Cisco VRRP Encor lab issue

SirStephanikus · Post by **SirStephanikus** » Sun Feb 21, 2021 9:19 pm

Hi all,

I'm struggling with a common cisco lab for implementing VRRP which looks like the one in the attached screenshot. For the sake of simplicity I switched off IPV6, VLAN21 and don't connected those VPC's.

So here is my problem:

first...startup config from the eve-ng provided tfpt method won't inject my vlan 11....ok --> I removed the startup config and copy&pasted it by myself

My virtual router address is not pingable...the exact same config works fine in cml 2.1.x !

It runs fine in Cisco CML 2.1.x

The virtual address reacts if I shutfdown D2

The configs are like this:

Code: Select all

hostname D1
!
no aaa new-model
clock timezone utc 1 0
fhrp version vrrp v3
spanning-tree mode rapid-pvst
no ip domain-lookup
ip routing
ipv6 unicast-routing
!
vlan 11
 name FIRST_VLAN
 exit
!
interface range gigabitEthernet 0/0-3, gigabitEthernet 1/0-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no shutdown
!
interface range GigabitEthernet0/0-3
 channel-group 12 mode active
 exit
!
interface range GigabitEthernet1/0-1
 channel-group 1 mode active
 exit
!
interface Vlan11
 ip address 10.11.0.1 255.255.255.0
  vrrp 11 address-family ipv4
  priority 150
  address 10.11.0.254 primary
  exit-vrrp
 no shutdown
 exit
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.0
 no shutdown
 exit
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco123
 logging synchronous
 login
!
end

Code: Select all

hostname D2
!
no aaa new-model
clock timezone utc 1 0
fhrp version vrrp v3
spanning-tree mode rapid-pvst
no ip domain-lookup
ip routing
ipv6 unicast-routing
!
vlan 11
 name FIRST_VLAN
 exit
!
interface range gigabitEthernet 0/0-3, gigabitEthernet 1/0-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no shutdown
!
interface range GigabitEthernet0/0-3
 channel-group 12 mode active
 exit
!
interface range GigabitEthernet1/0-1
 channel-group 1 mode active
 exit
!
vlan 11
 name FIRST_VLAN
 exit
!
interface vlan 11
 ip address 10.11.0.2 255.255.255.0
 vrrp 11 address-family ipv4
  priority 100
  address 10.11.0.254 primary
  exit-vrrp
 no shutdown
 exit
interface loopback 0
 ip address 192.168.1.1 255.255.255.0
 no shutdown
 exit
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco123
 logging synchronous
 login
!
end

Code: Select all

hostname A1
!
clock timezone utc 1 0
no ip routing
no ip domain-lookup
spanning-tree mode rapid-pvst
!
vlan 11
 name FIRST_VLAN
 exit
interface range GigabitEthernet0/0-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no shutdown
 exit
!
interface range GigabitEthernet0/0-1
 channel-group 1 mode active
 exit
!
interface range GigabitEthernet0/2-3
 channel-group 2 mode active
 exit
!
interface Vlan11
 ip address 10.11.0.3 255.255.255.0
 no shutdown
 exit
!
ip default-gateway 10.11.0.254
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco123
 logging synchronous
 login
!
!
end

D1 is the root bride and I can ping D1 and D2 from A1 but not the virtual router IP...D2 can't ping the virtual address neither.
However, a debug ip icmp from A1 to 10.11.0.254 (virtual router address) shows, that D2 answers with "*Feb 21 21:10:06.988: ICMP: redirect sent to 10.11.0.3 for dest 10.11.0.254, use gw 10.11.0.254" but in my case D1 is the master...

Code: Select all

D1#sh vrrp br
  Interface          Grp  A-F Pri  Time Own Pre State   Master addr/Group addr
  Vl11                11 IPv4 150     0  N   Y  MASTER  10.11.0.1(local) 10.11.0.254

D2#sh vrrp brief 
  Interface          Grp  A-F Pri  Time Own Pre State   Master addr/Group addr
  Vl11                11 IPv4 100  3609  N   Y  BACKUP  10.11.0.1 10.11.0.254

Code: Select all

D1#show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/2, Gi1/3
11   FIRST_VLAN                       active    

D2#sh vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/2, Gi1/3
11   FIRST_VLAN                       active

A1#sh vla br 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0, Gi1/1, Gi1/2, Gi1/3
11   FIRST_VLAN                       active

Code: Select all

D1#sh ip int br
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0     unassigned      YES unset  up                    up      
GigabitEthernet0/1     unassigned      YES unset  up                    up      
GigabitEthernet0/2     unassigned      YES unset  up                    up      
GigabitEthernet0/3     unassigned      YES unset  up                    up      
GigabitEthernet1/0     unassigned      YES unset  up                    up      
GigabitEthernet1/1     unassigned      YES unset  up                    up      
GigabitEthernet1/2     unassigned      YES unset  down                  down    
GigabitEthernet1/3     unassigned      YES unset  down                  down    
Loopback0              192.168.1.1     YES manual up                    up      
Port-channel1          unassigned      YES unset  up                    up      
Port-channel12         unassigned      YES unset  up                    up      
Vlan11  

