ArubaOS and Controllers

Reply

vrrp issue after upgrade to 3.4.4.1

Hi,

We've just upgraded a couple of controllers in Master-Local setup from 3.4.2.2 to 3.4.4.1 and experienced some strange issues with the vlans and vrrps.

The vrrps went into INIT state on both sides and the associated vlans were all protocol down.

I had to do
 on the vlan interfaces to get them working, but now the vrrp state on both sides is saying MASTER.

I've tried all sorts of permutations in the config such as tracking, no tracking, deleting & recreating, different priorities etc, but it stubbornly stays in that state.

What could be causing this or is there something in the network I should be looking at?

Interestingly, from both controllers I can ping the VIP but not the vlan interface on the other controller, which I'm guessing is why they are both saying MASTER for the vrrp.

Thanks

If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Aruba Employee

Re: vrrp issue after upgrade to 3.4.4.1

Well, vrrp needs multicast to be functioning, but if all you did was upgrade your controller, I wouldn't look for problems in your network first.

What's your topology for these controllers? Are they both just sitting in the same vlan, same switch, different switches in the same vlan?

EDIT: FYI, 3.4.4.3 is the latest version of the 3.4.4 train. Any reason you went with an archived version?

Also, did you happen to turn on broadcast-multicast optimization on the vlan that vrrp is running on?

Re: vrrp issue after upgrade to 3.4.4.1

Not sure the exact topology, but same vlans and probably different switches.


Not sure of the reasons for choosing this version.


Not that I'm aware of....we simply upgraded and no other changes made.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Guru Elite

Re: vrrp issue after upgrade to 3.4.4.1

Try turning off ip spoofing under Advanced Services> Stateful firewall.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: vrrp issue after upgrade to 3.4.4.1




Unfortunately, that made no difference.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Guru Elite

Re: vrrp issue after upgrade to 3.4.4.1

If this is a production network, please open a case to get a quick resolution to this.

- Please type "show vrrp statistics" on both sides to see if each side can even see each other
- Please make sure that each physical interface that the VRRP is on is not untrusted or you are not blocking protocol 112
- Please do a show datapath session table on each controller and make sure you are seeing the protocol 112 advertisements from each side on each controller
- Please make sure you do not have competing preemptions for the VRRP on each side
- Please check to see if you have authentication configured with each VRRP that it is the same on both sides by doing -- "config t", "encrypt disable" and "show vrrp" on each side
- Make sure you do NOT have a HSRP of the same instance on a Cisco layer3 switch interface on the same layer2 vlan network

If none of that works, please open a case to get to the bottom of this.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: vrrp issue after upgrade to 3.4.4.1

They both can't see each other and protocol 112 is not blocked etc.

Is there any logging command to enable so Support guys will have something to work with when I send the logs.tar?

Thanks

If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Aruba Employee

Re: vrrp issue after upgrade to 3.4.4.1

Just remove all the configuration regarding the VRRP ( on both controllers) and make sure you remove the ipsec route too, when you do "show ip route".

Reboot both the controllers and create the vrrp session again that should fix the issue.

If it still doesn't,it is better open a case with TAC and they will take remote session and work on it.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: