Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
951
Views
0
Helpful
3
Replies

CSS VIP Issues (Source Group with 'add destination service')

kevin-shaw
Level 1
Level 1

‎07-27-2010 07:49 AM

I have a pair of Cisco CSS 11503 boxes with a ap-kal-pinglist applied to both virtual routers, as a Critical Service, on the Primary CSS.  When a link goes down, the VRRP fails over all traffic to the Secondary, as expected, but there is an issue with two particular VIPs.  These VIPs have Source Groups configured, like below:

group WEBSITE_ABC
  add destination service XYZ_Server_1
  add destination service XYZ_Server_2
  vip address 10.10.3.25
  active

group WEBSITE_XYZ
  add destination service ABC_Server_1
  add destination service ABC_Server_2
  vip address 10.10.3.24
  active

Once a failover occurs, the VIPs are unreachable via a browser.  I have also seen 1 VIP OK and 1 VIP not, but never both working.  At times, when I failback to the Primary, the VIPs are OK again.  The services are reachable via a browser during this issue.

any ideas?

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-28-2010 04:00 AM

You need to check if during the failover the css sends a G-ARP to inform that the arp associated with the nat ip address now belongs to the secondary css.

Get sniffer trace during failver and check if this g-arp is sent.

If not, this is a bug and you need to report it.

If yes, then the problem is not the CSS but another device on the path...did the switch correctly learned the new path ?  Does the server have the correct arp table ?

Gilles.

0 Helpful

kevin-shaw
Level 1
Level 1
In response to Gilles Dufour

‎07-28-2010 09:00 AM

I was thinking about the gratuitous arp as a possibility, but I have yet to get a trace.  I will do so in the next couple of days.  I will have to get the server team involved to see the arp cache on the web servers as well.  Also, I will read the release notes on the code train I am running, in order to see if something similar has been fixed in a newer release.

Thanks for the reply!

0 Helpful

kevin-shaw
Level 1
Level 1
In response to kevin-shaw

‎09-03-2010 08:42 AM

This issue was complicated by the fact that I have two IP subnets on one VLAN.  The VLAN that the servers are on also hosts the VIPs.  By configuring virtual-routers and ip redundat VIPs on that VLAN, the GARPs were then sent and the failover worked as advertised.

Thanks!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents