GLBP unable to ping VIP

richard.priest · ‎10-23-2019

Hi,

I'm reconfiguring our datacentre and wantyed to use GLBP for it's supperior load balancing over HSRP, however after initial config everything worked fine.

then after a period of time I was unable to ping the VIP, (no changes to the configuration). After some diagnosis the ARP table on the downstream swtich had the VIP associated with a virtual mac address on a router which was in the listening state.

I cleared the ARP cache & the VIP was then assocated with the virtual mac of the active device. If I continue to clear the cache and check conectivity I am unable to ping the VIP whenever it's associated with a listening device.

Why is GLBP not allowing me to ping the VIP when the IP in the CAM table is mapped to a listening router, defeats the point of GLBP surely?

Georg Pauwen · ‎10-23-2019

Hello,

could be a bug...what platform is this on, and which IOS are you running ?

What if you add a static ARP entry with the VIP associated with the virtual MAC ?

richard.priest · ‎10-23-2019

Hadn't considered it could be a bug... software release is 15.0(1r)M8

just realised how old that is, I'm relatively new into this role, and haven't thought to check until now...

I could add a static ARP, and that'll work, but if the Router loses it's external connection I'll lose network connectivity as the AVG will issue a different mac to the switch after all the timers expire won't it?

Georg Pauwen · ‎10-23-2019

Hello,

which router (e.g. 3845) do you have this configured on ? 15.0 is quite old indeed...

richard.priest · ‎10-23-2019

Hi,

it's on a 3925

Cheers

Georg Pauwen · ‎10-23-2019

Hello,

the 3925 is end of sale as of 2016, and the IOS release you are running was released in 2013. There are a few bugs which could account for this behavior. You might want to upgrade to the latest recommended release,15.7.3M5 MD.

richard.priest · ‎10-23-2019

My issue is I don't have a CISCO service account, so am unable to download the software.

do you have any links to the bugs then I can get in touch with TAC?

Cheers

Georg Pauwen · ‎10-23-2019

I'll check for the bugs that might apply and let you know...

richard.priest · ‎10-24-2019

Cheers, really appreciate it.

Georg Pauwen · ‎10-24-2019

Hello Richard,

in order to narrow down the search, can you post the GLBP configs you are using ?

richard.priest · ‎10-24-2019

Sure, it's really simple.

I have x3 routers with subinterfaces connected to a multilayer chassis switch, the switchports are all in the same VLAN as the subinterface.

The switch can ping all x3 router interfaces, but can only ping the VIP when the mac address is associated with the active router.

interface GigabitEthernet0/0/0.100
encapsulation dot1Q 100
ip vrf forwarding TEST
ip address 172.30.1.2 255.255.255.240
glbp 1 ip 172.30.1.5
glbp 1 priority 120
glbp 1 preempt
glbp 1 weighting 30

the other two devices are identical apart from the priority decrements by 5

Georg Pauwen · ‎10-24-2019

Hello Richard,

there are about 150 bugs related to GLBP, I have browsed them all, but with your configuration, which is indeed very simple and basic, none of the bugs apply.

What is the uptime of your devices (sh ver | include uptime) ? If it is really long, a reboot might resolve the issue. Just make sure to save the running config to memory first (wr mem).

Of course you can always try, but TAC is usually pretty strict when it comes to downloading IOS versions without a service contract...

richard.priest · ‎10-24-2019

Thanks Georg,

I did try with TAC anyway, seeing as it's such an old IOS I stuck the version into the vulnerability checker and scared myself a little bit....!

Based on that TAC were happy to supply the most recent version of the IOS, so that's good news!

Really appreciate your help

Many thanks

Richard

Georg Pauwen · ‎10-24-2019

I shouldn't have said anything...TAC is great !

But hopefully the upgrade will solve your problem...