Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring an Interface to Accept All Packets Destined for the Virtual IP Address of a VRRP Group

 

In VRRP implementations where the router acting as the primary router is not the IP address owner—the IP address owner is the router that has the interface whose actual IP address is used as the virtual router’s IP address (virtual IP address)— the primary router accepts only the ARP packets from the packets that are sent to the virtual IP address. Junos OS enables you to override this limitation with the help of the accept-data configuration. When the accept-data statement is included in the configuration, the primary router accepts all packets sent to the virtual IP address even when the primary router is not the IP address owner.

Note

If the primary router is the IP address owner or has its priority set to 255, the primary router, by default, accepts all packets addressed to the virtual IP address. In such cases, the accept-data configuration is not required.

To configure an interface to accept all packets sent to the virtual IP address, include the accept-data statement:

You can include this statement at the following hierarchy levels:

  • [edit interfaces interface-name unit logical-unit-number family (inet | inet6) address address (vrrp-group | vrrp-inet6-group) group-id]

  • [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number family (Inet | inet6) address address (vrrp-group | vrrp-inet6-group) group-id]

To prevent a primary router that is the IP address owner or has its priority set to 255 from accepting packets other than the ARP packets addressed to the virtual IP address, include the no-accept-data statement:

Note
  • If you want to restrict the incoming IP packets to ICMP packets only, you must configure firewall filters to accept only ICMP packets.

  • If you include the accept-data statement, your routing platform configuration does not comply with RFC 3768 (see section 6.4.3 of RFC 3768, Virtual Router Redundancy Protocol (VRRP).