Offline Warm Spare Resets Network?

arapheon
Here to help

Offline Warm Spare Resets Network?

Hello everyone.  I had a interesting event while managing a client's network yesterday. And by "interesting" I mean unexpected and very frustrating.  I can't find any reference to it through googling and I'm wondering if this is isolated or a known/expected behavior.

 

I have a client that has two locations, each running with a single MX84 with redundant WAN connections.  They recently ordered two new MX84s to act as warm spares.  So while these devices were still in their box I added these devices to their inventory, then to their respective networks as a warm spare, and that's where the fun began.  

 

The moment I added this (still boxed) device all network traffic reset.  Logs showed DHCP leases dropped, VPN tunnels reset, WAN connections reset, the whole package.  It only lasted for 20-30 seconds, but it took place at both locations separately, at separate times, the moment it was added.  Then the client said they wanted to use two different serial numbers instead, and the same thing happened when I removed the devices. 

 

Maybe I missed it, but I didn't see anything about this in the HA Pair guide

MX Warm Spare - High Availability Pair - Cisco Meraki

Also, it just doesn't make sense to me that the device would behave in this way when presented with a spare configuration of a device that isn't even connected. No warnings, nothing.  Has anyone else experienced this?

6 REPLIES 6
UCcert
Kind of a big deal

Hi @arapheon that shouldn’t have happened. Have you read through the release notes for the Mx firmware you’re running? Could be a known bug

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
ww
Kind of a big deal
Kind of a big deal

When you  add a mx as spare the primary is going to use a new (vrrp) mac. I can imagine some things will happen in the active mx /network.  Cant tell what is expected or not. 

Don't know if it matters, but I am not using a virtual IP. Merely two separate public IPs. I would think that would keep VRRP from being implemented. 

@arapheon VRRP will absolutely be implemented as this is the mechanism we leverage to elect which is the active MX. Do keep in mind VRRP advertisements are sent out the LAN ports only (once every second) as there is no guarantee the WAN ports will be able to communicate so they won't be sent out those interfaces.

As far as your initial post about DHCP/VPN drops, I would definitely open a ticket with support so they can validate the issues you're seeing and offer their expertise! 

Hope this helps!

This has been in the known bugs for a while. Maybe it's this?

 

Known issues

  • After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions.

Yes possibly. I would have hoped that adding a spare to the dashboard would save those configuration changes and/or packet loss for the time that I actually decide to add the physical device to the network. I love the simplicity of Meraki but there's certainly something to be said for the full granular control I'm used to with an ASA.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels