ExtremeSwitching (EXOS)

Expand all | Collapse all

issues with SD-Wan and Extreme X450e-48p Stack

  • 1.  issues with SD-Wan and Extreme X450e-48p Stack

    Posted 12-11-2018 22:33

    Hi -

    I have a X450e-48p Stack (eight switches) running 15.3.5.2 patch1-19. Having issues with SD-Wan devices. SD-Wan engineers are seeing lots of ARP requests coming from Stack flooding the SD-Wan.

    I found this article: https://extremeportal.force.com/ExtrArticleDetail?an=000089782

    I have tried adding ‘configure iparp vr VR-Default max_pending_entries 256’ twice. Saved twice. Doesn't take. Can I not add that to a stack? The only iparp configuration is: 'configure iparp vr VR-Default max_entries 4096'

    Is there any reason not to do this: https://extremeportal.force.com/ExtrArticleDetail?an=000082722

    'disable flooding unicast ports all'

    What is the best way to slow down ARP requests coming from Stack?

    Thanks for any help.



  • 2.  RE: issues with SD-Wan and Extreme X450e-48p Stack

    Posted 12-11-2018 22:52
    Hi jasonlsch

    256 may be the default setting. If you run the command "show config detail | include max_pending_entries" does it have 256 as the setting in there?

    Thanks
    Brad


  • 3.  RE: issues with SD-Wan and Extreme X450e-48p Stack

    Posted 12-11-2018 22:58
    yes it is.

    so is:
    configure iparp vr VR-Mgmt max_pending_entries 256
    configure neighbor-discovery vr VR-Default max_pending_entries 1024
    configure neighbor-discovery vr VR-Mgmt max_pending_entries 1024

    Thanks


  • 4.  RE: issues with SD-Wan and Extreme X450e-48p Stack

    Posted 12-11-2018 23:13

    OK. The article states to reduce from the default 256 to somewhere in the range of 50-150. This is going to vary from network-to-network and we can't really make a recommendation for a proper value because we aren't familiar with your installation scenario.

    Regarding disabling unicast flooding, it may make more sense to rate-limit instead:

    https://extremeportal.force.com/ExtrArticleDetail?an=000082704

    I'm not sure how that will impact your goal.

    Brad



  • 5.  RE: issues with SD-Wan and Extreme X450e-48p Stack

    Posted 12-12-2018 14:49
    Thank you - I'll take a look.


  • 6.  RE: issues with SD-Wan and Extreme X450e-48p Stack

    Posted 12-12-2018 14:56
    I am very curious and interested in your final outcome as we are in the beginning of deploying a SD-WAN offering on our Metro network. Would love to know what SD-WAN vendor you are using. We elected to go with a combination of 2 Velocloud and Telari. We tested for 2 months the Velocloud solution connected between three sites and one had a Stack of 460 and 670's. WE ran a 40 user remote office with sip phones and desktops through the SD-Wan as our test bed and did not have ant issues... Extreme switches have always been a bit heavy on the amount of arp requests that get sent out IMO>.. we did not have to tweak anything on the Extreme side to make things work...

    Really look forward on more intel as you work through this...


  • 7.  RE: issues with SD-Wan and Extreme X450e-48p Stack

    Posted 12-12-2018 15:30
    We have two CenturyLink managed Advantech FWA-2320's running Versa software. My X450e-48p Stack (eight switches) was installed in 2008. We put SD-Wan's into production last August. We have never been able to get VRRP working. Whenever we enable it on the SD-Wan it eventually takes down the network. The Secondary device tries to become the Primary while the Primary is up:

    vrrp vrrpV3NewMaster 2018-12-11T16:34:10-0 LM-844189: 10.106.0.113 became MASTER [interface vni-0/4.0, index 1054, group-id 1] Reason: masterNoResponse

    SD-Wan techs are blaming Extreme switches for excessive ARP requests. They think the Stack is causing a broadcast storm: https://gtacknowledge.extremenetworks.com/articles/Solution/VRRP-flap-due-to-high-number-of-broadcast-packet. I don't have VRRP enabled on Stack.

    I haven't been able to do a tcpdump from Stack while VRRP is enabled on SD-Wan. But I did one before and was able to see that there are VRRP requests coming from Primary SD-Wan.
    1768 2018-12-04 20:41:57.858630 192.168.1.111 224.0.0.18 VRRP 60 Announcement (v3)

    Any help would be greatly appreciated.


  • 8.  RE: issues with SD-Wan and Extreme X450e-48p Stack

    Posted 12-18-2018 16:02
    EtherMAN -

    We continue to have issues with VRRP. I'm curious about your setup. Do you have SD-Wan's plugged into one switch in Stack? or two switches in stack? Are ports tagged or untagged? I have both SD-Wan LAN ports on Primary and Secondary plugged into one physical switch in my Stack. They are untagged ports. When I enable VRRP, pings to 8.8.8.8 go from solid: Reply from 8.8.8.8: bytes=32 time=2ms TTL=121 to mulitiple 'Request timed out' followed by a few Reply from 8.8.8.8: bytes=32 time=234ms TTL=121 followed by more 'Request timed out' etc. It looks like I'm looping the network.
    CPU also spikes:
    top
    Mem: 250184K used, 4452K free, 0K shrd, 20724K buff, 44432K cached
    CPU: 10.9% usr 17.0% sys 0.0% nic 0.6% idle 0.0% io 18.5% irq 50.8% sirq
    Load average: 11.46 9.16 7.69 14/173 2001
    PID PPID USER STAT RSS %MEM CPU %CPU COMMAND
    1275 2 root RW< 0 0.0 0 64.9 [tbcm_msm_tx1]
    1445 2 root S 4252 1.6 0 5.7 ./fdb
    1524 1 root R 21516 8.4 0 4.2 ./etmon

    Thanks