Friday, August 14, 2020

VRRP Failover Speed

Hello, I was recently informed by a customer of ours that during a VRRP test they were seeing up to 45 seconds for the VRRP failover to complete. I believe he was doing simple ping testing to determine this. With this information I used a pair of ports on our Juniper EX4550's on the same devices in the same setup to verify this. To my surprise, I did have similar results. The first failover from master to backup was around 1-2 seconds nearly every time. But the fail back from the new master VRRP back to the new backup when the interface is brought back up usually took between 15 seconds and up to 1 minute 10 seconds for a ping to come back. These times are to the end device not the VRRP interfaces. The VRRP backup interface itself took about 20 seconds to come back up which is still way to long.

I've read about improving convergence of VRRP with removing the skew timer and delegrate process change. Before I take a maintenance to change these I wonder if anyone else has changed these and what improvements were seen. Based on the speeds I'm seeing I don't see how it can dramatically improve the failback speed.

https://www.juniper.net/documentation/en_US/junos/topics/concept/vrrp-convergence-time-improving.htm...

Things I have tried is changing the interface to fast-interval 100ms with 3 misses before it fails over.

To cause the failover I just disabled and enabled on the master and running a ping every 1 second to the VIP, backup VRRP IP, and end device WAN IP.

Devices in the setup 2 EX4550's connected to a L2 switch which has a firewall attached to the L2 switch with the device WAN IP I'm pinging.

VRRP setup with 1 IP on the master and VIP is the same as that IP then the backup VRRP has its own IP.



No comments:

Post a Comment