Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4890
Views
15
Helpful
5
Replies

Cisco ACI and VRRP

faruk.zaimovic
Level 1
Level 1

‎03-05-2021 05:28 AM

We have configured VRRP between two ASR9k as you can see in the picture below. One is MASTER second router is backup. We have a laptop connected to Leaf-C1. The laptop runs the ping command to VIP, then we reload Leaf-C-3 which is connected to Master. Ping pass correctly, and when leaf-c-3 is active mode again. Both routers become master and at that moment ping is failed. During that period (around 2minuts 41 seconds) ping is unreachable all time, after that everything works correctly.

 

Why we have that outage? Have you ever had a similar problem?

VRRP.png

 

 

3 people had this problem
Labels:
5 Replies 5

Nilay Patel
Level 1
Level 1

‎08-30-2021 07:40 AM

We have similar issue - with InfoBlox active standby node during ACI switch upgrade.

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee
In response to Nilay Patel

‎08-30-2021 08:21 AM

Same issue applies as IB sources it's VIP traffic from the physical MAC (not the virtual MAC).   I believe newer versions of IB have changed this, but you'd need to check with them to confirm.  Regardless, the workaround detailed above (disabling IP DP learning) still applies here as well.

Robert

Robert Burns
Cisco Employee
Cisco Employee

‎08-30-2021 08:18 AM

This is likely due to how ACI handles Dataplane learning.  When the C3 Leaf comes back online, the original master Device may still be sending traffic from the VIP, which will cause a DP learning flap for this IP.  The workaround is to disable DP learning for these devices.  Depending on the version of ACI you can disable DP at the VRF or even Endpoint level (/32) - requires ACI 5.2+.

Robert

Nilay Patel
Level 1
Level 1

‎08-30-2021 10:33 AM

Thanks a lot for helping me out in this area. Adding some more information, so I can get more info 

 

We are running on ACI: Version: 3.2(6i)

- Endpoint Dataplane Learning is disable 

 

Plus my scenario

- If we do InfoBlox node failover always works from infoblox

- we were upgrading ACI upgrade

- InfoBlox passive node connected to Even-ACI-Node102 | InfoBlox active connected on ODD-ACI-Node101. 

 

- We rebooted Even-ACI-Node102 & cause infoblox outage for 10 minutes where passive infoblox node was connected. 

- When we rebooted ODD-ACI-Node101, didnt cause any outage where Infoblox active node was connected

 

Looking like VRRP playing some role or some priority. Similar to other system, changing role revers when they dont see each other. 1.PNG

0 Helpful

mattias5138
Level 1
Level 1
In response to Nilay Patel

‎11-25-2021 12:06 AM

Have you tried to enable "EP Move Detection Mode" under the Bridge Domain for the EPG  ?

GARP based detection Need to be checked for the VRRP to be working with the GARP, unless you disable the learning as noted before.

 

Regards 

  Mattias

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License