Configuring an Interface to Accept All Packets Destined for the Virtual IP Address of a VRRP Group
In VRRP implementations where the router acting as the
primary router is not the IP address owner—the IP address owner
is the router that has the interface whose actual IP address is used
as the virtual router’s IP address (virtual IP address)—
the primary router accepts only the ARP packets from the packets that
are sent to the virtual IP address. Junos OS enables you to override
this limitation with the help of the accept-data configuration.
When the accept-data statement is included in the configuration,
the primary router accepts all packets sent to the virtual IP address
even when the primary router is not the IP address owner.
If the primary router is the IP address owner or has its priority set to 255, the primary router, by default, accepts all packets addressed to the virtual IP address. In such cases, the accept-data configuration is not required.
To configure an interface to accept all packets sent to the
virtual IP address, include the accept-data statement:
accept-data;
You can include this statement at the following hierarchy levels:
[edit interfaces interface-name unit logical-unit-number family (inet | inet6) address address (vrrp-group | vrrp-inet6-group) group-id][edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number family (Inet | inet6) address address (vrrp-group | vrrp-inet6-group) group-id]
To prevent a primary router that is the IP address owner
or has its priority set to 255 from accepting packets other than the
ARP packets addressed to the virtual IP address, include the no-accept-data statement:
no-accept-data;
If you want to restrict the incoming IP packets to ICMP packets only, you must configure firewall filters to accept only ICMP packets.
If you include the
accept-datastatement, your routing platform configuration does not comply with RFC 3768 (see section 6.4.3 of RFC 3768, Virtual Router Redundancy Protocol (VRRP).