Wireless Access

Reply
Occasional Contributor I

Mobility Master VRRP Split Brain

I just deployed a new ArubaOS 8.3.0.4 mobility master, which I plan to use as the backup mobility master, on ESX 5.5.0 infrastructure.


As a first step, I created the VRRP address on the management VLAN (1634), just like I did with the mobility controllers where it is working fine. G0/0/0 is in access mode for this VLAN on both masters.


In the WebUI, when I click submit, I get the strange warning that sais: "WARNING: Invalid VRRP VLAN ID" on both masters. The VLAN does however exist and I have reachability to everything else in this VLAN.


Showing the VRRP stats, I notice that VRRP messages are being sent on both of them, but no messages are received. For testing purposes, I tried to make the master part of the VRRP group together with the controllers but this is not working either.
Every mobility master always takes the VRRP MASTER role.

My first question would be: why do I get this warning? The VLAN does exist and I have reachability over it.

The next one: what could be the reason they are not seeing each other's messages. I suspected ESX infra, but there are no restrictions on the port group.
This port group allows MAC changes and forged transmits. Not that that should matter here.
Config and tshoot steps included below.


###### MM01 ######
vrrp 10
    priority 110
    authentication aruba123
    ip address 10.46.10.50
    vlan 1634
    preempt delay 60
    no shutdown
!
end
(arubamm01) [mynode] #show vrrp


Virtual Router 10:
    Description
    Admin State UP, VR State MASTER
    IP Address 10.46.10.50, MAC Address 00:00:5e:00:01:0a, vlan 1634
    Priority 110, Advertisement 1 sec, Preemption Enable Delay 60
    Auth type PASSWORD, Auth data: ********
    tracking is not enabled
(arubamm01) [mynode] #show vrrp stats all

Virtual Router 10:

   Admin State UP, VR State MASTER

   Advertisements:
   Sent:                              639   Received:                         0
   Zero priority sent:                  0   Zero priority received:           0
   Lower IP address received            0   Lower Priority received           0
   Tracking priority overflow:          0
   Advertisements received errors:
      Interval mismatch                 0   Invalid TTL                       0
      Invalid packet type               0   Authentication failure            0
      Invalid auth type                 0   Mismatch auth type                0
      Invalid VRRP IP address           0   Invalid packet length             0
   VRRP Up timestamp:                       Mon Dec 10 10:04:15 2018
   Master Up timestamp:                     Mon Dec 10 10:05:14 2018
   Last advertisement sent timestamp:       Mon Dec 10 10:15:53 2018
   Last advertisement received timestamp:   never
   Current time:                            Mon Dec 10 10:15:54 2018
   Number times became VRRP Master:         1
(arubamm01) [mynode] #show ip interface brief

Interface                   IP Address / IP Netmask        Admin   Protocol   VRRP-IP
vlan 1634                  10.46.10.10 / 255.255.255.0     up      up         10.46.10.50    
vlan 1                      unassigned / unassigned        up      down                      
loopback                    unassigned / unassigned        up      up  
mgmt                        unassigned / unassigned        down    down
(arubamm01) [mynode] #ping 10.46.10.10

Press 'q' to abort.
Sending 5, 92-byte ICMP Echos to 10.46.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.029/0.0366/0.051 ms

(arubamm01) [mynode] #ping 10.46.10.15

Press 'q' to abort.
Sending 5, 92-byte ICMP Echos to 10.46.10.15, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1.151/1.7808/2.925 ms

(arubamm01) [mynode] #show arp | include 10.15
Internet        10.46.10.15     00:50:56:b3:32:75       vlan1634
(arubamm01) [mynode] #show interface vlan 1634

VLAN1634 is up line protocol is up
Hardware is CPU Interface, Interface address is 00:50:56:B3:4E:B4 (bia 00:50:56:B3:4E:B4)
Description: 802.1Q VLAN
Internet address is 10.46.10.10  255.255.255.0
IPv6 Router Advertisements are disabled
Routing interface is enable, Forwarding mode is enable
Directed broadcast is disabled, BCMC Optimization disabled ProxyARP disabled Suppress ARP disabled
Encapsulation 802, loopback not set
MTU 1500 bytes
Last clearing of "show interface" counters 3 day 12 hr 58 min 41 sec
link status last changed 3 day 12 hr 54 min 56 sec
Proxy Arp is disabled for the Interface


###### MM02 ######
vrrp 10
    authentication aruba123
    ip address 10.46.10.50
    vlan 1634
    no shutdown
!
end
(arubamm02) [mynode] #show vrrp


Virtual Router 10:
    Description
    Admin State UP, VR State MASTER
    IP Address 10.46.10.50, MAC Address 00:00:5e:00:01:0a, vlan 1634
    Priority 100, Advertisement 1 sec, Preemption Disable Delay 0
    Auth type PASSWORD, Auth data: ********
    tracking is not enabled
(arubamm02) [mynode] #show vrrp stats all

Virtual Router 10:

   Admin State UP, VR State MASTER

   Advertisements:
   Sent:                             2153   Received:                         0
   Zero priority sent:                  1   Zero priority received:           0
   Lower IP address received            0   Lower Priority received           0
   Tracking priority overflow:          0
   Advertisements received errors:
      Interval mismatch                 0   Invalid TTL                       0
      Invalid packet type               0   Authentication failure            0
      Invalid auth type                 0   Mismatch auth type                0
      Invalid VRRP IP address           0   Invalid packet length             0
   VRRP Up timestamp:                       Mon Dec 10 09:53:56 2018
   Master Up timestamp:                     Mon Dec 10 09:53:59 2018
   Last advertisement sent timestamp:       Mon Dec 10 10:16:29 2018
   Last advertisement received timestamp:   never
   Current time:                            Mon Dec 10 10:16:29 2018
   Number times became VRRP Master:         2
(arubamm02) [mynode] #show ip interface brief

Interface                   IP Address / IP Netmask        Admin   Protocol   VRRP-IP
vlan 1634                  10.46.10.15 / 255.255.255.0     up      up         10.46.10.50    
vlan 1                      unassigned / unassigned        up      down                      
loopback                    unassigned / unassigned        up      up  
mgmt                        unassigned / unassigned        down    down
(arubamm02) [mynode] #ping 10.46.10.10

Press 'q' to abort.
Sending 5, 92-byte ICMP Echos to 10.46.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.775/1.6388/2.496 ms

(arubamm02) [mynode] #ping 10.46.10.15

Press 'q' to abort.
Sending 5, 92-byte ICMP Echos to 10.46.10.15, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.02/0.026/0.031 ms

(arubamm02) [mynode] #show arp | include 10.10
Internet        10.46.10.10     00:50:56:b3:4e:b4       vlan1634
(arubamm02) [mynode] #show interface vlan 1634

VLAN1634 is up line protocol is up
Hardware is CPU Interface, Interface address is 00:50:56:B3:32:75 (bia 00:50:56:B3:32:75)
Description: 802.1Q VLAN
Internet address is 10.46.10.15  255.255.255.0
IPv6 Router Advertisements are disabled
Routing interface is enable, Forwarding mode is enable
Directed broadcast is disabled, BCMC Optimization disabled ProxyARP disabled Suppress ARP disabled
Encapsulation 802, loopback not set
MTU 1500 bytes
Last clearing of "show interface" counters 0 day 0 hr 48 min 1 sec
link status last changed 0 day 0 hr 46 min 51 sec
Proxy Arp is disabled for the Interface


Occasional Contributor I

Re: Mobility Master VRRP Split Brain

I asked the ESX admin to enable promiscuous mode on the port group, and now it works.

I also came across this document which describes this:

 

https://community.arubanetworks.com/t5/Wireless-Access/VRRP-Issues-Promiscuous-mode-VMMs-AOS-v8/td-p/364589

 

So I guess the problem is solved.

Contributor II

Re: Mobility Master VRRP Split Brain

There are other issues with ESXi that you may run into, just FYI.

 

Enabling net path reverse is one of them.

Occasional Contributor II

Re: Mobility Master VRRP Split Brain

Argh it's always something..even with the simplest of things! Thanks for taking the time to make a post. I was about ready to call TAC. 

New Contributor

Re: Mobility Master VRRP Split Brain

Hi,

What is net path reverse and what problem does it solve?

 

I'm setting up 2 virtual Mobiliy Masters with VRRP redundancy that works but I can't get my physical Mobility Controller to connect to the VRRP IP address. I can ping both the MM nics from the MC but not the VRRP address.

 

 

 

New Contributor

Re: Mobility Master VRRP Split Brain

Hi,

 

What is 'net path reverse' and what problem does it solve?

 

I'm setting up 2 virtual Mobility Masters with VRRP redundancy thats working fine but I can't get my Mobility Controller to join the VRRP IP address.

I can ping the MM nics from the MC but can't ping the VRRP address. Not sure if that is normal or the problem.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: