Wired Intelligent Edge

 View Only

  • 1.  VRRP with two VSX pairs

    Posted Apr 18, 2025 10:59 AM

    Hello

    We have two pairs of 6400 chassis setup, each in VSX and we're migrating away from an old pair of Cisco VSS.

    Currently the the two VSX pairs have no direct connection, communication between the VSX pairs goes through the Cisco kit.

    These pairs are in separate data centers and I've added VLAN interfaces to both VSX pairs with VRRP configured:

    interface vlan 100
        ip address 192.168.1.x/26
        ip ospf 1 area 0.0.0.0
        ip helper-address 10.100.1.5
        ip helper-address 10.100.1.6
        vrrp 1 address-family ipv4
            address 192.168.1.1 primary
            preempt delay minimum 600
            priority 250
            no shutdown
            exit

    The problem I have is that when I show vrrp brief on the 4 6400 switches i see one of each pair is showing active. 

    I'm assuming there must be some communication problem between the two pairs?

    Thanks



    ------------------------------
    .
    ------------------------------


  • 2.  RE: VRRP with two VSX pairs

    Posted Apr 18, 2025 04:49 PM

    Hello, just thinking..."The problem I have is that when I show vrrp brief on the 4 6400 switches i see one of each pair is showing active."...isn't because a VRRP deployed on a single VSX Cluster normally would mean a setup with the VSX Primary acting as the VRRP Master and the VSX Secondary acting as the VRRP Backup? ...but you're trying to deploy VRRP across two VSX Clusters, shouldn't eventually the VRRP be configured instead involving one VSX member (VSX Primary or Secondary) of the first VSX Cluster and one VSX member (VSX Primary or Secondary) of the second VSX Cluster (without involving both VSX members of both VSX Cluster)?


    Original Message


  • 3.  RE: VRRP with two VSX pairs
    Best Answer

    Posted Apr 22, 2025 01:41 AM

    Hi

    While I agree with parnassus that having 4 candidates for a VRRP master may be a bit of an overkill, it's perfectly feasible to do that and it has in my eyes nothing to do with the actual problem here. 

    Given the information my assumption is that vlan100 is not properly forwarded between the two datacenters and therefore in kind of a split brain situation. The reaction of VRRP is in that case that in each datacenter the VSX master believes it's the master. 

    Did you check L2 tables (mac-address table) whether the crosslink between the DCs shows any MAC addresses on vlan100? Can you ping the 3 other VSX nodes on their vlan100 interface address?

    Regards. 

    Thomas


    Original Message


  • 4.  RE: VRRP with two VSX pairs

    Posted Apr 22, 2025 02:17 AM
    Edited by r.grossmann Apr 22, 2025 02:18 AM

    Hi,

    I agree with Thomas, generally it should be working.

    I also have two VSX Clusters (2 Pairs of Core Switches in different rooms), and my Out-of-Band-Management Network is connected via VRRP to all if these 4 Core Switches (CSW).

    But There is a difference in my configuration. I am using L3 Ports on the Aruba CX 8325 Ports, not a SVI. 
    As Thomas said, check the L2 connectivity and also your spaning tree. If youre using SVI and connect two VSX pairs, there must be STP blocked ports!

    My configuration:

    Main Cluster, Primary Member:

csw-rz-r08# sh vrrp

VRRP is enabled

Interface 1/1/19 - Group 12 - Address-Family IPv4
  State is STANDBY
  State duration 21 days 08 hours 38 mins 04.941 secs
  Virtual IP address is 172.18.12.1
  Virtual MAC address is 00:00:5e:00:01:0c
  Advertisement interval is 1000 msec
  Version is 2
  Preemption is enabled
   min delay is 0 sec
  Priority is 100
  BFD is enabled
  Active Router is 172.18.12.5
  Active Advertisement interval is 1000 msec
  Active Down interval is 3609 msec

csw-rz-r08# sh run int 1/1/19
interface 1/1/19
    description oobm-sw-rz-r08_P_13
    no shutdown
    mtu 9198
    vrf attach OOBM
    ip address 172.18.12.2/23
    vsx shutdown-on-split
    udld
    ip helper-address 172.19.0.10
    vrrp 12 address-family ipv4
        address 172.18.12.1 primary
        bfd 172.18.12.11
        no shutdown
        exit
    exit
csw-rz-r08#


Main Cluster, Secondary VSX Member:

csw-rz-r09# sh vrrp

VRRP is enabled

Interface 1/1/19 - Group 12 - Address-Family IPv4
  State is STANDBY
  State duration 20 days 08 hours 38 mins 27.261 secs
  Virtual IP address is 172.18.12.1
  Virtual MAC address is 00:00:5e:00:01:0c
  Advertisement interval is 1000 msec
  Version is 2
  Preemption is enabled
   min delay is 0 sec
  Priority is 100
  BFD is enabled
  Active Router is 172.18.12.5
  Active Advertisement interval is 1000 msec
  Active Down interval is 3609 msec

csw-rz-r09# sh run int 1/1/19
interface 1/1/19
    description oobm-sw-rz-r09_P_13
    no shutdown
    vrf attach OOBM
    ip address 172.18.12.3/23
    vsx shutdown-on-split
    udld
    ip helper-address 172.19.0.10
    vrrp 12 address-family ipv4
        address 172.18.12.1 primary
        bfd 172.18.12.12
        no shutdown
        exit
    exit
csw-rz-r09#

    "Backup" Cluster, Primary Member:

csw-bu-r02# sh vrrp

VRRP is enabled

Interface 1/1/19 - Group 12 - Address-Family IPv4
  State is STANDBY
  State duration 8 days 20 hours 21 mins 31.804 secs
  Virtual IP address is 172.18.12.1
  Virtual MAC address is 00:00:5e:00:01:0c
  Advertisement interval is 1000 msec
  Version is 2
  Preemption is enabled
   min delay is 0 sec
  Priority is 100
  BFD is enabled
  Active Router is 172.18.12.5
  Active Advertisement interval is 1000 msec
  Active Down interval is 3609 msec

csw-bu-r02# sh run int 1/1/19
interface 1/1/19
    description oobm-sw-bu-r02_P_13
    no shutdown
    mtu 9198
    vrf attach OOBM
    ip address 172.18.12.4/23
    vsx shutdown-on-split
    udld
    ip helper-address 172.19.0.10
    vrrp 12 address-family ipv4
        address 172.18.12.1 primary
        bfd 172.18.12.111
        no shutdown
        exit
    exit
csw-bu-r02#


"Backup" Cluster, Secondary Member:

csw-bu-r03# sh vrrp

VRRP is enabled

Interface 1/1/19 - Group 12 - Address-Family IPv4
  State is ACTIVE
  State duration 20 days 08 hours 38 mins 19.289 secs
  Virtual IP address is 172.18.12.1
  Virtual MAC address is 00:00:5e:00:01:0c
  Advertisement interval is 1000 msec
  Version is 2
  Preemption is enabled
   min delay is 0 sec
  Priority is 100
  BFD is enabled
  Active Router is 172.18.12.5 (local)
  Active Advertisement interval is 1000 msec
  Active Down interval is 3609 msec

csw-bu-r03# sh run int 1/1/19
interface 1/1/19
    description oobm-sw-bu-r03_P_13
    no shutdown
    mtu 9198
    vrf attach OOBM
    ip address 172.18.12.5/23
    vsx shutdown-on-split
    udld
    ip helper-address 172.19.0.10
    vrrp 12 address-family ipv4
        address 172.18.12.1 primary
        bfd 172.18.12.112
        no shutdown
        exit
    exit
csw-bu-r03#


    Original Message


  • 5.  RE: VRRP with two VSX pairs

    Posted Apr 22, 2025 09:37 AM

    Thanks for your responses, the vlan was missing from one of the cisco vss switches. VRRP working now



    ------------------------------
    .
    ------------------------------

    Original Message


  • 6.  RE: VRRP with two VSX pairs

    Posted Apr 22, 2025 09:45 AM

    Great to hear. Have a nice day! Regards, Thomas


    Original Message


Related Content