Re: Packet loss occurs when setting VSS + OSPF

leedonguk123123 · ‎12-12-2023

hello,
I have a question regarding VSS + OSPF configuration.

In the configuration diagram above, when the C9500(L) VSS Active is operating and the backup is reloaded or the power is unplugged, the Backup C9500(R) changes to Active and takes up to 30 seconds before normal communication is possible.

There are 10 PCs each connected to L3_A and L3_B.

While the C9500(R) is changing to Active, OSPF Neighbor remains in Full state and the Routing Table can also check the PC bands connected to L3_A and L3_B, but it takes 30 seconds for communication between each PC to normalize.

I would appreciate it if you could let me know if you could add a setting to resolve this situation.

MHM Cisco World · ‎12-12-2023

VSS you meaning stackwise virtual' if Yes then add DAD link between SW.

This make SW fast detect failure of it peers

MHM

leedonguk123123 · ‎12-12-2023

I did something wrong.

The current setting is a redundancy configuration in "stackwise".



In a redundant configuration, if you remove the power of a switch operating as Active or reboot it, communication may be delayed for about 30 seconds, but I do not understand this part.

The method I checked was NSR, NSF, and I changed the interface to Point-to-Point, but there was no difference.

We would also like to confirm that the stackwise settings are correct.

switch priority 15
conf t

stackwise-virtual
domain 1
exit
!
interface TenGigabitEthernet1/0/14
stackwise-virtual dual-active-detection
!
interface TenGigabitEthernet1/0/15
stackwise-virtual link 1
!
interface TenGigabitEthernet1/0/16
stackwise-virtual link 1
!

<Backup>
switch renumber 2
conf t

stackwise-virtual
domain 1
exit
!
interface TenGigabitEthernet1/0/14
stackwise-virtual dual-active-detection
!
interface TenGigabitEthernet1/0/15
stackwise-virtual link 1
!
interface TenGigabitEthernet1/0/16
stackwise-virtual link 1
!

MHM Cisco World · ‎12-12-2023

Switch#show stackwise-virtual link

Switch#show stackwise-virtual dual-active-detection

first share above when one SW failed
second can you share the OSPF NSF config

MHM

leedonguk123123 · ‎12-12-2023

We will share the configuration with you.

<stackwise>
======================================================

CISCO#show stackwise-virtual link
Stackwise Virtual Link(SVL) Information:
----------------------------------------
Flags:
------
Link Status
-----------
U-Up D-Down
Protocol Status
---------------
S-Suspended P-Pending E-Error T-Timeout R-Ready
-----------------------------------------------
Switch SVL Ports Link-Status Protocol-Status
------ --- ----- ----------- ---------------
1 1 TenGigabitEthernet1/0/15 U R
TenGigabitEthernet1/0/16 U R
2 1 TenGigabitEthernet2/0/15 U R
TenGigabitEthernet2/0/16 U R

======================================================

CISCO#show stackwise-virtual dual-active-detection
In dual-active recovery mode: No
Recovery Reload: Enabled

Dual-Active-Detection Configuration:
-------------------------------------
Switch Dad port Status
------ ------------ ---------
1 TenGigabitEthernet1/0/14 up
2 TenGigabitEthernet2/0/14 up

=======================================================
<OSPF Config>
CISCO#show running-config | be router
router ospf 1
router-id 2.2.2.1
nsf
network 192.168.100.0 0.0.0.255 area 0
network 192.168.101.0 0.0.0.255 area 0
network 192.168.200.0 0.0.0.255 area 0
network 192.168.201.0 0.0.0.255 area 0

MHM Cisco World · ‎12-12-2023

from Cisco Doc.
Cisco NSF works with the SSO feature. The device supports fault resistance by allowing a standby switch to
take over if the active device becomes unavailable. NSF works with SSO to minimize the amount of time a
network is unavailable.
Usually, when a networking device restarts, all routing peers of that device detect that the device went down
and then came back up. This transition results in what is called a routing flap, which could spread across
multiple routing domains. Routing flaps caused by routing restarts create routing instabilities, which are
detrimental to the overall network performance. Cisco NSF helps to suppress routing flaps in SSO-enabled
devices, thus reducing network instability

leedonguk123123 · ‎12-12-2023

thank you for the reply. There are two questions I would like to ask.

Currently, SSO and NSF are set in Running-Config.

However, the results are the same as before setting up SSO and NSF.

1. Do I need to configure SSO/NSF settings in advance before operating Stackwise and then proceed with a redundant connection? Or will there be no problem if I make additional settings while operating in redundancy?

2. Is service interruption a natural result in the process of converting Standby SW to Active?

MHM Cisco World · ‎12-12-2023

1. Do I need to configure SSO/NSF settings in advance before operating Stackwise and then proceed with
a redundant connection? Or will there be no problem if I make additional settings while operating in redundancy? I will check this point

2. Is service interruption a natural result in the process of converting Standby SW to Active? No service must not interruption

MHM Cisco World · ‎12-12-2023

If you have time let me check today and update you tonight
MHM

leedonguk123123 · ‎12-12-2023

thank you We are waiting for your reply.

MHM Cisco World · ‎12-12-2023

your SVL DAD is and SSO/NSF is correct BUT
what in my mind is

All control plane functions are centrally managed by the SV active switch, including:

● Management (Simple Network Management Protocol [SNMP], Telnet, Secure Shell [SSH] Protocol, etc.)

● Layer 2 protocols (Bridge Protocol Data Units [BPDUs], Protocol Data Units [PDUs], Link Aggregation Control Protocol [LACP], etc.)

● Layer 3 protocols (routing protocols, etc.)

● Software data path

i.e. the Stack will see as one SW from L3_A and L3_C
you design I see it for first time, usually we use PortChannel and use one VLAN between any L3 device and stack pair

but
now you run two VLAN between L3_A/C so can you check if L3_A/C have two ospf interface to active ?
when you check show ip route in L3_A/C are you see two path (two egress interface) for prefix learn from OSPF ?

leedonguk123123 · ‎12-12-2023

It has been confirmed that all redundant paths are present in the L3_A, L3_B, C9500(L),(R) Routing Table, and load-balancing is in operation on the interface.

In my opinion, because the VLAN 100 and VLAN 200 interfaces go down when the C9500(L) reboots, all packets must be delivered to the C9500(R) and the service must remain uninterrupted.

But currently it's not working that way. help

============================================================================

================================================================

CISCO#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 192.168.101.1, 01:23:24, Vlan101
[110/11] via 192.168.100.1, 01:17:16, Vlan100
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 192.168.201.2, 01:23:24, Vlan201
[110/2] via 192.168.200.2, 01:17:20, Vlan200
10.0.0.0/16 is subnetted, 1 subnets
O 10.1.0.0 [110/2] via 192.168.101.1, 01:23:24, Vlan101
[110/2] via 192.168.100.1, 01:17:16, Vlan100
20.0.0.0/16 is subnetted, 1 subnets
O 20.1.0.0 [110/2] via 192.168.201.2, 01:23:24, Vlan201
[110/2] via 192.168.200.2, 01:17:20, Vlan200
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Vlan100
L 192.168.100.2/32 is directly connected, Vlan100
192.168.101.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.101.0/24 is directly connected, Vlan101
L 192.168.101.2/32 is directly connected, Vlan101
192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.200.0/24 is directly connected, Vlan200
L 192.168.200.1/32 is directly connected, Vlan200
192.168.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.201.0/24 is directly connected, Vlan201
L 192.168.201.1/32 is directly connected, Vlan201

==============================================================

L3_A#show ip route
Sep 18 11:50:05 L3_A IMISH[1942]: IMISH: root: show ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default

C 1.1.1.1/32 is directly connected, lo
O 3.3.3.3/32 [110/3] via 192.168.100.2, vlan1.100, 01:17:42
[110/3] via 192.168.101.2, vlan1.101, 01:17:42
C 10.1.0.0/16 is directly connected, vlan1.10
O 20.1.0.0/16 [110/3] via 192.168.100.2, vlan1.100, 01:17:42
[110/3] via 192.168.101.2, vlan1.101, 01:17:42
C 127.0.0.0/8 is directly connected, lo
C 192.168.100.0/24 is directly connected, vlan1.100
C 192.168.101.0/24 is directly connected, vlan1.101
O 192.168.200.0/24 [110/2] via 192.168.100.2, vlan1.100, 01:17:42
[110/2] via 192.168.101.2, vlan1.101, 01:17:42
O 192.168.201.0/24 [110/2] via 192.168.100.2, vlan1.100, 01:17:42
[110/2] via 192.168.101.2, vlan1.101, 01:17:42

==============================================================

L3_C#show ip route
max_rtlimit:12288 static_nh_limit:8
Codes: C - connected, S - static, R - RIP, B - BGP, BC - BGP connected
D - BEIGRP, DEX - external BEIGRP, O - OSPF, OIA - OSPF inter area
ON1 - OSPF NSSA external type 1, ON2 - OSPF NSSA external type 2
OE1 - OSPF external type 1, OE2 - OSPF external type 2
DHCP - DHCP type, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - ISIS inter-level
I - IPSEC type

VRF ID: 0

O 1.1.1.1/32 [110,12] via 192.168.201.1(on VLAN201)
[110,12] via 192.168.200.1(on VLAN200)
C 3.3.3.3/32 is directly connected, Loopback0
O 10.1.0.0/16 [110,3] via 192.168.201.1(on VLAN201)
[110,3] via 192.168.200.1(on VLAN200)
C 20.1.0.0/16 is directly connected, VLAN1
O 192.168.100.0/24 [110,2] via 192.168.201.1(on VLAN201)
[110,2] via 192.168.200.1(on VLAN200)
O 192.168.101.0/24 [110,2] via 192.168.201.1(on VLAN201)
[110,2] via 192.168.200.1(on VLAN200)
C 192.168.200.0/24 is directly connected, VLAN200
C 192.168.201.0/24 is directly connected, VLAN201

leedonguk123123 · ‎12-12-2023

It has been confirmed that all redundant paths are present in the L3_A, L3_B, C9500(L),(R) Routing Table, and load-balancing is in operation on the interface.

