Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
4
Replies

Cisco2921 stateful NAT switch over fails when interface is broken

mseckin
Level 1
Level 1

‎01-14-2016 02:50 PM - edited ‎03-08-2019 03:25 AM

Good day all,

We have couple of C2921 routers running c2900-universal_npe-mz.SPA.155-3.M.  Both routers are identically configured and interlinked to each other for sync through their Gig0/1 interface.  The Gig0/0 interfaces point to internal network whereas the Gig0/0/0 interfaces connected to outside; both being independent layer 2 connections.

Routers are configured using B2B NAT configuration; the files are attached.

When active router is powered down, the switch over works perfectly.  However, when an interface is disconnected on the active router, switch over does not happen until the cable is plugged back in.  Looking at the packets on the outside interface we notice that gratuitous ARPs are only issued from the new active router for the physical interface but not for the NAT definitions.  We see the gratuitous ARPs only after we plug back the connection.  These gratuitous ARPs are pointing to the new active and then all works. 

Any pointer will be much appreciated.

Labels:
Preview file
4 KB
Preview file
4 KB
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-14-2016 07:39 PM

I don't know the answer, but it feels to me like pre-emption should be enabled.

redundancy
 application redundancy
  group 1
   name RG1
   preempt
0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Philip D'Ath

‎01-14-2016 07:41 PM

My gut feeling is you should also have interface tracking enabled.  There is lots of info here:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/nat-xe-3s-asr1k-book/iadnat-stateful-int-chass.html

Maybe something like:

track  1 interface gigabitEthernet 0/0 ip routing

redundancy
 application redundancy
  group 1
   name RG1
   preempt
   track 1 decrement 50
0 Helpful

mseckin
Level 1
Level 1
In response to Philip D'Ath

‎01-15-2016 08:03 AM

Unfortunately neither of these work.  In fact the software does not even accept track for group 1.

I have no issues with router fail over from one to other using only its physical addresses.  The problem is the NATed addresses are not advertised from the new active router with gratuitous ARPs until the broken link on the old active is restored (electrically).  System fails over due to priority change, gratuitous ARP is issued from new active for its physical interface and that's it.  As I restore the broken link to the new stand-by, I see gratuitous ARPs for the NAT addresses from the new active!

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to mseckin

‎01-16-2016 12:31 AM

Ok, I more clearly understand now.

As a work around, could you change the device you plug the two router outside interfaces to have a much shorter arp cache, like 30s?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card