cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2207
Views
15
Helpful
12
Replies

VRRP tracking interface down

Hello team,

 

I have 2 ASR9006 connected to a firewall.

IRB and VRRP are running on both ASR9006.

I have activated interface tracking on the VRRP, but the tracking shows "down" state while the physical interface is UP.

 

Below is the configuration on ASR01.

 

l2vpn
load-balancing flow src-dst-ip
bridge group IRB
bridge-domain IRB-VLAN13
interface Bundle-Ether5.13
!
interface HundredGigE0/3/0/0.13
!
routed interface BVI13
!
interface Bundle-Ether5.13 l2transport
description Gi_new_FW
encapsulation dot1q 13 exact
rewrite ingress tag pop 1 symmetric
!
!
interface HundredGigE0/3/0/0.13 l2transport
description Gi_new_FW
encapsulation dot1q 13 exact
rewrite ingress tag pop 1 symmetric
!
interface BVI13
description Gi_new_FW
bandwidth 50000000
mtu 9216
vrf Gi_NEW_VRF
ipv4 address 172.25.27.74 255.255.255.248
!

router vrrp
interface BVI13
address-family ipv4
vrrp 13
priority 254
preempt delay 15
timer 4
address 172.25.27.73
track interface HundredGigE0/3/0/0 10
!

##########

##########

RP/0/RSP0/CPU0:oumpbn-asr(config-vrrp-virtual-router)#do sh vrrp detail

Mon Jun 7 02:43:16.921 GMT
BVI13 - IPv4 vrID 13
State is Backup
5 state changes, last state change 00:00:05
State change history:
Jun 7 00:46:20.069 GMT Init -> Backup Delay timer expired
Jun 7 00:46:32.257 GMT Backup -> Master Master down timer expired
Jun 7 00:50:23.650 GMT Master -> Backup Higher priority advert received
Jun 7 02:04:27.214 GMT Backup -> Master Master down timer expired
Jun 7 02:43:11.419 GMT Master -> Backup Higher priority advert received
Last resign sent: Never
Last resign received: Never
Virtual IP address is 172.25.27.73
Virtual MAC address is 0000.5E00.010d, state is stored
Master router is 172.25.27.75, priority 253
Version is 3
Advertise time 4 secs
Master Down Timer 12.187 (3 x 4 + (12 x 4/256))
Minimum delay 1 sec, reload delay 5 sec
Current priority 244
Configured priority 254, may preempt
minimum delay 15 secs
Tracked items: 0/1 up: 10 decrement
Object name State Decrement
HundredGigE0/3/0/0 Down 10

 

Regards//

Kouacou Célestin

1 Accepted Solution

Accepted Solutions

Hi team,

 

Yes it working now.

Below is the final configuration file.

thanks for your great support.

 

interface Hu0/3/0/0.44
description DO_NOT_DELETE_USE_4_VRRP_intf_TACKING
ipv4 address 10.156.65.129 255.255.255.252
encapsulation dot1q 44

router vrrp
interface BVI13
address-family ipv4
vrrp 13 version 3
track interface Hu0/3/0/0.44 10
!
interface BVI35
address-family ipv4
vrrp 14 version 3
track interface Hu0/3/0/0.44 10
!
interface BVI36
address-family ipv4
vrrp 35 version 3
track interface Hu0/3/0/0.44 10

 

#####

RP/0/RSP0/CPU0:oumpbn-asr01#sh vrrp detail
Wed Jun 9 02:31:40.046 GMT
BVI13 - IPv4 vrID 13
State is Master
20 state changes, last state change 00:00:30
State change history:
Jun 8 05:25:24.892 GMT Backup -> Master Master down timer expired
Jun 9 02:13:08.176 GMT Master -> Backup Higher priority advert received
Jun 9 02:20:15.942 GMT Backup -> Master Master down timer expired
Jun 9 02:30:32.138 GMT Master -> Backup Higher priority advert received
Jun 9 02:31:09.492 GMT Backup -> Master Master down timer expired
Last resign sent: Never
Last resign received: Never
Virtual IP address is 172.25.27.73
Virtual MAC address is 0000.5E00.010d, state is active
Master router is local
Version is 3
Advertise time 4 secs
Master Down Timer 12.031 (3 x 4 + (2 x 4/256))
Minimum delay 1 sec, reload delay 5 sec
Current priority 254
Configured priority 254, may preempt
minimum delay 15 secs
Tracked items: 1/1 up: 0 decrement
Object name State Decrement
HundredGigE0/3/0/0.44 Up 10

 

Best Regards//

Kouacou Célestin

View solution in original post

12 Replies 12

balaji.bandi
Hall of Fame
Hall of Fame

Is the Physical Interface UP ? 3/X/X ?

 

the BVI belongs to VRF, are you able to ping the other side's IP address using the source as VRF?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji.bandi,

 

Yes I'm able to ping the FW.

 

RP/0/RSP0/CPU0:oumpbn-asr01#ping vrf Gi_NEW_VRF 172.25.27.76 source 172.25.27.73
Mon Jun 7 10:30:54.848 GMT
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.25.27.76, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:oumpbn-asr01#

 

Regards,

Kouacou Célestin

Not the VIP IP, end devices where they part of this VRRP Pair

 

172.25.27.74  to other one ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello Balaji.bandi,

 

Below is the IP adressing of the subnet 172.25.27.72/29

.73 VRRP ASR side (ASR01 priority 254, ASR02 prio 253)

.74 ASR01

.75 ASR02

.76 SRX01 (which is master in the cluster)

 

You can check the network diagram.

Regards,

Kouacou Célestin

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @celestin.kouacou1 ,

from the network diagram we see that you have connected a pair of ASR9006 to a firewall cluster of Juniper SRX.

The SRX pair connects to the two 100GE interfaces using a redundant ethernet pair of interfaces.

 

see

https://www.juniper.net/documentation/us/en/software/junos/chassis-cluster-security-devices/topics/topic-map/security-chassis-cluster-redundant-ethernet-interfaces.html

 

>> On SRX5600, and SRX5800 devices, interfaces such as 10-Gigabit Ethernet (xe), 40-Gigabit Ethernet, and 100-Gigabit Ethernet can be redundant Ethernet (reth) interfaces.

 

I suspect that this might lead one interface to stay down depending on your wiring schema.

 

Hope to help

Giuseppe

 

Hi Giuseppe Larosa,

You are right there is an issue with interface connected to the second SRX Node in the cluster.

I will fix the issue on SRX interface  and try the CLI again.

 

Celestin@oumpbn-SRX5600-node0> show interfaces terse | match reth4
et-3/1/0.13 up up aenet --> reth4.13
et-3/1/0.35 up up aenet --> reth4.35
et-3/1/0.36 up up aenet --> reth4.36
et-3/1/0.44 up up aenet --> reth4.44
et-3/1/0.32767 up up aenet --> reth4.32767
et-9/3/0.13 up down aenet --> reth4.13
et-9/3/0.35 up down aenet --> reth4.35
et-9/3/0.36 up down aenet --> reth4.36
et-9/3/0.44 up down aenet --> reth4.44
et-9/3/0.32767 up down aenet --> reth4.32767
reth4 up up
reth4.13 up up inet 172.25.27.76/29
reth4.35 up up inet 10.216.8.132/25
reth4.36 up up inet 172.25.31.38/29
reth4.44 up up inet 192.168.19.10/28
reth4.32767 up up multiservice

 

Regards//

Kouacou Célestin

Hi all,

 

I still have the issue with tracking interface showing down state in the VRRP.

 

RP/0/RSP0/CPU0:oumpbn-asr01#sh run router vrrp
Tue Jun 8 05:15:40.848 GMT
router vrrp
interface BVI13
address-family ipv4
vrrp 13 version 3
priority 254
preempt delay 15
timer 4
address 172.25.27.73
track interface HundredGigE0/3/0/0 4
!
interface BVI35
address-family ipv4
vrrp 14 version 3
priority 254
preempt delay 15
timer 4
address 10.216.8.131
track interface HundredGigE0/3/0/0 4
!
interface BVI36
address-family ipv4
vrrp 35 version 3
priority 254
preempt delay 15
timer 4
address 172.25.31.35
track interface HundredGigE0/3/0/0 4
!
interface BVI979
address-family ipv4
vrrp 31 version 3
priority 254
preempt delay 15
timer 4
address 10.216.8.123
track interface HundredGigE0/3/0/0 4
!


