VRRP & Hold Down Routes - cause routing issues on LAN

pkapoor · ‎06-13-2005

I have VRRP configured between 2 CVPN 3030 Concentrators. The failover works fine.

I have RIPv2 enabled on my LAN's internal router. The Concentrators have RIP enabled on the Private interfaces too.

The concentrators have been configured with manually inserted Hold Down Routes. We see that both concentrators in the VRRP pair advertise their routes to the internal router. This causes a routing conflict as the router discovers routes and starts directing traffic to the Private interface of the Backup Concentrator.

One would think that the Backup concentrator should not be taking part in the route advertisement process while it is a Backup. Just the Master should advertise routes. However, we don't find this to be the case.

Has anyone any ideas on how we can rectify the issue and/or has experienced the issue before?

Thanks.

didyap · ‎06-17-2005

The Virtual Router Redundancy Protocol (VRRP) is designed to eliminate the single point of failure inherent in the static default routed environment. So It would be better to configure a static route instead of RIP.

pkapoor · ‎06-17-2005

Thanks for your repsonse. Yes, that is what we'd want to do.

However, even if we use static routes on the concentrators, the concentrators would advertise the routing table to the internal router and cause the same issue.

The problem is that in a failover pair, one would assume that the backup device would not do any talking at all. It does not seem to be the case with VRRP on the concentrator.

We have a work around. We're going to use static routes on our internal router and turn off routing completely on the concentrators (if that is what you meant in your answer). We'll leave the router to do its job - routing. We'll leave the concentrators to do their job - terminating VPN tunnels.