Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2335
Views
0
Helpful
2
Replies

IPv6 Neighbor Discovery awkward behavior

Not applicable

‎06-23-2017 03:29 AM - last edited on ‎03-01-2019 05:53 PM by

In a solution with two redundant servers we have observed the following awkward behavior:

When the primary server is up and running the Cisco 3560 L3 switch is updated with the IPv6 address and the Link-Layer address of that server and routes the traffic as it should at the primary server.

As soon as the primary server goes down ( in services level and not entirely shutdown) and the backup server takes place with the same global IPv6 IP but different Link-Layer address we have routing problems were all the traffic is still being routed to the primary server which is not active any more and not to the backup one.

What we have seen until now from the server side is that at the time the primary node goes down, a Neighbor Advertisement unsolicited message with the Override flag set to 1 is being sent from the backup node global IPv6 address which reach the gateway (Cisco L3 switch 3560) triggering to refresh its neighbor table with the new Link-Layer address. The neighborship table is being refreshed with the new Link-Layer address but this entry remains or changes at the STALE state.

Now the problem is that even though at the L3 switch neighbor table we are seeing the new Link-Layer address the aging time for that entry was not being reset but was keep counting and the L3 switch was still routing the traffic to the primary server. As soon as the aging timer was being reset, Neighbor Solicitation messages were sent from the L3 switch to the IPv6 IP of the backup server (at the new Link-Layer address this time) in order to check if they are still reachable, the server was replying back with solicited Neighbor Advertisements messages and the neighborship was being refreshed and the new Link-Layer address was now reachable and active. Thereafter, all the traffic was routed again correctly to the backup server.

All this behavior causes an outage which is not acceptable and I would like to know if this is the expected behavior or there it is a bug or any kind of configuration that would help to overcome this problem.

Labels:
0 Helpful
2 Replies 2

Hector Gustavo Serrano Gutierrez
Cisco Employee
Cisco Employee

‎07-04-2017 07:27 AM

What is the 'show version' output from your Cisco L3 switch 3560?

0 Helpful

Not applicable
In response to Hector Gustavo Serrano Gutierrez

‎07-05-2017 12:33 AM

Core_ST_Switch#sh version
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Sat 07-Aug-10 22:26 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02F00000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Core_ST_Switch uptime is 1 year, 6 weeks, 3 days, 18 hours, 27 minutes
System returned to ROM by power-on
System restarted at 15:59:49 EET Fri May 20 2016
System image file is "flash:c3560-ipservicesk9-mz.122-55.SE.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560-48TS (PowerPC405) processor (revision E0) with 131072K bytes of memory.
Processor board ID FDO1201Y11V
Last reset from power-on
125 Virtual Ethernet interfaces
48 FastEthernet interfaces
4 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:1F:26:D4:69:00
Motherboard assembly number : 73-9898-06
Power supply part number : 341-0097-02
Motherboard serial number : FDO120107BZ
Power supply serial number : AZS114536VQ
Model revision number : E0
Motherboard revision number : B0
Model number : WS-C3560-48TS-S
System serial number : FDO1201Y11V
SFP Module assembly part number : 73-7757-03
SFP Module revision Number : A0
SFP Module serial number : FDO11520END
Top Assembly Part Number : 800-26162-02
Top Assembly Revision Number : E0
Version ID : V02
CLEI Code Number : COMMJ00ARB
Hardware Board Revision Number : 0x01


Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C3560-48TS 12.2(55)SE C3560-IPSERVICESK9-M


Configuration register is 0xF

Core_ST_Switch#

0 Helpful
Customers Also Viewed These Support Documents