Discussion:
[quagga-users 10344] VRRP with Quagga
Monali Bhattacharya
2009-02-05 11:52:38 UTC
Permalink
Hi,
i want to know whether keepalived or any other vrrp software works with the quagga router running ospf.
i've two PCs working as quagga router in Linux OS. This 2 quagga router is connected with other routers in the network through OSPF. Now as CISCO routers are having the HSRP, i want to implement the VRRP in the quagga routers.
Please guide me.

Larsen & Toubro Limited
www.larsentoubro.com

This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.
Tore Anderson
2009-02-05 12:51:17 UTC
Permalink
* Monali Bhattacharya
Post by Monali Bhattacharya
i want to know whether keepalived or any other vrrp software works
with the quagga router running ospf. i've two PCs working as quagga
router in Linux OS. This 2 quagga router is connected with other
routers in the network through OSPF. Now as CISCO routers are having
the HSRP, i want to implement the VRRP in the quagga routers.
Yes, it works with no problems. You'll just need to run OSPF in passive
mode on the interfaces controlled by keepalived, and it mostly works out
of the box.

There's a few gotchas though:

- If you intend to run a stateful firewall on the active router, you
need to remove all link-local routes to the subnet on the passive
router(s), or else you risk asymmetric traffic that can't be tracked
correctly by the firewall. I did this by using the mcast_src_ip option
in keepalived.conf to use the the loopback address of the routers, that
way the routers did not need to have static addresses on the
VRRP-controlled LAN segment for the VRRP traffic itself.

- If you use mcast_src_ip like above you'll need to disable rp_filter
for the interfaces in question, or else the kernel will discard the VRRP
announcements as being spoofed.

- If you intend to have keepalived add/remove virtual routes with a
next-hop, you'll need to use "redistribute kernel" in order for OSPF to
import them as external routes.

Regards,
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/
Monali Bhattacharya
2009-02-06 10:44:21 UTC
Permalink
Thanks , and it works also.
But i'm getting a problem there. When my Master is getting down the Backup is taking over and working fine. But after the Master again go up though the log message of master is showing that the master is enabled and the log message of backup router is showing it is transferred to the Backup form. if i'm doing trace route it is showing the backup path.
* Monali Bhattacharya
Post by Monali Bhattacharya
i want to know whether keepalived or any other vrrp software works
with the quagga router running ospf. i've two PCs working as quagga
router in Linux OS. This 2 quagga router is connected with other
routers in the network through OSPF. Now as CISCO routers are having
the HSRP, i want to implement the VRRP in the quagga routers.
Yes, it works with no problems. You'll just need to run OSPF in passive
mode on the interfaces controlled by keepalived, and it mostly works out
of the box.

There's a few gotchas though:

- If you intend to run a stateful firewall on the active router, you
need to remove all link-local routes to the subnet on the passive
router(s), or else you risk asymmetric traffic that can't be tracked
correctly by the firewall. I did this by using the mcast_src_ip option
in keepalived.conf to use the the loopback address of the routers, that
way the routers did not need to have static addresses on the
VRRP-controlled LAN segment for the VRRP traffic itself.

- If you use mcast_src_ip like above you'll need to disable rp_filter
for the interfaces in question, or else the kernel will discard the VRRP
announcements as being spoofed.

- If you intend to have keepalived add/remove virtual routes with a
next-hop, you'll need to use "redistribute kernel" in order for OSPF to
import them as external routes.

Regards,
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/

Larsen & Toubro Limited
www.larsentoubro.com

This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.
Tore Anderson
2009-02-06 10:59:32 UTC
Permalink
* Monali Bhattacharya
Post by Monali Bhattacharya
But i'm getting a problem there. When my Master is getting down the
Backup is taking over and working fine. But after the Master again go
up though the log message of master is showing that the master is
enabled and the log message of backup router is showing it is
transferred to the Backup form. if i'm doing trace route it is
showing the backup path.
There's too little information to go on here, so please provide more
details, like for instance from where are you tracerouting - iside or
outside the VRRP-handled segment? Output from "ip address list" in
normal and faulty state would be good, as well as copies of the
configuration files of Quagga and Keepalived.

Regards,
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/
Loading...