amsoares at netcabo
Jun 14, 2012, 8:14 AM
Post #2 of 2
(410 views)
Permalink
|
Guys,
TAC case and Bug found:
CSCtt07457
++++++++++++++++++++++++++++++++
Traffic stops after failover as connected routes are "possibly down"
Symptom: Connected routes go into "possibly down" state on Active ASA after
failover when OSPF is configured and traffic stops.
For example:
C 10.1.1.0 255.255.255.252 is directly connected, faillink
C 192.168.1.0 255.255.255.0 is possibly down,
routing via 0.0.0.0, inside
C 192.0.2.0 255.255.255.0 is possibly down,
routing via 0.0.0.0, outside
O 192.168.3.0 255.255.255.0 [110/11] via 192.168.1.2, 0:00:57, inside
S* 0.0.0.0 0.0.0.0 [1/0] via 192.0.2.2, outside
Conditions: This happens when OSPF is configured on failover pair.
Workaround: Do not use OSPF with failover. Shut / no shut affected
interfaces to populate routing table.
++++++++++++++++++++++++++++++++
If you have 8.4.2-8 with Failover and OSPF/EIGRP, run away from this image.
I will test 8.4.2-14 that TAC will provide shortly.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares [at] netcabo
http://www.ccie18473.net
-----Original Message-----
From: Antonio Soares [mailto:amsoares [at] netcabo]
Sent: terça-feira, 12 de Junho de 2012 17:58
To: 'cisco-nsp [at] puck'
Subject: ASA 8.4.2-8 OSPF Bug
Hello group,
I was troubleshooting a network down issue I had a few days ago, basically a
cluster of ASAs running 8.4.2-8 didn't behave as expected. The
primary/active went down and the secondary went active but the OSPF
adjacency with a 3750 switch remained down.
Today I was playing with a pair of ASA5540 running this release and I found
a potential bug that could be related with the problem I had.
After issuing the command "clear ospf process" on the active ASA, the
adjacency never comes up again.
Basic lab I have:
ASA1(Pri/Act)===Trunk===Cisco3550===Access===7200(R1)
ASA2(Sec/Stby)===Trunk===Cisco3550===Access===7200(R2)
On the ASA side I see the OSPF State moving from EXSTART to DOWN and on the
7200's side I see it moving from EXSTART to INIT. And this repeats over and
over until I switch the active ASA or I do the magical "reload" command. The
problem happens if the Active is the Primary or Secondary Unit. I was able
to reproduce the problem with only one ASA but configured with failover.
Has someone seen something like this ? If someone wants to reproduce the
problem, you may need to issue the "clear ospf process" several times.
Maybe this is expected, the HA feature was introduced with 8.4... :)
"Stateful Failover with Dynamic Routing Protocols
Routes that are learned through dynamic routing protocols (such as OSPF and
EIGRP) on the active unit are now maintained in a Routing Information Base
(RIB) table on the standby unit. Upon a failover event, traffic on the
secondary active unit now passes with minimal disruption because routes are
known.
We modified the following commands: show failover, show route, show route
failover."
Thanks.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares [at] netcabo
http://www.ccie18473.net
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
|
