An X-series chassis pair configured with LACP interfaces (group-interface link aggregation) and running VRRP protocol does not failover if the LACP interfaces are not monitored in VRRP.


Sample config

circuit inside circuit-id 1032
  device-name iinside
  vap-group fw

circuit vlan15 circuit-id 1037
  device-name vlan815
  vap-group fw
       default-egress-vlan-tag 15 hide-vlan-header
    ip 192.168.1.1/192.168.1.255

group-interface insidemlt
  interface-type gigabitethernet
  mode multi-link circuit inside
  interface 1/9
  interface 2/9
  logical vlan15 ingress-vlan-tag 15 15
    circuit vlan15

When any of the configured interfaces for insidemlt fail and not in an active distributing LACP state, the VRRP priority is not decremented and could result in potential issues.

Mar 28 08:31:58 fw_1 kernel: veth: port 1,9 stop distributing.

It is recommended that the group interfaces(LACP) are monitored within VRRP and if any of the links fails, configured priority is decremented triggering a chassis failover.

Sample config added to VRRP:


vrrp failover-group fw failover-group-id 1
monitor-group-interface insidemlt
priority-delta 10
dist-port-threshold 2


The dist-port-threshold defines the number of ports that must be in the active distributing state to retain the configured priority within VRRP. If the number of ports in that state fall below this value, the associated priority-delta is subtracted from the vrrp priority of the virtual-router, which if desired, could result in a VRRP failover.