No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

The case when save USG5300 VRRP configuration display the active/standby configuration is not consistent

Publication Date:  2012-10-26  |   Views:  159  |   Downloads:  0  |   Author:  SU1001429751  |   Document ID:  EKB1000018356


Issue Description

 When configure the same active and standby, save the configuration, host display that: 

slave display that: at the same time: 

Alarm Information


Handling Process

Based on the analysis of the message, according to the code to realize, the problem is caused by the number members of the active/standby VGMP is not consistent. but in the prompt information, the master display the slave tips, and slave display the master tips. At the same time, this problem will not happen, only changes a little configuration in the master, and then save configuration, the problem may appear.
In the slave open VGMP debugging debugging VRRP - group all, find on the extranet port, slave receive VGMP hello message sent by itself:

2009-07-21 14:28:37 AHHF-PS-MMS02-FW02 %%01VGMP/8/DebugPacket(d):
Virtual Router Management Group SLAVE: receiving from, message type HELLO mode ACK priority = 65000

At the same time in the master ping slave

14:51:22  2009/07/21
  PING 56  data bytes, press CTRL C to break
    Reply from bytes=56 Sequence=1 ttl=255 time=1 ms
    Reply from bytes=56 Sequence=1 ttl=255 time=17 ms (DUP!)
    Reply from bytes=56 Sequence=2 ttl=255 time=1 ms
    Reply from bytes=56 Sequence=3 ttl=255 time=1 ms
    Reply from bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from bytes=56 Sequence=5 ttl=255 time=1 ms

  --- ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    1 duplicates
    0.00% packet loss
    round-trip min/avg/max = 1/3/17 ms
find in the debugging that the slave receive the VGMP hello message sent by himself, this is the direct cause of prompting. slave receive the VGMP hello message sent by itself, after resolve find the message status is salve, when take message the corresponding state is master, compared the VGMP number of members between message and master. Because the slave status is salve, the members number in master state is 0, find the number is inconsistent, displaying that the active/standby configuration is not consistent.
Why slave receive the VGMP hello message sent by itself, through ping test can find, this link appeared on the layer 2 loop (TTL = 255 UDP message), to this phenomenon, need to find out the cause of the loop.

Root Cause

In the VRRP network, usually only heartbeat interface will send VGMP hello message, but when lost a VGMP hello message, firewall will select group to send, until received reply message. When save configuration, CPU is mainly used to write flash operation, will lead to some messages do not handled in time, the peer end can't received reply message in time, think about that heartbeat lost, replace group to send. When use the group to send, the extranet port will also send VGMP hello message. Because the extranet port network appear the Layer 2 loop, lead to receive the message sent by own, appear the above problem.
According to the FL inspection results, he reason causes the loop is that: USG5300 extranet port configured to Eth - Trunk, but the corresponding SW do not have the corresponding configuration, lead to message back to the firewall.


1, use debugging VRRP - group related command at the right moment.
2, when configure Eth - Trunk must ensure that the peer end also make the corresponding configuration.