Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

530x, XRRP, STP - problems

SOLVED
Go to solution
Walter Hafner
Occasional Visitor

530x, XRRP, STP - problems

Hello!

A customer (a small hospital) with a quite simple setup (see attachment) approached us and asked us to configure high availability in his switches.

He uses ProCurve switches only, but various generations. The backbone consists of a 5308xl and a 5304xl, the edge consists of 2 4000m, 2 2524 and 2 2650.

The 5308xl is also default router for all clients. The customer uses static routes only.

Routing works ok.

There are 3 VLANs. The default VLAN (VLAN1) is used as server LAN, VLAN2 is the client LAN. A DHCP server runs in VLAN1. The clients in VLAN2 also use the DHCP server in VLAN1, so a dhcp-helper is configured.

The dhcp-helper works ok.

Last week we configured spanning tree in all the switches and patched the redundant connections. The 530x and 2650 run MSTP without any instances, the 2524 and 4000m run plain STP. We configured the 5308xl as root and the 5304xl as backup root. Both "mcheck" and "edge-port" are disabled for all ports.

Spanning tree seems to work as expected.

Yesterday we tried to add XRRP to the 530x switches. After configuration and activation the LAN kept running like before, but when we switched off the 5304, we got the following errors on the 5308 and the LAN virtually stopped:

W 09/27/06 19:06:01 XRRP: Rtr 1 has taken Secondary IP address control
W 09/27/06 19:06:01 XRRP: Rtr 1 has relinquished Secondary IP address control
W 09/27/06 19:06:16 XRRP: Rtr 1 has taken Secondary IP address control
W 09/27/06 19:06:16 XRRP: Rtr 1 has relinquished Secondary IP address control
W 09/27/06 19:06:31 XRRP: Rtr 1 has taken Secondary IP address control
E 09/27/06 19:06:31 XRRP: Duplicate IP address 10.112.128.246 detected
W 09/27/06 19:06:31 XRRP: Rtr 1 has relinquished Secondary IP address control
... (runs infinitely every 15 seconds)

Note: There is no duplicate IP address on 10.112.128.246! The "duplicate IP address" line only shows up occasionally.

The XRRP config on the 5308:

xrrp instance 1 1
xrrp instance 2 1 ip 10.112.63.145 255.255.255.0
xrrp instance 1 2
xrrp instance 2 2 ip 10.112.128.246 255.255.252.0
xrrp instance 1 3
xrrp instance 2 3 ip 10.112.62.55 255.255.255.0

(yes, i issued "xrrp router 1", it just doesn't show in the running config)
and on the 5304:

xrrp router 2
xrrp instance 2 1
xrrp instance 1 1 ip 10.112.63.209 255.255.255.0
xrrp instance 2 2
xrrp instance 1 2 ip 10.112.128.1 255.255.252.0
xrrp instance 2 3
xrrp instance 1 3 ip 10.112.62.56 255.255.255.0

When we switched the 5304 back on, all went back to normal eventually - after the usual STP topology changes and ARP problems...

Finally we disabled XRRP on both routers again.

I can't find an error in our setup, but maybe i miss the obvious.

I suspected problems in the STP/MSTP interaction, then i suspected problems with the dhcp helper. But i found no reports of problems with these setups.

It would be great if anyone could point me in the right direction.

I can attach the config of the 5308 and 5304, "show span" und "show xrrp" output if desired, but i don't have remote access to the switches.

Thanks a lot!

-Walter Hafner
5 REPLIES
Walter Hafner
Occasional Visitor

Re: 530x, XRRP, STP - problems

Configuration of the 5304 see attachment!

-Walter Hafner
Walter Hafner
Occasional Visitor

Re: 530x, XRRP, STP - problems

Configuration of the 5308 see attachment!

