History
The current RFC for VRRPv2 (Virtual Router Redundancy Protocol) is 2338. It stipulates using either RIPv2 or OSPF. Unfortunately the Check Point state table is unable to update as fast as OSPF can converge. This can potentially result in two issues: asymmetrical routing and/or dropped sessions in the case of a failover.

As a result, Nokia introduced VRRP Monitored Circuit (VRRPmc). If one interface on a Nokia device fails, they are all shut down and fail over to the slave device.

An issue that can arise if using VRRPmc (high availability failover), and OSPF in conjunction is that VRRP addresses are not injected into OSPF. Trying to route the traffic directly to the IP addresses of the physical interfaces instead of through the respective VRRP addresses does not work.

Response

The only way to overcome this issue is to run a script on the Nokia GWs that will facilitate in injecting the VRRP IP addresses into OSPF.  Although a Nokia script, it is untested on the latest release of the Nokia IPSO platform (3.3), and unsupported.

Summary of VRRP:

VRRPv2

– Backup of router interface address (real IP address)
– When in master mode responds to ICMP echo
– Requires use of routing protocol to recover from single interface failure
– Cannot track other interface’s (whether up or down)

VRRP Monitored circuit

– Uses a virtual IP address (not real address)
– VRRP IP can be configured to respond to ICMP echo request

–       Generally used with static routes (not additional routing protocols)
– Can track multiple interfaces (whether up or down)

#!/bin/sh

# (C)2000 Nokia, All Rights Reserved

# This script is designed to affect OSPF when VRRP fails over. It has

# received minimal testing under pre-release versions of IPSO 3.3, though

# it should work under IPSO 3.2.x. This script may not work at all for you.

# It is provided as-is without warranty, expressed or implied. Use at your

# own risk, etc.

#

# This script is designed to run continuously on the primary node of

# a pair of Nokia Application Platforms running VRRP Monitored Circuits

# and OSPF. It could potentially be modified to work with RIP, but RIP

# has a really slow convergence time so there’s really no point.

#

# To use the script, modify the following two variables to include the

# interfaces on which VRRP is active as well as the OSPF Areas that

# the system is participcating in. If you are using the backbone area,

# specify it as “backbone”.

INTERFACES=”eth-s1p1 eth-s1p3″

OSPFAREAS=”29 backbone”

# We will assume we are okay at first.

ok=1

while [ 1 ];

do

# Initialize some variables we will use in the loop

numifs=1

okifs=1

# Debug info

#date

# We determine an interface is okay by determining if it has a VRRP MAC

# address. If it does not have a VRRP MAC address, it can be said to be

# not OK.

for X in $INTERFACES

do

numifs=`/bin/expr $numifs + 1`

ifconfig $X | grep 0:0:5e:0:1: > /dev/null 2>&1

if [ $? -eq 0 ]; then

okifs=`/bin/expr $okifs + 1`

#echo “$X is okay”

else

#echo “$X is not okay”

fi

done

# If the number of “OK” interfaces matches the number of VRRP interfaces

# then we are now OK and should turn back on OSPF.

if [ $numifs -ne $okifs -a $ok -eq 0 ]; then

#echo “VRRP is okay, resuming OSPF”

for X in `echo $OSPFAREAS`

do

/bin/dbset ipsrd:ospf2:area:$X t

done

ok = 1
<
/h4>

fi

# If the number of OK interfaces does not match the number of VRRP interfaces

# then we are not OK and should turn off OSPF.

if [ $numifs -ne $okifs -a $ok -eq 1 ]; then

#echo “VRRP is NOT okay, killing OSPF”

for X in `echo $OSPFAREAS`

do

/bin/dbset ipsrd:ospf2:area:$X

done

ok = 0

fi

# Now we sleep and try again

sleep 1

done

www.bestitdocuments.com