ACE: FT Secondary Context not working

Unanswered Question
Nov 30th, 2007

The second context is not working, config is auto-sync'd

- Nothing is appearing in the arp table, so no communication is being made to the context. This sounds like how it should work when it is in a secondary state, is this the case?

But when I failover to it, there is still nothing in the arp table, even though the context is in ACTIVE state.

All ideas welcome

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
danger_mousie Fri, 11/30/2007 - 11:28

Thanks Syed, yes both 6509s have the range of vlans assigned to the module and the right vlans allocated to the context. So I should be seeing a full arp table in the context even when it's in standby?

Syed Iftekhar Ahmed Fri, 11/30/2007 - 11:42

Even the secondary context sends out probe to the rservers. Your arp table shouldnt be empty.

Are your contexts sharing vlans?

16 bank of mac adddresses are available to each ACE.If two ACEs are used in same layer2 network then different banks should be used

this is done by "shared-vlan-hostid

command.

Syed

danger_mousie Fri, 11/30/2007 - 12:17

Syed, This sounds like the solution, and have implemented it. I've put bank #1 on one ACE and bank #2 on the other. There is no change to the arp tables as yet. Do I need to reload?

danger_mousie Fri, 11/30/2007 - 12:36

Clearing arp, and recreating the context has not changed the MAC addresses. I will not be able to reload the primary ACE until tomorrow. There is a live service on the secondary ACE that does not have failover, so i don't know when i'd get to reload that one.

Syed Iftekhar Ahmed Fri, 11/30/2007 - 15:17

I just found a bug related to shared-vlan-hostid.(reload is by the way needed for this command)

CSCsi01207

Using shared-vlan-hostid on one ace and shared-vlan-hostid

on the other ace does not help (In case of redundant setup) since this command is replicated from primary context.

If you really are facing the same MAC address issue then rebooting the ACE is the only option.On reboot ACE selects a random MAC address.

Syed

danger_mousie Sat, 12/01/2007 - 01:09

Hi Syed, I have attached output from 'sh np 1 int if'. I'm not sure that I have the same MACs issue, because I don't seem to have any MACs at all on the secondary. :) Also, the shared-vlan-hostid command is only available in the Admin context, so I don't think it should be sync'd across (or is that the bug). In my case it has not been.

What does the output attached tell you?

Attachment: 
Syed Iftekhar Ahmed Sat, 12/01/2007 - 03:18

Mac address pool is different on both ACEs

Primary/Service# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0c:49

Last burnt-in MAC: 00:1b:d5:9c:0c:4f

No of burnt-in MACs: 7

Hostid: 2

Secondary/Admin# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0e:2d

Last burnt-in MAC: 00:1b:d5:9c:0e:33

No of burnt-in MACs: 7

Hostid: 1

You are not in the situation where both ACE select same Mac address pool.

I suspect that Vlan 528 and 529 are not available on Secondary ACE.

Please check

1. If Vlan are properly defined on Secondary Switch.

2. If these VLAN are assigned from SUP to ACE

3. If trunk between 2 Switches allow the vlans used in the appropriate contexts

Syed

danger_mousie Sat, 12/01/2007 - 03:53

See attached, I may have been looking at this for too long but I think it's all correct. Hopefully you can spot something.

Attachment: 
Syed Iftekhar Ahmed Sat, 12/01/2007 - 16:50

Config looks good..

On secondary the Services context doesnt show the vlans

Check the difference in output of the following commands.

Primary/Service# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0c:49

Last burnt-in MAC: 00:1b:d5:9c:0c:4f

No of burnt-in MACs: 7

Hostid: 2

Shared vlan macs currently in use (offset from 2048):

Vlan-vmac indexes currently in use: 0

Flags: Valid shared bridged ftstatus ssl-test normalization icmp-guard

Vlan ifid matchid ctxt primary vvind ftgrp ttl optact df Flags

---- ---- ------- ---- ------- ----- ----- --- ------ -- -----

528 4 4 1 528 0 6 0 2 0 1001000

529 5 5 1 529 0 6 0 2 0 1001000

Secondary/Service# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0e:2d

Last burnt-in MAC: 00:1b:d5:9c:0e:33

No of burnt-in MACs: 7

Hostid: 1

Shared vlan macs currently in use (offset from 1024): 0

Vlan-vmac indexes currently in use: 0-1

Flags: Valid shared bridged ftstatus ssl-test normalization icmp-guard

Vlan ifid matchid ctxt primary vvind ftgrp ttl optact df Flags

---- ---- ------- ---- ------- ----- ----- --- ------ -- -----

Which is not the case with the admin context on both switches.

Is it possible to reboot the secondary.

Syed

Syed Iftekhar Ahmed Sun, 12/02/2007 - 00:32

You have SVIs defined for both vlan 528 and 529 on MSFC. How will return traffic pass through ACE?

Are you running one arm mode/ using source NAT?

Can you also post vlan interfaces config on ACE.

Syed

danger_mousie Sun, 12/02/2007 - 00:41

Yes, that's certainly what i'm trying to do. As for rebooting, not sure if or when that can happen. But I will try.

danger_mousie Mon, 12/03/2007 - 11:08

When you asked for the interface config I also did a "show int" on the secondary ACE:

vlan528 is down, IP address or bridge group not configured

...

vlan529 is down, IP address or bridge group not configured

...

I had previously thought that the secondary took over the primary's interface address, but in fact (as i'm sure you're well aware) I should have configured " peer ip address x.x.x.x x.x.x.x" on both vlans in the primary context. I have done so and all is working as expected.

Thanks for your time and help,

Claire

Actions

This Discussion