MX250 keeps dropping

SOLVED
Kyojuro
Conversationalist

MX250 keeps dropping

Hello, 

I currently have an issue where both of our MX250s Primary and Secondary are becoming unreachable and dropping all connections for a couple of seconds at random times throughout the week. Both are on version 16.16 and they are connected via a direct connection with each other on an isolated vlan for VRRP. 

Meraki performed a packet capture and was able to verify the MXs were working correctly. 

Not sure at this point what the issue is. 

I have tested pulling the power of the primary and it actually fails over correctly to the spare like it should but when the issue occurs, both mx250s go down at the same time. 

I know it's not the WAN uplink connections for the MXs since they're on separate ISPs with separate public IPs. 

Has anyone experienced anything similar? 

 

Thank you. 

 

 

1 ACCEPTED SOLUTION
cmr
Kind of a big deal
Kind of a big deal

Yes, there was an alert sent out about 30 minutes ago.

View solution in original post

8 REPLIES 8
Ryan_Miles
Meraki Employee

Is this a new MX install? Or, did you recently upgrade firmware? If yes, was the issue occurring on the previous firmware?

 

Also, how are the MXs connected to the downstream switching infrastructure? The recommendation is to not use a direct link between MXs and use the downstream paths for the VRRP packets. VRRP is sent on all configured VLANs anyway. So even with a single VLAN link between MXs directly that really accomplishes nothing different and actually is a more trouble prone design.

PhilipDAth
Kind of a big deal

>direct connection with each other on an isolated vlan for VRRP. 

 

I would remove this.

My bet is you have a layer 2 loop, and spanning tree is knocking out one of the links between the MX and the switch causing the failover.

Is the direct link still an issue even if the downstram switch ports do not include the VRRP VLAN?

MarcP
Kind of a big deal

as @Ryan_Miles wrote: 
"VRRP is sent on all configured VLANs anyway."

Kyojuro
Conversationalist

So just remove the direct cabling and it should still function with the HA failover? 

Brash
A model citizen

Correct. The direct link shouldn't really be required as the heartbeats will propagate on all vlans. In fact it can even limit the effectiveness of your fail over.

Kyojuro
Conversationalist

Okay so I removed the direct cable and it was working fine for a couple days but now the dashboard just showing both MX unreachable even when everything is connected and working including client vpn, end point users, is something wrong with the dashboard on Meraki's side? 

cmr
Kind of a big deal
Kind of a big deal

Yes, there was an alert sent out about 30 minutes ago.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels