[c-nsp] Cisco 6509 VRRP no preemption

Tolstykh, Andrew ATolstykh at integrysgroup.com
Thu Aug 2 00:31:44 EDT 2007 

R2 needs to have a higher VRRP priority value in order to keep its
Master role even if both routers have preemption disabled. In the future
you can simply increase the VRRP priority on the currently active router
to a value higher than what is configured on the rebooting router. In
this case anything higher than 200 would work on R2.

My recommendation is to convert both switches to HSRP and use the reload
delay feature configured at the interface level:

"standby delay reload 120"

Another option is to create a redundant Etherchannel bundle between R1 -
R2 and enable "spanning port-fast trunk". The last option needs to be
carefully analyzed due to the potential spanning tree issues.


-----Original Message-----
From: Gier, Menno de (Menno) [mailto:mdegier at alcatel-lucent.com] 
Sent: Wednesday, August 01, 2007 4:56 PM
To: Tolstykh, Andrew
Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption

Andrew,

Is it possible to keep R2 as VRRP master after R1 comes active again? If
I give both routers the same VRRP priority, will this work or will
another mechanism kick in, like highest IP? Is it possible to configure
the machine in such way that after a reboot the other router will state
VRRP master.

/M

-----Original Message-----
From: Tolstykh, Andrew [mailto:ATolstykh at integrysgroup.com] 
Sent: woensdag 1 augustus 2007 17:37
To: Gier, Menno de (Menno); cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption

The issue was caused by the spanning tree behavior on the trunk
connecting R1 and R2. R1 became a duplicate VRRP Master on interface
VLAN1100 with priority of 200 immediately after the link went up on
Gi4/39. After the reconvergence of spanning tree R1 took over R2's
Master Role because it had a higher priority and two duplicate VRRP
Masters for the same group were present on the same VLAN.

Sequence of events:

R1 shutdown
R2 becomes VRRP Master
R1 powers on
R1 VLAN1100 becomes active
R1 becomes VRRP Master for VLAN1100 while spanning tree is still moving
thru the BLCK/LIST/LEAR stages
R2 is still a VRRP Master - no connectivity exists between two VLAN1100
segments spanned across two switches
R1/2 spanning tree completes the reconvergence
R1 detects R2's Master Role and at this point there are two duplicate
VRRP Masters on the same segment
R1 takes over due to a higher configured VRRP priority
R2 moves to a Backup state

Testing in the lab confirmed this behavior:

Rack1R8#sho vrrp all 
Vlan5 - Group 1  
  State is Master  
  Virtual IP address is 1.1.1.10
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption disabled
  Priority is 100 
  Master Router is 1.1.1.2 (local), priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec

Rack1R8#
*Mar  1 00:09:51.523: %VRRP-6-STATECHANGE: Vl5 Grp 1 state Master ->
Backup


-----Original Message-----
From: Gier, Menno de (Menno) [mailto:mdegier at alcatel-lucent.com] 
Sent: Wednesday, August 01, 2007 6:00 AM
To: Tolstykh, Andrew; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption

Here is the requested output:

R1#show spanning-tree vlan 1100 detail

 VLAN1100 is executing the ieee compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, sysid 1100, address
0015.c721.7880
  Configured hello time 2, max age 20, forward delay 15
  Current root has priority 33868, address 0015.c721.68c0
  Root port is 423 (GigabitEthernet4/39), cost of root path is 4
  Topology change flag not set, detected flag not set
  Number of topology changes 73 last change occurred 20:20:13 ago
          from GigabitEthernet3/25
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0, aging 300

 Port 281 (GigabitEthernet3/25) of VLAN1100 is forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.281.
   Designated root has priority 33868, address 0015.c721.68c0
   Designated bridge has priority 33868, address 0015.c721.7880
   Designated port id is 128.281, designated path cost 4
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 36597, received 0

 Port 423 (GigabitEthernet4/39) of VLAN1100 is forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.423.
   Designated root has priority 33868, address 0015.c721.68c0
   Designated bridge has priority 33868, address 0015.c721.68c0
   Designated port id is 128.423, designated path cost 0
   Timers: message age 2, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 73, received 4573075


R2#show spanning-tree vlan 1100 detail

 VLAN1100 is executing the ieee compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, sysid 1100, address
0015.c721.68c0
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Number of topology changes 34 last change occurred 20:19:22 ago
          from GigabitEthernet4/39
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 1, topology change 0, notification 0, aging 300

 Port 282 (GigabitEthernet3/26) of VLAN1100 is forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.282.
   Designated root has priority 33868, address 0015.c721.68c0
   Designated bridge has priority 33868, address 0015.c721.68c0
   Designated port id is 128.282, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 3073752, received 0

 Port 423 (GigabitEthernet4/39) of VLAN1100 is forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.423.
   Designated root has priority 33868, address 0015.c721.68c0
   Designated bridge has priority 33868, address 0015.c721.68c0
   Designated port id is 128.423, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 4573029, received 72

/M

-----Original Message-----
From: Tolstykh, Andrew [mailto:ATolstykh at integrysgroup.com] 
Sent: dinsdag 31 juli 2007 22:50
To: Gier, Menno de (Menno); cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption

Router configured with no preempt will never attempt to transfer the
master role in presence of the existing Master. Do you have spanning
tree enabled on the segment connecting R1 to R2?
Most likely you rebooted the second switch and it caused the spanning
tree reconvergence on the trunk that connects two switches together.
VRRP group 10 on R1 became active before it had a chance to detect the
existing group with the same ID running on R2.

Please post:

show spanning-tree vlan 1100 detail

-----Original Message-----
From: Gier, Menno de (Menno) [mailto:mdegier at alcatel-lucent.com] 
Sent: Tuesday, July 31, 2007 3:33 PM
To: cisco-nsp at puck.nether.net
Cc: Tolstykh, Andrew
Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption


We don't want the router to switch back if the original master recovers.

My understanding from no preemption is that there will no switch back
unless manual override or if the 'new' master fails.

We use 
interface Vlan1100
 ip address 10.0.0.2 255.255.255.0
 vrrp 10 ip 10.0.0.1
 no vrrp 10 preempt
 vrrp 10 priority 200

Below is the output.

/M

R1#show vrrp all
Vlan1100 - Group 10
  State is Master
  Virtual IP address is 10.0.0.1
  Virtual MAC address is 0000.5e00.010a
  Advertisement interval is 1.000 sec
  Preemption disabled
  Priority is 200
  Master Router is 10.0.0.2 (local), priority is 200
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.218 sec

R1#show vrrp interface Vlan 1100
Vlan1100 - Group 10
  State is Master
  Virtual IP address is 10.0.0.1
  Virtual MAC address is 0000.5e00.010a
  Advertisement interval is 1.000 sec
  Preemption disabled
  Priority is 200
  Master Router is 10.0.0.2 (local), priority is 200
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.218 sec

R2#show vrrp all
Vlan1100 - Group 10
  State is Backup
  Virtual IP address is 10.0.0.1
  Virtual MAC address is 0000.5e00.010a
  Advertisement interval is 1.000 sec
  Preemption disabled
  Priority is 100
  Master Router is 10.0.0.2, priority is 200
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec (expires in 2.681 sec)

R2#show vrrp interface Vlan 1100
Vlan1100 - Group 10
  State is Backup
  Virtual IP address is 10.0.0.1
  Virtual MAC address is 0000.5e00.010a
  Advertisement interval is 1.000 sec
  Preemption disabled
  Priority is 100
  Master Router is 10.0.0.2, priority is 200
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec (expires in 2.717 sec)
#

-----Original Message-----
From: Tolstykh, Andrew [mailto:ATolstykh at integrysgroup.com] 
Sent: dinsdag 31 juli 2007 22:18
To: Gier, Menno de (Menno); cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption

Please post the output of the VRRP interface configuration and "show
vrrp all" commands.

By default VRRP will preempt for all configured groups.
You need to disable preemption explicitly with no vrrp [group] preempt.


By default, a preemptive scheme is enabled whereby a higher priority
virtual router backup that becomes available takes over for the virtual
router backup that was elected to become virtual router master. You can
disable this preemptive scheme using the no vrrp preempt command. If
preemption is disabled, the virtual router backup that is elected to
become virtual router master remains the master until the original
virtual router master recovers and becomes master again. 


ISP1-INET-RTR1#sho vrrp all 
FastEthernet0/0 - Group 1  
  State is Master  
  Virtual IP address is 160.1.1.2
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100 
  Master Router is 160.1.1.1 (local), priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec

no vrrp 1 preempt

ISP1-INET-RTR1#sho vrrp all 
FastEthernet0/0 - Group 1  
  State is Master  
  Virtual IP address is 160.1.1.2
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption disabled
  Priority is 100 
  Master Router is 160.1.1.1 (local), priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gier, Menno de
(Menno)
Sent: Tuesday, July 31, 2007 2:25 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco 6509 VRRP no preemption

All,

We have two Cisco 6509 switches (A1 and A2) running VRRP over a trunk
between both switches. We have configured VRRP with no vrrp preemption.

After a power down of switch A1, which was selected as master VRRP, the
VRRP moved to the switch A2, as it should be.

After power up it of the switch A1 it became Master for the VRRP again
and the other switch A2 became backup unexpectedly.

Is this normal behavior of VRRP after a reboot?

We have configured VRRP to be non preemption to avoid a second traffic
interruption. We want to have the switch-over taking place in service
hours under our control.

Thanks in advance,

/mg 

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential
and/or privileged material.  Any review, retransmission, dissemination
or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended
recipient is prohibited.   If you received this in error, please
contact the sender and delete the material from any computer.

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential
and/or privileged material.  Any review, retransmission, dissemination
or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended
recipient is prohibited.   If you received this in error, please
contact the sender and delete the material from any computer.

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential
and/or privileged material.  Any review, retransmission, dissemination
or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended
recipient is prohibited.   If you received this in error, please
contact the sender and delete the material from any computer.

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential
and/or privileged material.  Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended recipient is prohibited.   If you received this in error, please
contact the sender and delete the material from any computer.

More information about the cisco-nsp mailing list