We’ve been using VRRP in conjunction with SMLT to make sure that either core ERS 8600 switch in a cluster could assume the default gateway for any specific VLAN should the other switch fail. While I’m not at liberty to get into specifics I can tell you that we recently ran straight into a wall with our VRRP configuration. We had about 60+ VLANs (port based) on an ERS 8600 switch cluster where the VRRP ID for each VLAN was set to “1″. While Nortel had previously said this configuration was supported, we ran into significant issues testing some new software code for the 8600.
In short Nortel is now advising that you MUST have unique VRRP IDs. Nortel recommends as best practice that you use the VLAN ID but that can be problematic since valid values for the VLAN ID are between 1..4096 and valid values for the VRRP ID are between 1..512. In my case the VLAN IDs were between 1 and 200 so I was able to match them up.
config vlan <VLAN ID> ip vrrp <VRRP ID> address <IP ADDRESS> config vlan <VLAN ID> ip vrrp <VRRP ID> backup-master enable config vlan <VLAN ID> ip vrrp <VRRP ID> enable ERS8600:5# config vlan 1 ip vrrp 1 address 10.10.1.1 ERS8600:5# config vlan 1 ip vrrp 1 backup-master enable ERS8600:5# config vlan 1 ip vrrp 1 enable ERS8600:5# config vlan 2 ip vrrp 2 address 10.10.2.1 ERS8600:5# config vlan 2 ip vrrp 2 backup-master enable ERS8600:5# config vlan 2 ip vrrp 2 enable ERS8600:5# config vlan 9 ip vrrp 9 address 10.10.9.1 ERS8600:5# config vlan 9 ip vrrp 9 backup-master enable ERS8600:5# config vlan 9 ip vrrp 9 enable
I believe Nortel is now recommending RSMLT in place of VRRP which we’ll be using going forward. If you’ve been using a VRRP ID of 1 in every VLAN you might want to consider changing your configuration. I hope to write a post about RSMLT in the near future detailing how to configure it and the advantages using RSMLT over VRRP.
A personal note of Thanks to Richard M. and Roger G. from Nortel for their help and assistance in troubleshooting this problem.
Cheers!
Related posts:
network architect and security professional, excited about helping folks make the most out of what technology as a whole has to offer.
Loading ...
#1 by michael gagnon on January 25, 2009 - 2:59 pm
i have been matching the vrrp-id to the vlan-id since the get go, but ran into the same annoyance as you wrt the vrrp vs vlan value ranges.
hopefully migrating to rsmlt soon as well…
#2 by Michael McNamara on January 26, 2009 - 12:54 am
I had never thought much of it until Nortel was able to duplicate the problem in their labs. I wrote a quick and dirty little AWK script to take the input from “show ip vrrp info”.
BEGIN { print “Nortel ERS 8600 VRRP ID Script” }
{ print “config vlan “$2″ ip vrrp 1 delete” }
{ print “config vlan “$2″ ip vrrp “$2″ address ” $3 }
{ print “config vlan “$2″ ip vrrp “$2″ backup-master enable” }
{ print “config vlan “$2″ ip vrrp “$2″ enable” }
END { print ” – DONE -” }
You would feed the input from the “show ip vrrp info” command into this AWK script and it would output the commands to delete and then re-create the VRRP instances using the VLAN ID as the VRRP ID. We had about 60+ VLANS to change and only 60 minutes and there was no way we were going to change them all on both switches in 60 minutes (we also wanted to minimize the downtime). So that with the output from that script I cut and pasted sections of the output into both 8600 switches and we were done in about 10 minutes with zero downtime.
Thanks for the comment!
#3 by Pavel on January 26, 2009 - 10:30 am
Michael, thanks for your interesting blog!!!
#4 by Ryan Kruger on July 28, 2009 - 3:39 am
We are running two 8600s connected via IST, and with VRRP, but I noticed in my log files that I receive the following messages :
CPU5 [07/28/09 09:41:15] IP ERROR rcIpVrrpIn: Misconfigured Advertisement type (Fast Advtisement) for Vrid 8 on IfIndex 2054, Local type:regular Advertisement
The VRRP is functioning fine, but I am just concerned about this incessant log entrys.
I have tried to find more info on this, to no luck, do you perhaps have any suggestions ?
Would be appreciated.
Ryan
#5 by Michael McNamara on July 28, 2009 - 9:04 am
Hi Ryan,
You have a mis-configuration between the two VRRP routers. You probably have Fast Advertisement enabled on one but disabled on the other. Assuming that your VRIDs match your VLAN IDs you could issue the following command on both your ERS 8600 switches;
ERS-8610:5# config vlan 8 ip vrrp 8 info Sub-Context: clear config dump monitor show test trace wsm asfm sam Current Context: action : none address : IP ADDRESS OF VRRP INTERFACE adver-int : 1 backup-master : enable critical-ip : 0.0.0.0 critical-ip-enable : disable fast-adv-int : 200 fast-adv-enable : disable delete : N/A vrrp enable : enable holddown-timer : 0 priority : 100The settings should be identical on both ERS 8600 switches. It sounds to me like someone has enabled Fast Advertisement on one of the switches but left it disabled on the other switch. Just go ahead and disable Fast Advertisement (fast-adv-enable) and the error should clear.
Good Luck!
#6 by Ryan Kruger on July 28, 2009 - 10:04 am
Thank you very much for your help.
Ryan
#7 by Michael McNamara on July 30, 2009 - 8:50 pm
Hopefully that fixed your problem.
Please feel free to post any other questions in the Ethernet Switching forums.
Cheers!
#8 by Thomas on December 23, 2009 - 1:26 am
We are using ERS 8600 as core switch.We are planing for a Core switch redundancy..
Couild u please tell me the configurations that i have to do during the activity.?
#9 by Michael McNamara on December 23, 2009 - 2:47 pm
Hi Thomas,
It can be fairly complicated to add VRRP and/or HSRP. It’s certainly not something that you should undertake without completely understanding what you are doing. Outside of the commands provided in the above article you can post over in the forums if you have additional questions;
http://forums.networkinfrastructure.info/nortel-ethernet-switching/
Good Luck!