cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2832
Views
0
Helpful
6
Replies

DHCP intermittently works with HSRP Version 2 on Nexus7010 due to ARP

aamercado
Level 4
Level 4

HSRP Version 2 and DHCP doesn't work well with ARPing.

I have my N7K and setup the following per what I believe is recommend design:

Core1-N7k is Primary as VPC peer, HSRP Version2 Active, STP root. My OSPF is set to Point to Point so no need to worry about DR and BDR. I have also setup a separate LACP for VPC VLAN versus another LACP for non-VPC vlans.

I have a VPC to a 3750 switch set to "spanning-tree port type normal" where all my HSRP/VLAN 2XXX is going through. Host sometimes can get DHCP or not, when they cannot I find there is an arp issue so need to bounce the vlan interface on the N7k to get it working but this is a bandaid.

I heard if I enable "Peer Gateway" on both N7K cores, this may solve the problem but create additional problems. I will probably try this but wondered if anyone had the same problem or a solution.

6 Replies 6

kyukim
Cisco Employee
Cisco Employee

Hi,

"Peer Gateway" allows a vPC switch to act as the active gateway for packets addressed to the peer router MAC to overcome Interoperability with non RFC compliant features of some NAS or load-balancer devices (i.e. NETAPP Fast-Path or EMC IP-Reflect, CheckPoint).

So, I am not sure if it will solve your problem.

I assume your N7Ks work as DHCP relay agent.

You mentioned there was ARP issue when hosts can't get DHCP address from DHCP server.

Have you tried to run "deb dhcp error" and "deb dhcp pkt-events"?

This will give us more detail on why DHCP relay isn't working.

Also, which NX-OS version are you running on?

I can check if there is any known DHCP bug on it.

KK.

yes, n7k is a dhcp relay agent and I am on n7000-s1-dk9.5.0.2a.bin. DHCP  is not the issue. It is the hsrp and arp as that fails which subsequently affects dhcp. For example, below is core1 and 2 and on Core2, it is broken until I bounce "inter vlan 2200", then it works.

interface Vlan2200
  no shutdown
  no ip redirects
  ip address 10.102.200.2/23
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.200
  ip pim sparse-mode
  ip igmp version 2
  hsrp version 2
  hsrp 2220
    authentication text
    preempt delay minimum 180
    priority 90
    timers  1  3
    ip 10.102.200.1
  ip dhcp relay address 10.100.211.71

N7K-CORE1-CA# sh int vl 2200
Vlan2200 is up, line protocol is up

N7K-CORE1-CA# sh ip arp | in 10.102.200.
10.102.200.3    00:05:00  0026.9802.b541  Vlan2200
10.102.200.1       -      0000.0c9f.f8ac  Vlan2200

N7K-CORE1-CA# sh hsrp interface vlan 2200
Vlan2200 - Group 2220 (HSRP-V2) (IPv4)
  Local state is Active, priority 90 (Cfged 90), may preempt
    Forwarding threshold(for vPC), lower: 1 upper: 90
  Preemption Delay (Seconds) Minimum:180
  Hellotime 1 sec, holdtime 3 sec
  Next hello sent in 0.518000 sec(s)
  Virtual IP address is 10.102.200.1 (Cfged)
  Active router is local
  Standby router is 10.102.200.3 , priority 80 expires in 2.520000 sec(s)
  Authentication text "removed"
  Virtual mac address is 0000.0c9f.f8ac (Default MAC)
  117 state changes, last state change 1w4d
  IP redundancy name is hsrp-Vlan2200-2220 (default)

N7K-CORE1-CA# ping 10.102.200.2
PING 10.102.200.2 (10.102.200.2): 56 data bytes
64 bytes from 10.102.200.2: icmp_seq=0 ttl=255 time=0.663 ms
64 bytes from 10.102.200.2: icmp_seq=1 ttl=255 time=0.329 ms
64 bytes from 10.102.200.2: icmp_seq=2 ttl=255 time=0.361 ms
64 bytes from 10.102.200.2: icmp_seq=3 ttl=255 time=0.35 ms
64 bytes from 10.102.200.2: icmp_seq=4 ttl=255 time=0.37 ms

--- 10.102.200.2 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.329/0.414/0.663 ms
N7K-CORE1-CA# ping 10.102.200.3
PING 10.102.200.3 (10.102.200.3): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

--- 10.102.200.3 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss
N7K-CORE1-CA# ping 10.102.200.1
PING 10.102.200.1 (10.102.200.1): 56 data bytes
64 bytes from 10.102.200.1: icmp_seq=0 ttl=255 time=0.606 ms
64 bytes from 10.102.200.1: icmp_seq=1 ttl=255 time=0.405 ms
64 bytes from 10.102.200.1: icmp_seq=2 ttl=255 time=0.468 ms
64 bytes from 10.102.200.1: icmp_seq=3 ttl=255 time=0.391 ms
64 bytes from 10.102.200.1: icmp_seq=4 ttl=255 time=0.328 ms

***************************On the other N7k, arp is not showing up***************************

N7K-CORE2-CA# sh ip arp | in 10.102.200.


N7K-CORE2-CA# sh int vlan 2200
Vlan2200 is up, line protocol is up
  Hardware is EtherSVI, address is  0026.9802.b541
  Internet Address is 10.102.200.3/23
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
   reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  ARP type: ARPA
  Last clearing of "show interface" counters never
  60 seconds input rate 793 bits/sec, 1 packets/sec
  60 seconds output rate 0 bits/sec, 0 packets/sec
  Load-Interval #2: 5 minute (300 seconds)
    input rate 785 bps, 1 pps; output rate 0 bps, 0 pps
  L3 Switched:
    input: 970812 pkts, 95139608 bytes - output: 6 pkts, 732 bytes
  L3 in Switched:
    ucast: 8 pkts, 816 bytes - mcast: 970804 pkts, 95138792 bytes
  L3 out Switched:
    ucast: 6 pkts, 732 bytes - mcast: 0 pkts, 0 bytes

N7K-CORE2-CA# sh hsrp interface vlan 2200
Vlan2200 - Group 2220 (HSRP-V2) (IPv4)
  Local state is Standby, priority 80 (Cfged 80), may preempt
    Forwarding threshold(for vPC), lower: 1 upper: 80
  Preemption Delay (Seconds) Minimum:180
  Hellotime 1 sec, holdtime 3 sec
  Next hello sent in 0.650000 sec(s)
  Virtual IP address is 10.102.200.1 (Cfged)
  Active router is 10.102.200.2, priority 90 expires in 2.653000 sec(s)
  Standby router is local
  Authentication text "removed"
  Virtual mac address is 0000.0c9f.f8ac (Default MAC)
  44 state changes, last state change 1w4d
  IP redundancy name is hsrp-Vlan2200-2220 (default)

N7K-CORE2-CA# ping 10.102.200.1
PING 10.102.200.1 (10.102.200.1): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

--- 10.102.200.1 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss
N7K-CORE2-CA# ping 10.102.200.2
PING 10.102.200.2 (10.102.200.2): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

--- 10.102.200.2 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss
N7K-CORE2-CA# ping 10.102.200.3
PING 10.102.200.3 (10.102.200.3): 56 data bytes
64 bytes from 10.102.200.3: icmp_seq=0 ttl=255 time=0.836 ms
64 bytes from 10.102.200.3: icmp_seq=1 ttl=255 time=0.406 ms
64 bytes from 10.102.200.3: icmp_seq=2 ttl=255 time=0.293 ms
64 bytes from 10.102.200.3: icmp_seq=3 ttl=255 time=0.406 ms
64 bytes from 10.102.200.3: icmp_seq=4 ttl=255 time=0.43 ms

--- 10.102.200.3 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.293/0.474/0.836 ms


N7K-CORE2-CA# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
N7K-CORE2-CA(config)# int vl 2200
N7K-CORE2-CA(config-if)# sh
N7K-CORE2-CA(config-if)# no sh


N7K-CORE2-CA(config-if)# ping 10.102.200.1
PING 10.102.200.1 (10.102.200.1): 56 data bytes
Request 0 timed out
64 bytes from 10.102.200.1: icmp_seq=1 ttl=254 time=1.053 ms
64 bytes from 10.102.200.1: icmp_seq=2 ttl=254 time=1.061 ms
64 bytes from 10.102.200.1: icmp_seq=3 ttl=254 time=0.969 ms
64 bytes from 10.102.200.1: icmp_seq=4 ttl=254 time=0.966 ms

--- 10.102.200.1 ping statistics ---
5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.966/1.012/1.061 ms
N7K-CORE2-CA(config-if)# ping 10.102.200.2
PING 10.102.200.2 (10.102.200.2): 56 data bytes
Request 0 timed out
64 bytes from 10.102.200.2: icmp_seq=1 ttl=254 time=1.023 ms
64 bytes from 10.102.200.2: icmp_seq=2 ttl=254 time=0.604 ms
64 bytes from 10.102.200.2: icmp_seq=3 ttl=254 time=0.57 ms
64 bytes from 10.102.200.2: icmp_seq=4 ttl=254 time=0.571 ms

N7K-CORE2-CA(config-if)# sh ip arp | in 10.102.200.
10.102.200.1    00:01:24  0000.0c9f.f8ac  Vlan2200
10.102.200.2    00:01:19  0026.9818.1dc1  Vlan2200

Hi,

Thank you for detail problem explanation.

It could be CORE2 is not processing ARP request from CORE1 or CORE2 processed ARP request and sent out reply but SVI on CORE2 failed to send out.

Would you try to turn on debug ip arp packet on both routers to see if arp request from CORE1 reaches CORE2 and CORE2 replies back?

Also, what NX OS version you are running?

I can check if there is any known bug.

Do you see this problem from several vlans or only one vlan?

KK

I am having the same exact problem, and I am running version 5.1(2).

Hi,

how did you solve the problem ?

Best Regards,

Samer Labaky

TAC said:

CSCtg92465    Missing gwmacs for a few SVIs after root bridge reload

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?methodhttp://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg92465=fetchBugDetails&bugId=CSCtg92465

which required an upgrade

Also enabled Peer Gateway on Core1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: