Wired Intelligent Edge

last person joined: 10 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

8400/VSX/VRRP/MAC issue

Jump to Best Answer
This thread has been viewed 30 times
  • 1.  8400/VSX/VRRP/MAC issue

    Posted Sep 30, 2021 02:46 PM
    Hi, I have an issue with my new 8400 ArubaOS CX switches.

    Here is my architecture
    I have 2 sites, 1 VSX Cluster on each site so 4 switches 8400 in total.
    I use lag 256 for ISL. (2x100G)

    Each sites are connected through lag 255 - 2x100G (one link on each member)
    All vlans are allowed on lag 255 and 256, and all ports are forwarding in spanning-tree.

    Switch1-------lag255-------Switch3
       ||                                        ||
    lag256                                lag256
       ||                                        ||
    Switch2-------lag255-------Switch4

    My customer have vlan accross both sites, and needs redundancy in routing.
    I use VRRP between the 4 switches (example in vlan 301)

    VRRP seems to work fine :
    Switch1# sho vrrp brief | i 301
    vlan301 254 IPv4 140 59702 N Y MASTER 172.19.101.50 172.19.101.54
    Switch2# sho vrrp brief | i 301
    vlan301 254 IPv4 130 3318 N Y BACKUP 172.19.101.50 172.19.101.54
    Switch3# sho vrrp brief | i 301
    vlan301 254 IPv4 120 60217 N Y BACKUP 172.19.101.50 172.19.101.54
    Switch4# sho vrrp brief | i 301
    vlan301 254 IPv4 110 3329 N Y BACKUP 172.19.101.50 172.19.101.54

    Btw i'm not able to ping the virtual IP from Switch3 and Switch4 (sometimes, after some reboot maybe it was working on Switch3)

    Switch1# ping 172.19.101.54
    PING 172.19.101.54 (172.19.101.54) 100(128) bytes of data.
    108 bytes from 172.19.101.54: icmp_seq=1 ttl=64 time=0.037 ms
    108 bytes from 172.19.101.54: icmp_seq=2 ttl=64 time=0.034 ms
    108 bytes from 172.19.101.54: icmp_seq=3 ttl=64 time=0.036 ms
    108 bytes from 172.19.101.54: icmp_seq=4 ttl=64 time=0.039 ms
    108 bytes from 172.19.101.54: icmp_seq=5 ttl=64 time=0.024 ms

    Switch2# ping 172.19.101.54
    PING 172.19.101.54 (172.19.101.54) 100(128) bytes of data.
    108 bytes from 172.19.101.54: icmp_seq=1 ttl=64 time=0.579 ms
    108 bytes from 172.19.101.54: icmp_seq=2 ttl=64 time=0.563 ms
    108 bytes from 172.19.101.54: icmp_seq=3 ttl=64 time=0.574 ms
    108 bytes from 172.19.101.54: icmp_seq=4 ttl=64 time=0.496 ms
    108 bytes from 172.19.101.54: icmp_seq=5 ttl=64 time=0.634 ms

    Switch3# ping 172.19.101.54
    PING 172.19.101.54 (172.19.101.54) 100(128) bytes of data.

    --- 172.19.101.54 ping statistics ---
    5 packets transmitted, 0 received, 100% packet loss, time 4112ms

    Switch4# ping 172.19.101.54
    PING 172.19.101.54 (172.19.101.54) 100(128) bytes of data.

    --- 172.19.101.54 ping statistics ---
    5 packets transmitted, 0 received, 100% packet loss, time 4117ms

    I checked the mac table associated to the virtual ip;
    It seems to be normal on Switch1, Switch2 but the port is incorrect on Switch3 and Switch4...

    Switch1# sho mac-address-table address 00:00:5e:00:01:fe
    No MAC entries found.

    Switch2# sho mac-address-table address 00:00:5e:00:01:fe
    MAC age-time : 300 seconds
    Number of MAC addresses : 1

    MAC Address VLAN Type Port
    --------------------------------------------------------------
    00:00:5e:00:01:fe 301 dynamic lag256

    Switch3# sho mac-address-table address 00:00:5e:00:01:fe
    MAC age-time : 300 seconds
    Number of MAC addresses : 1

    MAC Address VLAN Type Port
    --------------------------------------------------------------
    00:00:5e:00:01:fe 301 dynamic lag256

    Switch4# sho mac-address-table address 00:00:5e:00:01:fe
    MAC age-time : 300 seconds
    Number of MAC addresses : 1

    MAC Address VLAN Type Port
    --------------------------------------------------------------
    00:00:5e:00:01:fe 301 dynamic lag256

    I have this issue in 10.07.0021 and 10.06.0140 version.
    May someone have an idea ?

    ------------------------------
    Florent CHETAIL
    ------------------------------


  • 2.  RE: 8400/VSX/VRRP/MAC issue
    Best Answer

    Posted Oct 01, 2021 02:26 AM
    This VSX back-to-back scenario is described in the VSX best practices paper - Appendix F:
    https://support.hpe.com/hpesc/public/docDisplay?docId=a00094242en_us
    Why not using active-gateway instead of VRRP in this context ?



    ------------------------------
    Vincent Giles
    ------------------------------



  • 3.  RE: 8400/VSX/VRRP/MAC issue

    Posted Oct 01, 2021 10:21 AM
    Hello Vincent,

    I had already read this document unfortunately.
    I don't use active-gateway because I need redundancy with my 2 VSX cluster on each site.

    As far as I know I can only use active-gateway on 2 members in the same VSX cluster.
    If you think it's possible, can you send me a configuration example ?

    Thanks

    ------------------------------
    Florent CHETAIL
    ------------------------------



  • 4.  RE: 8400/VSX/VRRP/MAC issue

    Posted Oct 01, 2021 10:51 AM
    Appendix F does include your use-case and the configuration as well for Agg1, Agg2, Agg3 and Agg4.
    Active-gateway anycast IP address can be shared among these 2 VSX clusters as described.
    There are documented caveats as well.
    Please check again this appendix F.

    ------------------------------
    Vincent Giles
    ------------------------------



  • 5.  RE: 8400/VSX/VRRP/MAC issue

    Posted Oct 01, 2021 10:55 AM
    Sorry Vincent, didn't notice you referenced Appendix F.
    I'll test it next weekd and let you know. :)

    ------------------------------
    Florent CHETAIL
    ------------------------------



  • 6.  RE: 8400/VSX/VRRP/MAC issue

    Posted Oct 06, 2021 03:12 AM
    The solution proposed by Vincent works.
    I found a bug fixed in 10.08.0001 that correspond to my issue :

    MAC Tables
    Bug Id : 86543, 154852,159156,190398
    Symptom: Traffic in a VSX pair is dropped.
    Scenario: When a VSX pair is in VRRP BACKUP/BACKUP mode, traffic using
    VRRP MAC as the destination MAC that hits the VSX pair will be dropped.

    It seems my configuration works fine with this new version

    ------------------------------
    Florent CHETAIL
    ------------------------------