N7010 6.2(6a) vrf-lite route-leaking hsrp vip cant ping from active hsrp nexus
We are having problem with route-leaking hsrp virtual ip from our nexus 7010 here is our configuration. We need to ping inter-vrf the active hsrp virtual ip please see below, your comments are greatly appreciated:
But ping test are failing from vrf DATACENTER-GLOBAL to vlan 501 HSRP VIP & Physical (vrf DATACENTER-INTERNAL)
Mandaue-N7K-1-VDC3# ping 10.101.1.12 vrf DATACENTER-GLOBAL PING 10.101.1.12 (10.101.1.12): 56 data bytes Request 0 timed out Request 1 timed out Request 2 timed out Request 3 timed out Request 4 timed out
--- 10.101.1.12 ping statistics --- 5 packets transmitted, 0 packets received, 100.00% packet loss Mandaue-N7K-1-VDC3# ping 10.101.1.13 vrf DATACENTER-GLOBAL PING 10.101.1.13 (10.101.1.13): 56 data bytes Request 0 timed out Request 1 timed out Request 2 timed out Request 3 timed out Request 4 timed out
but from active nexus hsrp 7010-1 if i ping the standby hsrp nexus 7010-2
Mandaue-N7K-1-VDC3# ping 10.101.1.14 vrf DATACENTER-GLOBAL PING 10.101.1.14 (10.101.1.14): 56 data bytes Request 0 timed out 64 bytes from 10.101.1.14: icmp_seq=1 ttl=254 time=1.389 ms 64 bytes from 10.101.1.14: icmp_seq=2 ttl=254 time=1.157 ms 64 bytes from 10.101.1.14: icmp_seq=3 ttl=254 time=1.199 ms 64 bytes from 10.101.1.14: icmp_seq=4 ttl=254 time=1.203 ms
--- 10.101.1.14 ping statistics --- 5 packets transmitted, 4 packets received, 20.00% packet loss round-trip min/avg/max = 1.157/1.236/1.389 ms
Had an answer with cisco tac as this feature is not fully supported on nexus our client decided not to use vrf lite on the nexus.
instead just use another subinterface on the uplink using the bypass vrf to implement bypass (keep shut and just no shut and enable routing when needing to bypass the firewall)
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...