VRRP transition--MX 450 issue

ranjankumarsgh
Getting noticed

VRRP transition--MX 450 issue

Hi

 

I have two meraki MX-450 and it is working in HA and in concentratot mode.

 

At the same time Pair of MXs are working in VRRP and using virtual uplink IP's (Shared IP) to send traffic to Internet.

 

We are using NAT for MX subnet IP and have full internet access.

 

Connectiivty Details:

SW-10.155.0.x/20--Te1/0/16--> MX-450 Primary IP:10.155.0.a/20

SW-10.155.0.y/20--Te1/8--> MX-450 spare IP:10.155.0.b/20

 

SW-10.155.0.x/20 and SW-10.155.0.y/20 have trunk/TAG connectivity(SW-10.155.0.x/20-->Te1/0/19--Te3/2->SW-10.155.0.y/20.

 

We have checked there is no ping drop between between MX's IP's. and Firmware is also upto date.

 

Now the issue is we are getting masive logs of VRRP transaction(Backup and master) on event logs as well as VRRP MAC flap on Network SWITCH betwen Ports ((SW-10.155.0.x/20 on Port Te1/0/19 and Te1/0/16).I have attached Topoloy for better understanding.I apprciate your feedback to mitigate this issue.

 

ranjankumarsgh_0-1695724265063.png

 

 

5 Replies 5
Chema-Spain
Getting noticed

Hi, per your explanation I assume your HS peer is properly configured.

 

VRRP for HA pair  could be flapping in case its hello packets (mcast towards 224.0.0.18) between both MXs are dropped by the switches. Please check this is not the case. 

 

Regarding your topology warm spare MX would not have access to internet in case sw1 fails. I guess there must be some cable missing between your SW2 and internet edge routers.

 

Regards

 

 

 

 

ranjankumarsgh
Getting noticed

Hi 

 

Thanks for your input. Yes Warm spare would not have internet if SW1 fails but this is not the case.

 

From SW1 I am able to ping multicat IP 224.0.0.18 but from SW 224.0.0.18 is not pinging. so it seems Multicat is not working or blocking on switch. Please suggest once

 

ranjankumarsgh
Getting noticed

Sorry I am able to reach 224.0.0.18 from both the Switches

Chema-Spain
Getting noticed

Hi, Meraki HA VRRP does not run over internet links. You must be sure you have connectivity thru any vlan (lan side) between both MX, as vrrp heartbeat runs over lan interfaces. Please take a look at heartbeat section:

 

MX Warm Spare - High-Availability Pair - Cisco Meraki

 

Is it possible that this lan-side connectivity could be unstable? Provided this is not the case, I can give you any other possible explanation for your flaps. 

 

Regards.

ranjankumarsgh
Getting noticed

Hi,

 

Thanks for focusing on this issue. The Second SW2 is acting as core SW and Multicat is enabled .

Also there is no any connectivity issue as this is L3 switch and more than 2000 users are behind this and connected with multiple L2 and L3 switches. So i am not suspecting this SW2 is culprit. At the same time i have also contacted TAC but as per them my topololy is wrong but what is wrong to run VRRP as per toplology, i am not getting. 

SW1 and SW2 running HSRP and SW1 is Active for MX SVI. Any other things that i can check to reslove this.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels