Application Delivery (ADX)

Reply
Contributor
Posts: 39
Registered: ‎05-04-2009

Problem with asymmetric traffic flow due to missing VIP failover

This is a follow-up to the Q I have posted a few second ago (). The setup is still looking like:

              UPSTREAM SUBNET

                   |                    |

                   | A                 |B

                   |                    |

           ServerIron 1 --- ServerIron 2

                   |                    |

                   |C                  |D

                   |                    |

          DOWNSTREAM SUBNET

ServerIron #1 is master by default and ServerIron #2 backup. There is a dedicated sync-link in between both SIs to synchronize the session table etc.

SECOND PROBLEM:

The problem is even worse in case remove link A. There is a failover from SI#1 to SI#2 in the UPSTREAM SUBNET talking about VRRP BUT SI#2 is not taking over the virtual servers. The virtual servers are still active (status: Owner) at SI#1 and NOTHING is working anymore. Is there any solution for this problem?

All I want is a failover from SI#1 to SI#2 - there should be a single SI being active at any time (no active-active or so).

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Problem with asymmetric traffic flow due to missing VIP failover

It is me again as in the other thread ;-). Let me try to add something to my example config from the other thread. You would like to ensure ALL VRRP instance and as well all virtual servers are doing a failover at the same time if I am not wrong.

Let me assume again you do have two VRRP instances only. Links A and B are port 1 of ServerIron 1 and ServerIron 2. Links C and D are port 4 of ServerIron 1 and ServerIron 2. There are two virtual server: 192.168.1.201 and 192.168.1.202.

Your config of the master switch should look like:

vlan 1

  router-interface ve 1

vlan 4

  untagged eth 4

  router-interface ve 4

router vrrp-extended

server vip-group 1

  vip 192.168.1.201

  vip 192.168.1.202

interface ve 1

  ip address 192.168.1.2 255.255.255.0

  ip vrrp-e vrid 1

    backup priority 109 track-priority 10

    ip-address 192.168.1.1

    vip-group 1

    track-port eth 1

    track-port eth 4

interface ve 4

  ip address 192.168.4.2 255.255.255.0

  ip vrrp-e vrid 4

    backup priority 109 track-priority 10

    ip-address 192.168.4.1

    track-port eth 1

    track-port eth 4

The one of the backup switch:

vlan 1

  router-interface ve 1

vlan 4

  untagged eth 4

  router-interface ve 4

router vrrp-extended

server vip-group 1

  vip 192.168.1.201

  vip 192.168.1.202

interface ve 1

  ip address 192.168.1.3 255.255.255.0

  ip vrrp-e vrid 1

    backup priority 100 track-priority 10

    ip-address 192.168.1.1

    vip-group 1

    track-port eth 1

    track-port eth 4

interface ve 4

  ip address 192.168.4.3 255.255.255.0

  ip vrrp-e vrid 4

    backup priority 100 track-priority 10

    ip-address 192.168.4.1

    track-port eth 1

    track-port eth 4

The trick is again the following: the base priority of the master is 109 and the base priority of the backup is 100. There is a tracking priority (track-priority) of 10 configured. The based priority of a VRRP instance is getting decreased by the track-priority as soon as one of the ports which are getting tracked is going down. The example above is doing tracking for the ports 1 and 4. BOTH VRRP instances are configure to track the frontend and the backend port. Any link problem is going to result in a priority decreased for both VRRP instances and therefore in a failover of both of them. ALL virtual servers are part of the vip-group 1 and the vip-group failover is bound to the VRRP instance 1. You do have a failover of all VRRP IPs and ALL VIPs in the vip-group at the same time using this setup.

Is this what you would like to achieve?

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook