Your best bet is probably to write an "event-script" that looks for VRRP fail-over, and then changes the OSPF metric for the interface.
> So, I've got 2 J6350s in full flow-mode guise on 11.4, but not a cluster. > I am trying to use VRRP for some HA though. > Because they're both "on" the same network segment they both announce > that prefix into OSPF, and that's causing me a problem. > If a TCP session arrives via J1 and J2 is the VRRP master, J2 will drop/reject > the SYN-ACK as it didn't deal with the SYN. > > Now I know I could set "flow tcp-session no-syn-check" to effectively ignore > the problem, or given suitable amounts of interest/time/effort we could > probably cluster the 2 devices (different Colo providers in the same > building), > or even use some creativity with static routes (urgh) to bypass OSPF entirely, > but I'm hoping there is some magic OSPF/VRRP knob I haven't been able to > find yet that will alter the OSPF metric for a logical interface based on the > VRRP state. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
