ACE: FT Secondary Context not working

Unanswered Question
Nov 30th, 2007
User Badges:

The second context is not working, config is auto-sync'd

- Nothing is appearing in the arp table, so no communication is being made to the context. This sounds like how it should work when it is in a secondary state, is this the case?

But when I failover to it, there is still nothing in the arp table, even though the context is in ACTIVE state.

All ideas welcome

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Syed Iftekhar Ahmed Fri, 11/30/2007 - 11:15
User Badges:
  • Blue, 1500 points or more

Did you assign vlans from MSFC to the ACE module on the 2nd chasiss?


Just a thought..


Syed

danger_mousie Fri, 11/30/2007 - 11:28
User Badges:

Thanks Syed, yes both 6509s have the range of vlans assigned to the module and the right vlans allocated to the context. So I should be seeing a full arp table in the context even when it's in standby?

Syed Iftekhar Ahmed Fri, 11/30/2007 - 11:42
User Badges:
  • Blue, 1500 points or more

Even the secondary context sends out probe to the rservers. Your arp table shouldnt be empty.


Are your contexts sharing vlans?

16 bank of mac adddresses are available to each ACE.If two ACEs are used in same layer2 network then different banks should be used


this is done by "shared-vlan-hostid

command.


Syed

danger_mousie Fri, 11/30/2007 - 12:17
User Badges:

Syed, This sounds like the solution, and have implemented it. I've put bank #1 on one ACE and bank #2 on the other. There is no change to the arp tables as yet. Do I need to reload?

danger_mousie Fri, 11/30/2007 - 12:36
User Badges:

Clearing arp, and recreating the context has not changed the MAC addresses. I will not be able to reload the primary ACE until tomorrow. There is a live service on the secondary ACE that does not have failover, so i don't know when i'd get to reload that one.

Syed Iftekhar Ahmed Fri, 11/30/2007 - 12:48
User Badges:
  • Blue, 1500 points or more

sh np 1 interface iflookup


will tell you whether both ACEs are using the same MAC.


Syed

Syed Iftekhar Ahmed Fri, 11/30/2007 - 15:17
User Badges:
  • Blue, 1500 points or more

I just found a bug related to shared-vlan-hostid.(reload is by the way needed for this command)


CSCsi01207


Using shared-vlan-hostid on one ace and shared-vlan-hostid

on the other ace does not help (In case of redundant setup) since this command is replicated from primary context.


If you really are facing the same MAC address issue then rebooting the ACE is the only option.On reboot ACE selects a random MAC address.


Syed

danger_mousie Sat, 12/01/2007 - 01:09
User Badges:

Hi Syed, I have attached output from 'sh np 1 int if'. I'm not sure that I have the same MACs issue, because I don't seem to have any MACs at all on the secondary. :) Also, the shared-vlan-hostid command is only available in the Admin context, so I don't think it should be sync'd across (or is that the bug). In my case it has not been.

What does the output attached tell you?



Attachment: 
Syed Iftekhar Ahmed Sat, 12/01/2007 - 03:18
User Badges:
  • Blue, 1500 points or more

Mac address pool is different on both ACEs


Primary/Service# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0c:49

Last burnt-in MAC: 00:1b:d5:9c:0c:4f

No of burnt-in MACs: 7

Hostid: 2


Secondary/Admin# sh np 1 int if


First burnt-in MAC: 00:1b:d5:9c:0e:2d

Last burnt-in MAC: 00:1b:d5:9c:0e:33

No of burnt-in MACs: 7

Hostid: 1



You are not in the situation where both ACE select same Mac address pool.


I suspect that Vlan 528 and 529 are not available on Secondary ACE.


Please check


1. If Vlan are properly defined on Secondary Switch.

2. If these VLAN are assigned from SUP to ACE

3. If trunk between 2 Switches allow the vlans used in the appropriate contexts



Syed

danger_mousie Sat, 12/01/2007 - 03:53
User Badges:

See attached, I may have been looking at this for too long but I think it's all correct. Hopefully you can spot something.



Attachment: 
Syed Iftekhar Ahmed Sat, 12/01/2007 - 16:50
User Badges:
  • Blue, 1500 points or more

Config looks good..


On secondary the Services context doesnt show the vlans


Check the difference in output of the following commands.


Primary/Service# sh np 1 int if

First burnt-in MAC: 00:1b:d5:9c:0c:49

Last burnt-in MAC: 00:1b:d5:9c:0c:4f

No of burnt-in MACs: 7

Hostid: 2

Shared vlan macs currently in use (offset from 2048):

Vlan-vmac indexes currently in use: 0

Flags: Valid shared bridged ftstatus ssl-test normalization icmp-guard


Vlan ifid matchid ctxt primary vvind ftgrp ttl optact df Flags

---- ---- ------- ---- ------- ----- ----- --- ------ -- -----

528 4 4 1 528 0 6 0 2 0 1001000

529 5 5 1 529 0 6 0 2 0 1001000




Secondary/Service# sh np 1 int if


First burnt-in MAC: 00:1b:d5:9c:0e:2d

Last burnt-in MAC: 00:1b:d5:9c:0e:33

No of burnt-in MACs: 7

Hostid: 1

Shared vlan macs currently in use (offset from 1024): 0

Vlan-vmac indexes currently in use: 0-1

Flags: Valid shared bridged ftstatus ssl-test normalization icmp-guard


Vlan ifid matchid ctxt primary vvind ftgrp ttl optact df Flags

---- ---- ------- ---- ------- ----- ----- --- ------ -- -----


Which is not the case with the admin context on both switches.


Is it possible to reboot the secondary.


Syed


Syed Iftekhar Ahmed Sun, 12/02/2007 - 00:32
User Badges:
  • Blue, 1500 points or more

You have SVIs defined for both vlan 528 and 529 on MSFC. How will return traffic pass through ACE?


Are you running one arm mode/ using source NAT?


Can you also post vlan interfaces config on ACE.



Syed




danger_mousie Sun, 12/02/2007 - 00:41
User Badges:

Yes, that's certainly what i'm trying to do. As for rebooting, not sure if or when that can happen. But I will try.

danger_mousie Mon, 12/03/2007 - 11:08
User Badges:

When you asked for the interface config I also did a "show int" on the secondary ACE:


vlan528 is down, IP address or bridge group not configured

...


vlan529 is down, IP address or bridge group not configured

...


I had previously thought that the secondary took over the primary's interface address, but in fact (as i'm sure you're well aware) I should have configured " peer ip address x.x.x.x x.x.x.x" on both vlans in the primary context. I have done so and all is working as expected.


Thanks for your time and help,


Claire

Actions

This Discussion