cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1724
Views
9
Helpful
15
Replies

Probe on CSM ???

edaguet
Level 1
Level 1

Hello all,

I have one CSM in two 6500 switches in active-passive configuration, in CSM inline mode. ( so the L3 inter-server communications go through the CSM with predictor forward)

Here the details:

- one CSM (4.1.5) in one C6509 switch with SUP2/MSFC2 using IOS 12.1(19)EA1, which is active

- and one CSM(4.1.5) in one C6513 switch with SUP720 using IOS 12.2(18)SXD3, which is passive.

I have defined two probes: one L4 and one L7. These two probes are attached to the serverfarm. A vserver is also defined.

When i test the first server with shut the service, the active CSM remove the failed server from the serverfarm but also desactivates the real server.

When i try on the backup CSM, it works very well: the csm remove only the failed server but not desactivate the real.

Where is the problem? any ideas?

thanks

Silvere

15 Replies 15

Gilles Dufour
Cisco Employee
Cisco Employee

Silvere,

could you please clarify what you mean by desactivate the real ??

Could you capture the following commands :

sho mod csm X probe det

sho mod csm x real

sho mod csm x probe

sho mod csm x vserver

Thanks,

Gilles.

Hi,

Here in copy the log you requested. In addition, i have put in a ping test.

When i say the CSM desactivate the real, i mean that the real is not reachable on the active CSM - on MSFC2 with 12.1(19)EA1-. ping failed.

When i move to the backup CSM it works - on Sup-720 with 12.2(18)SXD3- .

this info does not show any problem.

So, the concern is that you can't ping from MSFC to real.

How is the MSFC reaching the real ?

Does it have a static route pointing to the CSM ?

Is the CSM configured in bridge mode ?

Can you ping the real from the CSM or from the other real ? [ to ping from the CSM use the command -ping mod csm X x.x.x.x]

Can we see your config ?

Thanks,

Gilles.

Hi Gilles,

When the HTTP probes failed, the "ping mod csm" works

but from the MSFC, it failed.

on the csm to msfc, a default route on the vlan client 0.0.0.0 0.0.0 gateway hsrp msfc

on the MSFC, a static route 10.190.6.0 255.255.255.0 alias CSM is also here.

to allow traffic to pass from client to server, a vserver must be configured.

try to configure something like this

serverfarm route

predictor forward

no nat server

!

vserver vlan190

vip 10.190.6.0/24

serverfarm route

inservice

!

Let me know if that solves the ping from the MSFC.

If you can, I appreciate ratings for my answers.

Gilles.

Hi ,

Vserver is also configured: here the configuration

!

vlan 51 client

ip address 10.190.8.37 255.255.255.240

route 0.0.0.0 0.0.0.0 gateway 10.190.8.33

alias 10.190.8.36 255.255.255.240

!

serverfarm R-ROUTING51-40

no nat server

no nat client

predictor forward

!

vserver VR-ROUTING51-40

virtual 10.190.6.0 255.255.255.128 any

vlan 51

serverfarm R-ROUTING51-40

replicate csrp sticky

replicate csrp connection

no persistent rebalance

inservice

!

interface Vlan51

ip address 10.190.8.34 255.255.255.240

no ip redirects

standby 51 ip 10.190.8.33

standby 51 priority 110

standby 51 preempt

standby 51 track Port-channel1 10

standby 51 track Port-channel2

!

ip route 10.190.6.0 255.255.255.0 10.190.8.36

ip route 10.190.7.0 255.255.255.0 10.190.8.36

ip route 10.190.8.0 255.255.255.224 10.190.8.36

!

#sh ip route static

S 10.190.6.0/24 [1/0] via 10.190.8.36

S 10.190.7.0/24 [1/0] via 10.190.8.36

S 10.190.8.4/32 [1/0] via 10.190.8.36, Vlan51

S 10.190.8.5/32 [1/0] via 10.190.8.36, Vlan51

S 10.190.8.6/32 [1/0] via 10.190.8.36, Vlan51

S 10.190.8.7/32 [1/0] via 10.190.8.36, Vlan51

S 10.190.8.0/27 [1/0] via 10.190.8.36

#ping mod csm 9 10.190.6.11

IP address Reachable

--------------------------

10.190.6.11 Yes

#ping mod csm 9 10.190.6.12

IP address Reachable

--------------------------

10.190.6.12 Yes

#ping 10.190.6.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.190.6.11, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

#ping 10.190.6.12

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.190.6.12, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

#

ok - this looks good.

could you get a 'sho mod csm X conn vser VR-ROUTING51-40' and a 'sho mod csm x vser name VR-ROUTING51-40 det' before and after the ping.

On the server, could you sniff the traffic to see if something is getting there, and if there is a response to which mac address is it sent.

Finally, can we get a 'sho mod csm x arp' after the test.

Thanks,

Gilles.

Hi Gilles,

It is very strange. I did many trace. I have sniffed the vlan client (between the MSFC and CSM) and the vlan server . When i ping the server, i see the ICMP echo request across the vlan client and vlan server. but no reply across the vlan server. On the server, the ICMP echo request don't received. So i sniff the port and the ICMP echo request is not sent through the port.

When i desactivate the probe, all works.

So as L2port-MSFC-CSM-L2port architecture, the problem is the ICMP packet echo request go out the CSM vlan client but do not enter on L2 port via the IOS.

So the bug is the IOS version of the switch which is bugged.

this is what it looks like.

Are you using Gig module ?

Gilles.

Yes, configured in 100 Full duplex. Here below the reference:

SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX

this could be this well-known issue.

http://www-tac.cisco.com/Support_Library/field_alerts/fn26096.html

If you have a FE module, try to use it to confirm the problem is the Gig module.

Gilles.

hum, i can't access to this url...

Hi Gilles,

We have open a case (TAC Cisco). After analyzing our problem, it reveals that CSM 4.2(2) and 4.1(5) has a bug. I 'm witing the return from Cisco Engineer.

Thank you for your help, i have learnt a little more on CSM

Review Cisco Networking for a $25 gift card