Re: [c-nsp] strange issue
Hi I've to ask for the VM routing table and then I will share. VM gateway is load balancer. Cheers James Il giorno gio 29 lug 2021 alle ore 18:17 Ryan Rawdon ha scritto: > > > On Jul 29, 2021, at 11:55 AM, james list wrote: > > > > > > Internet - Firewall – Lan - Load balancer – Lan – hypervisor- VM > > > > > > > > It happens sometime that the VM do not respond anymore to Load balancer > for > > external ip addresses until on the Load balancer it is setted to source > NAT > > (SNAT) the internet traffic and then SNAT it’s removed. > > > > Can you share the routing table of the VM in question? Specifically/most > importantly - Is the load balancer being used as the VM’s default gateway, > or does the VM use the firewall as its default gateway? In the latter > case, I would expect the load balancer to SNAT traffic or act as a full > layer 7 proxy where a new TCP connection is established from the load > balancer to the upstream servers. > > With a misconfiguration or misaligned design intention here, I could see > the intended behavior depending on ARP or firewall/connection state > tracking behavior in the devices. > > > > Something like an action that solicit the VM to refresh the arp. > > > > > > > > While health check from Loadbalancer to VM in the same LAN subnet never > > stops to work. > > > > > > > > Does anybody ever encountered the same problem on VM environments ? > > In the absence of evidence otherwise, I suspect your issue is not > VM-specific. Do you have examples of physical hosts in the same LAN that > do not exhibit this problem? If so, has the routing table (default gateway > and possibly other persistent static routes) been compared? > > > > > Any idea ? > > > > > > > > Thanks in advance > > > > James > > ___ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] strange issue
> On Jul 29, 2021, at 11:55 AM, james list wrote: > > > Internet - Firewall – Lan - Load balancer – Lan – hypervisor- VM > > > > It happens sometime that the VM do not respond anymore to Load balancer for > external ip addresses until on the Load balancer it is setted to source NAT > (SNAT) the internet traffic and then SNAT it’s removed. > Can you share the routing table of the VM in question? Specifically/most importantly - Is the load balancer being used as the VM’s default gateway, or does the VM use the firewall as its default gateway? In the latter case, I would expect the load balancer to SNAT traffic or act as a full layer 7 proxy where a new TCP connection is established from the load balancer to the upstream servers. With a misconfiguration or misaligned design intention here, I could see the intended behavior depending on ARP or firewall/connection state tracking behavior in the devices. > Something like an action that solicit the VM to refresh the arp. > > > > While health check from Loadbalancer to VM in the same LAN subnet never > stops to work. > > > > Does anybody ever encountered the same problem on VM environments ? In the absence of evidence otherwise, I suspect your issue is not VM-specific. Do you have examples of physical hosts in the same LAN that do not exhibit this problem? If so, has the routing table (default gateway and possibly other persistent static routes) been compared? > > Any idea ? > > > > Thanks in advance > > James > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] strange issue
Dear experts My customer has the following very simple infrastructure: Internet - Firewall – Lan - Load balancer – Lan – hypervisor- VM It happens sometime that the VM do not respond anymore to Load balancer for external ip addresses until on the Load balancer it is setted to source NAT (SNAT) the internet traffic and then SNAT it’s removed. Something like an action that solicit the VM to refresh the arp. While health check from Loadbalancer to VM in the same LAN subnet never stops to work. Does anybody ever encountered the same problem on VM environments ? Any idea ? Thanks in advance James ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange issue
Dear experts I'm wondering if you can provide any hints/help on this problem. We experienced a strange issue in reaching the remote devices (servers) and perforiming bulk snmp walk, instead direct object query was working fine. After an entire nigth of issues (22pm to 6am), the problem disappeared alone... During this problem we've experienced also others isses, but we was not able to find the root cause nor any issues on our firewall. We asked to the carrier (which has also firewall in the middle since it provides services) but it seems also it didn't detect any issue. I think the carrier had some problem but I'm not able to prove it. Have you never seen this kind of issue ? What can be realated to ? Thanks in advance for any suggestion. Cheers James ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange Issue with 3560X and 4500X
Hi, On Sat, Apr 12, 2014 at 01:57:42PM +0100, Antonio Soares wrote: It's exactly this ! cat4k stops processing ARP, IGMP and other control protocols Uhh-oh. Does it also stop L2 processing? In other words, is STP going to melt down? We've had a very similar case with 4900M boxes that slowly filled the L2 processing queue when no vtp was configured on an interface, on every VTP frame they received from the peer. Great timebomb (took roughly a fortnight to explode, and given it hit the L2 queue, it was quite the daisycutter). CSCuj73571 https://tools.cisco.com/bugsearch/bug/cscuj73571 Unbelievable, this was marked with severity 2 ?!!! What I conclude from there, this really hit public releases in 15.2(1), so 15.1(2)SG3 (aka 03.04.03.SG) isn't in danger? The dysfunctional NTP access groups there are bad enough, but at least it seems stable otherwise... Thanks, Andre. -- Cool .signatures are so 90s... - Andre Beck+++ ABP-RIPE +++ IBH IT-Service GmbH, Dresden - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange Issue with 3560X and 4500X
Spanning-tree was working normally but it was Cisco's RPVST. CDP was working normally but it uses a Cisco MCast address. UDLD was working as well, once again it uses a Cisco MCast address. ARP, IGMP, Multicast were not working. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Beck, Andre Sent: quarta-feira, 23 de Abril de 2014 13:42 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Strange Issue with 3560X and 4500X Hi, On Sat, Apr 12, 2014 at 01:57:42PM +0100, Antonio Soares wrote: It's exactly this ! cat4k stops processing ARP, IGMP and other control protocols Uhh-oh. Does it also stop L2 processing? In other words, is STP going to melt down? We've had a very similar case with 4900M boxes that slowly filled the L2 processing queue when no vtp was configured on an interface, on every VTP frame they received from the peer. Great timebomb (took roughly a fortnight to explode, and given it hit the L2 queue, it was quite the daisycutter). CSCuj73571 https://tools.cisco.com/bugsearch/bug/cscuj73571 Unbelievable, this was marked with severity 2 ?!!! What I conclude from there, this really hit public releases in 15.2(1), so 15.1(2)SG3 (aka 03.04.03.SG) isn't in danger? The dysfunctional NTP access groups there are bad enough, but at least it seems stable otherwise... Thanks, Andre. -- Cool .signatures are so 90s... - Andre Beck+++ ABP-RIPE +++ IBH IT-Service GmbH, Dresden - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange Issue with 3560X and 4500X
Group, We found that all the 3560-Xs connected to the secondary 4500-X stopped responding to SNMP queries at the same exact minute which leads to the common denominator being the 4500-X. Anyone has experienced strange things with 4500-Xs running 3.5.0E / 15.2(1)E ? Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Soares Sent: sexta-feira, 11 de Abril de 2014 14:09 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Strange Issue with 3560X and 4500X Group, This is one of the most weird things I saw these last years. Imagine a network where you have two 4500-X in the Core (no VSS) and a few 3560-X pairs forming squares between the 4500-Xs and the 3560-Xs. One of the 4500-X is the STP root for all Vlans, the other 4500-X is the backup STP root for all Vlans as well. Between the 4500-Xs and the 3560-Xs I have LACP, CDP and UDLD running. The issue: The network was up and running well the first 4 days after installation. More or less on the fifth day, all the 3560-Xs connected to the secondary 4500-X, stopped responding to ping requests from anywhere in the network, even from the directly attached neighbors, the two 4500-Xs and the other 3560-X. A reboot to the 3560-X didnt solve the problem. UDLD, CDP and LACP didnt fail at all. In order to get normal access to the 3560-X, I had to shutdown the uplink from the 3560-X to the 4500-X. I have a simple diagram here: http://ccie18473.net/issue-sw2.jpg What seems to happen is that broadcasts (ARP, DHCP) and multicast start to fail somewhere in time. It must be a very severe 4500X or 3560X bug but I wasnt able to find anything. The most important information: WS-C4500X-32, cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin WS-C3560X-48P, c3560e-universalk9-mz.150-2.SE.bin, the uplink is fiber optic, the C3KX-NM-10G is used, between the 3560Xs I have copper Unfortunately I cant reload/upgrade the 4500X-s or the 3560X-s Any pointers are more than welcome. Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net http://www.ccie18473.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange Issue with 3560X and 4500X
We had a problem about 6 months ago when we installed our first pair of 4500Xs where they could reach certain hosts but not reach other hosts on the same subnet. TAC said it was a bug that has since been fixed. We are on this version now and the problem has been resolved: cat4500e-universalk9.SPA.03.05.01.E.152-1.E1.bin -dan Dan Brisson Network Engineer University of Vermont dbris...@uvm.edu On 4/12/14, 7:03 AM, Antonio Soares wrote: Group, We found that all the 3560-Xs connected to the secondary 4500-X stopped responding to SNMP queries at the same exact minute which leads to the common denominator being the 4500-X. Anyone has experienced strange things with 4500-Xs running 3.5.0E / 15.2(1)E ? Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Soares Sent: sexta-feira, 11 de Abril de 2014 14:09 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Strange Issue with 3560X and 4500X Group, This is one of the most weird things I saw these last years. Imagine a network where you have two 4500-X in the Core (no VSS) and a few 3560-X pairs forming squares between the 4500-Xs and the 3560-Xs. One of the 4500-X is the STP root for all Vlans, the other 4500-X is the backup STP root for all Vlans as well. Between the 4500-Xs and the 3560-Xs I have LACP, CDP and UDLD running. The issue: The network was up and running well the first 4 days after installation. More or less on the fifth day, all the 3560-Xs connected to the secondary 4500-X, stopped responding to ping requests from anywhere in the network, even from the directly attached neighbors, the two 4500-Xs and the other 3560-X. A reboot to the 3560-X didn’t solve the problem. UDLD, CDP and LACP didn’t fail at all. In order to get normal access to the 3560-X, I had to shutdown the uplink from the 3560-X to the 4500-X. I have a simple diagram here: http://ccie18473.net/issue-sw2.jpg What seems to happen is that broadcasts (ARP, DHCP) and multicast start to fail somewhere in time. It must be a very severe 4500X or 3560X bug but I wasn’t able to find anything. The most important information: WS-C4500X-32, cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin WS-C3560X-48P, c3560e-universalk9-mz.150-2.SE.bin, the uplink is fiber optic, the C3KX-NM-10G is used, between the 3560Xs I have copper Unfortunately I can’t reload/upgrade the 4500X-s or the 3560X-s… Any pointers are more than welcome. Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net http://www.ccie18473.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange Issue with 3560X and 4500X
Great, thanks for the feedback. Are you able to tell me the bug id ? Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Dan Brisson Sent: sábado, 12 de Abril de 2014 13:15 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Strange Issue with 3560X and 4500X We had a problem about 6 months ago when we installed our first pair of 4500Xs where they could reach certain hosts but not reach other hosts on the same subnet. TAC said it was a bug that has since been fixed. We are on this version now and the problem has been resolved: cat4500e-universalk9.SPA.03.05.01.E.152-1.E1.bin -dan Dan Brisson Network Engineer University of Vermont dbris...@uvm.edu On 4/12/14, 7:03 AM, Antonio Soares wrote: Group, We found that all the 3560-Xs connected to the secondary 4500-X stopped responding to SNMP queries at the same exact minute which leads to the common denominator being the 4500-X. Anyone has experienced strange things with 4500-Xs running 3.5.0E / 15.2(1)E ? Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Soares Sent: sexta-feira, 11 de Abril de 2014 14:09 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Strange Issue with 3560X and 4500X Group, This is one of the most weird things I saw these last years. Imagine a network where you have two 4500-X in the Core (no VSS) and a few 3560-X pairs forming squares between the 4500-Xs and the 3560-Xs. One of the 4500-X is the STP root for all Vlans, the other 4500-X is the backup STP root for all Vlans as well. Between the 4500-Xs and the 3560-Xs I have LACP, CDP and UDLD running. The issue: The network was up and running well the first 4 days after installation. More or less on the fifth day, all the 3560-Xs connected to the secondary 4500-X, stopped responding to ping requests from anywhere in the network, even from the directly attached neighbors, the two 4500-Xs and the other 3560-X. A reboot to the 3560-X didnt solve the problem. UDLD, CDP and LACP didnt fail at all. In order to get normal access to the 3560-X, I had to shutdown the uplink from the 3560-X to the 4500-X. I have a simple diagram here: http://ccie18473.net/issue-sw2.jpg What seems to happen is that broadcasts (ARP, DHCP) and multicast start to fail somewhere in time. It must be a very severe 4500X or 3560X bug but I wasnt able to find anything. The most important information: WS-C4500X-32, cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin WS-C3560X-48P, c3560e-universalk9-mz.150-2.SE.bin, the uplink is fiber optic, the C3KX-NM-10G is used, between the 3560Xs I have copper Unfortunately I cant reload/upgrade the 4500X-s or the 3560X-s Any pointers are more than welcome. Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net http://www.ccie18473.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange Issue with 3560X and 4500X
Ah, didn't think I had it or I would have included it in the first email, but turns out I do have it: Csuj73571 Hope that helps! -dan Dan Brisson Network Engineer University of Vermont (Ph) 802.656.8111 dbris...@uvm.edu On 4/12/14, 8:22 AM, Antonio Soares wrote: Great, thanks for the feedback. Are you able to tell me the bug id ? Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Dan Brisson Sent: sábado, 12 de Abril de 2014 13:15 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Strange Issue with 3560X and 4500X We had a problem about 6 months ago when we installed our first pair of 4500Xs where they could reach certain hosts but not reach other hosts on the same subnet. TAC said it was a bug that has since been fixed. We are on this version now and the problem has been resolved: cat4500e-universalk9.SPA.03.05.01.E.152-1.E1.bin -dan Dan Brisson Network Engineer University of Vermont dbris...@uvm.edu On 4/12/14, 7:03 AM, Antonio Soares wrote: Group, We found that all the 3560-Xs connected to the secondary 4500-X stopped responding to SNMP queries at the same exact minute which leads to the common denominator being the 4500-X. Anyone has experienced strange things with 4500-Xs running 3.5.0E / 15.2(1)E ? Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Soares Sent: sexta-feira, 11 de Abril de 2014 14:09 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Strange Issue with 3560X and 4500X Group, This is one of the most weird things I saw these last years. Imagine a network where you have two 4500-X in the Core (no VSS) and a few 3560-X pairs forming squares between the 4500-Xs and the 3560-Xs. One of the 4500-X is the STP root for all Vlans, the other 4500-X is the backup STP root for all Vlans as well. Between the 4500-Xs and the 3560-Xs I have LACP, CDP and UDLD running. The issue: The network was up and running well the first 4 days after installation. More or less on the fifth day, all the 3560-Xs connected to the secondary 4500-X, stopped responding to ping requests from anywhere in the network, even from the directly attached neighbors, the two 4500-Xs and the other 3560-X. A reboot to the 3560-X didn’t solve the problem. UDLD, CDP and LACP didn’t fail at all. In order to get normal access to the 3560-X, I had to shutdown the uplink from the 3560-X to the 4500-X. I have a simple diagram here: http://ccie18473.net/issue-sw2.jpg What seems to happen is that broadcasts (ARP, DHCP) and multicast start to fail somewhere in time. It must be a very severe 4500X or 3560X bug but I wasn’t able to find anything. The most important information: WS-C4500X-32, cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin WS-C3560X-48P, c3560e-universalk9-mz.150-2.SE.bin, the uplink is fiber optic, the C3KX-NM-10G is used, between the 3560Xs I have copper Unfortunately I can’t reload/upgrade the 4500X-s or the 3560X-s… Any pointers are more than welcome. Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net http://www.ccie18473.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange Issue with 3560X and 4500X
Ah, didn't think I had it or I would have included it in the first email, but turns out I do have it: Csuj73571 CSCuj73571 is probably the correct bug id. https://tools.cisco.com/bugsearch/bug/CSCuj73571 cheers, Lukas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange Issue with 3560X and 4500X
