Hi Matthew,
I am seeing a couple of issues (possible bugs) when running VRRP to backup a
router’s loopback BVI interface.
In networking-vpp, we use a Loopback BVI interface to connect an L3 VRF to an
L2 Bridge Domain.
We are working to add the L3 HA feature on this interface using VRRP.
Appreciate your help in resolving these issues!
1. Issue #1:
The VRRP Master VR's Virtual MAC address - 00:00:5e:00:01:0a is not added to
the L2 FIB pointing to the loopback BVI.
As a result, L2 packets from a VM destined to the VRRP mac are getting
flooded.
Adding the Virtual MAC to the l2fib, using vppctl resolves this issue.
# vppctl l2fib add 00:00:5e:00:01:0a 12 loop1 bvi
(On the Master VR)
vpp# show vrrp vr
[0] sw_if_index 15 VR ID 10 IPv4
state Master flags: preempt yes accept yes unicast no
priority: configured 110 adjusted 110
timers: adv interval 100 master adv 100 skew 57 master down 357
virtual MAC 00:00:5e:00:01:0a
addresses 10.4.4.5
peer addresses
tracked interfaces
vpp# show l2fib all
Mac-Address BD-Idx If-Idx BSN-ISN Age(min) static filter bvi
Interface-Name
fa:16:3e:9e:e9:09 1 14 0/0 no * - *
loop0
54:7f:ee:60:54:2a 2 12 0/1 0 - - -
TenGigabitEthernet6/0/0.110
fa:16:3e:e6:19:25 2 12 0/1 0 - - -
TenGigabitEthernet6/0/0.110
fa:16:3e:f0:10:b5 2 15 0/0 no * - *
loop1
02:fe:d3:57:6e:5e 2 12 0/1 2 - - -
TenGigabitEthernet6/0/0.110
fa:16:3e:61:ff:75 2 13 0/1 0 - - -
VirtualEthernet0/0/1
54:7f:ee:60:54:7c 1 9 0/1 0 - - -
TenGigabitEthernet6/0/0.111
54:7f:ee:60:54:2a 1 9 0/1 0 - - -
TenGigabitEthernet6/0/0.111
28:94:0f:99:24:3f 1 9 0/1 0 - - -
TenGigabitEthernet6/0/0.111
vpp# show err
Count Node Reason
75 null-node blackholed packets
6 acl-plugin-out-ip4-l2 new sessions added
320 acl-plugin-out-ip4-l2 existing session packets
326 acl-plugin-out-ip4-l2 checked packets
7 acl-plugin-out-ip6-l2 ACL deny packets
7 acl-plugin-out-ip6-l2 checked packets
1 acl-plugin-in-ip4-l2 new sessions added
158 acl-plugin-in-ip4-l2 existing session packets
159 acl-plugin-in-ip4-l2 checked packets
1 arp-reply ARP hw addr does not match L2
frame src addr
141 ip4-input Multicast RPF check failed
3 ip4-local ip4 source lookup miss
13 lldp-input lldp packets received on
disabled interfaces
6 snap-input unknown oui/snap protocol
107 llc-input unknown llc ssap/dsap
229 l2-input-acl input ACL hits
70 l2-input-acl input ACL hits after chain
walk
1290 l2-output L2 output packets
610 l2-learn L2 learn packets
10 l2-learn L2 learn misses
24 l2-learn L2 learn hit updates
793 l2-input L2 input packets
618 l2-flood L2 flood packets
<----------------
215 l2-flood BVI packet with unhandled
ethertype
5 ethernet-input no error
14381 ethernet-input unknown vlan
2 TenGigabitEthernet6/0/0-output interface is down
vpp# show err
Count Node Reason
78 null-node blackholed packets
6 acl-plugin-out-ip4-l2 new sessions added
406 acl-plugin-out-ip4-l2 existing session packets
412 acl-plugin-out-ip4-l2 checked packets
9 acl-plugin-out-ip6-l2 ACL deny packets
9 acl-plugin-out-ip6-l2 checked packets
1 acl-plugin-in-ip4-l2 new sessions added
200 acl-plugin-in-ip4-l2 existing session packets
201 acl-plugin-in-ip4-l2 checked packets
1 arp-reply ARP hw addr does not match L2
frame src addr
185 ip4-input Multicast RPF check failed
4 ip4-local ip4 source lookup miss
15 lldp-input lldp packets received on
disabled interfaces
7 snap-input unknown oui/snap protocol
128 llc-input unknown llc ssap/dsap
