Re: CISCO 6504 HSRP Configuration

anishbn · ‎04-29-2019

Hi,

i have a network with two core switch 6504E and 3850 as edge Switch .Please find the attached NW diagram and configuration .I am facing the packet loss (2-5 packets)sometime .

Please advice is there any mistake in my configuration.

Thank you

Seb Rupik · ‎04-30-2019

Hi there,

Looks to me like you will have a STP re-convergence issue causing your packet loss.

With Core-1 as the root-bridge for all VLANs, on any access-layer switch Te1/1/3 will be the Designated port and Te1/1/4 to Core-2 will be in the Alternate state.

Assuming Core-1 fails and Core-2 becomes the HSRP active router, then the access-layer switches will have to wait for the STP process to re-converge. This is probably where you are loosing packets.

Can you share the output of sh spanning-tree vlan 20 det from one of your access-layer switches?

How to fix it? I suggest increasing the STP cost of the link between the two core switches.

cheers,

Seb.

anishbn · ‎04-30-2019

Hi,

i don't have the access to switch at the moment ,Please find the attached log that i have.

Thank you

Seb Rupik · ‎04-30-2019

The log file confirms the STP topology I described. The combination of Core switch failure/ HSRP failover / STP re-convergence will be the cause of the momentary packet loss.

My suggesting of increasing the core to core link STP cost will give you a quick win for the problem...but given the hardware available to you, @Scott Hodgdon suggestion to implement VSS is the best practice solution.

cheers,

Seb.

Scott Hodgdon · ‎04-30-2019

anishbn,

Have you considered implementing VSS to get rid of the reliance on HSRP and STP ?

This would give you hardware-based, sub-second, deterministic failover if one of the 6504s goes offline.

Cheers,
Scott Hodgdon

anishbn · ‎04-30-2019

Hi,

is Supervisor Engine 2T Support VSS.Please find the installed Modules.

CORE-SWTICH2#show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
2 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL1716349R
3 16 CEF720 16 port 10GE WS-X6816-10GE SAL1809MY21

Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
2 a44c.1177.1c2a to a44c.1177.1c31 1.5 12.2(50r)SYS 15.1(1)SY1 Ok
3 3c08.f657.d110 to 3c08.f657.d11f 2.1 12.2(18r)S1 15.1(1)SY1 Ok

Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
2 Policy Feature Card 4 VS-F6K-PFC4 SAL17110RX5 2.0 Ok
2 CPU Daughterboard VS-F6K-MSFC5 SAL1716332R 2.0 Ok
3 Distributed Forwarding Card WS-F6K-DFC4-E SAL1826VPHM 1.2 Ok

Mod Online Diag Status
---- -------------------
2 Pass
3 Pass

Thank you

Scott Hodgdon · ‎04-30-2019

anishbn,

Yes, it does. The code you are running is End of Support starting in October 2019 (see https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-2-sx/eos-eol-notice-c51-731743.html), so you should consider upgrading to 15.5(1)SY3.

Both 15.1(1)SY1 and 15.5(1)SY3 support VSS with Sup2T:

15.5SY Config Guide : https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-5SY/config_guide/sup2T/15_5_sy_swcg_2T/virtual_switching_systems.html

15.1SY Config Guide: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/virtual_switching_systems.html

I would recommend upgrading the IOS before implementing VSS, but the choice is yours.

Cheers,
Scott Hodgdon

anishbn · ‎04-30-2019

Hi,
Thank you .
At the moment i have only one 10G link between Core Switches,is it enough or i need to go for ether Channel.

Thank You

FATIHY · ‎04-30-2019

Hi,

VSS is the best way to solve problems of course but you should find to reason of packet loss. Have you had a chance to look show spanning vlan X detail. You are going to get a result as the below

VLAN0025 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 24576, sysid 25, address 682c.7b1a.c100
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Number of topology changes 33 last change occurred 2w0d ago
from GigabitEthernet2/0/1

The most critical value is the " Topology Change" if it increases that there was an STP design issue.

anishbn · ‎05-04-2019

Hi,

Please find the output.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.05.04 11:31:55 =~=~=~=~=~=~=~=~=~=~=~=

User Access Verification

Password:
Password:
CORE-SWTCH1>en
Password:
CORE-SWTCH1#telent 10.100.70.21
^
% Invalid input detected at '^' marker.

