Hello,
Ran across this recently on a core switch pair of Nexus 9ks configured by a previous vendor. Symptoms where odd ingress speed issues via a Meraki VPN link. Egress is fine so I started to look at the configs and do some testing from each switch.
I do not have current diagrams for this network but its fairly simple -
2 Nexus 93180ex-yc's in a VPC pair NX-OS 7.3
2 Wan connected L2 trunked from 2 4431 ISRs
Meraki MX 100 as the last hop to ether the VPN or out to the net
10.8.120.254 should be the gateway while 10.8.120.1 is the hsrp VIP for VLAN 120
I can not remove 10.8.120.1 via no ip route
Also one switch can ping 8.8.8.8 while the other can't, however, they can both ping 1.1.1.1
VPC Peer-Link config -
sw1# sh run | sec vpc feature vpc vpc domain 150 peer-keepalive destination 172.16.150.2 source 172.16.150.1 peer-gateway layer3 peer-router auto-recovery ip arp synchronize vpc peer-link interface port-channel1 description ***VPC Peer Link*** switchport mode trunk spanning-tree port type network vpc peer-link
Here's what I see in the routing table -
sw1# sh ip route IP Route Table for VRF "default" '*' denotes best ucast next-hop '**' denotes best mcast next-hop '[x/y]' denotes [preference/metric] '%<string>' in via output denotes VRF <string> 0.0.0.0/0, ubest/mbest: 2/0 *via 10.8.120.1, [1/0], 1y9w, static *via 10.8.120.254, [1/0], 1y9w, static 10.8.99.0/24, ubest/mbest: 1/0, attached *via 10.8.99.250, Vlan99, [0/0], 1y9w, direct 10.8.99.1/32, ubest/mbest: 1/0, attached *via 10.8.99.1, Vlan99, [0/0], 1y9w, hsrp 10.8.99.250/32, ubest/mbest: 1/0, attached *via 10.8.99.250, Vlan99, [0/0], 1y9w, local 10.8.100.0/23, ubest/mbest: 1/0, attached *via 10.8.101.250, Vlan100, [0/0], 1y9w, direct 10.8.100.1/32, ubest/mbest: 1/0, attached *via 10.8.100.1, Vlan100, [0/0], 1y9w, hsrp 10.8.101.250/32, ubest/mbest: 1/0, attached *via 10.8.101.250, Vlan100, [0/0], 1y9w, local 10.8.102.0/23, ubest/mbest: 1/0, attached *via 10.8.103.250, Vlan102, [0/0], 1y9w, direct 10.8.102.1/32, ubest/mbest: 1/0, attached *via 10.8.102.1, Vlan102, [0/0], 1y9w, hsrp 10.8.103.250/32, ubest/mbest: 1/0, attached *via 10.8.103.250, Vlan102, [0/0], 1y9w, local 10.8.104.0/23, ubest/mbest: 1/0, attached *via 10.8.105.250, Vlan104, [0/0], 1y9w, direct 10.8.104.1/32, ubest/mbest: 1/0, attached *via 10.8.104.1, Vlan104, [0/0], 1y9w, hsrp 10.8.105.250/32, ubest/mbest: 1/0, attached *via 10.8.105.250, Vlan104, [0/0], 1y9w, local 10.8.106.0/23, ubest/mbest: 1/0, attached *via 10.8.107.250, Vlan106, [0/0], 1y9w, direct 10.8.106.1/32, ubest/mbest: 1/0, attached *via 10.8.106.1, Vlan106, [0/0], 1y9w, hsrp 10.8.107.250/32, ubest/mbest: 1/0, attached *via 10.8.107.250, Vlan106, [0/0], 1y9w, local 10.8.108.0/23, ubest/mbest: 1/0, attached *via 10.8.109.250, Vlan108, [0/0], 1y9w, direct 10.8.108.1/32, ubest/mbest: 1/0, attached *via 10.8.108.1, Vlan108, [0/0], 1y9w, hsrp 10.8.109.250/32, ubest/mbest: 1/0, attached *via 10.8.109.250, Vlan108, [0/0], 1y9w, local 10.8.110.0/23, ubest/mbest: 1/0, attached *via 10.8.111.250, Vlan110, [0/0], 1y9w, direct 10.8.110.1/32, ubest/mbest: 1/0, attached *via 10.8.110.1, Vlan110, [0/0], 1y9w, hsrp 10.8.111.250/32, ubest/mbest: 1/0, attached *via 10.8.111.250, Vlan110, [0/0], 1y9w, local 10.8.112.0/23, ubest/mbest: 1/0, attached *via 