Header Only - DO NOT REMOVE - Extreme Networks

VRRP preempt


We are having two extreme switches which are having a vrrp running,

I have a pair of firewall which is connected to these switches, and they are running in the master-back up scenario, these firewalls are tracking IP of the VRRP on the extreme switches.

I had rebooted one of the switch, and when it was rebooted Sw2 takes over the VRRP mastership, which is fine and Firewall2 becames master.

When Sw1 came back up vrrp switches back to the Sw1 from Sw2. I am using DONT Preempt keyword. Still that switchover on vrrp happens, because of which my Firewall1 again becames master.

Since i am using DONT PREEMPT keywork in the vrrp configuration Sw1 should not became master, below is config for vlan and vrrp.

Sw1 #

# Module vrrp configuration.
#
create vrrp vlan INT vrid 1
configure vrrp vlan INT vrid 1 priority 110
configure vrrp vlan INT vrid 1 version v2
configure vrrp vlan INT vrid 1 dont-preempt
configure vrrp vlan INT vrid 1 add 10.2.1.1
enable vrrp vlan INT vrid 1
Sw1 #

SW2 #

# Module vrrp configuration.
#
create vrrp vlan INT vrid 1
configure vrrp vlan INT vrid 1 version v2
configure vrrp vlan INT vrid 1 dont-preempt
configure vrrp vlan INT vrid 1 add 10.2.1.1
enable vrrp vlan INT vrid 1
SW2 #

Using extreme Switch version ExtremeXOS version 15.6.4.2

8 replies

Userlevel 6
Hello Nitish,

What's the vlan "INT" ip on both SW1 and SW2 switches? Are you using the VIP 10.2.1.1 also for the vlan ipaddress in SW1? If so, that's the reason.
I just copied the wrong Ips, correct Ips are -

VRRP - 10.2.1.188

Sw1 Vlan IP - 10.2.1.186

Sw2 vlan IP - 10.2.1.187

Thanks for your revert.
Userlevel 6
Could you please share the vrrp configuration and the "show vlan " related to this Vlan for both SW1 and SW2?

Also, please share the output for "show vrrp" for both switches.

Thanks.
Hi, Below is configuration.

Sw1.1 # sh configuration "vrrp"
#
# Module vrrp configuration.
#
create vrrp vlan INT vrid 1
configure vrrp vlan INT vrid 1 priority 110
configure vrrp vlan INT vrid 1 version v2
configure vrrp vlan INT vrid 1 dont-preempt
configure vrrp vlan INT vrid 1 add 10.2.1.188
enable vrrp vlan INT vrid 1
Sw1.2 #

Sw1.2 # sh vlan "INT"
VLAN Interface with name INT created by user
Admin State: Enabled Tagging: 802.1Q Tag 610
Description: None
Virtual router: VR-Default
IPv4 Forwarding: Enabled
IPv4 MC Forwarding: Disabled
Primary IP: 10.2.1.186/29
IPv6 Forwarding: Disabled
IPv6 MC Forwarding: Disabled
IPv6: None
STPD: None
Protocol: Match all unfiltered protocols
Loopback: Disabled
NetLogin: Disabled
OpenFlow: Disabled
TRILL: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 2. (Number of active ports=2)
Tag: *1:25g, *1:1g
Flags: (*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(x) VMAN Tag Translated port
(G) Multi-switch LAG Group port
(H) Dynamically added by MVRP
(D) TRILL Designated, (A) TRILL Appointed Forwarder
(I) Dynamically added by IDM
(U) Dynamically added uplink port
(V) Dynamically added by VM Tracking

Sw1.3 #

Sw1.3 # sh vrrp
Virtual Master
VLAN Name VRID Pri IP Address State MAC Address TP/TR/TV/P/T
INT(En) 0001 110 10.2.1.188 MSTR 00:00:5e:00:01:01 0 0 0 N 1

En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs
Sw1.4 #

##########################################################################################################

SW2.1 # sh vrrp
Virtual Master
VLAN Name VRID Pri IP Address State MAC Address TP/TR/TV/P/T
INT(En) 0001 100 10.2.1.188 BKUP 00:00:5e:00:01:01 0 0 0 N 1

En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs
SW2.2 # sh configuration "vrrp"
#
# Module vrrp configuration.
#
create vrrp vlan INT vrid 1
configure vrrp vlan INT vrid 1 version v2
configure vrrp vlan INT vrid 1 dont-preempt
configure vrrp vlan INT vrid 1 add 10.2.1.188
enable vrrp vlan INT vrid 1
SW2.3 # sh vlan "INT"
VLAN Interface with name INT created by user
Admin State: Enabled Tagging: 802.1Q Tag 610
Description: None
Virtual router: VR-Default
IPv4 Forwarding: Enabled
IPv4 MC Forwarding: Disabled
Primary IP: 10.2.1.187/29
IPv6 Forwarding: Disabled
IPv6 MC Forwarding: Disabled
IPv6: None
STPD: None
Protocol: Match all unfiltered protocols
Loopback: Disabled
NetLogin: Disabled
OpenFlow: Disabled
TRILL: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 2. (Number of active ports=2)
Tag: *1:1g, *1:25g
Flags: (*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(x) VMAN Tag Translated port
(G) Multi-switch LAG Group port
(H) Dynamically added by MVRP
(D) TRILL Designated, (A) TRILL Appointed Forwarder
(I) Dynamically added by IDM
(U) Dynamically added uplink port
(V) Dynamically added by VM Tracking

SW2.4 #
Userlevel 6
Hi Nitish, thanks for the outputs.

I don't see any issue with the configuration provided.

I have 2 more questions:

1 - How many times did you have the VRRP Master and Backup failover?
2 - If the VRRP failover has occurred more than once, did you see this issue on every occurrence?

Let's see if someone can share any thoughts, otherwise a lab with the EXOS version 15.6.4.2 might help.
We rebooted Sw1 twice and on both the occassions we have seen vrrp became master on switch2 and came back to Sw1 once its recovered.

Logs

Sw2

09/26/2016 22:51:50.73 MSM-A: VLAN Access_Int vrid 1: transitioning to BACKUP(1)
09/26/2016 22:48:08.26 MSM-A: VLAN Access_Int vrid 1: transitioning to MASTER(2)
09/26/2016 22:25:55.47 MSM-A: VLAN Access_Int vrid 1: transitioning to BACKUP(1)
09/26/2016 22:22:03.03 MSM-A: VLAN Access_Int vrid 1: transitioning to MASTER(2)

Sw1

09/26/2016 22:51:50.45 MSM-A: VLAN Access_Int vrid 1: transitioning to MASTER(2)
09/26/2016 22:51:46.86 MSM-A: VLAN Access_Int vrid 1: transitioning to BACKUP(1)

Thanks
We rebooted Sw1 twice and on both the occassions we have seen vrrp became master on switch2 and came back to Sw1 once its recovered.

Logs

Sw2

09/27/2016 22:51:50.73 MSM-A: VLAN INT vrid 1: transitioning to BACKUP(1)
09/27/2016 22:48:08.26 MSM-A: VLAN INT vrid 1: transitioning to MASTER(2)
09/27/2016 22:25:55.47 MSM-A: VLAN INT vrid 1: transitioning to BACKUP(1)
09/27/2016 22:22:03.03 MSM-A: VLAN INT vrid 1: transitioning to MASTER(2)

Sw1

09/27/2016 22:51:50.45 MSM-A: VLAN INT vrid 1: transitioning to MASTER(2)
09/27/2016 22:51:46.86 MSM-A: VLAN INT vrid 1: transitioning to BACKUP(1)

Thanks
Userlevel 6
Hello Nitish, I would recommend you to open a GTAC case for further investigation.

I don't see any configuration issue. Also I have created a quick lab using EXOS 15.6.4.2 (no patch) and didn't see any issue (I was not using BD8k, I tried with Summit family).
Hello Henrique, Thanks alot for update.

Will definately work on opening a case.

Reply