The case when save USG5300 VRRP configuration display the active/standby configuration is not consistent
Publication Date: 2012-10-26Views: 67Downloads: 0
When configure the same active and standby, save the configuration, host display that:
slave display that: at the same time:
Based on the analysis of the message, according to the code to realize, the problem is caused by the number members of the active/standby VGMP is not consistent. but in the prompt information, the master display the slave tips, and slave display the master tips. At the same time, this problem will not happen, only changes a little configuration in the master, and then save configuration, the problem may appear.
In the slave open VGMP debugging debugging VRRP - group all, find on the extranet port, slave receive VGMP hello message sent by itself:
2009-07-21 14:28:37 AHHF-PS-MMS02-FW02 %%01VGMP/8/DebugPacket(d):
Virtual Router Management Group SLAVE: receiving from 126.96.36.199, message type HELLO mode ACK priority = 65000
At the same time in the master ping slave 188.8.131.52：
PING 184.108.40.206: 56 data bytes, press CTRL C to break
Reply from 220.127.116.11: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 18.104.22.168: bytes=56 Sequence=1 ttl=255 time=17 ms (DUP!)
Reply from 22.214.171.124: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 126.96.36.199: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 188.8.131.52: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 184.108.40.206: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 220.127.116.11 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/3/17 ms
find in the debugging that the slave receive the VGMP hello message sent by himself, this is the direct cause of prompting. slave receive the VGMP hello message sent by itself, after resolve find the message status is salve, when take message the corresponding state is master, compared the VGMP number of members between message and master. Because the slave status is salve, the members number in master state is 0, find the number is inconsistent, displaying that the active/standby configuration is not consistent.
Why slave receive the VGMP hello message sent by itself, through ping test can find, this link appeared on the layer 2 loop (TTL = 255 UDP message), to this phenomenon, need to find out the cause of the loop.
In the VRRP network, usually only heartbeat interface will send VGMP hello message, but when lost a VGMP hello message, firewall will select group to send, until received reply message. When save configuration, CPU is mainly used to write flash operation, will lead to some messages do not handled in time, the peer end can't received reply message in time, think about that heartbeat lost, replace group to send. When use the group to send, the extranet port will also send VGMP hello message. Because the extranet port network appear the Layer 2 loop, lead to receive the message sent by own, appear the above problem.
According to the FL inspection results, he reason causes the loop is that: USG5300 extranet port configured to Eth - Trunk, but the corresponding SW do not have the corresponding configuration, lead to message back to the firewall.
1, use debugging VRRP - group related command at the right moment.
2, when configure Eth - Trunk must ensure that the peer end also make the corresponding configuration.