Solved: EIGRP routing over new L3 connections

jkuehl · ‎12-30-2013

we have our network separated into a northend and southend. each data center has two 4510R+E switches running VSS between them. we have both data center's connected with a port channel that connects to a 3750E switch. we would like to remove the port channel and connect both data center's using EIGRP. I have setup the ports as L3 with IP addresses, i have setup the EIGRP process with the network, I can ping the interface of the switch on my side of the network. when i try to ping the other side, the ping fails.

What I am needing to happen, is to be able to drop the port-channel and then load balance over the L3 connections.

Jon Marshall · ‎12-31-2013

If that is the other switch pair then that is your problem.

If you have "mac-address use-virtual" then the domain ID is used to generate the unique mac addresses per VSS pair.

Because you have the same domain ID on both VSS pairs they are generating the same mac addresses and that explains your arp table output.

There are a number of workarounds but i think changing the domain ID for one VSS pair would be the preferred solution because using the same domain ID affects other things such as port channels which you may want to use.

See this link for full details of possible solutions -

http://www.labminutes.com/blog/2012/12/cisco-6500-vss-domain-id-and-virtual-mac-address

Jon

View solution in original post

Reza Sharifi · ‎12-30-2013

Not sure why ping fails between the 2 VSS sets. The easier design would be to have a Layer-3 portchannel between the 2 sets with one /30 instead of 4.

HTH

jkuehl · ‎12-31-2013

we were running the 4 connections for redundancy between the switches. We have two sets of fibers, one is buried and the other is on the pole. we wanted to make sure if one gets cuts there will have the other side to fall back on.

I am looking at building the port channels in our lab to see if that will work as well.

Jon Marshall · ‎12-31-2013

Your EIGRP adjancencies are not working properly ie. the RTO is 5000 and your Q cnt is > 0.

Do you see any messages in your log files regarding EIGRP ?

Are you sure you have connected the links correctly ie the addresses on either of the link are correct from your diagram but have you actually connected them up that way.

Jon

jkuehl · ‎12-31-2013

I ran show cdp neighbor and verified that all the connections were going to the correct interfaces with the correct IP addresses.

Jon Marshall · ‎12-31-2013

If CDP is working then you have basic connectivity at L2 but you say you cannot ping the remote ends. This sounds more like a basic connectivity issue than an EIGRP problem.

Ping is obviously L3. Are you absolutely sure the IPs and subnet masks are correct ?

Jon

jkuehl · ‎12-31-2013

show cdp neighbor

Device ID Local Intrfce Holdtme Capability Platform Port ID

Northend Ten 1/1/4 133 R S I WS-C4510R Ten 1/1/1

Northend Ten 2/6/1 172 R S I WS-C4510R Ten 1/5/1

Northend Ten 2/1/4 123 R S I WS-C4510R Ten 2/1/2

Northend Interfaces

interface TenGigabitEthernet1/5/1

no switchport

ip address 10.254.250.1 255.255.255.252

end

!

interface TenGigabitEthernet2/5/1

no switchport

ip address 10.254.250.5 255.255.255.252

shutdown

end

!

interface TenGigabitEthernet1/1/1

no switchport

ip address 10.254.250.9 255.255.255.252

end

interface TenGigabitEthernet2/1/2

no switchport

ip address 10.254.250.13 255.255.255.252

end

Southend Interfaces

interface TenGigabitEthernet2/6/1

no switchport

ip address 10.254.250.2 255.255.255.252

end

interface TenGigabitEthernet1/1/4

no switchport

ip address 10.254.250.10 255.255.255.252

end

interface TenGigabitEthernet2/1/4

no switchport

ip address 10.254.250.14 255.255.255.252

end

Jon Marshall · ‎12-31-2013

Your 4500s are running VSS. Do you have different domain IDs for each pair ?

Jon

jkuehl · ‎12-31-2013

Yes both pairs of 4500's are running VSS and each pair is running a different VTP domain

Jon Marshall · ‎12-31-2013

Not the VTP domain, the domain ID when you configure VSS.

Jon

Jon Marshall · ‎12-31-2013

To see the domain ID on your switches -

"sh switch virtual"

Jon

jkuehl · ‎12-31-2013

#sh swi vir

Executing the command on VSS member switch role = VSS Active, id = 1

Switch mode : Virtual Switch

Virtual switch domain number : 1

Local switch number : 1

Local switch operational role: Virtual Switch Active

Peer switch number : 2

Peer switch operational role : Virtual Switch Standby

Executing the command on VSS member switch role = VSS Standby, id = 2

Switch mode : Virtual Switch

Virtual switch domain number : 1

Local switch number : 2

Local switch operational role: Virtual Switch Standby

Peer switch number : 1

Peer switch operational role : Virtual Switch Active

jkuehl · ‎12-31-2013

from within the northend and southend switches i can ping the other side of the L2 interfaces.

Its when i am on another switch that is connected to either the northend or southend that i am unable to ping the other side the interface.

Jon Marshall · ‎12-31-2013

In addition to previous post, when you try to ping the remote end of the connection what does the arp table show ?

Jon

jkuehl · ‎12-31-2013

Northend#sh arp | in 10.254.250

Internet 10.254.250.1 - 0008.e3ff.fc04 ARPA TenGigabitEthernet1/5/1

Internet 10.254.250.2 0 Incomplete ARPA

Internet 10.254.250.9 - 0008.e3ff.fc04 ARPA TenGigabitEthernet1/1/1

Internet 10.254.250.10 0 Incomplete ARPA

Internet 10.254.250.13 - 0008.e3ff.fc04 ARPA TenGigabitEthernet2/1/2

Internet 10.254.250.14 0 Incomplete ARPA

Southend#sh arp | in 10.254.250

Internet 10.254.250.1 0 Incomplete ARPA

Internet 10.254.250.2 - 0008.e3ff.fc04 ARPA TenGigabitEthernet2/6/1

Internet 10.254.250.10 - 0008.e3ff.fc04 ARPA TenGigabitEthernet1/1/4

Internet 10.254.250.13 0 Incomplete ARPA

Internet 10.254.250.14 - 0008.e3ff.fc04 ARPA TenGigabitEthernet2/1/4