Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

8400/VSX/VRRP/MAC issue

This thread has been viewed 33 times

  • 1.  8400/VSX/VRRP/MAC issue

    Posted Sep 30, 2021 02:46 PM
    Hi, I have an issue with my new 8400 ArubaOS CX switches.

    Here is my architecture
    I have 2 sites, 1 VSX Cluster on each site so 4 switches 8400 in total.
    I use lag 256 for ISL. (2x100G)

    Each sites are connected through lag 255 - 2x100G (one link on each member)
    All vlans are allowed on lag 255 and 256, and all ports are forwarding in spanning-tree.

    Switch1-------lag255-------Switch3
       ||                                        ||
    lag256                                lag256
       ||                                        ||
    Switch2-------lag255-------Switch4

    My customer have vlan accross both sites, and needs redundancy in routing.
    I use VRRP between the 4 switches (example in vlan 301)

    VRRP seems to work fine :
    Switch1# sho vrrp brief | i 301
    vlan301 254 IPv4 140 59702 N Y MASTER 172.19.101.50 172.19.101.54
    Switch2# sho vrrp brief | i 301
    vlan301 254 IPv4 130 3318 N Y BACKUP 172.19.101.50 172.19.101.54
    Switch3# sho vrrp brief | i 301
    vlan301 254 IPv4 120 60217 N Y BACKUP 172.19.101.50 172.19.101.54
    Switch4# sho vrrp brief | i 301
    vlan301 254 IPv4 110 3329 N Y BACKUP 172.19.101.50 172.19.101.54

    Btw i'm not able to ping the virtual IP from Switch3 and Switch4 (sometimes, after some reboot maybe it was working on Switch3)

    Switch1# ping 172.19.101.54
    PING 172.19.101.54 (172.19.101.54) 100(128) bytes of data.
    108 bytes from 172.19.101.54: icmp_seq=1 ttl=64 time=0.037 ms
    108 bytes from 172.19.101.54: icmp_seq=2 ttl=64 time=0.034 ms
    108 bytes from 172.19.101.54: icmp_seq=3 ttl=64 time=0.036 ms
    108 bytes from 172.19.101.54: icmp_seq=4 ttl=64 time=0.039 ms
    108 bytes from 172.19.101.54: icmp_seq=5 ttl=64 time=0.024 ms

    Switch2# ping 172.19.101.54
    PING 172.19.101.54 (172.19.101.54) 100(128) bytes of data.
    108 bytes from 172.19.101.54: icmp_seq=1 ttl=64 time=0.579 ms
    108 bytes from 172.19.101.54: icmp_seq=2 ttl=64 time=0.563 ms
    108 bytes from 172.19.101.54: icmp_seq=3 ttl=64 time=0.574 ms
    108 bytes from 172.19.101.54: icmp_seq=4 ttl=64 time=0.496 ms
    108 bytes from 172.19.101.54: icmp_seq=5 ttl=64 time=0.634 ms

    Switch3# ping 172.19.101.54
    PING 172.19.101.54 (172.19.101.54) 100(128) bytes of data.

    --- 172.19.101.54 ping statistics ---
    5 packets transmitted, 0 received, 100% packet loss, time 4112ms

    Switch4# ping 172.19.101.54
    PING 172.19.101.54 (172.19.101.54) 100(128) bytes of data.

    --- 172.19.101.54 ping statistics ---
    5 packets transmitted, 0 received, 100% packet loss, time 4117ms

    I checked the mac table associated to the virtual ip;
    It seems to be normal on Switch1, Switch2 but the port is incorrect on Switch3 and Switch4...

    Switch1# sho mac-address-table address 00:00:5e:00:01:fe
    No MAC entries found.

    Switch2# sho mac-address-table address 00:00:5e:00:01:fe
    MAC age-time : 300 seconds
    Number of MAC addresses : 1

    MAC Address VLAN Type Port
    --------------------------------------------------------------
    00:00:5e:00:01:fe 301 dynamic lag256

    Switch3# sho mac-address-table address 00:00:5e:00:01:fe
    MAC age-time : 300 seconds
    Number of MAC addresses : 1

    MAC Address VLAN Type Port
    --------------------------------------------------------------
    00:00:5e:00:01:fe 301 dynamic lag256

    Switch4# sho mac-address-table address 00:00:5e:00:01:fe
    MAC age-time : 300 seconds
    Number of MAC addresses : 1

    MAC Address VLAN Type Port
    --------------------------------------------------------------
    00:00:5e:00:01:fe 301 dynamic lag256

    I have this issue in 10.07.0021 and 10.06.0140 version.
    May someone have an idea ?

    ------------------------------
    Florent CHETAIL
    ------------------------------


  • 2.  RE: 8400/VSX/VRRP/MAC issue
    Best Answer

    EMPLOYEE
    Posted Oct 01, 2021 02:26 AM
    This VSX back-to-back scenario is described in the VSX best practices paper - Appendix F:
    https://support.hpe.com/hpesc/public/docDisplay?docId=a00094242en_us
    Why not using active-gateway instead of VRRP in this context ?



    ------------------------------
    Vincent Giles
    ------------------------------

    Original Message


  • 3.  RE: 8400/VSX/VRRP/MAC issue

    Posted Oct 01, 2021 10:21 AM
    Hello Vincent,

    I had already read this document unfortunately.
    I don't use active-gateway because I need redundancy with my 2 VSX cluster on each site.

    As far as I know I can only use active-gateway on 2 members in the same VSX cluster.
    If you think it's possible, can you send me a configuration example ?

    Thanks

    ------------------------------
    Florent CHETAIL
    ------------------------------

    Original Message


  • 4.  RE: 8400/VSX/VRRP/MAC issue

    EMPLOYEE
    Posted Oct 01, 2021 10:51 AM
    Appendix F does include your use-case and the configuration as well for Agg1, Agg2, Agg3 and Agg4.
    Active-gateway anycast IP address can be shared among these 2 VSX clusters as described.
    There are documented caveats as well.
    Please check again this appendix F.

    ------------------------------
    Vincent Giles
    ------------------------------

    Original Message


  • 5.  RE: 8400/VSX/VRRP/MAC issue

    Posted Oct 01, 2021 10:55 AM
    Sorry Vincent, didn't notice you referenced Appendix F.
    I'll test it next weekd and let you know. :)

    ------------------------------
    Florent CHETAIL
    ------------------------------

    Original Message


  • 6.  RE: 8400/VSX/VRRP/MAC issue

    Posted Oct 06, 2021 03:12 AM
    The solution proposed by Vincent works.
    I found a bug fixed in 10.08.0001 that correspond to my issue :

    MAC Tables
    Bug Id : 86543, 154852,159156,190398
    Symptom: Traffic in a VSX pair is dropped.
    Scenario: When a VSX pair is in VRRP BACKUP/BACKUP mode, traffic using
    VRRP MAC as the destination MAC that hits the VSX pair will be dropped.

    It seems my configuration works fine with this new version

    ------------------------------
    Florent CHETAIL
    ------------------------------

    Original Message