Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3662
Views
0
Helpful
1
Replies

Nexus 9000 vPC with HSRP strange ARP behavior

satish.txt1
Level 1
Level 1

‎07-04-2018 08:16 PM - edited ‎03-08-2019 03:34 PM

I have following scenario with vPC and HSRP (version 1) configuration.

 

Screen Shot 2018-07-04 at 11.24.06 PM.png

 

I am seeing very strange issue, my host configured for bond + vlan and my bonding mode is active-backup, I have only VLAN 100 configured for HSRP, I am seeing my host not able to ping HSRP virtual IP but it can ping all other host on VLAN 100, this issue just recently started everything was working fine few weeks ago.

vPC config

vpc domain 1
  peer-switch
  role priority 10
  peer-keepalive destination 10.5.0.117 source 10.5.0.116
  peer-gateway
  auto-recovery
  ip arp synchronize

HSRP config

interface Vlan100
  description *** Public_1 VLAN ***
  no shutdown
  mtu 9216
  no autostate
  no ip redirects
  ip address 74.xx.xx.2/23
  no ip ospf passive-interface
  ip router ospf 100 area 0.0.0.0
  hsrp 1
    preempt
    priority 110
    ip 74.xx.xx.1

I have two VLAN configured on HOST machine vlan 10 and vlan 100 following is my host interface output.

bond0.10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.1.146  netmask 255.255.0.0  broadcast 10.10.255.255
        inet6 fe80::6e3b:e5ff:feba:84e8  prefixlen 64  scopeid 0x20<link>
        ether 6c:3b:e5:ba:84:e8  txqueuelen 1000  (Ethernet)
        RX packets 18724100  bytes 861377042 (821.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1579  bytes 160270 (156.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

bond0.100: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 74.xx.xx.179  netmask 255.255.254.0  broadcast 74.xx.xx.255
        inet6 fe80::6e3b:e5ff:feba:84e8  prefixlen 64  scopeid 0x20<link>
        ether 6c:3b:e5:ba:84:e8  txqueuelen 1000  (Ethernet)
        RX packets 338156  bytes 15584262 (14.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 74  bytes 7230 (7.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

HOSR arp table

[root@host ~]# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
74.xx.xx.171           ether   fc:15:b4:13:1e:40   C                     bond0.100
74.xx.xx.2             ether   fc:5b:39:f7:6d:4f   C                     bond0.100
74.xx.xx.170           ether   d8:9d:67:75:2a:98   C                     bond0.100
74.xx.xx.1             ether   00:00:0c:07:ac:01   C                     bond0.100
74.xx.xx.177           ether   6c:3b:e5:b0:f9:f0   C                     bond0.100

On SW1 switch ARP and MAC tables

sw1# show ip arp 74.xx.xx.179

Flags: * - Adjacencies learnt on non-active FHRP router
       + - Adjacencies synced via CFSoE
       # - Adjacencies Throttled for Glean
       CP - Added via L2RIB, Control plane Adjacencies       D - Static Adjacencies attached to down interface

IP ARP Table
Total number of entries: 1
Address         Age       MAC Address     Interface
74.xx.xx.179  00:02:35  6c3b.e5ba.84e8  Vlan100

SW1 MAC tables

sw1# show mac address-table address 6c3b.e5ba.84e8
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*   10     6c3b.e5ba.84e8   dynamic  0         F      F    Po46

FHRP

sw1# show ip arp fhrp-non-active-learn

Flags: D - Static Adjacencies attached to down interface

IP ARP Table for context default
Address         Age       MAC Address     Interface

SW2

sw2# show ip arp 74.xx.xx.179

Flags: * - Adjacencies learnt on non-active FHRP router
       + - Adjacencies synced via CFSoE
       # - Adjacencies Throttled for Glean
       CP - Added via L2RIB, Control plane Adjacencies       D - Static Adjacencies attached to down interface

IP ARP Table
Total number of entries: 1
Address         Age       MAC Address     Interface
74.xx.xx.179  00:05:04  6c3b.e5ba.84e8  Vlan100          *

MAC table

sw2# show mac address-table address 6c3b.e5ba.84e8
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
+   10     6c3b.e5ba.84e8   dynamic  0         F      F    Po46

FHRP

sw2# show ip arp fhrp-non-active-learn

Flags: D - Static Adjacencies attached to down interface

IP ARP Table for context default
Address         Age       MAC Address     Interface
74.xx.xx.179  00:07:32  6c3b.e5ba.84e8  Vlan100

Question:

  1. why i am not able to ping HSRP VIP 74.xx.xx.1 ip address from host even on host arp table i can see its MAC address?

  2. why in MAC table i can't see VLAN 100 mac address ( But i can see vlan 10 MAC)

  3. what is fhrp-non-active-learn and why its only showing up on SW2 (standby HSRP instance)

5 people had this problem
Labels:
0 Helpful
1 Reply 1

Amafsha1
Level 2
Level 2

‎06-13-2019 02:34 PM - edited ‎06-13-2019 02:34 PM

did you ever get an answer?  I still don't get why I have hosts that have the "Adjacencies learnt on non-active FHRP router" star on them.  I pretty much have the same topology as you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card