Header Only - DO NOT REMOVE - Extreme Networks
Question

Extreme VRRP/ARP Issue - default gateway does not respond


Hi

Hope someone can help.

We have two Extreme core Blackdiamonds with various flavours of Extreme edge switches. Each core has two mlagg'd connections to edge stack.

Recently the network was reconfigured to put routing on the cores, rather than a FW, and to set up the cores with VRRP. Fairly standard design, one core is master with the other as backup, VIP set as default gateway on the vlans.

Now, since this work has been done an odd issue has appeared. At some point during the day Windows server 2003, Linux and Macs devices can only ping within their own vlan but not outside of it, i.e. another VLAN. Pinging the default gateway (BD1) does NOT respond. However, pinging the second backup BD, not holding the VIP does get a response.

Clearing the arp cache on the devices in question brings the response back. Now, with 2003 it is not a problem. Changed the ARP settings in the registry and messed around a bit and that seems to have sorted it. However, this is not so easy on Linux or Macs.

This is starting to cause a few issues as you can imagine. Has anyone seen this behaviour before and managed to resolve it?

Any help gratefully received.

6 replies

Userlevel 7
Hi Jasp80,
Can you let us know which version of EXOS you're running on your cores? Also, please share the output of the following commands with us (you can sanitize the IPs if you choose):
code:
show switch

code:
show vlan

code:
show vrrp


Are there any log messages associated with the problem? Are you sure there are no duplicate gateway IPs?

Thanks,
-Drew
Userlevel 6
Hello Jasp80

Curious why you are using Master/Backup on the VRRP. Have you looked into Master/Master? If you are staying with Master/Backup are are all VLANs on the same Master if they are split on the two switches then we will need to route between them.

Thanks
P
Please confirm that the following have been done
- enable vrrp
- if you migrating firewall IP to switch, reconfigure FW with new IP. The fact that when you clear arp you get respond it show that there is IP conflict.
- enable ipforwading for you vlan or globaly.
- If other VLAN are still L2 on the switch, you'll still need FW else convert them to L3 so that inter VLAN communication can use SW only without going to FW.
Problem is solved? I have the same situation on two x670v: vrrp-gw is not responding on one vlan. Changing priority of vrrp interface on the second x670v solve the problem quickly, but what is the cause of incident? All other svi works correctly on the moment of incident.
Userlevel 7
Hi,

Are the VIP physical IP of the Master?
Are we positive the issue is on VRRP? What about the ARP table, is it full or not?
You can check it with:
show iproute reserved-entries statistics[/code]What EXOS version in use?
Hi.
EXOS 15.6.3.1.p1-9 on both routers.
At the moment of the incident VRRP-Gw has not moved on from the r1 to r2, two masters in the same was not. VRRP-gw has not been available both inside and outside the network. Hosts are mutually available, however, were not available from other networks . And all this with only one vlan , all the rest worked normally. STP on the network is not configured - we use mlag.

>Output from r1:
show iproute reserved-entries statistics
|-----In HW Route Table-----| |--In HW L3 Hash Table--|
# Used Routes # IPv4 Hosts IPv4 IPv4 IPv6 IPv4
Slot Type IPv4 IPv6 Local Remote Local Rem. Local MCast
---- --------------- ------- ------ ------ ------ ----- ----- ----- -----
1 X670V-48x 4706 0 1459 0 0 0 0 137

show vlan | i tech_srvtech_srv 127 192.168.127.4 /24 -f-------o---v--------------- ANY 16/16 VR-Default

show config vrrp | i tech_srvcreate vrrp vlan tech_srv vrid 3
configure vrrp vlan tech_srv vrid 3 priority 110
configure vrrp vlan tech_srv vrid 3 version v2
configure vrrp vlan tech_srv vrid 3 add 192.168.127.1
enable vrrp vlan tech_srv vrid 3

show iparp stats summaryIP ARP VR Statistics Sun Jan 24 18:02:12 2016
ARP-
ARP Total Dynamic Static Pending Unneeded Failed (Rejected)
============================================================================
Totals for all VRs
2501 1456 3 18 368 656 3686006
=============================================================================

>Output from r2:
# show iproute reserved-entries statistics
|-----In HW Route Table-----| |--In HW L3 Hash Table--|
# Used Routes # IPv4 Hosts IPv4 IPv4 IPv6 IPv4
Slot Type IPv4 IPv6 Local Remote Local Rem. Local MCast
---- --------------- ------- ------ ------ ------ ----- ----- ----- -----
1 X670V-48x 4704 0 1425 0 0 0 0 119

show vlan | i tech_srv
tech_srv 127 192.168.127.5 /24 -f-------o---v--------------- ANY 16/16 VR-Def

show configuration "vrrp" | i tech_srv
create vrrp vlan tech_srv vrid 3
configure vrrp vlan tech_srv vrid 3 priority 120
configure vrrp vlan tech_srv vrid 3 version v2
configure vrrp vlan tech_srv vrid 3 add 192.168.127.1
enable vrrp vlan tech_srv vrid 3

show iparp stats summary
IP ARP VR Statistics Sun Jan 24 18:01:26 2016
ARP-
ARP Total Dynamic Static Pending Unneeded Failed (Rejected)
============================================================================
Totals for all VRs
1934 1422 3 19 293 197 3682122
============================================================================

Reply