Wireless Access

Reply
Occasional Contributor II
Posts: 31
Registered: ‎05-04-2011

Master-Master vrrp redundancy - failing stays MASTER

This is my first time configuring MASTER-MASTER redundancy, so I'm not sure if the behavior I'm seeing is correct for the configuration I have.

 

I have 2qty  7200 series controllers.  One is a 7210, the other is a 7240.

There are no local controllers.

 

Running AOS 6.3.1.2

 

 

See attachment Preferred Master.txt,  for vrrp config 

See attachment Backup Master.txt,  for vrrp config 

 

When I break all links to the Preferred MASTER, instead of seeing "backup" in the vrrp status it shows the following:

 

 

Virtual Router 99:
Description Preferred-Master
Admin State UP, VR State MASTER
IP Address 10.1.100.3, MAC Address 00:00:5e:00:01:63, vlan 100
Priority 120, Advertisement 1 sec, Preemption Disable Delay 0
Auth type PASSWORD, Auth data: ********
tracking is not enabled

Virtual Router 157:
Description NMS-VLAN57-Master
Admin State UP, VR State INIT
IP Address 10.1.57.3, MAC Address 00:00:5e:00:01:9d, vlan 57
Priority 120, Advertisement 1 sec, Preemption Disable Delay 0
Auth type NONE ********
tracking is not enabled

Virtual Router 205:
Description user-VLAN5-master
Admin State UP, VR State INIT
IP Address 10.1.5.3, MAC Address 00:00:5e:00:01:cd, vlan 5
Priority 120, Advertisement 1 sec, Preemption Disable Delay 0
Auth type NONE ********
tracking is not enabled

Virtual Router 206:
Description user-VLAN6-Master
Admin State UP, VR State INIT
IP Address 10.1.6.3, MAC Address 00:00:5e:00:01:ce, vlan 6
Priority 120, Advertisement 1 sec, Preemption Disable Delay 0
Auth type NONE ********
tracking is not enabled

Virtual Router 207:
Description user-VLAN7-Master
Admin State UP, VR State INIT
IP Address 10.1.7.3, MAC Address 00:00:5e:00:01:cf, vlan 7
Priority 120, Advertisement 1 sec, Preemption Disable Delay 0
Auth type NONE ********
tracking is not enabled

 

 

Also notice that I do not have preemtion enabled. 

However, when I reconnect the links to the Preferred MASTER, the Preferred Master takes back over as the MASTER again.  I would expect the units to not switch back to the initial state given preemtion is not enabled.

 

I'm not sure if I'm missing a key configuration for my topology.

I've tried putting in preemption and also tracking on the vrrp 99.  No difference in behavior.

 

I also have centralized licensing enabled if that makes a difference.

 

The controllers are hooked to 2 Aggregration switches by LAG/LACP 10GigE DAC.

The aggregation switches are peered with MLAG/VPC link between them.  The aggregation switches also use vrrp.

 

Regards,

Colin

MVP
Posts: 4,227
Registered: ‎07-20-2011

Re: Master-Master vrrp redundancy - failing stays MASTER

 

Are you trying to setup redundancy for your APs ? 

Do you want to have Active / Standby controllers ?

 

In reality if you need redudancy between a master/backup all you need is your master-redundancy configured

 

Master config:

vrrp 100

ip address 192.168.100.3

vlan 100

priority 150

!

master-redudancy 

master-vrrp 100

peer-ip-address 192.168.100.2 ipsec <key>

 

Master Backup:

vrrp 100

ip address 192.168.100.3

vlan 100

priority 110

!

master-redudancy 

master-vrrp 100

peer-ip-address 192.168.100.1 ipsec <key>

 

 

And then use the VRRP VIP under the AP System Profile

 

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 31
Registered: ‎05-04-2011

Re: Master-Master vrrp redundancy - failing stays MASTER

 

Victor,

 

I have the other vrrp configured for two reasons.

 

1. I have multiple user vlans, and use the dhcp internal to the controller.  On the dhcp, I use the vip of the individual vlans as the gateway.  So I need vrrp for each user vlan if I'm thinking correctly

 

2. I have a vlan just for NMS. I have airwave and another vendor's NMS on this VLAN.  I point the NMS to the vip.

 

 

Question:

Does the fact I have multiple vrrp for the user and NMS VLANs affect the MASTER/BACKUP behavior?

 

Regards,

Colin

Guru Elite
Posts: 20,773
Registered: ‎03-29-2007

Re: Master-Master vrrp redundancy - failing stays MASTER


Colin_King wrote:

 

Victor,

 

I have the other vrrp configured for two reasons.

 

1. I have multiple user vlans, and use the dhcp internal to the controller.  On the dhcp, I use the vip of the individual vlans as the gateway.  So I need vrrp for each user vlan if I'm thinking correctly

 

2. I have a vlan just for NMS. I have airwave and another vendor's NMS on this VLAN.  I point the NMS to the vip.

 

 

Question:

Does the fact I have multiple vrrp for the user and NMS VLANs affect the MASTER/BACKUP behavior?

