Extreme VRRP/ARP Issue - default gateway does not respond

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Not a Problem
Hi

Hope someone can help.

We have two Extreme core Blackdiamonds with various flavours of Extreme edge switches.  Each core has two mlagg'd connections to edge stack.

Recently the network was reconfigured to put routing on the cores, rather than a FW, and to set up the cores with VRRP.   Fairly standard design, one core is master with the other as backup, VIP set as default gateway on the vlans.

Now, since this work has been done an odd issue has appeared.   At some point during the day Windows server 2003, Linux and Macs devices can only ping within their own vlan but not outside of it, i.e. another VLAN.   Pinging the default gateway (BD1) does NOT respond.   However, pinging the second backup BD, not holding the VIP does get a response.    

Clearing the arp cache on the devices in question brings the response back.   Now, with 2003 it is not a problem.   Changed the ARP settings in the registry and messed around a bit and that seems to have sorted it.    However, this is not so easy on Linux or Macs.

This is starting to cause a few issues as you can imagine.   Has anyone seen this behaviour before and managed to resolve it?

Any help gratefully received.
Photo of Jasp80

Jasp80

  • 70 Points

Posted 3 years ago

  • 0
  • 1
Photo of Drew C.

Drew C., Community Manager

  • 37,308 Points 20k badge 2x thumb
Hi Jasp80,
Can you let us know which version of EXOS you're running on your cores?  Also, please share the output of the following commands with us (you can sanitize the IPs if you choose):
show switch
show vlan
show vrrp

Are there any log messages associated with the problem?  Are you sure there are no duplicate gateway IPs?

Thanks,
-Drew
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hello Jasp80

Curious why you are using Master/Backup on the VRRP.  Have you looked into Master/Master?  If you are staying with Master/Backup are are all VLANs on the same Master if they are split on the two switches then we will need to route between them.


Thanks
P
Photo of Njanyana Buthelezi

Njanyana Buthelezi

  • 200 Points 100 badge 2x thumb
Please confirm that the following have been done
- enable vrrp
- if you migrating firewall IP to switch, reconfigure FW with new IP. The fact that when you clear arp you get respond it show that there is IP conflict.
- enable ipforwading for you vlan or globaly.
- If other VLAN are still L2 on the switch, you'll still need FW else convert them to L3 so that inter VLAN communication can use SW only without going to FW.
Photo of Alexander Kazakov

Alexander Kazakov

  • 70 Points
Problem is solved? I have the same situation on two x670v: vrrp-gw is not responding on one vlan. Changing priority of vrrp interface on the second x670v solve the problem quickly, but what is the cause of incident? All other svi works correctly on the moment of incident.
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,502 Points 10k badge 2x thumb
Hi,

Are the VIP physical IP of the Master?
Are we positive the issue is on VRRP? What about the ARP table, is it full or not?
You can check it with:
show iproute reserved-entries statistics
What EXOS version in use?
Photo of Alexander Kazakov

Alexander Kazakov

  • 70 Points
Hi.
EXOS 15.6.3.1.p1-9 on both routers. 
At the moment of the incident VRRP-Gw has not moved on from the r1 to r2, two masters in the same was not. VRRP-gw has not been available both inside and outside the network. Hosts are mutually available, however, were not available from other networks . And all this with only one vlan , all the rest worked normally. STP on the network is not configured - we use mlag.

>Output from r1:
 show iproute reserved-entries statistics
                      |-----In HW Route Table-----|   |--In HW L3 Hash Table--|
                       # Used Routes   # IPv4 Hosts   IPv4   IPv4  IPv6   IPv4
Slot  Type              IPv4   IPv6    Local Remote   Local  Rem.  Local  MCast
----  --------------- ------- ------  ------ ------   -----  ----- -----  -----
1     X670V-48x          4706      0    1459      0       0      0     0    137

 show vlan | i tech_srvtech_srv        127  192.168.127.4  /24  -f-------o---v--------------- ANY    16/16  VR-Default

show config vrrp | i tech_srvcreate vrrp vlan tech_srv vrid 3
configure vrrp vlan tech_srv vrid 3 priority 110
configure vrrp vlan tech_srv vrid 3 version v2
configure vrrp vlan tech_srv vrid 3 add 192.168.127.1
enable vrrp vlan tech_srv vrid 3

show iparp stats summaryIP ARP VR Statistics                                   Sun Jan 24 18:02:12 2016
                                                ARP-
   ARP Total    Dynamic     Static    Pending   Unneeded     Failed  (Rejected)
============================================================================
Totals for all VRs
        2501       1456          3         18        368        656     3686006
=============================================================================

>Output from r2:
 # show iproute reserved-entries statistics
                      |-----In HW Route Table-----|   |--In HW L3 Hash Table--|
                       # Used Routes   # IPv4 Hosts   IPv4   IPv4  IPv6   IPv4
Slot  Type              IPv4   IPv6    Local Remote   Local  Rem.  Local  MCast
----  --------------- ------- ------  ------ ------   -----  ----- -----  -----
1     X670V-48x          4704      0    1425      0       0      0     0    119

show vlan | i tech_srv
tech_srv        127  192.168.127.5  /24  -f-------o---v--------------- ANY    16/16  VR-Def

show configuration "vrrp" | i tech_srv
create vrrp vlan tech_srv vrid 3
configure vrrp vlan tech_srv vrid 3 priority 120
configure vrrp vlan tech_srv vrid 3 version v2
configure vrrp vlan tech_srv vrid 3 add 192.168.127.1
enable vrrp vlan tech_srv vrid 3

show iparp stats summary
IP ARP VR Statistics                                   Sun Jan 24 18:01:26 2016
                                                ARP-
   ARP Total    Dynamic     Static    Pending   Unneeded     Failed  (Rejected)
============================================================================
Totals for all VRs
        1934       1422          3         19        293        197     3682122
============================================================================