nexus7k HSRP – DUP_VADDR_SRC_IP 로그.

HSRP – DUP_VADDR_SRC_IP

멀쩡히 잘 운영되던 nexus7k에서 아래와 같은 로그 메시지가 보였다.

2023 Feb 18 13:58:36 Backbone2 %ARP-3-DUP_VADDR_SRC_IP:  arp [8062]  Source address of packet received from 0000.0c07.ac08 
on Vlan32(Ethernet1/47) is duplicate of local virtual ip, 172.16.201.19

백본스위치에서 구성한 hsrp의 virtual IP가 중복되었다는 메시지로 hsrp 상태를 확인해 보니, hsrp를 실행중인 두 스위치가 모두 Active 상태이며 standby 노드를 인식하지 못하는 상태였다.

Backbone1# sh hsrp brief
*:IPv6 group   #:group belongs to a bundle
                     P indicates configured to preempt.
                     |
 Interface   Grp  Prio P State    Active addr      Standby addr     Group addr
  Vlan32      8    100  P Active   local            unknown          172.16.201.19  (conf)

Backbone2# sh hsrp brief
*:IPv6 group   #:group belongs to a bundle
                     P indicates configured to preempt.
                     |
 Interface   Grp  Prio P State    Active addr      Standby addr     Group addr
  Vlan32      8    90   P Active   local            unknown          172.16.201.19  (conf)
Backbone2# 

HSRP는 아래와 같이 설정되어 있다.

Backbone1# sh run int vlan 32

!Command: show running-config interface Vlan32
!Time: Tue Mar 14 10:23:17 2023

version 6.2(20)

interface Vlan32
  description FireWall_HSRP
  no shutdown
  ip address 172.16.201.20/28
  ip ospf priority 255
  ip router ospf 100 area 0.0.0.0
  hsrp 8 
    preempt 
    ip 172.16.201.19

Backbone2# sh run int vlan 32

!Command: show running-config interface Vlan32
!Time: Tue Mar 14 10:29:03 2023

version 6.2(20)

interface Vlan32
  description FireWall_HSRP
  no shutdown
  no ip redirects
  ip address 172.16.201.21/28
  ip router ospf 100 area 0.0.0.0
  hsrp 8  
    priority 90
    ip 172.16.201.19

이런 저런 확인을 하다가 spanning-tree를 보니, 아래 처럼 spanning tree에 의해서 백본 스위치간 inter link용으로 만든 포트채널이 block 된이 보였다.

Backbone1# show spanning-tree

VLAN0032
  Spanning tree enabled protocol rstp
  Root ID    Priority    32768
             Address     0010.f3a2.a675
             Cost        2
             Port        175 (Ethernet1/47)
             Hello Time  1  sec  Max Age 6  sec  Forward Delay 4  sec

  Bridge ID  Priority    32800  (priority 32768 sys-id-ext 32)
             Address     e4c7.2269.a5c2
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Altn BLK 1         128.4096 P2p 
Eth1/47          Root FWD 2         128.175  P2p Peer(STP) 

Backbone2# show spanning-tree

VLAN0032
  Spanning tree enabled protocol rstp
  Root ID    Priority    32768
             Address     0010.f3a2.a675
             Cost        2
             Port        175 (Ethernet1/47)
             Hello Time  1  sec  Max Age 6  sec  Forward Delay 4  sec

  Bridge ID  Priority    32800  (priority 32768 sys-id-ext 32)
             Address     e4c7.2269.a242
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Desg FWD 1         128.4096 P2p 
Eth1/47          Root FWD 2         128.175  P2p Peer(STP) 

block된 포트를 확인 해보면,

백본스위치 1에서는 block된 포트가 보인다. 백본 스위치2에서는 block된 포트가 없다.

Backbone1# sh spanning-tree blockedports 

Name                 Blocked Interfaces List
-------------------- ------------------------------------
VLAN0032             Po1


Number of blocked ports (segments) in the system : 1

Backbone2# show spanning-tree blockedports 

inter link용 포트 채널은 아래처럼 설정되어 있다. vPC는 사용하지 않는다.

Backbone1# show run int po1

!Command: show running-config interface port-channel1
!Time: Thu Mar 16 10:47:53 2023

version 6.2(20)

interface port-channel1
  description N7000#2
  switchport
  switchport mode trunk

Backbone2# show run int po1

!Command: show running-config interface port-channel1
!Time: Thu Mar 16 10:48:35 2023

version 6.2(20)

interface port-channel1
  description N7000#1
  switchport
  switchport mode trunk

포트채널쪽 spanning-tree를 이것 저것 조정해 보았으나 상태가 바뀌지 않아서, 결국에는 hsrp를 사용중인 vlan을 spanning-tree에서 제외해 버렸다.
이후, hsrp는 다시 정상 작동한다.

Backbone1(config)# no spanning-tree vlan 32
Backbone1(config)# end

Backbone1n# show hsrp brief
*:IPv6 group   #:group belongs to a bundle
                     P indicates configured to preempt.
                     |
 Interface   Grp  Prio P State    Active addr      Standby addr     Group addr
  Vlan32      8    110  P Active   local            172.16.201.21   172.16.201.19  (conf)

Backbone2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Backbone2(config)# no spanning-tree vlan 32
Backbone2(config)# end

Backbone2# show hsrp brief
*:IPv6 group   #:group belongs to a bundle
                     P indicates configured to preempt.
                     |
 Interface   Grp  Prio P State    Active addr      Standby addr     Group addr
  Vlan32      8    90     Standby  172.16.201.20   local            172.16.201.19  (conf)

제대로된 해법인지는 모르겠다. 혹시, 더 좋은 방법을 아시는분 댓글 바랍니다.