cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1925
Views
15
Helpful
14
Replies

ACE: FT Secondary Context not working

danger_mousie
Level 1
Level 1

The second context is not working, config is auto-sync'd

- Nothing is appearing in the arp table, so no communication is being made to the context. This sounds like how it should work when it is in a secondary state, is this the case?

But when I failover to it, there is still nothing in the arp table, even though the context is in ACTIVE state.

All ideas welcome

14 Replies 14

Did you assign vlans from MSFC to the ACE module on the 2nd chasiss?

Just a thought..

Syed

Thanks Syed, yes both 6509s have the range of vlans assigned to the module and the right vlans allocated to the context. So I should be seeing a full arp table in the context even when it's in standby?

Even the secondary context sends out probe to the rservers. Your arp table shouldnt be empty.

Are your contexts sharing vlans?

16 bank of mac adddresses are available to each ACE.If two ACEs are used in same layer2 network then different banks should be used

this is done by "shared-vlan-hostid

command.

Syed

Syed, This sounds like the solution, and have implemented it. I've put bank #1 on one ACE and bank #2 on the other. There is no change to the arp tables as yet. Do I need to reload?

Clearing arp, and recreating the context has not changed the MAC addresses. I will not be able to reload the primary ACE until tomorrow. There is a live service on the secondary ACE that does not have failover, so i don't know when i'd get to reload that one.

sh np 1 interface iflookup

will tell you whether both ACEs are using the same MAC.

Syed

I just found a bug related to shared-vlan-hostid.(reload is by the way needed for this command)

CSCsi01207

Using shared-vlan-hostid on one ace and shared-vlan-hostid

on the other ace does not help (In case of redundant setup) since this command is replicated from primary context.

If you really are facing the same MAC address issue then rebooting the ACE is the only option.On reboot ACE selects a random MAC address.

Syed

Hi Syed, I have attached output from 'sh np 1 int if'. I'm not sure that I have the same MACs issue, because I don't seem to have any MACs at all on the secondary. :) Also, the shared-vlan-hostid command is only available in the Admin context, so I don't think it should be sync'd across (or is that the bug). In my case it has not been.

What does the output attached tell you?

Mac address pool is different on both ACEs

Primary/Service# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0c:49

Last burnt-in MAC: 00:1b:d5:9c:0c:4f

No of burnt-in MACs: 7

Hostid: 2

Secondary/Admin# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0e:2d

Last burnt-in MAC: 00:1b:d5:9c:0e:33

No of burnt-in MACs: 7

Hostid: 1

You are not in the situation where both ACE select same Mac address pool.

I suspect that Vlan 528 and 529 are not available on Secondary ACE.

Please check

1. If Vlan are properly defined on Secondary Switch.

2. If these VLAN are assigned from SUP to ACE

3. If trunk between 2 Switches allow the vlans used in the appropriate contexts

Syed

See attached, I may have been looking at this for too long but I think it's all correct. Hopefully you can spot something.

Config looks good..

On secondary the Services context doesnt show the vlans

Check the difference in output of the following commands.

Primary/Service# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0c:49

Last burnt-in MAC: 00:1b:d5:9c:0c:4f

No of burnt-in MACs: 7

Hostid: 2

Shared vlan macs currently in use (offset from 2048):

Vlan-vmac indexes currently in use: 0

Flags: Valid shared bridged ftstatus ssl-test normalization icmp-guard

Vlan ifid matchid ctxt primary vvind ftgrp ttl optact df Flags

---- ---- ------- ---- ------- ----- ----- --- ------ -- -----

528 4 4 1 528 0 6 0 2 0 1001000

529 5 5 1 529 0 6 0 2 0 1001000

Secondary/Service# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0e:2d

Last burnt-in MAC: 00:1b:d5:9c:0e:33

No of burnt-in MACs: 7

Hostid: 1

Shared vlan macs currently in use (offset from 1024): 0

Vlan-vmac indexes currently in use: 0-1

Flags: Valid shared bridged ftstatus ssl-test normalization icmp-guard

Vlan ifid matchid ctxt primary vvind ftgrp ttl optact df Flags

---- ---- ------- ---- ------- ----- ----- --- ------ -- -----

Which is not the case with the admin context on both switches.

Is it possible to reboot the secondary.

Syed

You have SVIs defined for both vlan 528 and 529 on MSFC. How will return traffic pass through ACE?

Are you running one arm mode/ using source NAT?

Can you also post vlan interfaces config on ACE.

Syed

Yes, that's certainly what i'm trying to do. As for rebooting, not sure if or when that can happen. But I will try.

When you asked for the interface config I also did a "show int" on the secondary ACE:

vlan528 is down, IP address or bridge group not configured

...

vlan529 is down, IP address or bridge group not configured

...

I had previously thought that the secondary took over the primary's interface address, but in fact (as i'm sure you're well aware) I should have configured " peer ip address x.x.x.x x.x.x.x" on both vlans in the primary context. I have done so and all is working as expected.

Thanks for your time and help,

Claire

Review Cisco Networking for a $25 gift card