This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Default gateway on VSP not working after reboot of default gateway

Default gateway on VSP not working after reboot of default gateway

BRMS
New Contributor II

‎06-08-2020 10:45 AM

We are using an SPBM-Cloud of 4 VSP 8600 as our Backbone. Two of them are connected to a layer 2 transport net in which the firewall is used as default gateway. last week we had a power shortage and a few weeks ago i rebooted the firewall at night. both times the VSP stopped using the firewall as gateway. clients that tried to ping something behind the firewall got an “time to life exceeded” error. The VSPs itself were able to ping devices behind the firewall.

By using different VRFs on the VSPs we are creating different security domains. all other VRFs didn’t suffer from that problem although they get routed by the same firewall, albeit another IP.

the solution to the problem was deleting the route and recreating it.

this is the route we are using:

ip route 0.0.0.0 0.0.0.0 172.28.2.1 weight 1 preference 5

show ip route
************************************************************************************
        Command Execution Time: Mon Jun 08 12:42:44 2020 CEST
************************************************************************************
=====================================================================================================
                                       IP Route - GlobalRouter
=====================================================================================================
                                                     NH                      INTER   
DST             MASK            NEXT                 VRF/ISID         COST   FACE     PROT AGE TYPE PRF
-----------------------------------------------------------------------------------------------------
0.0.0.0         0.0.0.0         172.28.2.1           GlobalRouter     1      135      STAT 0   IB   5

 

this is the routing table on one of the VSPs that is not directly connected to the firewall:

show ip route
************************************************************************************
        Command Execution Time: Mon Jun 08 12:40:27 2020 CEST
************************************************************************************
=====================================================================================================
                                       IP Route - GlobalRouter
=====================================================================================================
                                                     NH                      INTER   
DST             MASK            NEXT                 VRF/ISID         COST   FACE     PROT AGE TYPE PRF
-----------------------------------------------------------------------------------------------------
0.0.0.0         0.0.0.0         pik                  GlobalRouter     10     4051     ISIS 0   IBSE 7  
0.0.0.0         0.0.0.0         kreuz                GlobalRouter     10     4051     ISIS 0   IBSE 7  
0.0.0.0         0.0.0.0         pik                  GlobalRouter     10     4052     ISIS 0   IBSE 7  
0.0.0.0         0.0.0.0         kreuz                GlobalRouter     10     4052     ISIS 0   IBSE 7  

 

What could possibly be the reason for this strange behavior?

0 Kudos
6 REPLIES 6

BRMS
New Contributor II

‎06-08-2020 12:15 PM

im using the most recent one: 6.3.4.0

the firewall is connected via smlt with 2 of the VSPs. vrrp is used for ip redundancy:

this is the vlan config of both connected VSPs:

VSP1:

vlan create 135 name "tr_firewall" type port-mstprstp 0 
vlan mlt 135 16
vlan mlt 135 109
vlan mlt 135 110
vlan mlt 135 111
vlan mlt 135 112
vlan mlt 135 113
vlan mlt 135 114    
vlan mlt 135 115
vlan members 135 2/4,7/1-7/7 portmember
vlan i-sid 135 10135
interface Vlan 135
ip address 172.28.2.4 255.255.255.240 53 
ip vrrp version 3 
ip vrrp address 2 172.28.2.2
ip vrrp 2 backup-master enable
ip vrrp 2 enable
exit

 

show ip vrrp address 
************************************************************************************
		Command Execution Time: Mon Jun 08 14:14:10 2020 CEST
************************************************************************************

====================================================================================================
                            VRRP Info - GlobalRouter
====================================================================================================

VRRP ID  P/V      IP              MAC                STATE    CONTROL  PRIO  ADV VERSION 
----------------------------------------------------------------------------------------------------
[...]
2        135      172.28.2.2      00:00:5e:00:01:02  Backup   Enabled  100   1   3       

2 out of 2 Total Num of VRRP Address Entries displayed.


VRRP ID  P/V      MASTER          UP TIME               HLD DWN  CRITICAL IP(ENABLED)  VERSION
----------------------------------------------------------------------------------------------------
[...]
2        135      172.28.2.5      7 day(s), 01:11:12    0        0.0.0.0         (No)  3       

2 out of 2 Total Num of VRRP Address Entries displayed.

 

VSP2:

vlan create 135 name "tr_firewall" type port-mstprstp 0 
vlan mlt 135 16
vlan mlt 135 109
vlan mlt 135 110
vlan mlt 135 111
vlan mlt 135 112
vlan mlt 135 113
vlan mlt 135 114
vlan mlt 135 115
vlan members 135 2/4,7/1-7/7 portmember
vlan i-sid 135 10135
interface Vlan 135
ip address 172.28.2.5 255.255.255.240 52 
ip vrrp version 3 
ip vrrp address 2 172.28.2.2
ip vrrp 2 backup-master enable
ip vrrp 2 priority 200
ip vrrp 2 enable
exit

 

show ip vrrp address 
************************************************************************************
		Command Execution Time: Mon Jun 08 14:14:10 2020 CEST
************************************************************************************

====================================================================================================
                            VRRP Info - GlobalRouter
====================================================================================================

VRRP ID  P/V      IP              MAC                STATE    CONTROL  PRIO  ADV VERSION 
----------------------------------------------------------------------------------------------------
[...]
2        135      172.28.2.2      00:00:5e:00:01:02  Master   Enabled  200   1   3       

2 out of 2 Total Num of VRRP Address Entries displayed.


VRRP ID  P/V      MASTER          UP TIME               HLD DWN  CRITICAL IP(ENABLED)  VERSION
----------------------------------------------------------------------------------------------------
[...]
2        135      172.28.2.5      7 day(s), 01:34:20    0        0.0.0.0         (No)  3       

2 out of 2 Total Num of VRRP Address Entries displayed.

 

0 Kudos

Martin_Sebek
New Contributor III

‎06-08-2020 11:32 AM

Hello,

what version of VOSS are you using on VSP 8600?  Do you use VRRP on VSPs in transport network?  I’ve seen broken routing in GRT prior to version 6.2.0.3.

0 Kudos
GTM-P2G8KFN