Good day,
I'm running into an issue since couple of days, I just can't work it out. I have an SRX650 cluster connected to two Cisco Catalyst 4506 in VSS mode. Each SRX chassis has a connection to adjacent 4506. I have an LACP Etherchannel between with an reth configured on the SRX and a Po on the VSS, Layer 3 configuration.
The SRX connects to my WAN on one side and my Production network, the VSS, on the orher, no filtering enabled yet ( still in building phase ) between the security zones. Hosts directly connect to the VSS, e.g. Production Network
My issue is :
- A device connected to the 1st VSS chassis is pingable from the WAN
- A device connected to the 2nd VSS chassis is not pingable from the WAN
- When i bring down either of the ports participating in the LACP Etherchannel down, device connected to the 2nd chassis becomes pingable.
- Configurations :
- SRX
set groups node0 chassis cluster redundancy-group 6 preempt
set groups node1 chassis cluster redundancy-group 6 preempt
set chassis cluster redundancy-group 6 node 0 priority 100
set chassis cluster redundancy-group 6 node 1 priority 1
set chassis cluster redundancy-group 6 interface-monitor ge-2/0/10 weight 255
set chassis cluster redundancy-group 6 interface-monitor ge-11/0/10 weight 255
set interfaces ge-2/0/10 gigether-options redundant-parent reth6
set interfaces ge-11/0/10 gigether-options redundant-parent reth6
set interfaces reth6 redundant-ether-options redundancy-group 6
set interfaces reth6 redundant-ether-options minimum-links 1
set interfaces reth6 redundant-ether-options lacp active
set interfaces reth6 redundant-ether-options lacp periodic slow
set interfaces reth6 unit 0 family inet address 172.26.0.209/29
- VSS
!
interface Port-channel60
ip address 172.26.0.210 255.255.255.248
!
interface GigabitEthernet1/4/4
description Po60 | SRX#1.ge-2/0/10 | reth6
no switchport
no ip address
channel-group 60 mode active
!
interface GigabitEthernet2/4/4
description Po60 | SRX#2.ge-2/0/10 | reth6
no switchport
no ip address
channel-group 60 mode active
!
- Some 'show' commands output
- SRX
root@SRX> show chassis cluster status redundancy-group 6
Cluster ID: 1
Node Priority Status Preempt Manual failover
Redundancy group: 6 , Failover count: 2
node0 100 primary yes no
node1 1 secondary yes no
{primary:node1}
root@SRX> show lacp interfaces reth6
Aggregated interface: reth6
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-11/0/10 Actor No No Yes Yes Yes Yes Slow Active
ge-11/0/10 Partner No No Yes Yes Yes Yes Slow Active
ge-2/0/10 Actor No No Yes Yes Yes Yes Slow Active
ge-2/0/10 Partner No No Yes Yes Yes Yes Slow Active
LACP protocol: Receive State Transmit State Mux State
ge-11/0/10 Current Slow periodic Collecting distributing
ge-2/0/10 Current Slow periodic Collecting distributing
root@SRX> show chassis cluster interfaces
Control link status: Up
Control interfaces:
Index Interface Status
0 fxp1 Up
Fabric link status: Up
Fabric interfaces:
Name Child-interface Status
(Physical/Monitored)
fab0 ge-0/0/2 Up / Up
fab0
fab1 ge-9/0/2 Up / Up
fab1
Redundant-ethernet Information:
Name Status Redundancy-group
...
reth6 Up 6
...
Redundant-pseudo-interface Information:
Name Status Redundancy-group
lo0 Up 0
Interface Monitoring:
Interface Weight Status Redundancy-group
...
ge-11/0/10 255 Up 6
ge-2/0/10 255 Up 6
...
- VSS
VSS#show etherchannel 60 summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 10
Number of aggregators: 10
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
60 Po60(RU) LACP Gi1/4/4(P) Gi2/4/4(P)
VSS#show lacp 60 internal
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 60
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi1/4/4 SA bndl 32768 0x3C 0x3C 0x13D 0x3D
Gi2/4/4 SA bndl 32768 0x3C 0x3C 0x13E 0x3D
VSS#show lacp 60 neighbor
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 60 neighbors
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Gi1/4/4 SA 127 0010.dbff.1000 27s 0x0 0x87 0xB 0x3D
Gi2/4/4 SA 127 0010.dbff.1000 3s 0x0 0x87 0xF 0x3D
Any idea is over welcomed.
Thanks,
Cheers