D2#sh ip int br
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0     unassigned      YES unset  up                    up      
GigabitEthernet0/1     unassigned      YES unset  up                    up      
GigabitEthernet0/2     unassigned      YES unset  up                    up      
GigabitEthernet0/3     unassigned      YES unset  up                    up      
GigabitEthernet1/0     unassigned      YES unset  up                    up      
GigabitEthernet1/1     unassigned      YES unset  up                    up      
GigabitEthernet1/2     unassigned      YES unset  down                  down    
GigabitEthernet1/3     unassigned      YES unset  down                  down    
Loopback0              192.168.1.1     YES manual up                    up      
Port-channel1          unassigned      YES unset  up                    up      
Port-channel12         unassigned      YES unset  up                    up      
Vlan11                 10.11.0.2       YES manual up                    up  


A1#sh ip int br
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0     unassigned      YES unset  up                    up      
GigabitEthernet0/1     unassigned      YES unset  up                    up      
GigabitEthernet0/2     unassigned      YES unset  up                    up      
GigabitEthernet0/3     unassigned      YES unset  up                    up      
GigabitEthernet1/0     unassigned      YES unset  down                  down    
GigabitEthernet1/1     unassigned      YES unset  down                  down    
GigabitEthernet1/2     unassigned      YES unset  down                  down    
GigabitEthernet1/3     unassigned      YES unset  down                  down    
Port-channel1          unassigned      YES unset  up                    up      
Port-channel2          unassigned      YES unset  up                    up      
Vlan11                 10.11.0.3       YES manual up                    up

My Images are all the same current version ISOL2 from cisco --> no pirated crap !!!

My Hypervisor is VMWare Workstation Pro 15.x on a XUbuntu 20.04 Machine with much power, also eve is in its current version.

Here my eve-info output:

Code: Select all

Sun Feb 21 23:16:21 EET 2021
---------------Packages Installed----------------
ii eve-ng-dockers 3.2-eve-ng
ii eve-ng-dynamips 3.0.1-78
ii eve-ng-janus 1.2-eve-ng
ii eve-ng-pro 4.0.1-8
ii eve-ng-pro-guacamole 2.0.6-54
ii eve-ng-qemu 2.0.6-58
ii eve-ng-schema 3.0.1-47
ii eve-ng-vpcs 1.3-eve-ng
ii linux-image-4.20.17-eve-ng-uksm+ 1
ii linux-image-4.20.17.2-eve-ng-uksm-wg+ 1

---------------Hostname--------------------------
   Static hostname: eve-ng
    Virtualization: vmware
  Operating System: Ubuntu 18.04.5 LTS
            Kernel: Linux 4.20.17.2-eve-ng-uksm-wg+
      Architecture: x86-64
---------------Disk Usage------------------------
Filesystem                    Size  Used Avail Use% Mounted on
udev                           32G     0   32G   0% /dev
tmpfs                         6.3G   16M  6.3G   1% /run
/dev/mapper/eve--ng--vg-root   49G   19G   27G  42% /
tmpfs                          32G     0   32G   0% /dev/shm
tmpfs                         5.0M     0  5.0M   0% /run/lock
tmpfs                          32G     0   32G   0% /sys/fs/cgroup
tmpfs                         6.3G     0  6.3G   0% /run/user/0

---------------CPU Info--------------------------
Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
CPU(s):              16
On-line CPU(s) list: 0-15
Thread(s) per core:  1
Core(s) per socket:  1
Socket(s):           16
NUMA node(s):        1
Vendor ID:           GenuineIntel
CPU family:          6
Model:               85
Model name:          Intel(R) Core(TM) i9-10980XE CPU @ 3.00GHz
Stepping:            7
CPU MHz:             2999.998
BogoMIPS:            5999.99
Virtualization:      VT-x
Hypervisor vendor:   VMware
Virtualization type: full
L1d cache:           32K
L1i cache:           32K
L2 cache:            1024K
L3 cache:            25344K
NUMA node0 CPU(s):   0-15
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc cpuid pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_fault invpcid_single ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xsaves arat flush_l1d arch_capabilities

---------------Memory Info-----------------------
              total        used        free      shared  buff/cache   available
Mem:            62G        2.8G         58G         16M        1.6G         59G
Swap:          979M          0B        979M

---------------Nic Info--------------------------
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master pnet0 state UP mode DEFAULT group default qlen 1000

---------------IP Info---------------------------
●        State: n/a
                172.29.129.254 on nat0
                172.17.0.1 on docker0
                172.29.130.254 on wg0

---------------Bridge Info-----------------------
pnet0		8000.000c2931b239	no		eth0
pnet1		8000.000000000000	no		
pnet2		8000.000000000000	no		
pnet3		8000.000000000000	no		
pnet4		8000.000000000000	no		
pnet5		8000.000000000000	no		
pnet6		8000.000000000000	no		
pnet7		8000.000000000000	no		
pnet8		8000.000000000000	no		
pnet9		8000.000000000000	no		

