10-23-2019 04:15 AM
Hi,
I'm reconfiguring our datacentre and wantyed to use GLBP for it's supperior load balancing over HSRP, however after initial config everything worked fine.
then after a period of time I was unable to ping the VIP, (no changes to the configuration). After some diagnosis the ARP table on the downstream swtich had the VIP associated with a virtual mac address on a router which was in the listening state.
I cleared the ARP cache & the VIP was then assocated with the virtual mac of the active device. If I continue to clear the cache and check conectivity I am unable to ping the VIP whenever it's associated with a listening device.
Why is GLBP not allowing me to ping the VIP when the IP in the CAM table is mapped to a listening router, defeats the point of GLBP surely?
10-23-2019 07:22 AM
Hello,
could be a bug...what platform is this on, and which IOS are you running ?
What if you add a static ARP entry with the VIP associated with the virtual MAC ?
10-23-2019 07:31 AM
Hadn't considered it could be a bug... software release is 15.0(1r)M8
just realised how old that is, I'm relatively new into this role, and haven't thought to check until now...
I could add a static ARP, and that'll work, but if the Router loses it's external connection I'll lose network connectivity as the AVG will issue a different mac to the switch after all the timers expire won't it?
10-23-2019 11:53 AM
Hello,
which router (e.g. 3845) do you have this configured on ? 15.0 is quite old indeed...
10-23-2019 01:51 PM
Hi,
it's on a 3925
Cheers
10-23-2019 02:36 PM
Hello,
the 3925 is end of sale as of 2016, and the IOS release you are running was released in 2013. There are a few bugs which could account for this behavior. You might want to upgrade to the latest recommended release,15.7.3M5 MD.
10-23-2019 02:38 PM
My issue is I don't have a CISCO service account, so am unable to download the software.
do you have any links to the bugs then I can get in touch with TAC?
Cheers
10-23-2019 04:00 PM
I'll check for the bugs that might apply and let you know...
10-24-2019 12:14 AM
Cheers, really appreciate it.
10-24-2019 01:39 AM
Hello Richard,
in order to narrow down the search, can you post the GLBP configs you are using ?
10-24-2019 02:06 AM
Sure, it's really simple.
I have x3 routers with subinterfaces connected to a multilayer chassis switch, the switchports are all in the same VLAN as the subinterface.
The switch can ping all x3 router interfaces, but can only ping the VIP when the mac address is associated with the active router.
interface GigabitEthernet0/0/0.100
encapsulation dot1Q 100
ip vrf forwarding TEST
ip address 172.30.1.2 255.255.255.240
glbp 1 ip 172.30.1.5
glbp 1 priority 120
glbp 1 preempt
glbp 1 weighting 30
the other two devices are identical apart from the priority decrements by 5
10-24-2019 03:02 AM
Hello Richard,
there are about 150 bugs related to GLBP, I have browsed them all, but with your configuration, which is indeed very simple and basic, none of the bugs apply.
What is the uptime of your devices (sh ver | include uptime) ? If it is really long, a reboot might resolve the issue. Just make sure to save the running config to memory first (wr mem).
Of course you can always try, but TAC is usually pretty strict when it comes to downloading IOS versions without a service contract...
10-24-2019 07:08 AM
Thanks Georg,
I did try with TAC anyway, seeing as it's such an old IOS I stuck the version into the vulnerability checker and scared myself a little bit....!
Based on that TAC were happy to supply the most recent version of the IOS, so that's good news!
Really appreciate your help
Many thanks
Richard
10-24-2019 08:04 AM
I shouldn't have said anything...TAC is great !
But hopefully the upgrade will solve your problem...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide