Options
AX 2500 in two different locations
willoutte
Member ✭
Hi,
My company has two AX 2500 (2.7.1-GR1) forming an aVCS cluster. The boxes are in the same building right now and we want to move one box to another DC. Both sites are connected via L2 service and latency is low. The interface election protocol runs on the management interface for aVCS.
We want to keep the benefits of the current setup: aVCS, vrrp-a, ha connection Mirror.
The VCS multicast address is manually set. The vrrp-a interface is set as well and vlan-tagged.
So I have a couple of questions regarding this change.
Where the avcs admin traffic is taking place? management interface? Is it fine to cross couple of switches for the aVCS traffic? Is there a particular config for the multicast to enable?
I've captured traffic from data interfaces (where the VIP address are used) and there's no track of vrrp multicast address. So I conclude that the vrrp-a traffic is located on the interface we set. Is this correct?
Are there other requirements for aVCS/VRRP-a besides sharing the same Layer 2 broadcast domain and software version?
Last but not least, is there a document, use case for a deployment like this?
Thanks,
Will
My company has two AX 2500 (2.7.1-GR1) forming an aVCS cluster. The boxes are in the same building right now and we want to move one box to another DC. Both sites are connected via L2 service and latency is low. The interface election protocol runs on the management interface for aVCS.
We want to keep the benefits of the current setup: aVCS, vrrp-a, ha connection Mirror.
The VCS multicast address is manually set. The vrrp-a interface is set as well and vlan-tagged.
So I have a couple of questions regarding this change.
Where the avcs admin traffic is taking place? management interface? Is it fine to cross couple of switches for the aVCS traffic? Is there a particular config for the multicast to enable?
I've captured traffic from data interfaces (where the VIP address are used) and there's no track of vrrp multicast address. So I conclude that the vrrp-a traffic is located on the interface we set. Is this correct?
Are there other requirements for aVCS/VRRP-a besides sharing the same Layer 2 broadcast domain and software version?
Last but not least, is there a document, use case for a deployment like this?
Thanks,
Will
0
Comments
We are running two Thunder 3030S devices (4.1.0-P1 build 16) in a aVCS,vrrp-a setup which are in separate physical buildings on the same DC site which is akin to separate DCs. The 3030s connect to a core switch in each building with a dedicated VLAN which is then trunked across a L2 connection between buildings (the link also carries other data in different VLANs). We have no problems with the HA/VRRP working successfully across the sites. We also run multiple VRIDs with the active devices in each building.
The only difference from your description apart from the models is that I have set up a dedicated VLAN and Trunk port to connect to the core switches (cisco) via an Etherchannel/Port-channel (2 ports in each HA trunk for redundancy) to handle the VRRP/aVCS traffic rather than the management ports. an example of the config set up below:
vlan 1/999
tagged trunk 2
router-interface ve 999
!
vlan 2/999
tagged trunk 2
router-interface ve 999
!
interface ethernet 1/5
name "*** HA Link to Switch A - G9-21 - Site 1 ****"
enable
trunk-group 2 lacp
!
interface ethernet 1/6
name "*** HA Link to Switch A - G10-21 - Site 1 ****"
enable
trunk-group 2 lacp
!
interface ethernet 2/5
name "**** HA Link to Switch B - G9-21 - Site 2 ****"
enable
trunk-group 2 lacp
!
interface ethernet 2/6
name "**** HA Link to Switch B - G10-21 - Site 2 ****"
enable
trunk-group 2 lacp
!
interface trunk 1/2
name "HA Link to Switch A - Site 1"
!
interface trunk 2/2
name "HA Link to Switch B - Site 2"
!
vcs device 1
priority 200
interfaces ve 999
interfaces trunk 2
affinity-vrrp-a-vrid 0
enable
!
vcs device 2
priority 150
interfaces ve 999
interfaces trunk 2
affinity-vrrp-a-vrid 1
enable
!
vrrp-a interface trunk 1/2
vlan 999
!
vrrp-a interface trunk 2/2
vlan 999
!
interface ve 1/999
name "SVI999-LB01 - Site 1"
enable
ip address 10.10.0.1 255.255.255.224
!
interface ve 2/999
name "SVI999-LB02 - Site 2"
enable
ip address 10.10.0.2 255.255.255.224
!
device-context 1
vrrp-a preferred-session-sync-port trunk 2 vlan 999
!
device-context 2
vrrp-a preferred-session-sync-port trunk 2 vlan 999
The original install was setup in version 2.7.1 which also worked fine.
Hope this helps.
Ryan
Thank for your reply. That's what I was looking for.
I still have a question regarding the specific intefaces.
What's the difference between these two commands?
vrrp-a interface trunk 2 vlan 999 (the config I have) and
vrrp-a preferred-session-sync-port trunk 2 vlan 999
Does it means there's no track of VRRP or aVCS nowhere with the exception of interface trunk 2?
Thanks again for your detailed answer.
Will
Glad it was of some use. In reply to your question. As I understand it -
vrrp-a interface trunk 2 vlan 999 - specifies the vlan and interface to send and listen for vrrp-a hello packets. by default all interfaces in an 'UP' state will participate.
vrrp-a preferred-session-syn-port trunk 2 vlan 999 - specifies the interface on which to receive synchronized sessiosn. The default behavior is for VRRP-A (on the backup device) to automatically select the Ethernet interface on which to receive sync sessions.
as you can see from the example config I posted previously, i have both the interface and preferred session set as the same:
vrrp-a interface trunk 1/2
vlan 999
!
vrrp-a interface trunk 2/2
vlan 999
!
device-context 1
vrrp-a preferred-session-sync-port trunk 2 vlan 999
!
device-context 2
vrrp-a preferred-session-sync-port trunk 2 vlan 999
Now whether you need both set and is optimal for performance to have both set, maybe an A10 employee can enlighten us both. This is what I have got set and it all appears to be working fine.
Rgds
Ryan
Just a heads-up about this subject. We moved the box and it went well. VCS and VRRP run well.
The things I've noticed:
- You can not modify the config of a VCS member when it's offline. I thought it was possible as the config is centrally managed.
- The box we've moved reboot after been VCS synced.
Thanks
Rgds
Ryan