RP/0/RSP0/CPU0:oumpbn-asr01#sh vrrp
Tue Jun 8 05:15:50.540 GMT
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addr
BV13 13 250 P Backup 172.25.27.75 172.25.27.73
BV35 14 250 P Backup 10.216.8.130 10.216.8.131
BV36 35 250 P Backup 172.25.31.34 172.25.31.35
BV979 31 250 P Backup 10.216.8.122 10.216.8.123

RP/0/RSP0/CPU0:oumpbn-asr01#sh int HundredGigE0/3/0/0 des
Tue Jun 8 05:16:13.304 GMT

Interface Status Protocol Description
--------------------------------------------------------------------------------
Hu0/3/0/0 up up oumpbn-SRX5600-node0 et-3/1/0

RP/0/RSP0/CPU0:oumpbn-asr01#

RP/0/RSP0/CPU0:oumpbn-asr01#sh vrrp detail
Tue Jun 8 05:23:59.433 GMT
BVI13 - IPv4 vrID 13
State is Backup
15 state changes, last state change 00:00:50
State change history:
Jun 8 02:14:52.956 GMT Master -> Backup Higher priority advert received
Jun 8 02:19:57.381 GMT Backup -> Master Master down timer expired
Jun 8 05:14:45.002 GMT Master -> Backup Higher priority advert received
Jun 8 05:21:11.495 GMT Backup -> Master Master down timer expired
Jun 8 05:23:09.411 GMT Master -> Backup Higher priority advert received
Last resign sent: Never
Last resign received: Never
Virtual IP address is 172.25.27.73
Virtual MAC address is 0000.5E00.010d, state is stored
Master router is 172.25.27.75, priority 253
Version is 3
Advertise time 4 secs
Master Down Timer 12.093 (3 x 4 + (6 x 4/256))
Minimum delay 1 sec, reload delay 5 sec
Current priority 250
Configured priority 254, may preempt
minimum delay 15 secs
Tracked items: 0/1 up: 4 decrement
Object name State Decrement
HundredGigE0/3/0/0 Down 4

BVI35 - IPv4 vrID 14
State is Backup
13 state changes, last state change 00:00:52
State change history:
Jun 8 02:14:52.853 GMT Master -> Backup Higher priority advert received
Jun 8 02:19:56.103 GMT Backup -> Master Master down timer expired
Jun 8 05:14:45.045 GMT Master -> Backup Higher priority advert received
Jun 8 05:21:11.347 GMT Backup -> Master Master down timer expired
Jun 8 05:23:06.924 GMT Master -> Backup Higher priority advert received
Last resign sent: Never
Last resign received: Never
Virtual IP address is 10.216.8.131
Virtual MAC address is 0000.5E00.010e, state is stored
Master router is 10.216.8.130, priority 253
Version is 3
Advertise time 4 secs
Master Down Timer 12.093 (3 x 4 + (6 x 4/256))
Minimum delay 1 sec, reload delay 5 sec
Current priority 250
Configured priority 254, may preempt
minimum delay 15 secs
Tracked items: 0/1 up: 4 decrement
Object name State Decrement
HundredGigE0/3/0/0 Down 4

 

 


RP/0/RSP0/CPU0:oumpbn-asr02#sh run router vrrp
Tue Jun 8 05:23:11.060 GMT
router vrrp
interface BVI13
address-family ipv4
vrrp 13 version 3
priority 253
preempt delay 15
timer 4
address 172.25.27.73
!
!
!
interface BVI35
address-family ipv4
vrrp 14 version 3
priority 253
preempt delay 15
timer 4
address 10.216.8.131
!
!
!
interface BVI36
address-family ipv4
vrrp 35 version 3
priority 253
preempt delay 15
timer 4
address 172.25.31.35
!
!
!
interface BVI979
address-family ipv4
vrrp 31 version 3
priority 253
preempt delay 15
timer 4
address 10.216.8.123
!
!
!
!

RP/0/RSP0/CPU0:oumpbn-asr02#sh vrrp
Tue Jun 8 05:23:25.833 GMT
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addr
BV13 13 253 P Master local 172.25.27.73
BV35 14 253 P Master local 10.216.8.131
BV36 35 253 P Master local 172.25.31.35
BV979 31 253 P Master local 10.216.8.123
RP/0/RSP0/CPU0:oumpbn-asr02#sh int HundredGigE0/3/0/0 des
Tue Jun 8 05:23:35.557 GMT

Interface Status Protocol Description
--------------------------------------------------------------------------------
Hu0/3/0/0 up up oumpbn-SRX5600-node1 et-3/1/0

 

 

Regards//

Kouacou Célestin

Hello @celestin.kouacou1 ,

as I have written in my previous  post what you see may be the normal behaviour of SRX redundant ethernet that is only the primary link is up/up and the second link is a cold backup that stays down until it is needed.

