPF should never ever reference a VR
> > IP address.
> 
> These are two somewhat conflicting statements. :-)

Sorry, I don't even think about the possibility of the VR address
being a node's only address on a network. That causes so many odd
cases, my implementation doesn't even support it any more. So, my
thinking went, of *course* the router has another IP address, so
it should use that other address and never its shared address. I
momentarily forgot that the spec is written as if the router will
run with only the VR address.

Anyway, my vaguely expressed concern was exactly what you so much
more clearly described in detail, so thanks. The important
observation, in my mind, is that VRRP is designed to help end
nodes on a multicast medium recover from router failures while
OSPF already helps routers adjust to router failures, so putting
yourself in a position where one node is being helped in both ways
at the same time is almost never going to be good, and may result
in an unspecified catastrophe.
-don
_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Biju Mammen | 12 Feb 2005 03:45

MAC address of packets sourced by a router

 

This probably is an implementation question but I am trying to leverage

the experience of a community here.

 

Let’s say, in an implementation, the Ethernet  interface on which one runs the VRRP has become the the master for

2 different VRs.

 

Now, if my understanding is correct, for egress packets coming out of the said interface,

the source MAC address has to be  set to the Virtual MAC (as it is in MASTER mode)

But, unfortunately, it now has to serve the master role for 2 different Virtual Routers.

a)Which Virtual MAC address should it use as the source MAC address for packets flowing out of the interface.

 

b) If the said router is sourcing IP packets and they are flowing out of the said interface.

Which source MAC address should be used?

The original HW address or any one of the virtual MAC addresses arbitrarily picked up?

 

                       

  |  IP1/VMAC1 |+---------------------+

  |==========| OIP/OMAC       |

  |  IP2/VMAC2 |                        |

  |                    |+---------------------+

    

 

OIP-Original IP

OMAC-Original MAC/Original HW address

 

IP1-IP1 for which it serves as the master

IP2-IP2 for which it serves the master role

 

VMAC1-Virtual MAC for IP1

VMAC2-Virtual MAC for IP2

 

 

Thanks in advance

Biju

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 2 comments |

Gmane