It's exactly this ! cat4k stops processing ARP, IGMP and other control protocols CSCuj73571 https://tools.cisco.com/bugsearch/bug/cscuj73571 Unbelievable, this was marked with severity 2 ?!!! Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: Dan Brisson [mailto:dbris...@uvm.edu] Sent: sábado, 12 de Abril de 2014 13:36 To: Antonio Soares; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Strange Issue with 3560X and 4500X Ah, didn't think I had it or I would have included it in the first email, but turns out I do have it: Csuj73571 Hope that helps! -dan Dan Brisson Network Engineer University of Vermont (Ph) 802.656.8111 dbris...@uvm.edu On 4/12/14, 8:22 AM, Antonio Soares wrote: Great, thanks for the feedback. Are you able to tell me the bug id ? Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Dan Brisson Sent: sábado, 12 de Abril de 2014 13:15 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Strange Issue with 3560X and 4500X We had a problem about 6 months ago when we installed our first pair of 4500Xs where they could reach certain hosts but not reach other hosts on the same subnet. TAC said it was a bug that has since been fixed. We are on this version now and the problem has been resolved: cat4500e-universalk9.SPA.03.05.01.E.152-1.E1.bin -dan Dan Brisson Network Engineer University of Vermont dbris...@uvm.edu On 4/12/14, 7:03 AM, Antonio Soares wrote: Group, We found that all the 3560-Xs connected to the secondary 4500-X stopped responding to SNMP queries at the same exact minute which leads to the common denominator being the 4500-X. Anyone has experienced strange things with 4500-Xs running 3.5.0E / 15.2(1)E ? Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Soares Sent: sexta-feira, 11 de Abril de 2014 14:09 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Strange Issue with 3560X and 4500X Group, This is one of the most weird things I saw these last years. Imagine a network where you have two 4500-X in the Core (no VSS) and a few 3560-X pairs forming squares between the 4500-Xs and the 3560-Xs. One of the 4500-X is the STP root for all Vlans, the other 4500-X is the backup STP root for all Vlans as well. Between the 4500-Xs and the 3560-Xs I have LACP, CDP and UDLD running. The issue: The network was up and running well the first 4 days after installation. More or less on the fifth day, all the 3560-Xs connected to the secondary 4500-X, stopped responding to ping requests from anywhere in the network, even from the directly attached neighbors, the two 4500-Xs and the other 3560-X. A reboot to the 3560-X didnt solve the problem. UDLD, CDP and LACP didnt fail at all. In order to get normal access to the 3560-X, I had to shutdown the uplink from the 3560-X to the 4500-X. I have a simple diagram here: http://ccie18473.net/issue-sw2.jpg What seems to happen is that broadcasts (ARP, DHCP) and multicast start to fail somewhere in time. It must be a very severe 4500X or 3560X bug but I wasnt able to find anything. The most important information: WS-C4500X-32, cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin WS-C3560X-48P, c3560e-universalk9-mz.150-2.SE.bin, the uplink is fiber optic, the C3KX-NM-10G is used, between the 3560Xs I have copper Unfortunately I cant reload/upgrade the 4500X-s or the 3560X-s Any pointers are more than welcome. Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net http://www.ccie18473.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange Issue with 3560X and 4500X
Group, This is one of the most weird things I saw these last years. Imagine a network where you have two 4500-X in the Core (no VSS) and a few 3560-X pairs forming squares between the 4500-Xs and the 3560-Xs. One of the 4500-X is the STP root for all Vlans, the other 4500-X is the backup STP root for all Vlans as well. Between the 4500-Xs and the 3560-Xs I have LACP, CDP and UDLD running. The issue: The network was up and running well the first 4 days after installation. More or less on the fifth day, all the 3560-Xs connected to the secondary 4500-X, stopped responding to ping requests from anywhere in the network, even from the directly attached neighbors, the two 4500-Xs and the other 3560-X. A reboot to the 3560-X didnt solve the problem. UDLD, CDP and LACP didnt fail at all. In order to get normal access to the 3560-X, I had to shutdown the uplink from the 3560-X to the 4500-X. I have a simple diagram here: http://ccie18473.net/issue-sw2.jpg What seems to happen is that broadcasts (ARP, DHCP) and multicast start to fail somewhere in time. It must be a very severe 4500X or 3560X bug but I wasnt able to find anything. The most important information: WS-C4500X-32, cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin WS-C3560X-48P, c3560e-universalk9-mz.150-2.SE.bin, the uplink is fiber optic, the C3KX-NM-10G is used, between the 3560Xs I have copper Unfortunately I cant reload/upgrade the 4500X-s or the 3560X-s Any pointers are more than welcome. Thanks. Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net http://www.ccie18473.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/