CORE-SWTCH1#tel
CORE-SWTCH1#telnet 10.100.70.21
Trying 10.100.70.21 ... Open

User Access Verification

Password:

IDF-9-SERVICEBLOCK#show spanning-tree vlan 20 detail

VLAN0020 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 20, address 682c.7b04.b480
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 4116, address 0023.33c6.1800
Root port is 55 (TenGigabitEthernet1/1/3), cost of root path is 2
Topology change flag not set, detected flag not set
Number of topology changes 13 last change occurred 00:00:36 ago
from TenGigabitEthernet1/1/3
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 55 (TenGigabitEthernet1/1/3) of VLAN0020 is root forwarding
Port path cost 2, Port priority 128, Port Identifier 128.55.
Designated root has priority 4116, address 0023.33c6.1800
Designated bridge has priority 4116, address 0023.33c6.1800
Designated port id is 128.257, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 2
Link type is point-to-point by default
BPDU: sent 18, received 623

--More-- Port 56 (TenGigabitEthernet1/1/4) of VLAN0020 is alternate blocking
--More-- Port path cost 2, Port priority 128, Port Identifier 128.56.
--More-- Designated root has priority 4116, address 0023.33c6.1800
--More-- Designated bridge has priority 32788, address 0021.a050.5180
--More-- Designated port id is 128.257, designated path cost 2
--More-- Timers: message age 15, forward delay 0, hold 0
--More-- Number of transitions to forwarding state: 1
--More-- Link type is point-to-point by default
--More-- BPDU: sent 4, received 41
--More--

IDF-9-SERVICEBLOCK#show spanning-tree vlan 20 detail 0 detail 30 detail

VLAN0030 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 30, address 682c.7b04.b480
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 4126, address 0023.33c6.1800
Root port is 55 (TenGigabitEthernet1/1/3), cost of root path is 2
Topology change flag not set, detected flag not set
Number of topology changes 17 last change occurred 00:00:51 ago
from TenGigabitEthernet1/1/3
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 55 (TenGigabitEthernet1/1/3) of VLAN0030 is root forwarding
Port path cost 2, Port priority 128, Port Identifier 128.55.
Designated root has priority 4126, address 0023.33c6.1800
Designated bridge has priority 4126, address 0023.33c6.1800
Designated port id is 128.257, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 2
Link type is point-to-point by default
BPDU: sent 22, received 643

--More-- Port 56 (TenGigabitEthernet1/1/4) of VLAN0030 is alternate blocking
--More-- Port path cost 2, Port priority 128, Port Identifier 128.56.
--More-- Designated root has priority 4126, address 0023.33c6.1800
--More-- Designated bridge has priority 32798, address 0021.a050.5180
--More-- Designated port id is 128.257, designated path cost 2
--More-- Timers: message age 15, forward delay 0, hold 0
--More-- Number of transitions to forwarding state: 1
--More-- Link type is point-to-point by default
--More-- BPDU: sent 3, received 49
--More--

IDF-9-SERVICEBLOCK#show spanning-tree vlan 1 detail

VLAN0001 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 1, address 682c.7b04.b480
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 4097, address 0023.33c6.1800
Root port is 55 (TenGigabitEthernet1/1/3), cost of root path is 2
Topology change flag not set, detected flag not set
Number of topology changes 16 last change occurred 00:01:05 ago
from TenGigabitEthernet1/1/3
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 55 (TenGigabitEthernet1/1/3) of VLAN0001 is root forwarding
Port path cost 2, Port priority 128, Port Identifier 128.55.
Designated root has priority 4097, address 0023.33c6.1800
Designated bridge has priority 4097, address 0023.33c6.1800
Designated port id is 128.257, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 2
Link type is point-to-point by default
BPDU: sent 15, received 1292

--More-- Port 56 (TenGigabitEthernet1/1/4) of VLAN0001 is alternate blocking
--More-- Port path cost 2, Port priority 128, Port Identifier 128.56.
--More-- Designated root has priority 4097, address 0023.33c6.1800
--More-- Designated bridge has priority 32769, address 0021.a050.5180
--More-- Designated port id is 128.257, designated path cost 2
--More-- Timers: message age 15, forward delay 0, hold 0
--More-- Number of transitions to forwarding state: 0
--More-- Link type is point-to-point by default
--More-- BPDU: sent 6, received 112
--More--

Thank you

anishbn · ‎05-10-2019

Hi
Can I have an update please.
Thank you

Seb Rupik · ‎05-10-2019

Hi there,

The output does show a small number of topology changes. It is odd that they are not the same value and the times since last change are different, however any topology change is a sign of STP instability on non-edge links.

What was the uptime of the switch when you took this output?

Have you tried implementing any of the suggestions in this thread?

cheers,

Seb.

anishbn · ‎05-10-2019

Hi,

I took this log from uptime of around 30minutes.
At the moment I am not able to try VSS. Also I have only one uplink between core to core . I am not sure is it enough for VSS.
Now I need to sort out the issue in HSRP and STP. I will try to increase the STP cost for core to core to link .
Thank you

Seb Rupik · ‎05-10-2019

VSS would work with a single link between the two 6500 chassis, although it would not be a recommended solution.

I would be interested to hear back regarding the results of increasing the core-core link STP cost.

cheers,

Seb.

anishbn · ‎05-19-2019

Hi,

i will be visiting the site and will increase the spanning tree cost for both core to core links.

I need to get one more clarification ,is intervlan block UPD communication .I have an issue while communicating from vlan 20 to 30 to udp port 47808 .

Thankyou