Article Taggé HA

ip virtual-reassembly exceeded issue

Hi all,

Days ago I was facing an issue concerning a VRRP cluster (using keepalived). Every hour, the backup server was changing its VRRP state to master and two second later (after forced re-election) goes back to the backup state.

The same number of NICs are connected to every server, each NIC is configured in a vrrp_instance. But only one vrrp_instance on the backup server changed its state to master, the others did the same cause they belong to the same vrrp_sync_group.

The NIC changing its state is connected to a Cisco VPN router.

After many days of investigation (looking at if the server is receiving VRRP packets, if there were errors on the packets… if there were dropped packets…) I discovered in the log of the VPN router some messages which warn that virtual-reassembly parameter was exceeded… Heu ???

After searching, I increased this parameter on each interface of the Cisco VPN router :

ip virtual-reassembly max-reassemblies 32

This solves the problem, but until now I don’t know what was the real problem, sniffing didn’t give me too much information to analyse…

Add comment 7 septembre 2009

Gateway High Availability

Hi,

In this article I will explain the different techniques used for gateway high availability.

So first let’s explain what is a HA gateway ?
A high available gateway is a first-hope router (layer 3) that is available 100% (or almost) of time. This can be achieved using many strategies.

The most used, well known and reliable strategy is the first-hop redundancy where two or more routers act as a unique virtual gateway.
This strategy is divided into two techniques : Failover and Loadbalancing.

The failover technique defines a router as the master of the group and the others routers as the backups. When the master router goes down a backup router (depending on his priority) becomes the master.
The loadbalancing technique uses all the routers (all of them are masters). Every router is used, for example, in round robin manner.

The HSRP protocol (proprietary and no more supported by Cisco) and the VRRP protocol (Virtual Router Redundancy Protocol) are two protocols used for failover redundancy.

GLPB (Gateway Load Balancing Protocol) is a Cisco proprietary protocol that can be used for load balancing traffic between many gateways.

Here is a very nice cheat sheet from stretch

2 comments 23 juillet 2009

Widgets

See my LinkedIn profil
Mon profil Viadeo

Mots-clefs

802.1x Active Directory BSCI CCDA Cisco Debia domU Debian DNS ESX Failover LoadBalancing file permission Firewall Gateway First-Hop HA HSRP VRRP IPSec ISO keepalived LAN access Linux LiveCD NAT Netfilter netwo Network Para-virtualisation Redundancy Routing SSH svn vim VMKnoppix VPN VRRP word completion Xen

Commentaires récents

capcorne sur Deploying 802.1x for LAN …
feroz sur Deploying 802.1x for LAN …
capcorne sur Install a Xen PV domU from CD …
capcorne sur Gateway High Availability

Méta

Blog Stats

Archives