Re: SVI in routing table when downstream connection lost

CourtK- · ‎05-09-2020

R1 is connected downstream to two distribution switches (DSW-1 and DSW-2) via /30 subnets. All three are advertising the their /30 interfaces in area 0. The distribution switches are configured with HSRP for their SVIs, advertise their SVIs in area 0, and connected to each other via a layer 2 trunk. They are also cross connected to downstream access switches using layer 2 trunks. VLANs are across the access switches.

If all the layer 2 connections from DSW-1 are lost, DSW-2 becomes HSRP active, but R1's OSPF will still show a route to DSW-1 for 10.1.10.0 and cause drops. How do I stop DSW-1 from advertising the local connected virtual interfaces into the routing table and into OSPF when its layer 2 connections are lost? Or, is the design flawed?

R1

int Gi0/0

ip address 10.0.0.1 255.255.255.252

int Gi0/1

ip address 10.0.0.5 255.255.255.252

router ospf 1

router-id 0.0.0.1

network 10.0.0.1 0.0.0.0 area 0

network 10.0.0.5 0.0.0.0 area 0

show ip route ospf

O 10.1.10.0/24 [110/2] via 10.0.0.2, 00:10:12, GigabitEthernet0/0
[110/2] via 10.0.0.6, 00:10:57, GigabitEthernet0/1

DSW-1

int Gi0/0

ip address 10.0.0.2 255.255.255.252

int vlan 10

ip address 10.1.10.1 255.255.255.0

standby 10 ip 10.1.10.254

standby 10 preempt

standby 10 priority 110

ospf router 1

router-id 0.0.0.2

network 10.0.0.2 0.0.0.0 area 0

network 10.1.10.1 0.0.0.0 area 0

show ip route

C 10.1.10.0/24 is directly connected, Vlan10
L 10.1.10.1/32 is directly connected, Vlan10

DSW-2

int Gi0/0

ip address 10.0.0.6 255.255.255.252

int vlan 10

ip address 10.1.10.2 255.255.255.0

standby 10 ip 10.1.10.254

standby 10 preempt

router ospf 1

router-id 0.0.0.3

network 10.0.0.6 0.0.0.0 area 0

network 10.1.10.2 0.0.0.0 area 0

show ip route

C 10.1.10.0/24 is directly connected, Vlan10
L 10.1.10.2/32 is directly connected, Vlan10

balaji.bandi · ‎05-09-2020

I see some design issue here if DS1 and DS2 has single Link with Trunk - you need to consider multiple Trunks between DSW1 and DSW2.

If not both DSW1 and DSW2 become HSRP Active their point of view, if the between Links fails.

Seconds R1 has no visibility of your HSRP (until you have any tracking system in place ?)

Since R1 thinks neigh is up and getting the routes and prefered here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎05-09-2020

Helo
You could use an EEM script to advertise enable for that interface as an when the HSRP transitions.

Example:

event manager applet UP
action 1.0 syslog pattern "%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Active -> Speak"
action 1.1 cli command "conf t"
action 1.2 cli command "router ospf 1"
action 1.3 cli command "network 10.1.10.2 0.0.0.0 area 0 "
action 1.4 cli command "end"

event manger applet DOWN
action 1.0 syslog pattern "%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Standby -> Active"
action 2.0 cli command "enable"
action 2.1 cli command "conf t"
action 2.2 cli command "router ospf 1"
action 2.3 cli command "no network 10.1.10.2 0.0.0.0 area 0 "
action 2.4 cli command "end

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

CourtK- · ‎05-09-2020

Hi Paul,

Using EEM is a great solution for when the standby HSRP goes active or back to standby, because the DSW-2 produces the state change syslog messages. However, I couldn't get this to work on the active HSRP DSW-1 switch. I'm guessing because it doesn't change its state and doesn't produce any syslog messages when the L2 links go down.

paul driver · ‎05-10-2020

Hello

@CourtK- wrote:
If all the layer 2 connections from DSW-1 are lost, DSW-2 becomes HSRP active,

I'm guessing because it doesn't change its state and doesn't produce any syslog messages when the L2 links go down.

So just to confirm the HSRP state does change correctly but you dont receive any syslog notification on either switch?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

CourtK- · ‎05-10-2020

Hopefully the picture can explain the network scenario better than my words.

To balaji: I added the L2 bundled trunk links into the design. The red Xs in the picture are the L2 links that go down. I do not have tracking configured, because I don't know what to track. Maybe a loop back on DSW-2 within the 10.1.10.0 subnet? Can tracking change the advertised OSPF routes on DSW-1?

To paul: The HSRP active state does not change on the higher priority distribution switch (DSW-1). Using EEM on DSW-2 to watch the speak to standby and standby to active syslog messages is working and is able to manipulate its ospf network command accordingly. However, I don't know how to get EEM on DSW-1 to do the same, because its state does not change from active.

Would Virtual Stackwise or VSS handle this scenario better than HSRP?

Richard Burts · ‎05-11-2020

Thanks for the drawing. Here is my understanding of what is going on.

- HSRP actively sends messages between peers. If DSW1 links go down DSW2 stops receiving HSRP from its peer and transitions to active state. DSW1 does not mark vlan 10 as down and continues to have active state in HSRP. So you have 2 active devices in HSRP.

- As far as routing is concerned the network statement in OSPF says that as long as vlan 10 is in the up state it should be advertised.

So so both of your issues are related to DSW1 not considering vlan 10 to be in the down state. A switch will consider a vlan to be up if either of 2 conditions are true:

- there is at least one device connected to a port in that vlan

- the vlan is carried on a trunk

so would either of those conditions be true? Perhaps when this happens next time you could post output of these commands

show interface status

show interface trunk

HTH

Rick

balaji.bandi · ‎05-11-2020

Thanks for the information, as per your X mark the link go down, Both HSRP become Active / Active here ? since they do not see each other. due to failure of link, they are not aware each other live.

So as @Richard Burts mentioned, VLAN you refering for the OSPF interface never go down, router see as active neighbour and send the traffic, but blackhole beyond VLAN here.

There are different ways to fix and make things more complicated. that is the reason always prefer to have alternative path to minimise the links go down between DSW1 to 2

how frequently you having this issue ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎05-12-2020

The original poster asks if the design is flawed. My response is that it is probably not flawed. Network Design provides for failure of a primary path by providing an alternate path. In this design there are 2 alternate paths. So I think it is a good design.

But perhaps there are implementation details that defeat the good design? Do all 3 paths go through some equipment where if one fails then all will fail? Or is there some other aspect that if one fails then the others will fail?

HTH

Rick

balaji.bandi · ‎05-10-2020

Just to Confirm " L2 links go down" which L2 Link is this, between DSW ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help