VRRP preempt

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)

We are having two extreme switches which are having a vrrp running,

I have a pair of firewall which is connected to these switches, and they are running in the master-back up scenario, these firewalls are tracking IP of the VRRP on the extreme switches.

I had rebooted one of the switch, and when it was rebooted Sw2 takes over the VRRP mastership, which is fine and Firewall2 becames master.

When Sw1 came back up vrrp switches back to the Sw1 from Sw2. I am using DONT Preempt keyword. Still that switchover on vrrp happens, because of which my Firewall1 again becames master.

Since i am using DONT PREEMPT keywork in the vrrp configuration Sw1 should not became master, below is config for vlan and vrrp.

Sw1 #

# Module vrrp configuration.
#
create vrrp vlan INT vrid 1
configure vrrp vlan INT vrid 1 priority 110
configure vrrp vlan INT vrid 1 version v2
configure vrrp vlan INT vrid 1 dont-preempt
configure vrrp vlan INT vrid 1 add 10.2.1.1
enable vrrp vlan INT vrid 1
Sw1 #

SW2 #


# Module vrrp configuration.
#
create vrrp vlan INT vrid 1
configure vrrp vlan INT vrid 1 version v2
configure vrrp vlan INT vrid 1 dont-preempt
configure vrrp vlan INT vrid 1 add 10.2.1.1
enable vrrp vlan INT vrid 1
SW2 #

Using extreme Switch version ExtremeXOS version 15.6.4.2 


Photo of Nitish Gupta

Nitish Gupta

  • 250 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hello Nitish, 

What's the vlan "INT" ip on both SW1 and SW2 switches? Are you using the VIP 10.2.1.1 also for the vlan ipaddress in SW1? If so, that's the reason.
Photo of Nitish Gupta

Nitish Gupta

  • 250 Points 250 badge 2x thumb

I just copied the wrong Ips, correct Ips are -


VRRP - 10.2.1.188

Sw1 Vlan IP - 10.2.1.186

Sw2 vlan IP - 10.2.1.187

Thanks for your revert.

Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Could you please share the vrrp configuration and the "show vlan <vlan_name>" related to this Vlan for both SW1 and SW2?

Also, please share the output for "show vrrp" for both switches.

Thanks.
Photo of Nitish Gupta

Nitish Gupta

  • 250 Points 250 badge 2x thumb

Hi, Below is configuration.


Sw1.1 # sh configuration  "vrrp"
#
# Module vrrp configuration.
#
create vrrp vlan INT vrid 1
configure vrrp vlan INT vrid 1 priority 110
configure vrrp vlan INT vrid 1 version v2
configure vrrp vlan INT vrid 1 dont-preempt
configure vrrp vlan INT vrid 1 add 10.2.1.188
enable vrrp vlan INT vrid 1
Sw1.2 #


Sw1.2 # sh vlan "INT"
VLAN Interface with name INT created by user
    Admin State:         Enabled     Tagging:   802.1Q Tag 610
    Description:         None
    Virtual router:      VR-Default
    IPv4 Forwarding:     Enabled
    IPv4 MC Forwarding:  Disabled
    Primary IP:          10.2.1.186/29
    IPv6 Forwarding:     Disabled
    IPv6 MC Forwarding:  Disabled
    IPv6:                None
    STPD:                None
    Protocol:            Match all unfiltered protocols
    Loopback:            Disabled
    NetLogin:            Disabled
    OpenFlow:            Disabled
    TRILL:               Disabled
    QosProfile:          None configured
    Egress Rate Limit Designated Port: None configured
    Flood Rate Limit QosProfile:       None configured
    Ports:   2.           (Number of active ports=2)
       Tag:    *1:25g,  *1:1g
        Flags:    (*) Active, (!) Disabled, (g) Load Sharing port
                  (b) Port blocked on the vlan, (m) Mac-Based port
                  (a) Egress traffic allowed for NetLogin
                  (u) Egress traffic unallowed for NetLogin
                  (t) Translate VLAN tag for Private-VLAN
                  (s) Private-VLAN System Port, (L) Loopback port
                  (x) VMAN Tag Translated port
                  (G) Multi-switch LAG Group port
                  (H) Dynamically added by MVRP
                  (D) TRILL Designated, (A) TRILL Appointed Forwarder
                  (I) Dynamically added by IDM
                  (U) Dynamically added uplink port
                  (V) Dynamically added by VM Tracking

Sw1.3 #

Sw1.3 # sh vrrp
                      Virtual                 Master                       
   VLAN Name VRID Pri IP Address        State MAC Address       TP/TR/TV/P/T
   INT(En) 0001 110 10.2.1.188         MSTR 00:00:5e:00:01:01  0  0  0 N 1

  En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
  TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs
Sw1.4 #


##########################################################################################################


SW2.1 # sh vrrp
                      Virtual                 Master                       
   VLAN Name VRID Pri IP Address        State MAC Address       TP/TR/TV/P/T
   INT(En) 0001 100 10.2.1.188         BKUP 00:00:5e:00:01:01  0  0  0 N 1

  En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
  TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs
SW2.2 # sh configuration "vrrp"
#
# Module vrrp configuration.
#
create vrrp vlan INT vrid 1
configure vrrp vlan INT vrid 1 version v2
configure vrrp vlan INT vrid 1 dont-preempt
configure vrrp vlan INT vrid 1 add 10.2.1.188
enable vrrp vlan INT vrid 1
SW2.3 # sh vlan "INT"
VLAN Interface with name INT created by user
    Admin State:         Enabled     Tagging:   802.1Q Tag 610
    Description:         None
    Virtual router:      VR-Default
    IPv4 Forwarding:     Enabled
    IPv4 MC Forwarding:  Disabled
    Primary IP:          10.2.1.187/29
    IPv6 Forwarding:     Disabled
    IPv6 MC Forwarding:  Disabled
    IPv6:                None
    STPD:                None
    Protocol:            Match all unfiltered protocols
    Loopback:            Disabled
    NetLogin:            Disabled
    OpenFlow:            Disabled
    TRILL:               Disabled
    QosProfile:          None configured
    Egress Rate Limit Designated Port: None configured
    Flood Rate Limit QosProfile:       None configured
    Ports:   2.           (Number of active ports=2)
       Tag:     *1:1g, *1:25g
        Flags:    (*) Active, (!) Disabled, (g) Load Sharing port
                  (b) Port blocked on the vlan, (m) Mac-Based port
                  (a) Egress traffic allowed for NetLogin
                  (u) Egress traffic unallowed for NetLogin
                  (t) Translate VLAN tag for Private-VLAN
                  (s) Private-VLAN System Port, (L) Loopback port
                  (x) VMAN Tag Translated port
                  (G) Multi-switch LAG Group port
                  (H) Dynamically added by MVRP
                  (D) TRILL Designated, (A) TRILL Appointed Forwarder
                  (I) Dynamically added by IDM
                  (U) Dynamically added uplink port
                  (V) Dynamically added by VM Tracking

SW2.4 #

Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Nitish, thanks for the outputs.

I don't see any issue with the configuration provided.

I have 2 more questions:

1 - How many times did you have the VRRP Master and Backup failover?
2 - If the VRRP failover has occurred more than once, did you see this issue on every occurrence? 

Let's see if someone can share any thoughts, otherwise a lab with the EXOS version 15.6.4.2 might help.
Photo of Nitish Gupta

Nitish Gupta

  • 250 Points 250 badge 2x thumb

We rebooted Sw1 twice and on both the occassions we have seen vrrp became master on switch2 and came back to Sw1 once its recovered.



Logs



Sw2

09/27/2016 22:51:50.73 <Noti:VRRP.StateChng> MSM-A: VLAN INT vrid 1: transitioning to BACKUP(1)
09/27/2016 22:48:08.26 <Noti:VRRP.StateChng> MSM-A: VLAN INT vrid 1: transitioning to MASTER(2)
09/27/2016 22:25:55.47 <Noti:VRRP.StateChng> MSM-A: VLAN INT vrid 1: transitioning to BACKUP(1)
09/27/2016 22:22:03.03 <Noti:VRRP.StateChng> MSM-A: VLAN INT vrid 1: transitioning to MASTER(2)

Sw1

09/27/2016 22:51:50.45 <Noti:VRRP.StateChng> MSM-A: VLAN INT vrid 1: transitioning to MASTER(2)
09/27/2016 22:51:46.86 <Noti:VRRP.StateChng> MSM-A: VLAN INT vrid 1: transitioning to BACKUP(1)


Thanks



Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hello Nitish, I would recommend you to open a GTAC case for further investigation.

I don't see any configuration issue. Also I have created a quick lab using EXOS 15.6.4.2 (no patch) and didn't see any issue (I was not using BD8k, I tried with Summit family).
Photo of Nitish Gupta

Nitish Gupta

  • 250 Points 250 badge 2x thumb

Hello Henrique, Thanks alot for update.

Will definately work on opening a case.