I'm using a couple of C9300 stacked cisco switches on which we plug in customer owned firewalls in a ha setup.
If either switch dies the other switch should carry on and the same for the customer firewalls.
I've just come across a strange bug (at least I think it's a bug) which is causing failover to not work.
Each customer firewall has its inside interface in a vrf (mpls customers). We simply have a static default route pointed to the customers inside interface of their firewall. The backup firewall will take over this IP in the event of a failure of their primary. All pretty simple.
Now we recently had an issue where a customers firewall failed over. It all looked fine on the switch, Arp tables, mac address table etc were all updated but for some reason the default route pointing to their firewall was being ignored. The only way I could get traffic to use the default route was to remove it and add it back exactly as it was.
Clearing arp entries, mac tables etc didn't fix it. Only removing the default route and adding it back.
This is despite it all looking fine in the routing table.
I'm going to look at upgrading the ios but just wondered if anyone else has seen this?
Thanks
No comments:
Post a Comment