VRRP is flapping for vlan 10 but not for the rest

Latest reply: Jun 23, 2015 14:34:20 3132 4 0 0

Hello,


I have built a very redundant topology. Each host have a virtual gateway provided by VRRP.


I have tested all scenarios (LSW1 fails Main1+LSW2 fail and so on... all...), each host (except servers) can ping a remote public address continuously.


But here is one more issue... MAIN2 can ping 10.0.100.0/24 and 10.0.200.0/24 (vlan100-200) but MAIN2 cannot ping any of them. However sometimes it changes... For example: MAIN1 can ping vlan 100 but vlan 200 and vica versa.

MAIN1-2 can ping the rest of the vlans (10,20,30) all the time!


I have attached the eNSP file also.



The servers do not have virtual GW.

LSW1 - LSW5 have inter vlan routing set up.

LSW1 and LSW2 have 2 default routes pointing to router MAIN1 and MAIN2 (SW's do load-balance).

SW's also do load balance based on VLAN's.


VRRP is flapping on LSW1,3,4,5 but not on LSW2!

However LSW1-5's gig interfaces do flap sometimes...


Console warning message on LSW1 (same on LSW3,4,5)

Oct 12 2014 15:56:01-08:00 LSW1 %%01VRRP/4/STATEWARNINGEXTEND(l)[31]:Virtual Rout
er state BACKUP changed to MASTER, because of priority calculation. (Interface=Vl
anif10, VrId=1, InetType=IPv4)
Oct 12 2014 15:56:01-08:00 LSW1 %%01VRRP/4/STATEWARNINGEXTEND(l)[32]:Virtual Rout
er state MASTER changed to BACKUP, because of priority calculation. (Interface=Vl
anif10, VrId=1, InetType=IPv4)
Oct 12 2014 15:56:26-08:00 LSW1 %%01VRRP/4/STATEWARNINGEXTEND(l)[33]:Virtual Rout
er state BACKUP changed to MASTER, because of priority calculation. (Interface=Vl
anif10, VrId=1, InetType=IPv4)
Oct 12 2014 15:56:27-08:00 LSW1 %%01VRRP/4/STATEWARNINGEXTEND(l)[34]:Virtual Rout
er state MASTER changed to BACKUP, because of priority calculation. (Interface=Vl
anif10, VrId=1, InetType=IPv4)
Oct 12 2014 15:57:04-08:00 LSW1 %%01VRRP/4/STATEWARNINGEXTEND(l)[35]:Virtual Rout
er state BACKUP changed to MASTER, because of priority calculation. (Interface=Vl
anif10, VrId=1, InetType=IPv4)
Oct 12 2014 15:57:04-08:00 LSW1 %%01VRRP/4/STATEWARNINGEXTEND(l)[36]:Virtual Rout
er state MASTER changed to BACKUP, because of priority calculation. (Interface=Vl
anif10, VrId=1, InetType=IPv4)
Oct 12 2014 15:57:21-08:00 LSW1 %%01PHY/1/PHY(l)[37]:    GigabitEthernet0/0/7: ch
ange status to down
Oct 12 2014 15:57:22-08:00 LSW1 %%01PHY/1/PHY(l)[38]:    GigabitEthernet0/0/7: ch
ange status to up
Oct 12 2014 15:57:30-08:00 LSW1 %%01VRRP/4/STATEWARNINGEXTEND(l)[39]:Virtual Rout
er state BACKUP changed to MASTER, because of priority calculation. (Interface=Vl
anif10, VrId=1, InetType=IPv4)
Oct 12 2014 15:57:30-08:00 LSW1 %%01VRRP/4/STATEWARNINGEXTEND(l)[40]:Virtual Rout
er state MASTER changed to BACKUP, because of priority calculation. (Interface=Vl
anif10, VrId=1, InetType=IPv4

Console warning message on LSW2


Oct 12 2014 15:55:05-08:00 LSW2 %%01PHY/1/PHY(l)[2]:    GigabitEthernet0/0/4: cha
nge status to down
Oct 12 2014 15:55:06-08:00 LSW2 %%01PHY/1/PHY(l)[3]:    GigabitEthernet0/0/4: cha
nge status to up
Oct 12 2014 15:55:22-08:00 LSW2 %%01PHY/1/PHY(l)[4]:    GigabitEthernet0/0/5: cha
nge status to up

Those are TRUNK links downsteram.



I have been testing this all weekend but i have not find a solution yet...

Any help would be lovely!

THX!


VRRP is flapping for vlan 10 but not for the rest-1247365-1


Config's


LSW1


sysname LSW1
#
vrrp version v3

vlan batch 2 to 3 10 20 30 100 200
#
stp edged-port default
stp instance 0 priority 0
stp instance 1 priority 4096
#
gvrp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name A
 revision-level 1
 instance 1 vlan 10 30 100
 active region-configuration
#
drop-profile default
#
interface Vlanif2
 ip address 10.0.0.2 255.255.255.252
#
interface Vlanif3
 ip address 10.0.0.6 255.255.255.252
#
interface Vlanif10
 ip address 10.0.10.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.10.6
 vrrp vrid 1 priority 110
 vrrp vrid 1 timer advertise 4
#
interface Vlanif20
 ip address 10.0.20.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.20.6
 vrrp vrid 1 priority 120
 vrrp vrid 1 timer advertise 4
#
interface Vlanif30
 ip address 10.0.30.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.30.6
 vrrp vrid 1 priority 110
 vrrp vrid 1 timer advertise 4
#
interface Vlanif100
 ip address 10.0.100.1 255.255.255.0
#
interface Vlanif200
 ip address 10.0.200.1 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 4 to 4094
 gvrp
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 2
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 4 to 4094
 gvrp
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 4 to 4094
 gvrp
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 4 to 4094
 gvrp
#
interface GigabitEthernet0/0/7
 port link-type access
 port default vlan 100
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/8
 port link-type access
 port default vlan 100
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/24
 port link-type access
 port default vlan 3
 stp disable
 bpdu disable
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1
ip route-static 0.0.0.0 0.0.0.0 10.0.0.5


LSW2


sysname LSW2
#
vrrp version v3
#
vlan batch 4 to 5 10 20 30 100 200
#
stp edged-port default
stp instance 0 priority 4096
stp instance 1 priority 0
#
gvrp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name A
 revision-level 1
 instance 1 vlan 10 30 100
 active region-configuration
#
drop-profile default
#
interface Vlanif4
 ip address 10.0.0.10 255.255.255.252
#
interface Vlanif5
 ip address 10.0.0.14 255.255.255.252
#
interface Vlanif10
 ip address 10.0.10.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.10.6
 vrrp vrid 1 priority 120
 vrrp vrid 1 timer advertise 4
#
interface Vlanif20
 ip address 10.0.20.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.20.6
 vrrp vrid 1 priority 110
 vrrp vrid 1 timer advertise 4
#
interface Vlanif30
 ip address 10.0.30.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.30.6
 vrrp vrid 1 priority 120
 vrrp vrid 1 timer advertise 4
#
interface Vlanif100
 ip address 10.0.100.2 255.255.255.0
#
interface Vlanif200
 ip address 10.0.200.2 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 2 to 3 6 to 4094
 gvrp
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 4
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 3 6 to 4094
 gvrp
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 3 6 to 4094
 gvrp
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 2 to 3 6 to 4094
 gvrp
#
interface GigabitEthernet0/0/7
 port link-type access
 port default vlan 200
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/8
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/24
 port link-type access
 port default vlan 5
 stp disable
 bpdu disable
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.9
ip route-static 0.0.0.0 0.0.0.0 10.0.0.13

LSW3


vrrp version v3
#
vlan batch 10 20 30 100 200
#
stp edged-port default
stp instance 0 priority 8192
stp instance 1 priority 8192
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name A
 revision-level 1
 instance 1 vlan 10 30 100
 active region-configuration
#
drop-profile default
#
interface Vlanif10
 ip address 10.0.10.3 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.10.6
 vrrp vrid 1 timer advertise 4
#
interface Vlanif20
 ip address 10.0.20.3 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.20.6
 vrrp vrid 1 priority 105
 vrrp vrid 1 timer advertise 4
#
interface Vlanif30
 ip address 10.0.30.3 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 20
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 10
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094

LSW4


vrrp version v3
#
vlan batch 10 20 30 100 200
#
stp edged-port default
stp instance 0 priority 12288
stp instance 1 priority 12288
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name A
 revision-level 1
 instance 1 vlan 10 30 100
 active region-configuration
#
drop-profile default


#
interface Vlanif1
#
interface Vlanif10
 ip address 10.0.10.4 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.10.6
 vrrp vrid 1 priority 95
 vrrp vrid 1 timer advertise 4
#
interface Vlanif20
 ip address 10.0.20.4 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.20.6
 vrrp vrid 1 timer advertise 4
#
interface Vlanif30
 ip address 10.0.30.4 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 20
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
 port link-type access
 port default vlan 10
 stp disable
 bpdu disable

LSW5


vrrp version v3
#
vlan batch 10 20 30 100 200
#
stp edged-port default
stp instance 0 priority 16384
stp instance 1 priority 16384
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name A
 revision-level 1
 instance 1 vlan 10 30 100
 active region-configuration
#
drop-profile default
#
aaa
#
interface Vlanif10
 ip address 10.0.10.5 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.10.6
 vrrp vrid 1 priority 90
 vrrp vrid 1 timer advertise 4
#
interface Vlanif20
 ip address 10.0.20.5 255.255.255.0
 vrrp vrid 1 virtual-ip 10.0.20.6
 vrrp vrid 1 priority 95
 vrrp vrid 1 timer advertise 4
#
interface Vlanif30
 ip address 10.0.30.5 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 20
 stp disable
 bpdu disable
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
 port link-type access
 port default vlan 10
 stp disable
 bpdu disable

MAIN1


drop illegal-mac alarm
#
vrrp version v3
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
acl number 2000  
 rule 5 permit source 10.0.10.0 0.0.0.255 
 rule 6 permit source 10.0.20.0 0.0.0.255 
 rule 7 permit source 10.0.30.0 0.0.0.255 
 rule 8 permit source 10.0.0.0 0.0.0.255 
acl number 2001  
 rule 5 permit source 10.0.100.0 0.0.0.255 
 rule 6 permit source 10.0.200.0 0.0.0.255 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
 nat address-group 2 20.0.0.11 20.0.0.11
#
interface GigabitEthernet0/0/0
 ip address 20.0.0.10 255.255.255.248 
 nat server protocol udp global 20.0.0.14 dns inside 10.0.100.254 dns
 nat server protocol tcp global 20.0.0.13 ftp inside 10.0.100.253 ftp
 nat server protocol tcp global 20.0.0.12 www inside 10.0.200.254 www
 nat outbound 2000
 nat outbound 2001 address-group 2 
#
interface GigabitEthernet0/0/1
 ip address 10.0.0.9 255.255.255.252 
#
interface GigabitEthernet0/0/2
 ip address 10.0.0.5 255.255.255.252 
#
interface NULL0
#
bgp 65500
 peer 20.0.0.9 as-number 1 
 #
 ipv4-family unicast
  undo synchronization
  network 20.0.0.8 255.255.255.248 
  peer 20.0.0.9 enable
#
ip route-static 10.0.0.0 255.0.0.0 10.0.0.10
ip route-static 10.0.0.0 255.0.0.0 10.0.0.6 preference 61

MAIN2


vrrp version v3
vrrp recover-delay 10
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
acl number 2000  
 rule 5 permit source 10.0.10.0 0.0.0.255 
 rule 6 permit source 10.0.20.0 0.0.0.255 
 rule 7 permit source 10.0.30.0 0.0.0.255 
 rule 8 permit source 10.0.0.0 0.0.0.255 
acl number 2001  
 rule 5 permit source 10.0.100.0 0.0.0.255 
 rule 6 permit source 10.0.200.0 0.0.0.255 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
 nat address-group 2 20.0.0.3 20.0.0.3
#
interface GigabitEthernet0/0/0
 ip address 20.0.0.2 255.255.255.248 
 nat server protocol udp global 20.0.0.6 dns inside 10.0.100.254 dns
 nat server protocol tcp global 20.0.0.5 ftp inside 10.0.100.253 ftp
 nat server protocol tcp global 20.0.0.4 www inside 10.0.200.254 www
 nat outbound 2000
 nat outbound 2001 address-group 2 
#
interface GigabitEthernet0/0/1
 ip address 10.0.0.1 255.255.255.252 
#
interface GigabitEthernet0/0/2
 ip address 10.0.0.13 255.255.255.252 
#
interface NULL0
#
bgp 65500
 peer 20.0.0.1 as-number 2 
 #
 ipv4-family unicast
  undo synchronization
  network 20.0.0.0 255.255.255.248 
  peer 20.0.0.1 enable
#
ip route-static 10.0.0.0 255.0.0.0 10.0.0.2
ip route-static 10.0.0.0 255.0.0.0 10.0.0.14 preference 61

This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

johnston78
Created Jun 23, 2015 07:54:07 Helpful(0) Helpful(0)

For this you should actually try using "Ahsay software" It gives backup and it also saves your folder names as well. Ahsay software is going really good these days. I have made "Ahsay software" used by all my staff in office. its actually the software for your business. Try using it Dude. Just GOOGLE "Ahsay software"

  • x
  • convention:

kudo4
Created Jun 23, 2015 14:34:20 Helpful(0) Helpful(0)

More info:
http://adf.ly/1HHwe7


  • x
  • convention:

kem_kem
Created Oct 12, 2014 15:30:08 Helpful(0) Helpful(0)

Update:


I shorted out the conenctivity issue between MAIN router and the servers.

I added vlan 500, i enadbled it between LSW1-2 and added a 1 static route on each LSW1-2 to 10.0.0.0 8


But the VRRP is still flapping :D 

  • x
  • convention:

kem_kem
Created Oct 14, 2014 17:10:44 Helpful(0) Helpful(0)

I am also forcing incoming packets @ edge router to be translated to inside interface address
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login