VIP and Virtual Interface Redundancy failed

Unanswered Question
May 23rd, 2008
User Badges:

Hi,folks


I have some questions to ask for help:


We have just installed a new CSS to make VIP and Virtual Interface redundancy with the old existing one,including fate sharing function.


For the topology,plz see:

http://www2.picturepush.com/photo/a/716440/640/716440.jpg


The traffics go OK from incoming to outgoing:Internet--> FW01 --> CSS01 -->Servers


when CSS failover to the backup one ,we think the traffics would go like this way and everything would be OK,too: Internet --> FW01 --> CSS02 --> Servers . However it failed. We can PING all servers,but all service connections down.

The "show redundant-interface" on Backup CSS says it be the "MASTER" for both VLAN203 and VLAN204. Seems impossible.


Strangely,when we failover FW01 to FW02,and CSS01 auto failover to CSS02 due to fate sharing,the traffics go OK in this way: Internet -->FW02 --> CSS02 --> Servers


In guess,it seems services request from FW01 to CSS02 is not available or ACK from Servers are not proper fallback according to the first failover above.


Could anyone help for an analysis? Any comment will be appreciated. Thank you!



Aaron



-------CSS01 VIP Redundancy Config-----

circuit VLAN204


ip address 172.16.10.217 255.255.255.0

ip virtual-router 204 priority 105 preempt

ip redundant-interface 204 172.16.10.219

ip redundant-vip 204 172.16.20.1

ip redundant-vip 204 172.16.20.2

ip redundant-vip 204 172.16.20.3

ip redundant-vip 204 172.16.20.4

ip redundant-vip 204 172.16.20.5

ip redundant-vip 204 172.16.20.6

ip redundant-vip 204 172.16.20.7

ip redundant-vip 204 172.16.20.8

ip redundant-vip 204 172.16.20.9

ip redundant-vip 204 172.16.20.10


circuit VLAN203


ip address 172.16.20.217 255.255.255.0

ip virtual-router 203 priority 105 preempt

ip redundant-interface 203 172.16.20.219



-------CSS02 VIP Redundancy Config-----


circuit VLAN204


ip address 172.16.10.218 255.255.255.0

ip virtual-router 204 preempt

ip redundant-interface 204 172.16.10.219

ip redundant-vip 204 172.16.20.1

ip redundant-vip 204 172.16.20.2

ip redundant-vip 204 172.16.20.3

ip redundant-vip 204 172.16.20.4

ip redundant-vip 204 172.16.20.5

ip redundant-vip 204 172.16.20.6

ip redundant-vip 204 172.16.20.7

ip redundant-vip 204 172.16.20.8

ip redundant-vip 204 172.16.20.9

ip redundant-vip 204 172.16.20.10

ip critical-service 204 upstream_downstream


circuit VLAN203


ip address 172.16.20.218 255.255.255.0

ip virtual-router 203 preempt

ip redundant-interface 203 172.16.20.219

ip critical-service 203 upstream_downstream



Default route is : 172.16.10.222




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Wed, 05/28/2008 - 00:28
User Badges:
  • Cisco Employee,

I personally do not like this kind of design with the FW connecting directly to the CSS.

Better use your switches and have the CSS only connect to the switch on different vlan.

This guarantees the CSS can reach any FW at any time.


Now, if you want to keep your design, you can try the command 'ip uncond-bridging' which is necessary when doing bridging (the link between the 2 CSS).

This should solve the problem.


Gilles.

freedream Wed, 05/28/2008 - 03:42
User Badges:

Gilles,

Thank you very much. I'll try this command later.Hope it works.

Actions

This Discussion