Challenges in Double WAN Redundancy Failover Test with Inter-VLAN Communication

Solved
Wikham
Conversationalist

Challenges in Double WAN Redundancy Failover Test with Inter-VLAN Communication

I opted to conduct failover testing by implementing double WAN redundancy. Instead of utilizing trunk ports, I tried using access ports for VLAN 10,20 with a trunk on the Link Aggregation Group (LAG) between the switches.

 

Equipment:

 

2x MS390

2x MX68

 

TEST1:

The failover process worked seamlessly when I removed the WAN 1 cable from the primary firewall, successfully transitioning to WAN 2 on MX1.

 

TEST2:

Upon removing the cable from VLAN 10, the expected behavior was for the MX to failover to its spare unit. However, this did not occur, despite the fact that VRRP messages were supposed to be continuously exchanged between the MX devices.

 

Has anyone else ever tested this, and if so, were they able to observe similar results or encountered different outcomes?

 

Wikham_1-1706635412108.png

 

Thanks!

1 Accepted Solution
KH
Meraki Employee
Meraki Employee

The wording can be kind of confusing, it means any VLAN in the context that no VLAN at all is seeing VRRP Packets, not that when any VLAN doesn't show VRRP packets it fails over. I have actually just updated this KB article so that it is more clear to say: "When no advertisements reach the spare on all VLANs, it will trigger a failover"

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it

View solution in original post

6 Replies 6
KH
Meraki Employee
Meraki Employee

VRRP Packets are sent across all VLANs, so you still have the MXes receiving VRRP Packets on VLAN 20 and they think all is well.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it
RaphaelL
Kind of a big deal
Kind of a big deal

LAN failover: The two appliances share health information over the network via the VRRP protocol. These VRRP heartbeats occur at layer two and are performed on all configured VLANs. If no advertisements reach the spare on any VLAN, it will trigger a failover. When the warm spare begins receiving VRRP heartbeats again, it will relinquish the active role back to the primary appliance.

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

 

I thought that if VRRP sent on vlan 10 weren't received by MX 'B' , it would create a dual active , since the MX 'B' thinks MX 'A' is gone.

KH
Meraki Employee
Meraki Employee

The wording can be kind of confusing, it means any VLAN in the context that no VLAN at all is seeing VRRP Packets, not that when any VLAN doesn't show VRRP packets it fails over. I have actually just updated this KB article so that it is more clear to say: "When no advertisements reach the spare on all VLANs, it will trigger a failover"

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it
RaphaelL
Kind of a big deal
Kind of a big deal

Ahhhh got it ! 

 

Indeed , I'm not a native english speaker , so that confused me ! Thanks for the clarification 🙂 

Wikham
Conversationalist

Thanks for clearing this out!

DanielWahlsten
Getting noticed

Wiktor for president!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels