The issue was caused by the spanning tree behavior on the trunk connecting R1 and R2. R1 became a duplicate VRRP Master on interface VLAN1100 with priority of 200 immediately after the link went up on Gi4/39. After the reconvergence of spanning tree R1 took over R2's Master Role because it had a higher priority and two duplicate VRRP Masters for the same group were present on the same VLAN.
Sequence of events: R1 shutdown R2 becomes VRRP Master R1 powers on R1 VLAN1100 becomes active R1 becomes VRRP Master for VLAN1100 while spanning tree is still moving thru the BLCK/LIST/LEAR stages R2 is still a VRRP Master - no connectivity exists between two VLAN1100 segments spanned across two switches R1/2 spanning tree completes the reconvergence R1 detects R2's Master Role and at this point there are two duplicate VRRP Masters on the same segment R1 takes over due to a higher configured VRRP priority R2 moves to a Backup state Testing in the lab confirmed this behavior: Rack1R8#sho vrrp all Vlan5 - Group 1 State is Master Virtual IP address is 1.1.1.10 Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1.000 sec Preemption disabled Priority is 100 Master Router is 1.1.1.2 (local), priority is 100 Master Advertisement interval is 1.000 sec Master Down interval is 3.609 sec Rack1R8# *Mar 1 00:09:51.523: %VRRP-6-STATECHANGE: Vl5 Grp 1 state Master -> Backup -----Original Message----- From: Gier, Menno de (Menno) [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 01, 2007 6:00 AM To: Tolstykh, Andrew; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption Here is the requested output: R1#show spanning-tree vlan 1100 detail VLAN1100 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, sysid 1100, address 0015.c721.7880 Configured hello time 2, max age 20, forward delay 15 Current root has priority 33868, address 0015.c721.68c0 Root port is 423 (GigabitEthernet4/39), cost of root path is 4 Topology change flag not set, detected flag not set Number of topology changes 73 last change occurred 20:20:13 ago from GigabitEthernet3/25 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 0, topology change 0, notification 0, aging 300 Port 281 (GigabitEthernet3/25) of VLAN1100 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.281. Designated root has priority 33868, address 0015.c721.68c0 Designated bridge has priority 33868, address 0015.c721.7880 Designated port id is 128.281, designated path cost 4 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 36597, received 0 Port 423 (GigabitEthernet4/39) of VLAN1100 is forwarding Port path cost 4, Port priority 128, Port Identifier 128.423. Designated root has priority 33868, address 0015.c721.68c0 Designated bridge has priority 33868, address 0015.c721.68c0 Designated port id is 128.423, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 73, received 4573075 R2#show spanning-tree vlan 1100 detail VLAN1100 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, sysid 1100, address 0015.c721.68c0 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag not set, detected flag not set Number of topology changes 34 last change occurred 20:19:22 ago from GigabitEthernet4/39 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 1, topology change 0, notification 0, aging 300 Port 282 (GigabitEthernet3/26) of VLAN1100 is forwarding Port path cost 4, Port priority 128, Port Identifier 128.282. Designated root has priority 33868, address 0015.c721.68c0 Designated bridge has priority 33868, address 0015.c721.68c0 Designated port id is 128.282, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 3073752, received 0 Port 423 (GigabitEthernet4/39) of VLAN1100 is forwarding Port path cost 4, Port priority 128, Port Identifier 128.423. Designated root has priority 33868, address 0015.c721.68c0 Designated bridge has priority 33868, address 0015.c721.68c0 Designated port id is 128.423, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 4573029, received 72 /M -----Original Message----- From: Tolstykh, Andrew [mailto:[EMAIL PROTECTED] Sent: dinsdag 31 juli 2007 22:50 To: Gier, Menno de (Menno); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption Router configured with no preempt will never attempt to transfer the master role in presence of the existing Master. Do you have spanning tree enabled on the segment connecting R1 to R2? Most likely you rebooted the second switch and it caused the spanning tree reconvergence on the trunk that connects two switches together. VRRP group 10 on R1 became active before it had a chance to detect the existing group with the same ID running on R2. Please post: show spanning-tree vlan 1100 detail -----Original Message----- From: Gier, Menno de (Menno) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 31, 2007 3:33 PM To: cisco-nsp@puck.nether.net Cc: Tolstykh, Andrew Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption We don't want the router to switch back if the original master recovers. My understanding from no preemption is that there will no switch back unless manual override or if the 'new' master fails. We use interface Vlan1100 ip address 10.0.0.2 255.255.255.0 vrrp 10 ip 10.0.0.1 no vrrp 10 preempt vrrp 10 priority 200 Below is the output. /M R1#show vrrp all Vlan1100 - Group 10 State is Master Virtual IP address is 10.0.0.1 Virtual MAC address is 0000.5e00.010a Advertisement interval is 1.000 sec Preemption disabled Priority is 200 Master Router is 10.0.0.2 (local), priority is 200 Master Advertisement interval is 1.000 sec Master Down interval is 3.218 sec R1#show vrrp interface Vlan 1100 Vlan1100 - Group 10 State is Master Virtual IP address is 10.0.0.1 Virtual MAC address is 0000.5e00.010a Advertisement interval is 1.000 sec Preemption disabled Priority is 200 Master Router is 10.0.0.2 (local), priority is 200 Master Advertisement interval is 1.000 sec Master Down interval is 3.218 sec R2#show vrrp all Vlan1100 - Group 10 State is Backup Virtual IP address is 10.0.0.1 Virtual MAC address is 0000.5e00.010a Advertisement interval is 1.000 sec Preemption disabled Priority is 100 Master Router is 10.0.0.2, priority is 200 Master Advertisement interval is 1.000 sec Master Down interval is 3.609 sec (expires in 2.681 sec) R2#show vrrp interface Vlan 1100 Vlan1100 - Group 10 State is Backup Virtual IP address is 10.0.0.1 Virtual MAC address is 0000.5e00.010a Advertisement interval is 1.000 sec Preemption disabled Priority is 100 Master Router is 10.0.0.2, priority is 200 Master Advertisement interval is 1.000 sec Master Down interval is 3.609 sec (expires in 2.717 sec) # -----Original Message----- From: Tolstykh, Andrew [mailto:[EMAIL PROTECTED] Sent: dinsdag 31 juli 2007 22:18 To: Gier, Menno de (Menno); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Cisco 6509 VRRP no preemption Please post the output of the VRRP interface configuration and "show vrrp all" commands. By default VRRP will preempt for all configured groups. You need to disable preemption explicitly with no vrrp [group] preempt. By default, a preemptive scheme is enabled whereby a higher priority virtual router backup that becomes available takes over for the virtual router backup that was elected to become virtual router master. You can disable this preemptive scheme using the no vrrp preempt command. If preemption is disabled, the virtual router backup that is elected to become virtual router master remains the master until the original virtual router master recovers and becomes master again. ISP1-INET-RTR1#sho vrrp all FastEthernet0/0 - Group 1 State is Master Virtual IP address is 160.1.1.2 Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1.000 sec Preemption enabled Priority is 100 Master Router is 160.1.1.1 (local), priority is 100 Master Advertisement interval is 1.000 sec Master Down interval is 3.609 sec no vrrp 1 preempt ISP1-INET-RTR1#sho vrrp all FastEthernet0/0 - Group 1 State is Master Virtual IP address is 160.1.1.2 Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1.000 sec Preemption disabled Priority is 100 Master Router is 160.1.1.1 (local), priority is 100 Master Advertisement interval is 1.000 sec Master Down interval is 3.609 sec -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gier, Menno de (Menno) Sent: Tuesday, July 31, 2007 2:25 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco 6509 VRRP no preemption All, We have two Cisco 6509 switches (A1 and A2) running VRRP over a trunk between both switches. We have configured VRRP with no vrrp preemption. After a power down of switch A1, which was selected as master VRRP, the VRRP moved to the switch A2, as it should be. After power up it of the switch A1 it became Master for the VRRP again and the other switch A2 became backup unexpectedly. Is this normal behavior of VRRP after a reboot? We have configured VRRP to be non preemption to avoid a second traffic interruption. We want to have the switch-over taking place in service hours under our control. Thanks in advance, /mg _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/