HPE Community
Comware Based
1753331 Members
5247 Online
108792 Solutions
New Discussion

Re: Can not ping VlanInterface IP address via standby IRF member

 
RollingIRF
Occasional Advisor

‎07-01-2019 02:52 AM

‎07-01-2019 02:52 AM

Can not ping VlanInterface IP address via standby IRF member

Hi,

we have a 5130hi irf stack configured for a ring topology.

The management ip address is configured via interface vlan.

We randomly can not reach the ip address from our workstations or servers.

There is a cisco asa connected via LACP, 2 links per irf member (total 4 x 1 Gbit).

The asa is our layer 3 routing device.

The problems started when we updated the asa firmware.

This rebooted the firwall, so the bridge aggregation links were down and than up again.

The really strange thing is, that we can make the connection work again by shutting down one bridge aggregation link.

But than the issue occurs sometimes for another device.

It seems that if the device is matched to a link on the irf standby by the asa lacp algorithm the connection is not working.

We double checked the cabling, the whole configuration (interfaces, stp, irf) and stumbled above this post:

https://community.hpe.com/t5/Comware-Based/No-routing-via-IRF/td-p/6903829#.XRnH499fiEI

Could the "ring" topology be the problem?

IRF config:

interface Ten-GigabitEthernet1/1/1
 description IRF P1/1
#
interface Ten-GigabitEthernet1/1/2
 description IRF P1/2
#
interface Ten-GigabitEthernet2/1/1
 description IRF P2/1
#
interface Ten-GigabitEthernet2/1/2
 description IRF P2/2
irf-port 1/1
 port group interface Ten-GigabitEthernet1/1/1
#
irf-port 1/2
 port group interface Ten-GigabitEthernet1/1/2
#
irf-port 2/1
 port group interface Ten-GigabitEthernet2/1/1
#
irf-port 2/2
 port group interface Ten-GigabitEthernet2/1/2

<sw-xxx>disp irf 
MemberID    Role    Priority  CPU-Mac         Description
 *+1        Master  30        00e0-fc0f-xxxx  switch1
   2        Standby 10        00e0-fc0f-xxxx  switch2
--------------------------------------------------
 * indicates the device is the master.
 + indicates the device through which the user logs in.

 The bridge MAC of the IRF is: e8f7-249b-xxxx
 Auto upgrade                : yes
 Mac persistent              : 6 min
 Domain ID                   : 718

If we can not solve it by configuration we will go ahead and update the software version of the stack.

Thanks

0 Kudos
1 REPLY 1
parnassus
Honored Contributor

‎07-01-2019 02:47 PM - edited ‎07-01-2019 02:55 PM

‎07-01-2019 02:47 PM - edited ‎07-01-2019 02:55 PM

Re: Can not ping VlanInterface IP address via standby IRF member

My take:

  1. If I were you I will seriously consider a Daisy Chain IRF Topology (SW 1 IRF Port 1 to SW 2 IRF Port 2 where SW 1 IRF Port 1 has 1/1/1 and 1/1/2 as physical member interfaces and where SW 2 IRF Port 2 has 2/1/1 and 2/1/2 as physical member interfaces)...apparently looks sub-optimal - having no SW 1 IRF Port 2 and no SW 2 IRF Port 1 defined - but the only alternative to have some sort of simmetry [*] in case of Ring IRF Topology is to use front SFP+ ports in this way (let me say the case of 24 ports models): SW 1 IRF Port 1: 25+26, SW 1 IRF Port 2: 27+28 | SW 2 IRF Port 1: 25+26, SW 2 IRF Port 2: 27+28 and use, again, only SW 1 IRF Port 1 to SW 2 IRF Port 2 leaving remaining SW 2 IRF Port 1 and SW 1 IRF Port 2 ready for closing the Ring.
  2. diagnose the LAG (LACP) to Cisco ASA, from both ends.
  3. stay update (latest is Comware 7.10 R1311P03).

[*] I mean: from the physical interface standpoint (and not because there is a particular restriction/requirement in binding IRF Ports to physical ports on HPE 5130 HI)...it's "nice" having leftmost interfaces bound to IRF Port 1 and rightmost interfaces bound to IRF Port 2...but...since you have just one Slot...ports are simply 1|2/1/1 and 1|2/1/2...a nice setup will be having two Slots with 1 and 2 for Slot 1 and 1 and 2 for Slot 2...and the "crossing" will happen between ports of the leftmost Module (of the IRF Member 1) for IRF Port 1 with ports of the Rightmost Module (of the IRF Member 2) for IRF Port 2...I know this is just not-necessary and not-required...it's just a personal mindset.


I'm not an HPE Employee
Kudos and Accepted Solution banner
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.