In my opinion, because the VLAN 100 and VLAN 200 interfaces go down when the C9500(L) reboots, all packets must be delivered to the C9500(R) and the service must remain uninterrupted.

But currently it's not working that way. help

================================================================
CISCO#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 192.168.101.1, 01:23:24, Vlan101
[110/11] via 192.168.100.1, 01:17:16, Vlan100
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 192.168.201.2, 01:23:24, Vlan201
[110/2] via 192.168.200.2, 01:17:20, Vlan200
10.0.0.0/16 is subnetted, 1 subnets
O 10.1.0.0 [110/2] via 192.168.101.1, 01:23:24, Vlan101
[110/2] via 192.168.100.1, 01:17:16, Vlan100
20.0.0.0/16 is subnetted, 1 subnets
O 20.1.0.0 [110/2] via 192.168.201.2, 01:23:24, Vlan201
[110/2] via 192.168.200.2, 01:17:20, Vlan200
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Vlan100
L 192.168.100.2/32 is directly connected, Vlan100
192.168.101.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.101.0/24 is directly connected, Vlan101
L 192.168.101.2/32 is directly connected, Vlan101
192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.200.0/24 is directly connected, Vlan200
L 192.168.200.1/32 is directly connected, Vlan200
192.168.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.201.0/24 is directly connected, Vlan201
L 192.168.201.1/32 is directly connected, Vlan201
==============================================================

L3_A#show ip route
Sep 18 11:50:05 L3_A IMISH[1942]: IMISH: root: show ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default

C 1.1.1.1/32 is directly connected, lo
O 3.3.3.3/32 [110/3] via 192.168.100.2, vlan1.100, 01:17:42
[110/3] via 192.168.101.2, vlan1.101, 01:17:42
C 10.1.0.0/16 is directly connected, vlan1.10
O 20.1.0.0/16 [110/3] via 192.168.100.2, vlan1.100, 01:17:42
[110/3] via 192.168.101.2, vlan1.101, 01:17:42
C 127.0.0.0/8 is directly connected, lo
C 192.168.100.0/24 is directly connected, vlan1.100
C 192.168.101.0/24 is directly connected, vlan1.101
O 192.168.200.0/24 [110/2] via 192.168.100.2, vlan1.100, 01:17:42
[110/2] via 192.168.101.2, vlan1.101, 01:17:42
O 192.168.201.0/24 [110/2] via 192.168.100.2, vlan1.100, 01:17:42
[110/2] via 192.168.101.2, vlan1.101, 01:17:42

==============================================================

L3_C#show ip route
max_rtlimit:12288 static_nh_limit:8
Codes: C - connected, S - static, R - RIP, B - BGP, BC - BGP connected
D - BEIGRP, DEX - external BEIGRP, O - OSPF, OIA - OSPF inter area
ON1 - OSPF NSSA external type 1, ON2 - OSPF NSSA external type 2
OE1 - OSPF external type 1, OE2 - OSPF external type 2
DHCP - DHCP type, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - ISIS inter-level
I - IPSEC type

VRF ID: 0

O 1.1.1.1/32 [110,12] via 192.168.201.1(on VLAN201)
[110,12] via 192.168.200.1(on VLAN200)
C 3.3.3.3/32 is directly connected, Loopback0
O 10.1.0.0/16 [110,3] via 192.168.201.1(on VLAN201)
[110,3] via 192.168.200.1(on VLAN200)
C 20.1.0.0/16 is directly connected, VLAN1
O 192.168.100.0/24 [110,2] via 192.168.201.1(on VLAN201)
[110,2] via 192.168.200.1(on VLAN200)
O 192.168.101.0/24 [110,2] via 192.168.201.1(on VLAN201)
[110,2] via 192.168.200.1(on VLAN200)
C 192.168.200.0/24 is directly connected, VLAN200
C 192.168.201.0/24 is directly connected, VLAN201

MHM Cisco World · ‎12-12-2023

Try use portChannel L3 between two Stack SW and L3_A/C.

Dont use two vlan.

MHM

leedonguk123123 · ‎12-12-2023

Is it true that it doesn't work when using two VLANs?

Currently, we have to use two VLANs.