No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

VRRP Status Was Normal But Services Were Unavailable Because of a VRRP ID Conflict

Publication Date:  2013-10-30 Views:  48 Downloads:  1
Issue Description

Network topology (see the attachment):

Four NE40Es formed a square-shaped network. VRRP was configured between NE40E-1 and NE40E-2, and between NE40E-3 and NE40E-4. The VRRP ID for both VRRP groups was 1. Heartbeat packets between NE40E-1 and NE40E-2 were transmitted along the path NE40E-1 <-> NE40E-3 <-> NE40E-4 <-> NE40E-2.

Specific configurations were as follows:

NE40E-1:
interface GigabitEthernet1/0/0.1
 vlan-type dot1q 1
 ip address 1.1.1.11 255.255.255.0
 vrrp vrid 1 virtual-ip 1.1.1.10
 vrrp vrid 1 priority 90
NE40E-2:
interface GigabitEthernet1/0/0.1
 vlan-type dot1q 1
 ip address 1.1.1.12 255.255.255.0
 vrrp vrid 1 virtual-ip 1.1.1.10
 vrrp vrid 1 priority 110
NE40E-3:
interface GigabitEthernet1/0/0.1
 vlan-type dot1q 1
 ip address 1.1.1.101 255.255.255.0
 vrrp vrid 1 virtual-ip 1.1.1.100
 vrrp vrid 1 priority 90
NE40E-4:
interface GigabitEthernet1/0/0.1
 vlan-type dot1q 1
 ip address 1.1.1.102 255.255.255.0
 vrrp vrid 1 virtual-ip 1.1.1.100
 vrrp vrid 1 priority 110

Symptom:

NE40E-1 and NE40E-2 negotiated VRRP status properly. NE40E-1 was the backup one and NE40E-2 was the active one.

NE40E-3 and NE40E-4 negotiated VRRP status properly. NE40E-3 was the backup one and NE40E-4 was the active one.

All VRRP status information was abnormal but VRRP services under the four NEs were unavailable.
Handling Process

On NE40Es, the virtual VRRP MAC addresses for transmitting ARP packets are the same for VRRP groups with the same VRRP ID. On the four NE40Es, the virtual VRRP MAC was 0000-5e00-0001.

Because the virtual VRRP MAC addresses were the same, service packets were transmitted based on Layer 2 forwarding instead of Layer 3 forwarding. If the service packets were encapsulated with destination IP addresses, they failed to be transmitted to correct NEs.

The MAC address for VRRP protocol packets was MAC 01-00-5E-00-00-12, which was different from the NE40E-3/4 interface MAC address and virtual MAC address. Therefore, the packets were transmitted to NE40E-1 or NE40E-2 based on Layer 2 forwarding. As a result, VRRP protocol packets from NE40-1/2 could be transparently transmitted through NE40E-3/4 to the peer end, and VRRP status could be properly negotiated.
Root Cause
The virtual VRRP MAC addresses for two VRRP groups were the same because the groups had the same IDs. As a result, packets were transmitted based on Layer 2 forwarding instead of Layer 3 forwarding.
Solution
Changed the IDs of the two VRRP groups to different values.
Suggestions
Ensure that VRRP IDs are different for different VRRP groups on a Layer 2 network.

END