 

Hope to help

Giuseppe

 

Hello Giuseppe,


Primary link ASR01 <> SRX01 is UP/UP.
Secondary link ASR02 <> SRX02 is UP/UP too.


Celestin@oumpbn-SRX5600-node0> show interfaces terse
Interface Admin Link Proto Local Remote
...
xe-3/0/1 up down
et-3/1/0 up up <<<<<< Primary link
et-3/1/0.13 up up aenet --> reth4.13
et-3/1/0.35 up up aenet --> reth4.35
et-3/1/0.36 up up aenet --> reth4.36
et-3/1/0.44 up up aenet --> reth4.44
et-3/1/0.32767 up up aenet --> reth4.32767
xe-3/2/0 up down
xe-3/2/1 up down
et-3/3/0 up down
....
xe-9/0/0 up down
xe-9/0/1 up down
et-9/1/0 up up <<<<<<< Secondary link
et-9/1/0.13 up up aenet --> reth4.13
et-9/1/0.35 up up aenet --> reth4.35
et-9/1/0.36 up up aenet --> reth4.36
et-9/1/0.44 up up aenet --> reth4.44
et-9/1/0.32767 up up aenet --> reth4.32767


RP/0/RSP0/CPU0:oumpbn-asr02#sh int HundredGigE0/3/0/0 des
Tue Jun 8 05:23:35.557 GMT

Interface Status Protocol Description
--------------------------------------------------------------------------------
Hu0/3/0/0 up up oumpbn-SRX5600-node1 et-3/1/0



RP/0/RSP0/CPU0:oumpbn-asr02#sh int HundredGigE0/3/0/0 des
Tue Jun 8 05:23:35.557 GMT

Interface Status Protocol Description
--------------------------------------------------------------------------------
Hu0/3/0/0 up up oumpbn-SRX5600-node1 et-3/1/0


Regards//
Kouacou Célestin

Hi team,

 

This link gives more details:

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-1/addr_serv/configuration/guide/ipaddr_cg41a9k_chapter10.html

 

I think the track interface is still down because it is a l2transport interface.

It is clearly explained on the link that "Only IP interfaces are tracked. A tracked interface is up if IP on that interface is up. Otherwise, the tracked interface is down."

 

I will define an IP address on "interface HundredGigE0/3/0/0" and test again.

 

Regards//

Kouacou Célestin

Hi team,

 

Yes it working now.

Below is the final configuration file.

thanks for your great support.

 

interface Hu0/3/0/0.44
description DO_NOT_DELETE_USE_4_VRRP_intf_TACKING
ipv4 address 10.156.65.129 255.255.255.252
encapsulation dot1q 44

router vrrp
interface BVI13
address-family ipv4
vrrp 13 version 3
track interface Hu0/3/0/0.44 10
!
interface BVI35
address-family ipv4
vrrp 14 version 3
track interface Hu0/3/0/0.44 10
!
interface BVI36
address-family ipv4
vrrp 35 version 3
track interface Hu0/3/0/0.44 10

 

#####

RP/0/RSP0/CPU0:oumpbn-asr01#sh vrrp detail
Wed Jun 9 02:31:40.046 GMT
BVI13 - IPv4 vrID 13
State is Master
20 state changes, last state change 00:00:30
State change history:
Jun 8 05:25:24.892 GMT Backup -> Master Master down timer expired
Jun 9 02:13:08.176 GMT Master -> Backup Higher priority advert received
Jun 9 02:20:15.942 GMT Backup -> Master Master down timer expired
Jun 9 02:30:32.138 GMT Master -> Backup Higher priority advert received
Jun 9 02:31:09.492 GMT Backup -> Master Master down timer expired
Last resign sent: Never
Last resign received: Never
Virtual IP address is 172.25.27.73
Virtual MAC address is 0000.5E00.010d, state is active
Master router is local
Version is 3
Advertise time 4 secs
Master Down Timer 12.031 (3 x 4 + (2 x 4/256))
Minimum delay 1 sec, reload delay 5 sec
Current priority 254
Configured priority 254, may preempt
minimum delay 15 secs
Tracked items: 1/1 up: 0 decrement
Object name State Decrement
HundredGigE0/3/0/0.44 Up 10

 

Best Regards//

Kouacou Célestin

Hello @celestin.kouacou1 ,

interesting trick you have configured a L3 subinterface with an IPv4 address  just to be able to use it for tracking.

 

Best Regards

Giuseppe

 

Review Cisco Networking for a $25 gift card