10.8.113.250, Vlan112, [0/0], 1y9w, direct 10.8.112.1/32, ubest/mbest: 1/0, attached *via 10.8.112.1, Vlan112, [0/0], 1y9w, hsrp 10.8.113.250/32, ubest/mbest: 1/0, attached *via 10.8.113.250, Vlan112, [0/0], 1y9w, local 10.8.118.0/24, ubest/mbest: 1/0, attached *via 10.8.118.250, Vlan118, [0/0], 1y9w, direct 10.8.118.1/32, ubest/mbest: 1/0, attached *via 10.8.118.1, Vlan118, [0/0], 1y9w, hsrp 10.8.118.250/32, ubest/mbest: 1/0, attached *via 10.8.118.250, Vlan118, [0/0], 1y9w, local 10.8.119.0/24, ubest/mbest: 1/0, attached *via 10.8.119.250, Vlan119, [0/0], 1y9w, direct 10.8.119.1/32, ubest/mbest: 1/0, attached *via 10.8.119.1, Vlan119, [0/0], 1y9w, hsrp 10.8.119.250/32, ubest/mbest: 1/0, attached *via 10.8.119.250, Vlan119, [0/0], 1y9w, local 10.8.120.0/24, ubest/mbest: 1/0, attached *via 10.8.120.250, Vlan120, [0/0], 1y9w, direct 10.8.120.1/32, ubest/mbest: 1/0, attached *via 10.8.120.1, Vlan120, [0/0], 1y9w, hsrp 10.8.120.250/32, ubest/mbest: 1/0, attached *via 10.8.120.250, Vlan120, [0/0], 1y9w, local 10.8.121.0/24, ubest/mbest: 1/0, attached *via 10.8.121.250, Vlan121, [0/0], 1y9w, direct 10.8.121.1/32, ubest/mbest: 1/0, attached *via 10.8.121.1, Vlan121, [0/0], 1y9w, hsrp 10.8.121.250/32, ubest/mbest: 1/0, attached *via 10.8.121.250, Vlan121, [0/0], 1y9w, local 10.8.122.0/24, ubest/mbest: 1/0, attached *via 10.8.122.250, Vlan122, [0/0], 1y9w, direct 10.8.122.1/32, ubest/mbest: 1/0, attached *via 10.8.122.1, Vlan122, [0/0], 1y9w, hsrp 10.8.122.250/32, ubest/mbest: 1/0, attached *via 10.8.122.250, Vlan122, [0/0], 1y9w, local 10.8.123.0/24, ubest/mbest: 1/0, attached *via 10.8.123.250, Vlan123, [0/0], 1y9w, direct 10.8.123.1/32, ubest/mbest: 1/0, attached *via 10.8.123.1, Vlan123, [0/0], 1y9w, hsrp 10.8.123.250/32, ubest/mbest: 1/0, attached *via 10.8.123.250, Vlan123, [0/0], 1y9w, local 10.8.124.0/24, ubest/mbest: 1/0, attached *via 10.8.124.250, Vlan124, [0/0], 1y9w, direct 10.8.124.1/32, ubest/mbest: 1/0, attached *via 10.8.124.1, Vlan124, [0/0], 1y9w, hsrp 10.8.124.250/32, ubest/mbest: 1/0, attached *via 10.8.124.250, Vlan124, [0/0], 1y9w, local 10.8.125.0/24, ubest/mbest: 1/0, attached *via 10.8.125.250, Vlan125, [0/0], 1y9w, direct 10.8.125.1/32, ubest/mbest: 1/0, attached *via 10.8.125.1, Vlan125, [0/0], 1y9w, hsrp 10.8.125.250/32, ubest/mbest: 1/0, attached *via 10.8.125.250, Vlan125, [0/0], 1y9w, local 10.8.126.0/23, ubest/mbest: 1/0, attached *via 10.8.127.250, Vlan126, [0/0], 1y9w, direct 10.8.126.1/32, ubest/mbest: 1/0, attached *via 10.8.126.1, Vlan126, [0/0], 16:33:32, hsrp 10.8.127.250/32, ubest/mbest: 1/0, attached *via 10.8.127.250, Vlan126, [0/0], 1y9w, local 10.155.12.40/32, ubest/mbest: 1/0 *via 10.8.120.254, [1/0], 1y9w, static 10.155.12.55/32, ubest/mbest: 1/0 SW2 is identical
During some testing yesterday I decided to shut one of the SVI's associated with the WiFi to test routing behavior with just 1 int. Doing that on the Primary caused total disruption in traffic which was unexpected.
I believe this was caused by a copy/paste of the config from a set of 4500x's as the mgmt vrf had its own GW. I also believe ripping off the config, correcting, and tftping the startup config back might be the only solution here but wanted to get some more opinions before I call TAC.
No comments:
Post a Comment