275 l2-input-acl input ACL hits
74 l2-input-acl input ACL hits after chain
walk
1574 l2-output L2 output packets
746 l2-learn L2 learn packets
10 l2-learn L2 learn misses
30 l2-learn L2 learn hit updates
970 l2-input L2 input packets
749 l2-flood L2 flood packets
<----------------
257 l2-flood BVI packet with unhandled
ethertype
5 ethernet-input no error
17127 ethernet-input unknown vlan
2 TenGigabitEthernet6/0/0-output interface is down
# After adding the Virtual MAC to L2 fib
vpp# show l2fib all
Mac-Address BD-Idx If-Idx BSN-ISN Age(min) static filter bvi
Interface-Name
fa:16:3e:9e:e9:09 1 14 0/0 no * - *
loop0
54:7f:ee:60:54:2a 2 12 0/1 0 - - -
TenGigabitEthernet6/0/0.110
fa:16:3e:e6:19:25 2 12 0/1 0 - - -
TenGigabitEthernet6/0/0.110
fa:16:3e:f0:10:b5 2 15 0/0 no * - *
loop1
fa:16:3e:61:ff:75 2 13 0/1 0 - - -
VirtualEthernet0/0/1
00:00:5e:00:01:0a 2 15 0/0 no * - *
loop1 <---- manually added
54:7f:ee:60:54:7c 1 9 0/1 0 - - -
TenGigabitEthernet6/0/0.111
54:7f:ee:60:54:2a 1 9 0/1 0 - - -
TenGigabitEthernet6/0/0.111
28:94:0f:99:24:3f 1 9 0/1 0 - - -
TenGigabitEthernet6/0/0.111
Issue#2: VRRP log on the master VR below says that the Virtual MAC has been
added to the hardware interface 13.
However, if this interface is a loopback BVI, the virtual mac
is not added to it, resulting in a BVI L3 Mac mismatch.
vrrp_vr_start_stop:756: 1 VRs configured, 1 VRs running
vrrp_vr_transition:283: VR [0] sw_if_index 15 VR ID 10 IPv4 transitioning to
Master
vrrp_vr_transition_addrs:238: Adding VR addresses on sw_if_index 15
vrrp_vr_transition_vmac:123: Adding virtual MAC address 00:00:5e:00:01:0a on
hardware interface 13 <--------
vpp# show hard loop1
Name Idx Link Hardware
loop1 13 up loop1
Link speed: unknown
Ethernet address fa:16:3e:f0:10:b5 <--------- Still shows the original
mac and not the virtual VRRP MAC
vpp# show err
Count Node Reason
457 null-node blackholed packets
1 dpdk-input no error
10 acl-plugin-out-ip4-l2 new sessions added
3636 acl-plugin-out-ip4-l2 existing session packets
3646 acl-plugin-out-ip4-l2 checked packets
18 acl-plugin-out-ip6-l2 ACL deny packets
18 acl-plugin-out-ip6-l2 checked packets
1 acl-plugin-in-ip4-l2 new sessions added
1800 acl-plugin-in-ip4-l2 existing session packets
1801 acl-plugin-in-ip4-l2 checked packets
2 arp-reply ARP hw addr does not match L2
frame src addr
1413 ip4-input Multicast RPF check failed
27 ip4-local ip4 source lookup miss
74 lldp-input lldp packets received on
disabled interfaces
36 snap-input unknown oui/snap protocol
1016 llc-input unknown llc ssap/dsap
2208 l2-input-acl input ACL hits
407 l2-input-acl input ACL hits after chain
walk
12795 l2-output L2 output packets
6444 l2-learn L2 learn packets
17 l2-learn L2 learn misses
250 l2-learn L2 learn hit updates
8436 l2-input L2 input packets
82 l2-fwd BVI L3 MAC mismatch
205 l2-fwd Reflection Drop
6454 l2-flood L2 flood packets
522 l2-flood BVI L3 mac mismatch
<---------------------------
2041 l2-flood BVI packet with unhandled
ethertype
5 ethernet-input no error
131885 ethernet-input unknown vlan
2 TenGigabitEthernet6/0/0-output interface is down
Do let me know if I am missing something here.
Looking forward to your response.
Thanks,
Naveen
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17289): https://lists.fd.io/g/vpp-dev/message/17289
Mute This Topic: https://lists.fd.io/mt/76440910/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