-Walter Hafner
Mohieddin Kharnoub
Honored Contributor
Solution

Re: 530x, XRRP, STP - problems

Hi

You have 3 Vlans, and MSTP enabled, but no instances created.
Lets say we will make 2 instances since you have 2 Cores, instace 1 has vlan 1 and instance 2 has vlan 2 and 3.
The following is your configuration for both cores (Note just delete you spanning tree configuration and try the following for both core)

Switch 5308xl:
5308(config)#spanning-tree
5308(config)#spanning-tree protocol-version MSTP
5308(config)#spanning-tree config-name "SPAN"
5308(config)#spanning-tree config-revision 8
5308(config)#spanning-tree instance 1 vlan 1
5308(config)#spanning-tree instance 1 priority 0
5308(config)#spanning-tree instance 2 vlan 2 3
5308(config)#spanning-tree instance 2 priority 1
5308(config)#spanning-tree hello-time 1 priority 0

Switch 5304xl:
5308(config)#spanning-tree
5308(config)#spanning-tree protocol-version MSTP
5308(config)#spanning-tree config-name "SPAN"
5308(config)#spanning-tree config-revision 8
5308(config)#spanning-tree instance 1 vlan 1
5308(config)#spanning-tree instance 1 priority 1
5308(config)#spanning-tree instance 2 vlan 2 3
5308(config)#spanning-tree instance 2 priority 0
5308(config)#spanning-tree hello-time 1 priority 1


Explaination:
- The 5308xl is the Root for MSTP Instance1 which includes vlan1, and backup for MSTP instance 2 which includes vlans 2 -3.

- The 5304xl is the Root for MSTP Instance2 which includes vlan 2-3, and backup for MSTP instance 1 which includes vlans 1.

Now after doing this, issue the command:
show span instance 1
show span instance 2
on both cores and notice that:
- some links will be blocked for instance 1 (probably 4000m - 2524 - 2650 links to 5304xl )
- some links will be blocked for instance 2 (probably 4000m - 2524 - 2650 links to 5308xl )
-For sure you can control which ports will be blocked by priority settings, but i would not recoomend that since the path cost is importance for time to recover back.

Testing:
instance1: if you telnet to 5308xl, run command prompt from your pc with ping -t to any vlan ip on any of the dge switches,
then on the 5308 issue, interface (port link from 5308 to that edge you ping) disable, and see the ping and time to recover that,
now run the command interface (same port) enable , and see what is the time required to recover back.
Instance 2: do the same previous test when you telnet to 5304.

Note:
Add the command : xrrp domain (number) , for both 5300 switches.
Your XRRP configuration seem ok for me.

Testing XRRP:
telnet to the 5304, and run continues ping to one of the vlans ip on any edge, then on the 5304 type reload, and notice the time to recover, it should work fine.

To verify:
when the 5304 is reloading, ping one of its vlans IP address, and you should get a reply.

I hope that was helpful information :)

Good Luck !!!
Science for Everyone
Sietze Reitsma
Respected Contributor

Re: 530x, XRRP, STP - problems

Walter,


I'm not sure how the 4000M and 2524 are connected in this situation. But remember that those switches have single forwarding tables. In certain circumstances this can relate into strange behaviour in your network.

I'm not sure it's the case here, but it could be a hint.

Advice: disconnect the redundancy of the 4000M and 2524. And test the behaviour of the network. If the network remains stable then you probably found the problem.

Hopefully this helps and don't forget the point :-)

Walter Hafner
Occasional Visitor

Re: 530x, XRRP, STP - problems

Sorry for the long delay.

The customer has a very tight maintenance schedule and we had to wait until last friday to reconfigure the switches.

To be honest, i didn't trust the interaction of the different STP implementations from the start. We used MSTP, RSTP and plain STP, the "highest" possible protocol for each switch, just like HP recommends.

Last friday i downgraded every switch to plain STP, just to see whether it works. Then i put all non-uplink ports in fast mode - and it worked just like that!

The customer has a quite flat network topology, so convergence time isn't an issue. We tested the setup extensively and the network converged in about 20 seconds.

That's fine for my customer, so we decided to keep the configuration.

Next week we enable XRRP again and see what happens... :-)

Nevertheless thanks a lot for the quick replies! I really appreciate it!

Regards

-Walter