Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
625
Views
0
Helpful
2
Replies

VIP and Virtual Interface Redundancy failed

freedream
Level 1
Level 1

‎05-23-2008 10:18 PM

Hi,folks

I have some questions to ask for help:

We have just installed a new CSS to make VIP and Virtual Interface redundancy with the old existing one,including fate sharing function.

For the topology,plz see:

http://www2.picturepush.com/photo/a/716440/640/716440.jpg

The traffics go OK from incoming to outgoing:Internet--> FW01 --> CSS01 -->Servers

when CSS failover to the backup one ,we think the traffics would go like this way and everything would be OK,too: Internet --> FW01 --> CSS02 --> Servers . However it failed. We can PING all servers,but all service connections down.

The "show redundant-interface" on Backup CSS says it be the "MASTER" for both VLAN203 and VLAN204. Seems impossible.

Strangely,when we failover FW01 to FW02,and CSS01 auto failover to CSS02 due to fate sharing,the traffics go OK in this way: Internet -->FW02 --> CSS02 --> Servers

In guess,it seems services request from FW01 to CSS02 is not available or ACK from Servers are not proper fallback according to the first failover above.

Could anyone help for an analysis? Any comment will be appreciated. Thank you!

Aaron

-------CSS01 VIP Redundancy Config-----

circuit VLAN204

ip address 172.16.10.217 255.255.255.0

ip virtual-router 204 priority 105 preempt

ip redundant-interface 204 172.16.10.219

ip redundant-vip 204 172.16.20.1

ip redundant-vip 204 172.16.20.2

ip redundant-vip 204 172.16.20.3

ip redundant-vip 204 172.16.20.4

ip redundant-vip 204 172.16.20.5

ip redundant-vip 204 172.16.20.6

ip redundant-vip 204 172.16.20.7

ip redundant-vip 204 172.16.20.8

ip redundant-vip 204 172.16.20.9

ip redundant-vip 204 172.16.20.10

circuit VLAN203

ip address 172.16.20.217 255.255.255.0

ip virtual-router 203 priority 105 preempt

ip redundant-interface 203 172.16.20.219

-------CSS02 VIP Redundancy Config-----

circuit VLAN204

ip address 172.16.10.218 255.255.255.0

ip virtual-router 204 preempt

ip redundant-interface 204 172.16.10.219

ip redundant-vip 204 172.16.20.1

ip redundant-vip 204 172.16.20.2

ip redundant-vip 204 172.16.20.3

ip redundant-vip 204 172.16.20.4

ip redundant-vip 204 172.16.20.5

ip redundant-vip 204 172.16.20.6

ip redundant-vip 204 172.16.20.7

ip redundant-vip 204 172.16.20.8

ip redundant-vip 204 172.16.20.9

ip redundant-vip 204 172.16.20.10

ip critical-service 204 upstream_downstream

circuit VLAN203

ip address 172.16.20.218 255.255.255.0

ip virtual-router 203 preempt

ip redundant-interface 203 172.16.20.219

ip critical-service 203 upstream_downstream

Default route is : 172.16.10.222

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-28-2008 12:28 AM

I personally do not like this kind of design with the FW connecting directly to the CSS.

Better use your switches and have the CSS only connect to the switch on different vlan.

This guarantees the CSS can reach any FW at any time.

Now, if you want to keep your design, you can try the command 'ip uncond-bridging' which is necessary when doing bridging (the link between the 2 CSS).

This should solve the problem.

Gilles.

0 Helpful

freedream
Level 1
Level 1
In response to Gilles Dufour

‎05-28-2008 03:42 AM

Gilles,

Thank you very much. I'll try this command later.Hope it works.

0 Helpful
Customers Also Viewed These Support Documents