No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

When save USG5300 VRRP configuration, prompt the active/standby configuration is not consistent

Publication Date:  2012-10-31 Views:  72 Downloads:  0
Issue Description
 When configure the same active and standby, save the configuration, host display that:

Slave display that: at the same time: 
Alarm Information
none
Handling Process
Based on the analysis of the message, according to the code to realize, the problem is caused by the number members of the active/standby VGMP is not consistent. but in the prompt information, the master display the slave tips, and slave display the master tips. At the same time, this problem will not happen, only changes a little configuration in the master, and then save configuration, the problem may appear.
In the slave open VGMP debugging debugging VRRP - group all, find on the extranet port, slave receive VGMP hello message sent by itself:





Find in the debugging that the slave receive the VGMP hello message sent by himself, this is the direct cause of prompting. slave receive the VGMP hello message sent by itself, after resolve find the message status is salve, when take message the corresponding state is master, compared the VGMP number of members between message and master. Because the slave status is salve, the members number in master state is 0, find the number is inconsistent, displaying that the active/standby configuration is not consistent.
Why slave receive the VGMP hello message sent by itself, through ping test can find, this link appeared on the layer 2 loop (TTL = 255 UDP message), to this phenomenon, need to find out the cause of the loop.
Root Cause
In the VRRP network, usually only heartbeat interface will send VGMP hello message, but when lost a VGMP hello message, firewall will select group to send, until received reply message. When save configuration, CPU is mainly used to write flash operation, will lead to some messages do not handled in time, the peer end can't received reply message in time, think about that heartbeat lost, replace group to send. When use the group to send, the extranet port will also send VGMP hello message. Because the extranet port network appear the Layer 2 loop, lead to receive the message sent by own, appear the above problem.
According to the FL inspection results, he reason causes the loop is that: USG5300 extranet port configured to Eth - Trunk, but the corresponding SW do not have the corresponding configuration, lead to message back to the firewall.
Suggestions
1, use debugging VRRP - group related command at the right moment.
2, when configure Eth - Trunk must ensure that the peer end also make the corresponding configuration.

END