Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

MX Series Router Cloud CPE VRRP Services Overview

Traditionally, the Virtual Router Redundancy Protocol (VRRP) is configured between two Layer 3 CPEs to provide redundancy. VRRP monitors the access link state and triggers a redundancy switch when an access link becomes unavailable. When you transition the subscriber to CCPE services, you replace the Layer 3 CPE with a Layer 2 CPE, and VRRP is not applicable to the CPE. Instead, you run VRRP between cloud CPEs, which exist in two MX Series routers. VRRP is configured on the IRB interface of the cloud CPE context and monitors the state of the access links to the cCPE subscriber. A virtual IP address, which is the gateway address of the cCPE LAN, is maintained by VRRP. When one link is down, VRRP switches the virtual address to the other cCPE to maintain connectivity.

Figure 1: MX Series Router Cloud CPE VRRP ServiceMX Series Router Cloud CPE VRRP Service

Figure 1 shows the scenario of running VRRP between two Layer 2 CPEs running cCPE services in two MX Series routers. Each VRRP instance monitors a Layer 2 access link connected to the cCPE.

The VRRP routing platforms share the IP address corresponding to the default gateway configured on the hosts. At any time, one of the VRRP routing platforms is the primary (active) and the other is the backup. If the primary router fails, the backup PE router becomes the new active router, providing a virtual default routing platform and allowing traffic on the LAN to be routed without relying on a single routing platform. With VRRP, a backup router can take over a failed default router in less than 1 second. This is done with minimum VRRP traffic and without any interaction with the hosts.

VRRP instances use multicast to communicate with each other. The two cCPEs are interconnected through two access links and two Layer 2 CPEs so that VRRP messages can be exchanged bby means of this path. If the link between the two Layer 2 CPEs is disconnected, it creates a split-brain situation, so both VRRP instances assume the primary role. In this scenario, virtual IP address exist on both cCPEs.

If there is no aggregation switch between the Layer 2 CPE and PE router, VRRP can monitor the link state of the access link and initiate a redundancy switch if the primary access link goes down.

However, if there is an aggregation switch between the Layer 2 CPE and PE router, the link state is not sufficient to detect connectivity issues. In this case, you can use dynamic routing between the PE router and the subscriber’s network, which enables VRRP to monitor access link connectivity by monitoring the routing protocol. If there is no dynamic routing but the Layer 2 CPE supports 802.1ag (Ethernet OAM Connectivity Fault Management), you can use CFM in the MX Series router to monitor connectivity between the router and Layer 2 CPE. For example, you can configure an action profile, that shuts down the subscriber-facing Layer 2 interface, under CFM in case of connectivity issues. When the CFM session detects an issue and invokes the action profile to shut down the subscriber-facing Layer 2 interface in the PE router, it triggers VRRP switching redundancy.

Running Multiple VRRP Groups in Multiple Subnets with MX Series Router Cloud CPE Services (Load Sharing)

In Figure 1, there is only one virtual address for the cCPE subscriber. At any time, only one access link is used because traffic from the subscriber flows only through the access link connected to the active/primary VRRP at the time. To support load sharing, you need to split subscriber LAN traffic into two subnets by configuring one VRRP group and one virtual IP address for each subnet. One cCPE has a higher priority than the other cCPE in one VRRP group but lower priority in the other VRRP group. So, when both subscriber access links are available, one virtual IP address exists in one cCPE and the other virtual IP address is in the other cCPE. Traffic from hosts in one subnet flows through the access link connected to the CCPE with the virtual IP address, which is the default gateway for the subnet, so both links are used. When one access link is down, both virtual addresses are moved to the same CCPE so connectivity is maintained.

Running Multiple VRRP Groups in a Single Subnet with MX Series Router Cloud CPE Services (Load Sharing)

You can configure two VRRP groups in a single subnet to achieve load sharing. Each VRRP group has one virtual address. Hosts on the subscriber network are split into two groups: Each group uses one virtual address as the default gateway. Similar to Figure 1, you split the primary devices of the VRRP groups into two PE routers to divide outgoing traffic to different access links. For return traffic or incoming traffic, there are two routes through the two PE routers in the core network. By default, when there are multiple equal-cost paths to the same destination for the active route, the Junos OS uses a hash algorithm to choose one of the next-hop addresses to install in the forwarding table. You can also configure the Junos OS to do per-packet or per-flow load balancing across multiple paths.

VRRP with Ethernet OAM Monitoring the Subscriber Access Link

If there are aggregation switches between the Layer 2 CPEs and PE routers, link state is not sufficient to detect connectivity issues. If the Layer 2 CPE supports 802.1ag Ethernet OAM Connectivity Fault Management (CFM), you can use Ethernet CFM in the MX Series router to monitor connectivity between the router and the Layer 2 CPE. The Ethernet CFM session between the PE router and the Layer 2 CPE exchange heartbeat messages to monitor the connectivity to the remote peer. Junos OS enables you to configure an action profile in CFM, which is invoked when the CFM session detects a connectivity issue. One of the actions you can invoke in an action profile is “interface down,” which brings down the logical interface the CFM session is running on. You can use the “interface down” action in a CFM session in the PE router to shutdown the subscriber-facing VLAN interface when CFM detects a connection loss to the remote Layer 2 CPE. This will further trigger a VRRP redundancy switch. After the connection issue is resolved, CFM automatically brings up the interface. Depending on your VRRP configuration, redundancy can be switched back again.