cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
281
Views
0
Helpful
4
Replies

Cisco2921 stateful NAT switch over fails when interface is broken

mseckin
Level 1
Level 1

Good day all,

We have couple of C2921 routers running c2900-universal_npe-mz.SPA.155-3.M.  Both routers are identically configured and interlinked to each other for sync through their Gig0/1 interface.  The Gig0/0 interfaces point to internal network whereas the Gig0/0/0 interfaces connected to outside; both being independent layer 2 connections.

Routers are configured using B2B NAT configuration; the files are attached.

When active router is powered down, the switch over works perfectly.  However, when an interface is disconnected on the active router, switch over does not happen until the cable is plugged back in.  Looking at the packets on the outside interface we notice that gratuitous ARPs are only issued from the new active router for the physical interface but not for the NAT definitions.  We see the gratuitous ARPs only after we plug back the connection.  These gratuitous ARPs are pointing to the new active and then all works. 

Any pointer will be much appreciated.

4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

I don't know the answer, but it feels to me like pre-emption should be enabled.

redundancy
 application redundancy
  group 1
   name RG1
preempt

My gut feeling is you should also have interface tracking enabled.  There is lots of info here:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/nat-xe-3s-asr1k-book/iadnat-stateful-int-chass.html

Maybe something like:

track  1 interface gigabitEthernet 0/0 ip routing

redundancy
 application redundancy
  group 1
   name RG1
preempt
track 1 decrement 50

Unfortunately neither of these work.  In fact the software does not even accept track for group 1.

I have no issues with router fail over from one to other using only its physical addresses.  The problem is the NATed addresses are not advertised from the new active router with gratuitous ARPs until the broken link on the old active is restored (electrically).  System fails over due to priority change, gratuitous ARP is issued from new active for its physical interface and that's it.  As I restore the broken link to the new stand-by, I see gratuitous ARPs for the NAT addresses from the new active!

Ok, I more clearly understand now.

As a work around, could you change the device you plug the two router outside interfaces to have a much shorter arp cache, like 30s?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: