HSRP Standby Unknown State after upgrade catalyst switch to IOS 17.3.3

maverick0 · ‎08-01-2022

I'm handling with a troubleshoot involving a scenario has two ASR routers and catalyst 9500 stack switch where the routers are connected. After upgrade the IOS in the catalyst to the version 17.3.3, the HSRP stopped to work. The both routers become active and doesn't listen to each other. The configuration in the switch has no been changed. When I have rollbacked the IOS to the previous version 16.9.3 everything works fine. Anyone here already faced this issue in this IOS version? I'm suspecting the catalyst 9500 is not allowing the multicast traffic reached the other router.

Thanks

Leo Laohoo · ‎08-01-2022

17.3.5 was released a few months ago. Why upgrade to 17.3.3?

maverick0 · ‎08-01-2022

Our engineering team recommended to use this version in our devices. I can't change it.

Leo Laohoo · ‎08-01-2022

@maverick0 wrote:
Our engineering team recommended to use this version in our devices.

Then tell the engineering team to troubleshoot the issue because the first thing I would be asking them is "17.3.5 was released a few months ago. Why upgrade to 17.3.3?"

And a follow-up question will be "did anyone from the Engineering Team read the Release Notes properly?".

maverick0 · ‎08-01-2022

You're right man, but I can't do that without any evidence.

Leo Laohoo · ‎08-01-2022

@maverick0 wrote:
but I can't do that without any evidence.

Bypass the 9500 and connect the two routers together. See if HSRP goes up.

maverick0 · ‎08-01-2022

The issue only happen when the routers are connected in the switch. I can ping the routers and I got ARP, but the HSRP never goes up.

MHM Cisco World · ‎08-02-2022

can I see
show standby by both router?
show mac address of SW?

David Ruess · ‎08-02-2022

Hello,

As @Leo Laohoo said about the version it could have an affect. That being said this bug was related to the new version you upgraded to:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt33799

If you cant access it, it says:

Symptom:
Data Plane forwarding doesn't work to virtual address after a vrrp/hsrp switchover. Following error shown:

"fman_fp_image: mac:0000:0c07:acxx download to DP failed" <---this is the MAC used by HSRP for version 1

Conditions:
HSRP / VRRP configured over a Bridge Domain.

Workaround:
Step1: Disable BD mac-learning first.
Step2: Clear dynamic entry for the vmac of VRRP or HSRP if it's exist.
Step3: do shutdown and no-shutdown to the bdi interface.
Step4: run "show vrrp" or "show standby" to make sure VRRP or HSRP is on MASTER role.
Step5: Enable BD mac learning at last.

This could be what's causing it, that it cant forward to the virtual MAC created in HSRP. Good new is that's an HSRPv1 MAC address. HSRPv2 MAC address is 0000.0c9f.FXXX (XXX is group ID in HEX).

See if changing to HSRP version 2 works:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/fhp-xe-3s-book/fhp-hsrp-v2.html#GUID-6F6674B5-27B0-4AAA-9EAA-D9AE95FC6FFF

If not you may need to upgrade the IOS even more (check the release notes first). Have the team speed up the testing process if this is a priority.

Hope that helps

-David