ip virtual-reassembly exceeded issue
7 septembre 2009
Hi all,
Days ago I was facing an issue concerning a VRRP cluster (using keepalived). Every hour, the backup server was changing its VRRP state to master and two second later (after forced re-election) goes back to the backup state.
The same number of NICs are connected to every server, each NIC is configured in a vrrp_instance. But only one vrrp_instance on the backup server changed its state to master, the others did the same cause they belong to the same vrrp_sync_group.
The NIC changing its state is connected to a Cisco VPN router.
After many days of investigation (looking at if the server is receiving VRRP packets, if there were errors on the packets… if there were dropped packets…) I discovered in the log of the VPN router some messages which warn that virtual-reassembly parameter was exceeded… Heu ???
After searching, I increased this parameter on each interface of the Cisco VPN router :
ip virtual-reassembly max-reassemblies 32
This solves the problem, but until now I don’t know what was the real problem, sniffing didn’t give me too much information to analyse…
Entry Filed under: HA, Networking. Mots-clefs: Cisco, HA, keepalived, Linux, VPN, VRRP.
Trackback this post | Subscribe to the comments via RSS Feed