07-27-2010 07:49 AM
I have a pair of Cisco CSS 11503 boxes with a ap-kal-pinglist applied to both virtual routers, as a Critical Service, on the Primary CSS. When a link goes down, the VRRP fails over all traffic to the Secondary, as expected, but there is an issue with two particular VIPs. These VIPs have Source Groups configured, like below:
group WEBSITE_ABC
add destination service XYZ_Server_1
add destination service XYZ_Server_2
vip address 10.10.3.25
active
group WEBSITE_XYZ
add destination service ABC_Server_1
add destination service ABC_Server_2
vip address 10.10.3.24
active
Once a failover occurs, the VIPs are unreachable via a browser. I have also seen 1 VIP OK and 1 VIP not, but never both working. At times, when I failback to the Primary, the VIPs are OK again. The services are reachable via a browser during this issue.
any ideas?
07-28-2010 04:00 AM
You need to check if during the failover the css sends a G-ARP to inform that the arp associated with the nat ip address now belongs to the secondary css.
Get sniffer trace during failver and check if this g-arp is sent.
If not, this is a bug and you need to report it.
If yes, then the problem is not the CSS but another device on the path...did the switch correctly learned the new path ? Does the server have the correct arp table ?
Gilles.
07-28-2010 09:00 AM
I was thinking about the gratuitous arp as a possibility, but I have yet to get a trace. I will do so in the next couple of days. I will have to get the server team involved to see the arp cache on the web servers as well. Also, I will read the release notes on the code train I am running, in order to see if something similar has been fixed in a newer release.
Thanks for the reply!
09-03-2010 08:42 AM
This issue was complicated by the fact that I have two IP subnets on one VLAN. The VLAN that the servers are on also hosts the VIPs. By configuring virtual-routers and ip redundat VIPs on that VLAN, the GARPs were then sent and the failover worked as advertised.
Thanks!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide