Virtual IP of VRRP times-out to ping

What firmware is the switch running? Is this a new deployment or something that has previously been working? Is there another S4048 configured as the backup? If you failover to the second S4048 does the behavior stay the same?

Can you please post up the output from the command # show vrrp, from both switches. Are there any messages recorded in the logs? # show logging.

Are the switches configured for VLT? Is Any other traffic affected? Or just ICMP to the VRRP virtual IP?

Can you check the switch resources to see if they are at high usage.

# show processes cpu
# show processes memory

Thanks

Hi Daniel,

Thanks for you reply.

This is a new implementation using VRRP.

sw1#sh version
Dell Real Time Operating System Software
Dell Operating System Version:  2.0
Dell Application Software Version:  9.10(0.1)
Copyright (c) 1999-2016 by Dell Inc. All Rights Reserved.
Build Time: Wed May 11 23:07:56 2016
Build Path: /sites/eqx/work/swbuild01_1/build08/E9-10-0/SW/SRC

The second switch was a dell but VRRP ping failed on who ever was the active, now the second switch is a cisco. Ping good with cisco as active, but not when the active is dell.

sh vrrp
------------------
Vlan 194, IPv4 VRID: 194, Version: 2, Net: 200.35.93.250
VRF: 0 default
State: Backup, Priority: 90, Master: 200.35.93.251
Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec
Adv rcvd: 546364, Bad pkts rcvd: 0, Adv sent: 593031, Gratuitous ARP sent: 40
Virtual MAC address:
 00:00:5e:00:01:c2
Virtual IP address:
 200.35.93.254
Authentication: (none)
Tracking states for 1 interfaces:
 Up  TenGigabitEthernet 1/52/1 priority-cost 20

when sw1 is the active it is not just icmp it impacts anything (ie browsing) using this as the gateway.

No VLT with the old dell and dell setup.

Not just the VIP times-out but also the static IP on the dell is having issues (.250 on the Dell switch).

C:\WINDOWS\system32>ping 200.35.93.250

Pinging 200.35.93.250 with 32 bytes of data:
Request timed out.
Reply from 200.35.93.250: bytes=32 time=34ms TTL=241
Request timed out.
Reply from 200.35.93.250: bytes=32 time=38ms TTL=241

Ping statistics for 200.35.93.250:
    Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 38ms, Average = 36ms

Static ip on the cisco even when i switch from active to standby i still get a ping reply (.251 on the cisco)
C:\WINDOWS\system32>ping 200.35.93.251

Pinging 200.35.93.251 with 32 bytes of data:
Reply from 200.35.93.251: bytes=32 time=5ms TTL=242
Reply from 200.35.93.251: bytes=32 time=8ms TTL=242
Reply from 200.35.93.251: bytes=32 time=10ms TTL=242
Reply from 200.35.93.251: bytes=32 time=16ms TTL=242

Ping statistics for 200.35.93.251:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 16ms, Average = 9ms

no high usage on the dells when in active.

Does seem a icmp issue with the dells even when you ping the external public interface IP you get no reply.  Cisco you get a ping. No inbound filters on both models on the outside interface.

Thanks for any help

Just seen this in the logs....not recurring often.

Mar 13 15:01:23.356: %STKUNIT1-M:CP %VRRP-6-VRRP_MASTER: IPv4 vrid-194 on Vl 194 VRF default entering MASTER.
Mar 13 15:01:23.476: %STKUNIT1-M:CP %VRRP-6-VRRP_BACKUP: IPv4 vrid-194 on Vl 194 VRF default entering BACKUP.

Not sure why VRF comes to play.  Other switch sw2 has cpu of 10% so i see no need for the dell switch to pop up as Master then negotiate to Backup.

Thanks for any info

I am not certain what the fix is for this situation. But I would like to gather further logs and help look for a solution. I have sent you a private message providing my email address and requesting some additional logs.

Hi Daniel,

We are facing same issue in here.....it is S4128F. 10.3 OS version. What is solution for this ?

The switch is going to give ICMP packets a low priority, and it is normal to occasionally see some ICMP packet loss on the VRRP IP. But that should not affect production traffic. How much ICMP packet loss are you seeing? Is this having any impact to the rest of the network?

Production seems but fine, since it is gateway for the network, customer wants to monitor it using ICMP. Since it is dropping customer cannot monitor the gateway. What is solution for this ?

Monitoring through ICMP is not going to be the most reliable. SNMP monitoring will be more robust and accurate.

Here is a KB article that touches on the packet loss some: https://bit.ly/2p7NbGP

Symptom: Packet Loss When Pinging the Virtual IP Address

When pinging the virtual IP address of a VRRP group, packet loss is experienced.

Troubleshooting Steps

Force10 does not support 100% pings to VRRP virtual addresses. The reasons are:

• Pings to the virtual IP address are forwarded to the CPU RP2 on the Route Processor Module (RPM) using the network entry in the line card CAM. By design, such RP2-bound packets are rate-limited to protect the CPU from DOS attacks and other unwanted packets.

I understand what you said, but from the troubleshooting point of view 1st thing we do is check the ping. Can't we solve this bug, as far as i know in Cisco environment we can ping the Virtual IP in the VRRP.

The OS is designed with that rate limit in place, it is not a bug. I am not aware of a method of working around the built-in rate limit.