Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring an Interface to Accept All Packets Destined for the Virtual IP Address of a VRRP Group

    In VRRP implementations where the router acting as the master router is not the IP address owner—the IP address owner is the router that has the interface whose actual IP address is used as the virtual router’s IP address (virtual IP address)— the master router accepts only the ARP packets from the packets that are sent to the virtual IP address. Junos OS enables you to override this limitation with the help of the accept-data configuration. When the accept-data statement is included in the configuration, the master router accepts all packets sent to the virtual IP address even when the master router is not the IP address owner.

    Note: If the master router is the IP address owner or has its priority set to 255, the master router, by default, accepts all packets addressed to the virtual IP address. In such cases, the accept-data configuration is not required.

    To configure an interface to accept all packets sent to the virtual IP address, include the accept-data statement:

    You can include this statement at the following hierarchy levels:

    • [edit interfaces interface-name unit logical-unit-number family (inet | inet6) address address (vrrp-group | vrrp-inet6-group) group-id]
    • [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number family (Inet | inet6) address address (vrrp-group | vrrp-inet6-group) group-id]

    To prevent a master router that is the IP address owner or has its priority set to 255 from accepting packets other than the ARP packets addressed to the virtual IP address, include the no-accept-data statement:

    Note:

    • If you want to restrict the incoming IP packets to ICMP packets only, you must configure firewall filters to accept only ICMP packets.
    • If you include the accept-data statement, your routing platform configuration does not comply with RFC 3768 (see section 6.4.3 of RFC 3768, Virtual Router Redundancy Protocol (VRRP).

    Modified: 2014-09-19