---------------H/W Accel-------------------------
INFO: /dev/kvm exists
KVM acceleration can be used

---------------Service Info----------------------
-------------------------------------------------
--------------Guacamole--------------------------
● guacd.service - LSB: Guacamole proxy daemon
   Loaded: loaded (/etc/init.d/guacd; generated)
   Active: active (running) since Sun 2021-02-21 20:35:53 EET; 2h 40min ago

--------------Tomcat-----------------------------
● tomcat8.service - LSB: Start Tomcat.
   Loaded: loaded (/etc/init.d/tomcat8; generated)
   Active: active (running) since Sun 2021-02-21 20:35:58 EET; 2h 40min ago

--------------Mysql------------------------------
● mysql.service - MySQL Community Server
   Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2021-02-21 20:35:54 EET; 2h 40min ago

--------------Apache-----------------------------
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Sun 2021-02-21 20:35:53 EET; 2h 40min ago

Uldis (UD) · Post by **Uldis (UD)** » Mon Feb 22, 2021 9:26 am

It works, just couple of hints:
regarding vlans missed in startup cfg. As the vlans are stored in specific file vlan.dat, this info is not exported.
But if you will use vtp mode transparent vlans will export, and node will boot from exported cfg with vlans.

vIOS, any version has some glitch in SVI interfaces, and if you after lab is booted from initial cfg, will do shut no shut all VLAN11 interfaces on all switches, you lab will work.
Many reports were when VIP of vrrp can be even not pingable but it is fully functional as Gateway

I dislike vIOS exactly for this SVI shut/no shut reason.
See below, I used your configs.
vIOS

Code: Select all

A1#sh vers
Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(C
ML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to  V1
52_6_0_81_E
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Cisco Systems, Inc.
Compiled Tue 23-Apr-19 04:48 by mmen

EVE is Pro 4.0.1-8

SirStephanikus · Post by **SirStephanikus** » Mon Feb 22, 2021 6:12 pm

@Uldis

I hope I will remember your words...I spent my whole sunday for this issue

Indeed...it works ?!! shut --> no shut GRRRRRRR

I switched off D1 and after a short time (spanning-tree and vrrp role change) D2 took the 10.11.0.254 GW role.

Uldis (UD) · Post by **Uldis (UD)** » Mon Feb 22, 2021 10:58 pm

such not happens with IOL L2 images, same version as vIOS
no need shut no shut SVI
and performance is 95mbps on IOL images vs vIOS 1.5 mbps...
Just for info

SirStephanikus · Post by **SirStephanikus** » Tue Feb 23, 2021 8:04 am

@Uldis

I use the IOSvL2 images, latest from cisco cml or do you meant another version ???

Uldis (UD) · Post by **Uldis (UD)** » Tue Feb 23, 2021 11:26 am

It is not vIOS, but similar:

I meant IOL Images IOS on Linux:

Code: Select all

SW#sh version 
Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEV
ELOPMENT BUILD, synced to  V152_6_0_81_E
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Cisco Systems, Inc.
Compiled Tue 23-Apr-19 02:38 by mmen

ROM: Bootstrap program is Linux

SW uptime is 0 minutes
System returned to ROM by reload at 0
System image file is "unix:/opt/unetlab/addons/iol/bin/i86bi_linux_l2-adventerprisek9-ms.SS"
Last reload reason: Unknown reason



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Linux Unix (Intel-x86) processor with 921491K bytes of memory.
Processor board ID 71305217
16 Ethernet interfaces
2 Virtual Ethernet interfaces
1024K bytes of NVRAM.

Configuration register is 0x0

SirStephanikus · Post by **SirStephanikus** » Tue Feb 23, 2021 6:09 pm

@Uldis
I tried with a 2015 IOL L2 version...won't work.

I stick with my CML Images...I just wonder why I've no issues under CML 2.1.x with them ???

SirStephanikus · Post by **SirStephanikus** » Tue Feb 23, 2021 7:12 pm

What I also noticed A LOT is...that when I shutdown my interface vlan and I've got 2 terminals open with 2 different vpcs...the terminals of the vpc's disconnect immediately and I can not reconnect.
This happens with the HTML console AND the telnet breakout. The only work around is to turn off all devices and turn back on.

Uldis (UD) · Post by **Uldis (UD)** » Tue Feb 23, 2021 10:46 pm

ou better come in EVE live helpdesk.
https://www.eve-ng.net/index.php/live-helpdesk/

use your gmail account or create new with own email to join in chat.
This all what you wrote is sortable

my EVE chatname: EVE-NG-UD

Support and News Forum

Cisco VRRP Encor lab issue

Cisco VRRP Encor lab issue

Re: Cisco VRRP Encor lab issue

Re: Cisco VRRP Encor lab issue

Re: Cisco VRRP Encor lab issue

Re: Cisco VRRP Encor lab issue

Re: Cisco VRRP Encor lab issue

Re: Cisco VRRP Encor lab issue

Re: Cisco VRRP Encor lab issue

Re: Cisco VRRP Encor lab issue