[Insider Sharing] Secondary ip address conflict solved via VRRP tweak

Created Feb 03, 2014 20:56:41Latest reply Apr 22, 2018 23:32:43 3243 2 0 0

You want to upgrade your network infrastructure but, unfortunately, this means shutting down the old devices and replacing them with some new gear. You are aware that you cannot just tell your customers to take a one day break from the services they pay you for, so how to get out of this situation?

To make matters even worse, you have a few customer services on Vlan 100 so it’s a disaster if, suddenly, one of your gateways in vlan 100 goes offline, even for a couple of minutes.

I know that at this point you’re thinking, no problem I can just configure that gateway on a redundant equipment as a secondary ip address. What you didn’t know is that your  AR1200VW router  doesn’t support configuring a secondary ip address from the same range on Vlanif 100 interface. I tried it so please refer to the CLI output below:

#

[AR-Vlanif12]ip add 12.0.0.2 24 sub                                            

Error: The specified address conflicts with another address.

#


I have the perfect solution for your issue, but before presenting the solution, to make things clear, have a look at the network design below:

The configuration of the devices is listed below:

###################################################

[AR1200]dis curr                                                                

[V200R003C01SPC900]                                                            

#                                                                              

 sysname AR1200                                                                                                                        

#                                                                              

vlan batch 100                                                                                       

#                                                                              

interface Vlanif100                                                            

 ip address 10.0.0.1 255.255.255.0                                              

 vrrp vrid 1 virtual-ip 10.0.0.2                                               

 vrrp vrid 1 timer advertise 255                                               

#

interface Ethernet0/0/1                                                        

 port link-type trunk                                                          

 port trunk allow-pass vlan 100                                                

#

#                                                                              

ip route-static 192.168.1.0 255.255.255.0 10.0.0.10                            

#                                                                                                                                                                                                                      

return             


##########################################################

[S5700-1]dis curr                                                                

!Software Version V200R003C00SPC300                                             

#                                                                              

sysname S5700-1                                                                                                                                                                                                              

#                                                                              

vlan batch 100 200                                                     

#                                                                               

interface Vlanif100                                                            

 ip address 10.0.0.10 255.255.255.0                                            

#                                                                               

interface Vlanif200                                                            

 ip address 192.168.1.1 255.255.255.0                                          

#                                                                               

interface GigabitEthernet0/0/18                                                

 port link-type trunk                                                          

 port trunk allow-pass vlan 100                                                 

#                                                                              

interface GigabitEthernet0/0/20                                                

 port link-type trunk                                                           

 port trunk allow-pass vlan 200                                                

#                                                                          

return        

########################################################         

[S57-2]dis curr                                                                

!Software Version V200R002C00SPC100                                            

#                                                                              

sysname S57-2                                                                                                                                                                                                        

#                                                                              

vlan batch 200                        

#                                                         

interface Vlanif200                                                             

 ip address 192.168.1.2 255.255.255.0                                                                                    

#                                                                              

interface GigabitEthernet0/0/1                                                  

 port link-type trunk                                                          

 port trunk allow-pass vlan 3970                                               

#                                                                               

interface GigabitEthernet0/0/20                                                

 port link-type trunk                                                          

 port trunk allow-pass vlan 200                                                                                                                                                          

#                                                                              

ip route-static 0.0.0.0 0.0.0.0 192.168.1.1                                                                                            

#                                                                              

return                                                                         

############################################################


As you can see my first step in this upgrade is to get rid of the old AR200 and replace it with a brand new device. I’m switching the AR200 to a AR1200.

Now to keep all the addresses reachable I need to  configure 10.0.0.2 address on AR-1 as a secondary ip address. Because I cannot do it by using the ip address sub command I will use VRRP. By creating a VRRP instance I can configure 10.0.0.2 as a virtual ip address.

The CLI for this operation is listed below:

#

[S77-1]vrrp vrid 1 virtual-ip 10.0.0.2

#

After this configuration I will test connectivity from my S77-1 node and as you  can and see in the following lines, everything checks out:

[S57-2]ping 10.0.0.1                                                            

  PING 10.0.0.1: 56  data bytes, press CTRL_C to break                         

    Reply from 10.0.0.1: bytes=56 Sequence=1 ttl=254 time=1 ms                 

    Reply from 10.0.0.1: bytes=56 Sequence=2 ttl=254 time=1 ms                 

    Reply from 10.0.0.1: bytes=56 Sequence=3 ttl=254 time=1 ms                 

    Reply from 10.0.0.1: bytes=56 Sequence=4 ttl=254 time=1 ms                 

    Reply from 10.0.0.1: bytes=56 Sequence=5 ttl=254 time=1 ms                 

                                                                                

  --- 10.0.0.1 ping statistics ---                                             

    5 packet(s) transmitted                                                    

    5 packet(s) received                                                        

    0.00% packet loss                                                          

    round-trip min/avg/max = 1/1/1 ms                                          

                                                                                

[S57-2]ping 10.0.0.2                                                            

  PING 10.0.0.2: 56  data bytes, press CTRL_C to break                         

    Reply from 10.0.0.2: bytes=56 Sequence=1 ttl=254 time=1 ms                 

    Reply from 10.0.0.2: bytes=56 Sequence=2 ttl=254 time=1 ms                 

    Reply from 10.0.0.2: bytes=56 Sequence=3 ttl=254 time=1 ms                 

    Reply from 10.0.0.2: bytes=56 Sequence=4 ttl=254 time=1 ms                  

    Reply from 10.0.0.2: bytes=56 Sequence=5 ttl=254 time=1 ms                 

                                                                               

  --- 10.0.0.2 ping statistics ---                                              

    5 packet(s) transmitted                                                    

    5 packet(s) received                                                       

    0.00% packet loss                                                           

round-trip min/avg/max = 1/1/1 ms  

Right about now, you may think this is not a good solution because it introduces some unwanted multicast traffic (generated by vrrp – vrrp advertise messages) in your network. To reduce this traffic to an acceptable minimum I advise configuring the vrrp advertise timer to the maximum value (255) by using the command below:

#

[S77-1] vrrp vrid 1 timer advertise 255

#

As you can see right now you have you reduced the extra multicast traffic to a bare minimum

( 1 message at every 255 seconds). On the other hand you now have a secondary ip address on your Vlanif 100 interface and are now ready for the swap.


I hope this helps you as much as it helped me!

  • x
  • convention:

Pathmaraj.V     Created Dec 23, 2014 18:13:53 Helpful(0) Helpful(0)

what is vrrp ID here is it unique or it can used for all the VLAN
  • x
  • convention:

wissal     Created Apr 22, 2018 23:32:43 Helpful(0) Helpful(0)

useful document, thanks
  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top