Re: NAT Box-to-box HA runtime priority

Jonathan Ridgway · ‎11-07-2017

I have an on going minor issue with the NAT Box-to-box HA feature on 15.5 ASR 1001-X.

If there is a disruption on the WAN side (rii 2 in my case) of the primary router (redundancy priority configured as 120) and therefore a decrement of 100 occurs (see configuration below), even if the interface comes back up the runtime priority gets stuck at 20 on the primary router and it won't automatically become active again. Reloading the redundancy group on the primary router makes it the active again (probably because it is comparing it's configured priority of 120 vs the secondary router which has a configured priority of 80, but when looking under the faults, the runtime priority is still stuck at 20 and I would expect it to revert back to 120.

Configuration and status after the event has occurred is posted below.

Primary

interface Ethernet0/0

ip address 192.168.0.1 255.255.255.0

!

interface Ethernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

redundancy rii 1

redundancy group 1 ip 192.168.1.254 exclusive decrement 100

!

interface Ethernet0/2

ip address 192.168.2.1 255.255.255.0

ip nat outside

ip virtual-reassembly in

redundancy rii 2

redundancy asymmetric-routing enable

redundancy group 1 decrement 100

(config-red-app-grp)#do sh run | s red

redundancy

application redundancy

group 1

name group1

preempt

priority 120

control Ethernet0/0 protocol 1

data Ethernet0/0

asymmetric-routing interface Ethernet0/0

asymmetric-routing always-divert enable

redundancy rii 1

redundancy group 1 ip 192.168.1.254 exclusive decrement 100

redundancy rii 2

redundancy asymmetric-routing enable

redundancy group 1 decrement 100

(config-red-app-grp)#do show redundancy application group 1

Group ID:1

Group Name:group1

Administrative State: No Shutdown

Aggregate operational state : Up

My Role: ACTIVE

Peer Role: STANDBY

Peer Presence: Yes

Peer Comm: Yes

Peer Progression Started: Yes

RF Domain: btob-one

RF state: ACTIVE

Peer RF state: STANDBY HOT

(config-red-app-grp)#do show redundancy application fault group 1

Faults states Group 1 info:

Runtime priority: [20]

RG Faults RG State: Up.

Total # of switchovers due to faults: 0

Total # of down/up state changes due to faults: 0

Secondary

interface Ethernet0/0

ip address 192.168.0.2 255.255.255.0

!

interface Ethernet0/1

ip address 192.168.1.2 255.255.255.0

ip nat inside

ip virtual-reassembly in

redundancy rii 1

redundancy group 1 ip 192.168.1.254 exclusive decrement 100

!

interface Ethernet0/2

ip address 192.168.2.2 255.255.255.0

ip nat outside

ip virtual-reassembly in

redundancy rii 2

redundancy asymmetric-routing enable

redundancy group 1 decrement 100

!

(config-red-app-grp)#do sh run | s red

redundancy

application redundancy

group 1

name group1

preempt

control Ethernet0/0 protocol 1

data Ethernet0/0

asymmetric-routing interface Ethernet0/0

asymmetric-routing always-divert enable

redundancy rii 1

redundancy group 1 ip 192.168.1.254 exclusive decrement 100

redundancy rii 2

redundancy asymmetric-routing enable

redundancy group 1 decrement 100

(config-red-app-grp)#do show redundancy application group 1

Group ID:1

Group Name:group1

Administrative State: No Shutdown

Aggregate operational state : Up

My Role: STANDBY

Peer Role: ACTIVE

Peer Presence: Yes

Peer Comm: Yes

Peer Progression Started: Yes

RF Domain: btob-one

RF state: STANDBY HOT

Peer RF state: ACTIVE

(config-red-app-grp)#do show redundancy application fault group 1

Faults states Group 1 info:

Runtime priority: [100]

RG Faults RG State: Up.

Total # of switchovers due to faults: 0

Total # of down/up state changes due to faults: 0

How can the runtime priority be reset? and how can I determine what is holding it down from the configured value if I was not catching logs previously?

Many thanks!

Tinashe Ndhlovu · ‎11-07-2017

I can only give you pointers at this time i will sit down and relook at this but i believe you need to use track object for this to work i mean how are you telling the preempt process that the interface is up without tracking.. i could be wrong but i think this could fix your issue

Georg Pauwen · ‎11-07-2017

Hello,

at first glance, the problem seems to be that you are using the same interface for control and data. The protocol instance is tied to the control interface, not the data interface, so I am not sure this works.

Can you try and create a separate data interface ?

Jonathan Ridgway · ‎11-07-2017

I should have mentioned something in my first post. The configuration I posted on this forum is not the full production configuration but something I put together in a lab to reproduce the issue. In the production environment I do indeed have those on separate interfaces (Gi0/0/4.1 .2 and .3) but have the same problem. Thanks for the suggestion though, I will configure the lab closer to the production configuration just incase. In additional, I also have track statements on the LAN interfaces but I believe this is just to decide which router should advertise the NAT pool depending on which is primary? Here is what I have on the production router (with some IP addresses omitted) for the two LAN interfaces:

track 1 ip route 192.168.1.254 255.255.255.255 reachability

track 3 ip route 192.168.3.254 255.255.255.255 reachability

ip route PUBLIC_NAT_POOL Ethernet0/1 track 1

ip route PUBLIC_NAT_POOL Ethernet0/3 track 3

I don't have a track on the WAN interface (Ethernet0/2) but not sure if that is necessary.

Many Thanks,

Jonathan