HA setup for CSR 1000v in AWS

Abhi11 · ‎08-23-2021

Hi Team,

We have deployed cisco vCSR solution in AWS. Now we are trying to implement HA solution for cisco vCSR 1000v in AWS . Done the setup in Test environment But getting issues during the HA fail over.

Getting below error in logs. Any help would be great. We need to implement this in our prod setup once this successful.

*Aug 5 09:50:52.579: CLOUD-HA : AWS - httpc request sent
*Aug 5 09:50:52.579: CLOUD-HA : AWS httpc_send_request return (0x1)
*Aug 5 09:50:52.579: CLOUD-HA : vxe_cloud_ha_aws_parse_resp: exit
*Aug 5 09:50:52.113: %SELINUX-3-MISMATCH: R0/0: audispd: type=AVC msg=audit(1628157052.111:128): avc: denied { execute } for pid=2068 comm="linux_iosd-imag" name="bash" dev="rootfs" ino=1605 scontext=system_u:system_r:polaris_iosd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1
*Aug 5 09:50:52.114: %SELINUX-3-MISMATCH: R0/0: audispd: type=AVC msg=audit(1628157052.111:128): avc: denied { execute_no_trans } for pid=2068 comm="linux_iosd-imag" path="/bin/bash" dev="rootfs" ino=1605 scontext=system_u:system_r:polaris_iosd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1
*Aug 5 09:50:52.122: %SELINUX-3-MISMATCH: R0/0: audispd: type=AVC msg=audit(1628157052.111:128): avc: denied { map } for pid=2068 comm="sh" path="/bin/bash" dev="rootfs" ino=1605 scontext=system_u:system_r:polaris_iosd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1
*Aug 5 09:50:52.132: %SELINUX-3-MISMATCH: R0/0: audispd: type=AVC msg=audit(1628157052.131:129): avc: denied { execute } for pid=2069 comm="sh" name="date" dev="rootfs" ino=1601 scontext=system_u:system_r:polaris_iosd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
*Aug 5 09:50:52.132: %SELINUX-3-MISMATCH: R0/0: audispd: type=AVC msg=audit(1628157052.132:130): avc: denied { execute_no_trans } for pid=2069 comm="sh" path="/bin/date" dev="rootfs" ino=1601 scontext=system_u:system_r:polaris_iosd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
*Aug 5 09:50:52.133: %SELINUX-3-MISMATCH: R0/0: audispd: type=AVC msg=audit(1628157052.132:130): avc: denied { map } for pid=2069 comm="date" path="/bin/date" dev="rootfs" ino=1601 scontext=system_u:system_r:polaris_iosd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
*Aug 5 09:50:52.593: CLOUD-HA : AWS resp data alloc length=4294967295
*Aug 5 09:50:52.594: CLOUD-HA : aws_reg_httpc_resp_data app_context=0x7FE45CC903C8
*Aug 5 09:50:52.594: CLOUD-HA : AWS - process HTTP resp. ctx=0x7FE45CC903C8
*Aug 5 09:50:52.594: CLOUD-HA : res content len=262
*Aug 5 09:50:52.594: CLOUD-HA : res content iov_len=261 iov_base=<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidHttpRequest</Code><Message>The HTTP request is invalid. Reason: Unable to parse request</Message></Error></Errors><RequestID>0c9b441e-b04b-475f-a65e-96f807757d5e</RequestID></Response>
*Aug 5 09:50:52.594: CLOUD-HA : vxe_cloud_ha_aws_parse_resp: state=FINI data=<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidHttpRequest</Code><Message>The HTTP request is invalid. Reason: Unable to parse request</Message></Error></Errors><RequestID>0c9b441e-b04b-475f-a65e-96f807757d5e</RequestID></Response>

*Aug 5 09:50:52.594: CLOUD-HA : AWS vxe_cloud_ha_aws_next: current state=FINI
*Aug 5 09:50:52.595: CLOUD-HA : AWS system cmd = sh /usr/binos/conf/aws_ha_rr.sh FINI
*Aug 5 09:50:52.620: CLOUD-HA : AWS - process_result: parse awsha.out file
*Aug 5 09:50:52.620: CLOUD-HA : AWS CMD=EBADRQC
*Aug 5 09:50:52.620: %VXE_CLOUD_HA-3-FAILED: VXE Cloud HA BFD state transitioned, HA node 1 event route update failed
*Aug 5 09:50:52.620: CLOUD-HA : vxe_cloud_ha_aws_parse_resp: exit

marce1000 · ‎08-23-2021

- Review this document : https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/prime-access-registrar/213601-csr1000v-ha-redundancy-deployment-guide.html

Also checkout : https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/prime-access-registrar/213601-csr1000v-ha-redundancy-deployment-guide.html#anc26 not exactly what you see , but follow it's guidelines (too)

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Abhi11 · ‎08-23-2021

Thanks for the reply. We have followed this document. But getting the error as updated in the initial post.

We are getting VXE_CLOUD_HA-3-FAILED: VXE Cloud HA BFD state transitioned, HA node 1 event route update failed

Let me know any solution for this.

Abhi

marce1000 · ‎08-23-2021

- No specific insights , but I would also look into the software version being used and make sure it is recent and preferably an advisory release.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Abhi11 · ‎08-24-2021

version 17.3.3

How to find the serial no for this cisco cloud service router 1000v ?

show version and show license udi these 2 commands tried but not the getting the serial no.

marce1000 · ‎08-24-2021

>...how to find serial number

- Try : show license udi

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !