Hey guys, I just setup VRRP on my wireless network. The setup was easy and most everything seems to work fine. However, I'm trying to figure out a very odd problem. When I do a tracert, I don't see the virtual IP, I always see the master router's IP. This seems to be screwing me up.

1. I do a traceroute and get the master IP
2. I take down the master router (with a reboot)
3. The backup takes over and my traceroute shows the IP of the backup
4. The master router comes back up and takes back over as the master vrrp router
5. my traceroutes remain the same, still showing the backup router.
6. I take down the backup router (with a reboot) as it is now just running in the backup role.
7. I can't get anywhere and my traceroute is still trying to go to the backup IP!!
8. I clear my computer's arp table (arp -d *).
9. Now everything works fine.

Any ideas here? Sometimes the first traceroute actually shows the Virtual IP, but when it fails to the backup, it ALWAYS shows the router's IP. After more research it really only seems to happen consistently if I do a traceroute. Any comments or suggestions would be helpful. I really want a traceroute to ALWAYS show the vrrp address.

UPDATE:

It seems to happen no matter what I do, even if I don't do a traceroute.
1. Kill the master, let it reboot.
2. Fails to backup.
3. Master comes back up, takes over master role.
4. Reboot backup.
5. My computer can't get outside, it is still looking for the secondary IP even through it's gateway is the virtual address. Connectivity is only restored when the backup router comes backup (even though it is still in backup role!) or if I clear my machine's arp table (arp -d *). Any ideas here?

What OS does the client have?

It does'nt seem to matter, WinXPsp2, Win2003. The more I look at this, the more it looks like an arp problem. I need to get some packet captures so I can see what really happens.

When the VRRP nodes failover, they send Gratuitous ARP requests that according to the standard should change ARP tables of the clients received such acknowledgements. The observed behaviour shows the clients are not receiving and/or processing correctly the acknowledgements.

Is embedded (or any other) firewall enabled on these OSs?

Basically, behind the vrrp interfaces is a Waverider Access-Point, on the otherside of that is my computer. Both the AP and SU are bridges, not routers. Perhaps they are not passing those arp packets.. There may be an issue.. hmm..

okay, now I have a new problem. it appears that cisco routers (2600) also ignore gratitous arp packets. If most other network devices ignore these packets, then what use is vrrp?

Maybe you can turn the Gratuitous ARP on or something on the Cisco?

The Gratuitous ARP (i.e. an ARP reply to what a valid ARP request has not been sent) support is part of the standard protocol, so not supporting or ignoring it means violating the standard -> the device is simply broken. Try connecting a WinXP PC directly to the VRRP group and see what happens.

lastguru,

I've got another VRRP issue, I'm using src-nat masquerading to let my wireless customers out to the internet. I want the outside vrrp address to be the one that they get src-nat'ted through. does that make any sense? I've tried setting the to-src-address=205.162.25.125, but it does'nt seem to work. Website always report the router's seondary (or real) address. Any ideas here?

Could you please post an extract of configuration? I need addresses, routes, src-nat and vrrp config of both routers...

nevermind, I got it. I looks like I needed to specify the action="nat" instead of 'masquerade'. Thanks for the help. I'm still trying to solve the gratitous arp problem.