08-14-2010 07:28 PM
HSRP Version 2 and DHCP doesn't work well with ARPing.
I have my N7K and setup the following per what I believe is recommend design:
Core1-N7k is Primary as VPC peer, HSRP Version2 Active, STP root. My OSPF is set to Point to Point so no need to worry about DR and BDR. I have also setup a separate LACP for VPC VLAN versus another LACP for non-VPC vlans.
I have a VPC to a 3750 switch set to "spanning-tree port type normal" where all my HSRP/VLAN 2XXX is going through. Host sometimes can get DHCP or not, when they cannot I find there is an arp issue so need to bounce the vlan interface on the N7k to get it working but this is a bandaid.
I heard if I enable "Peer Gateway" on both N7K cores, this may solve the problem but create additional problems. I will probably try this but wondered if anyone had the same problem or a solution.
08-16-2010 09:41 PM
Hi,
"Peer Gateway" allows a vPC switch to act as the active gateway for packets addressed to the peer router MAC to overcome Interoperability with non RFC compliant features of some NAS or load-balancer devices (i.e. NETAPP Fast-Path or EMC IP-Reflect, CheckPoint).
So, I am not sure if it will solve your problem.
I assume your N7Ks work as DHCP relay agent.
You mentioned there was ARP issue when hosts can't get DHCP address from DHCP server.
Have you tried to run "deb dhcp error" and "deb dhcp pkt-events"?
This will give us more detail on why DHCP relay isn't working.
Also, which NX-OS version are you running on?
I can check if there is any known DHCP bug on it.
KK.
08-17-2010 10:27 PM
yes, n7k is a dhcp relay agent and I am on n7000-s1-dk9.5.0.2a.bin. DHCP is not the issue. It is the hsrp and arp as that fails which subsequently affects dhcp. For example, below is core1 and 2 and on Core2, it is broken until I bounce "inter vlan 2200", then it works.
interface Vlan2200
no shutdown
no ip redirects
ip address 10.102.200.2/23
ip ospf passive-interface
ip router ospf 1 area 0.0.0.200
ip pim sparse-mode
ip igmp version 2
hsrp version 2
hsrp 2220
authentication text
preempt delay minimum 180
priority 90
timers 1 3
ip 10.102.200.1
ip dhcp relay address 10.100.211.71
N7K-CORE1-CA# sh int vl 2200
Vlan2200 is up, line protocol is up
N7K-CORE1-CA# sh ip arp | in 10.102.200.
10.102.200.3 00:05:00 0026.9802.b541 Vlan2200
10.102.200.1 - 0000.0c9f.f8ac Vlan2200
N7K-CORE1-CA# sh hsrp interface vlan 2200
Vlan2200 - Group 2220 (HSRP-V2) (IPv4)
Local state is Active, priority 90 (Cfged 90), may preempt
Forwarding threshold(for vPC), lower: 1 upper: 90
Preemption Delay (Seconds) Minimum:180
Hellotime 1 sec, holdtime 3 sec
Next hello sent in 0.518000 sec(s)
Virtual IP address is 10.102.200.1 (Cfged)
Active router is local
Standby router is 10.102.200.3 , priority 80 expires in 2.520000 sec(s)
Authentication text "removed"
Virtual mac address is 0000.0c9f.f8ac (Default MAC)
117 state changes, last state change 1w4d
IP redundancy name is hsrp-Vlan2200-2220 (default)
N7K-CORE1-CA# ping 10.102.200.2
PING 10.102.200.2 (10.102.200.2): 56 data bytes
64 bytes from 10.102.200.2: icmp_seq=0 ttl=255 time=0.663 ms
64 bytes from 10.102.200.2: icmp_seq=1 ttl=255 time=0.329 ms
64 bytes from 10.102.200.2: icmp_seq=2 ttl=255 time=0.361 ms
64 bytes from 10.102.200.2: icmp_seq=3 ttl=255 time=0.35 ms
64 bytes from 10.102.200.2: icmp_seq=4 ttl=255 time=0.37 ms
--- 10.102.200.2 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.329/0.414/0.663 ms
N7K-CORE1-CA# ping 10.102.200.3
PING 10.102.200.3 (10.102.200.3): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out
--- 10.102.200.3 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss
N7K-CORE1-CA# ping 10.102.200.1
PING 10.102.200.1 (10.102.200.1): 56 data bytes
64 bytes from 10.102.200.1: icmp_seq=0 ttl=255 time=0.606 ms
64 bytes from 10.102.200.1: icmp_seq=1 ttl=255 time=0.405 ms
64 bytes from 10.102.200.1: icmp_seq=2 ttl=255 time=0.468 ms
64 bytes from 10.102.200.1: icmp_seq=3 ttl=255 time=0.391 ms
64 bytes from 10.102.200.1: icmp_seq=4 ttl=255 time=0.328 ms
***************************On the other N7k, arp is not showing up***************************
N7K-CORE2-CA# sh ip arp | in 10.102.200.
N7K-CORE2-CA# sh int vlan 2200
Vlan2200 is up, line protocol is up
Hardware is EtherSVI, address is 0026.9802.b541
Internet Address is 10.102.200.3/23
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA
Last clearing of "show interface" counters never
60 seconds input rate 793 bits/sec, 1 packets/sec
60 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 785 bps, 1 pps; output rate 0 bps, 0 pps
L3 Switched:
input: 970812 pkts, 95139608 bytes - output: 6 pkts, 732 bytes
L3 in Switched:
ucast: 8 pkts, 816 bytes - mcast: 970804 pkts, 95138792 bytes
L3 out Switched:
ucast: 6 pkts, 732 bytes - mcast: 0 pkts, 0 bytes
N7K-CORE2-CA# sh hsrp interface vlan 2200
Vlan2200 - Group 2220 (HSRP-V2) (IPv4)
Local state is Standby, priority 80 (Cfged 80), may preempt
Forwarding threshold(for vPC), lower: 1 upper: 80
Preemption Delay (Seconds) Minimum:180
Hellotime 1 sec, holdtime 3 sec
Next hello sent in 0.650000 sec(s)
Virtual IP address is 10.102.200.1 (Cfged)
Active router is 10.102.200.2, priority 90 expires in 2.653000 sec(s)
Standby router is local
Authentication text "removed"
Virtual mac address is 0000.0c9f.f8ac (Default MAC)
44 state changes, last state change 1w4d
IP redundancy name is hsrp-Vlan2200-2220 (default)
N7K-CORE2-CA# ping 10.102.200.1
PING 10.102.200.1 (10.102.200.1): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out
--- 10.102.200.1 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss
N7K-CORE2-CA# ping 10.102.200.2
PING 10.102.200.2 (10.102.200.2): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out
--- 10.102.200.2 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss
N7K-CORE2-CA# ping 10.102.200.3
PING 10.102.200.3 (10.102.200.3): 56 data bytes
64 bytes from 10.102.200.3: icmp_seq=0 ttl=255 time=0.836 ms
64 bytes from 10.102.200.3: icmp_seq=1 ttl=255 time=0.406 ms
64 bytes from 10.102.200.3: icmp_seq=2 ttl=255 time=0.293 ms
64 bytes from 10.102.200.3: icmp_seq=3 ttl=255 time=0.406 ms
64 bytes from 10.102.200.3: icmp_seq=4 ttl=255 time=0.43 ms
--- 10.102.200.3 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.293/0.474/0.836 ms
N7K-CORE2-CA# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7K-CORE2-CA(config)# int vl 2200
N7K-CORE2-CA(config-if)# sh
N7K-CORE2-CA(config-if)# no sh
N7K-CORE2-CA(config-if)# ping 10.102.200.1
PING 10.102.200.1 (10.102.200.1): 56 data bytes
Request 0 timed out
64 bytes from 10.102.200.1: icmp_seq=1 ttl=254 time=1.053 ms
64 bytes from 10.102.200.1: icmp_seq=2 ttl=254 time=1.061 ms
64 bytes from 10.102.200.1: icmp_seq=3 ttl=254 time=0.969 ms
64 bytes from 10.102.200.1: icmp_seq=4 ttl=254 time=0.966 ms
--- 10.102.200.1 ping statistics ---
5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.966/1.012/1.061 ms
N7K-CORE2-CA(config-if)# ping 10.102.200.2
PING 10.102.200.2 (10.102.200.2): 56 data bytes
Request 0 timed out
64 bytes from 10.102.200.2: icmp_seq=1 ttl=254 time=1.023 ms
64 bytes from 10.102.200.2: icmp_seq=2 ttl=254 time=0.604 ms
64 bytes from 10.102.200.2: icmp_seq=3 ttl=254 time=0.57 ms
64 bytes from 10.102.200.2: icmp_seq=4 ttl=254 time=0.571 ms
N7K-CORE2-CA(config-if)# sh ip arp | in 10.102.200.
10.102.200.1 00:01:24 0000.0c9f.f8ac Vlan2200
10.102.200.2 00:01:19 0026.9818.1dc1 Vlan2200
08-18-2010 08:22 PM
Hi,
Thank you for detail problem explanation.
It could be CORE2 is not processing ARP request from CORE1 or CORE2 processed ARP request and sent out reply but SVI on CORE2 failed to send out.
Would you try to turn on debug ip arp packet on both routers to see if arp request from CORE1 reaches CORE2 and CORE2 replies back?
Also, what NX OS version you are running?
I can check if there is any known bug.
Do you see this problem from several vlans or only one vlan?
KK
03-18-2011 07:29 PM
I am having the same exact problem, and I am running version 5.1(2).
04-03-2011 06:02 AM
Hi,
how did you solve the problem ?
Best Regards,
Samer Labaky
04-03-2011 09:50 AM
TAC said:
CSCtg92465 Missing gwmacs for a few SVIs after root bridge reload
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?methodhttp://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg92465=fetchBugDetails&bugId=CSCtg92465
which required an upgrade
Also enabled Peer Gateway on Core1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide