Replies: 5 comments 12 replies
-
|
In a typical FHRP group setup with two routers providing a gateway VIP to a common segment, there are three IP addresses involved. Using 192.0.2.0/24 as an example, this might be:
All three of these IPs should belong to the same VRF (or to the global table). If you have multiple VRFs, just replicate this setup for each VRF. Hope that helps! |
Beta Was this translation helpful? Give feedback.
-
I'm still struggling with this. Maybe i'm blind, but i don't think that there is any way to exactly say to which device 192.0.2.2 or 192.0.2.3 belongs in your example. Those are static router IPs, so it has to be possible to map them to a device! All i can do, is creating an interface on the device and map it to the corresponding FHRP group. So i know that one of the IPs contained in the FHRP group is the one that is staticaly set on this device. But i have no chance to find out which one it is exactly. Correct my if i'm wrong, but this is just a pretty relevant information which netbox is not able to reflect right now. If most of you agree with me, i would consider raising a feature request. A VRRP address must be assignable to a FHRP group AND a device. There is now way around that to have a correct documentation. |
Beta Was this translation helpful? Give feedback.
-
Of course.
If you search for 192.0.2.3, you'll find device2 interface d2-X only. If you search for 192.0.2.1, you'll find the FHRP group, and in turn you'll see it linked to both d1-X and d2-X.
No. The VRRP address is assigned to the FHRP group, and the FHRP group is assigned to (one or more) device interfaces. |
Beta Was this translation helpful? Give feedback.
-
|
Ok got it. So maybe the thing that irritates me is, that under the "members" section in the FHRP overview, there is no column for the IP Address. Think that would be a nice addition in order to quickly see all involved IPs
I guess it's correct that the role of the FHRP IP is "VIP" while the IPs on the devices belong to role "VRRP"? |
Beta Was this translation helpful? Give feedback.
-
|
The IP address(es) assigned to the FHRP group itself are shown in the top half of the page, and the device names/interfaces that the FHRP group are assigned to are shown in the bottom half. Therefore, I think you're asking to see some other IP addresses, not directly related to the FHRP group. These might be:
I'm guessing that what you want is (2). It is one of the columns available in the normal interface table (the interfaces tab on device). I guess the fundamental problem here is that it's not possible to customize which columns are used in this view, so there would have to be general agreement as to which columns should or should not be present here. (What about description? label? link peer?) |
Beta Was this translation helpful? Give feedback.
-
|
I would expect to see the IP that is assigned to the VLAN interface on that device which is participating in the FHRP/VRRP. So in your example:
I agree with you that the main problem seems to be, that the columns aren't customizable. Also if there are several IPs on that specific interface, the additional column should either show all IPs or there needs to be a separate property for an interface/IP that allows you to choose which IP is the primary IP for the interface. I think right now it is only possibly to declare an IP as primary IP for the device, but not for the interface. |
Beta Was this translation helpful? Give feedback.
-
|
I think the way it works is that if you were templating the config for router A interface 1 (/dcim/interfaces/12345/) you'd see the related IPs 192.0.2.1 and 192.0.2.2 but not 192.0.2.3 which is on router B, router B interface 1 (/dcim/interfaces/23456/) would be related to 192.0.2.1 and 192.0.2.3, from the IP record you can see that one is assigned to a group/cluster/HA and the other directly assigned to a device/interface.
* 192.0.2.1 - Assigned to FHRP group
* 192.0.2.2 - Assigned to router A interface 1
* 192.0.2.3 - Assigned to router B interface 1
netbox automatically creates an L3 VLAN interface on the mapped device if it doesn't exist already.
This kind of logic would be better in a Custom Script which can be coded for your particular kind of device and rules about how it should work, there is nothing built-in Netbox which is going to create an Interface database record automatically, those are either created from the Device Type/Module Type templates (with some ability to template a slot number/stack number into the interface name), manually through the UI or using a Script or API client.
If you wanted to make a Script where you could pick a Prefix and two Devices and have it auto-allocate the IPs, create the FHRP group, create the Interfaces and associate them all together then that could solve the problem the way you want.
—
Mark Tinberg ***@***.***>
Division of Information Technology-Network Services
University of Wisconsin-Madison
…________________________________
From: dasfliege ***@***.***>
Sent: Thursday, February 2, 2023 3:52 PM
To: netbox-community/netbox ***@***.***>
Cc: Subscribed ***@***.***>
Subject: Re: [netbox-community/netbox] Bind FHRP IP to a device (Discussion #11649)
Yeah exactly. But in your example and in my logic, 192.0.2.2 and 192.0.2.3 should be mappable to the FHRP as well which is not possible. If i open a FHRP group it would be nice to not only see the VRRP IP but also all the devices with their dedicated router IPs that are participating in this particular VRRP group.
If i map the router IPs to a manually created VLAN interface on each switch, i see the device as "Member" in the FHRP details page, but it is not showing the IP, which would be a useful information.
I hoped it would work like this:
I create a FHRP group
I create a VRRP IP for that group
I create all the IPs for every participating device/router as role"router" or something, define the priority and map those to a specific device
netbox automatically creates an L3 VLAN interface on the mapped device if it doesn't exist already.
That would be quite handy :-)
—
Reply to this email directly, view it on GitHub<#11649 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAS7UM5UUSFWRUYK4PEBPQ3WVQUBRANCNFSM6AAAAAAUPLIYDE>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Well i think i understand how it is meant to be in netbox, but it does not makes much sense for me. I really think it should be possible to assign an IP objects to a FHRP group AND a device. That would make it much more transparent.
|
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
|
Hello guys, |
Beta Was this translation helpful? Give feedback.
-
|
It depends what you have implemented. In the normal case, I would expect separate instances of VRRP or HSRP on each VLAN, which can be failed over individually (and/or have different priorities on each VLAN). In that case I'd use separate FHRP groups in Netbox. If you have built something where somehow all the VIPs are linked together and failover together, then I guess you could use a single FHRP group. But it would be a bit awkward, because the FHRP group would have multiple IP addresses, and you would associate the entire FHRP with all the VLAN interfaces, but in reality each IP address only belongs to one VLAN. So I think you'd need a good reason for doing it that way. |
Beta Was this translation helpful? Give feedback.
-
|
Hello @candlerb, |
Beta Was this translation helpful? Give feedback.
-
I am evaluating network documentation tools for my company and i am pretty pleased with what netbox has to offer so far.
But i am stuck a little bit with trying to get all our information represented correctly. Especially with FHRP.
On a network with two sites and full redundancy, we usually have one VRF for each segment. Each VRF contains three VLAN's/Prefixes. One for devices in site A, one for devices in site B and one for the Transit to the router/firewall. All those VRF are present on the switches in site A and in site B. Each switch hosts a dedicated IP for each VLAN, while they share a common VRRP IP.
So my problem is: While it's super easy to create FHRP groups and adding all the IPs involved, i am not able to map some of the IPs to specific devices. An IP can only be mapped to either an FHRP group OR a device, but no to both. But in every VRRP, there are IPs bound to each participating device.
What am i overseeing?
Beta Was this translation helpful? Give feedback.
All reactions