 

Regards,

Colin


Colin,

 

I will try to help you, because your name is Colin and you only spell it the right way, with only one "l". :)

 

1.  You should always have DHCP external to the controller

2.  You should always have an external router be the default gateway to your users

3.  The VRRP should  be deployed as a redundant ip address for access points to find the controller, NOT on the user VLANs.

 

Why?

 

1.  You don't have the issue of losing your DHCP or half of your scope when a controller goes down.  If a controller goes down the external DHCP will work fine and give users their same ip address back, for seamless failover.

2.  Having an external router or layer 3 switch as the default gateway of the clients, means that you can leverage the redundancy of your wired network without even trying.  The controller would simply be bridging users to a wired VLAN that already has your level of redundancy built into it.

3.  The VRRP is mandatory for Master/back up master functionality, but also doubles as the LMS-IP or the HA address that the access points to go look for their controller.  Any other HA on user VLANs should be done by simply bridging the users to the same wired VLAN on both controllers and if your wired VLAN has HSRP or VRRP between two layer 3 switches, that is the default gateway for your clients.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 31
Registered: ‎05-04-2011

Re: Master-Master vrrp redundancy - failing stays MASTER

 

cjoseph,

 

Thanks for the info.  And hopefully you pronounce Colin the right way, not like some famous general in the news/politics.  :)

 

 

I agree with everything you said.

I have to say that my setup is a proof of concept.  Not actual production.  

But, I'll be writing a reference architecture paper off of it.  I'm assuming DHCP placement is somethig the reader will make their own decsion on.    

I can implement all of you recommendations at a later time.  I'm concerned there is a bug, or that my config is off.  Or possibly the peered switches are contributing.  

So my main objective is to see if any else is seeing this with the same config and AOS version.  

 

 

 

For a quick test, I shutdown all the vrrp configurations except the main one on the controller ip.

(This is to simulate that I'm moving the gateway's down to the router like you recommended)  

 

I still get the same behavior.

 

 

My config for the preferred Master is now:

 

 

master-redundancy
master-vrrp 99
peer-ip-address 10.1.100.12 ipsec 6869838c08ccd8325e95edf5075a4b7fba7146e3daa8c2b4
!
vrrp 99
priority 120
authentication password
ip address 10.1.100.3
description "Preferred-Master"
vlan 100
no shutdown

 

 

Config for the Backup is:

 

master-redundancy
master-vrrp 99
peer-ip-address 10.1.100.11 ipsec 676bce1c2a29f4c6113f982653d0341c1dbb9f98babcda3b
!
vrrp 99
authentication password
ip address 10.1.100.3
description "Backup-Master"
vlan 100
no shutdown
!

 

 

I still have the Preferred Maset showing Master when all the links are removed.

It still takes back the MASTER control when reconnected, even though preemption is not enabled.

 

 

Regards,

Colin

 

 

 

Guru Elite
Posts: 20,773
Registered: ‎03-29-2007

Re: Master-Master vrrp redundancy - failing stays MASTER

On each controller, do this:

Config t
Logging level debugging network.

When you test fail over do "show log network 50" after to see what is going on


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 31
Registered: ‎05-04-2011

Re: Master-Master vrrp redundancy - failing stays MASTER

[ Edited ]

 

 

only line of interest looks to be:

 

Feb 28 16:35:25 :208008: <INFO> |fpapps| No change in the Vlan Interface 100 state UP Can't Change Vlan Interface state to Down, Vlan Has Switch IP

Guru Elite
Posts: 20,773
Registered: ‎03-29-2007

Re: Master-Master vrrp redundancy - failing stays MASTER

You may have to do a "show log network all | include vrrp"  It looks like that is a fairly busy switch and it only has one second of data.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 31
Registered: ‎05-04-2011

Re: Master-Master vrrp redundancy - failing stays MASTER

[ Edited ]

 

ok, better info this time.  See attached.

 

These are just for the Preferred MASTER, directly after the failure is implemented.

 

Note: the other vrrp instances are still in the logs since I only shutdown the config, I did not completely delete the vrrp from the config.

 

So I'm assuming since vrrp 99 is the only one that is active, then that's the one to look at in the logs.

 

 

Guru Elite
Posts: 20,773
Registered: ‎03-29-2007

Re: Master-Master vrrp redundancy - failing stays MASTER

I just re-read your initial post.  

 

When a VRRP instance comes up, it is in "init".  It looks for two seconds to see if an instance is advertising itself as master.  If not, it makes itself the master.  Simply separating the link between one VRRP and another creates a separation which will make both of them master.  The only way one instance will make itself backup, is if a master is already advertising itself.

 

We can get into preemption in a second...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: