« previous next »
Pages: [1]   Go Down

Author Topic: Issue binding NSIP to VLAN  (Read 2622 times)

Offline veritas

  • Contributor
  • *
  • Posts: 3
  • Karma: 0
Issue binding NSIP to VLAN
« on: June 01, 2009, 07:15:25 AM »
Hey, this is my first post, so excuse the bad terminology.

I have a pair of Netscaler 9000s running in a HA pair. Failover works fine but state synchronisation fails.

The only difference i can see in the configs is that NS1 has the NSIP bound to the mgmt VLAN but NS2 does not, as per the config snapshots below. I have tried to add the NSIP to the VLAN but it fails with an error message. Is there a way to force this, or anyone got any ideas? however failover works and i can manage the Netscalers via the NSIP, so network connectivity is not a problem. When i do failover to NS2 state synchronisation works, so this is the only difference i can find on NS1.

NS1

> bind vlan 2 -IPAddress x.x.x.225 255.255.255.192
ERROR: Address already in use
> sh vlan

 

1)      VLAN ID: 1
        Member Interfaces : 0/1 LO/1 LA/1               Tagged: None

 

2)      VLAN ID: 2
        Member Interfaces : 0/1         Tagged: 0/1

 

3)      VLAN ID: 17
        Member Interfaces : LA/1                Tagged: LA/1
        IP: x.x.x.10         Mask: 255.255.255.128
 Done
>

 

NS2
> sh vlan

 

1)      VLAN ID: 1
        Member Interfaces : 0/1 LO/1 LA/1               Tagged: None

 

2)      VLAN ID: 2
        Member Interfaces : 0/1         Tagged: 0/1
        IP: x.x.x.226        Mask: 255.255.255.192

 

4)      VLAN ID: 17
        Member Interfaces : LA/1                Tagged: LA/1
        IP: x.x.x.10         Mask: 255.255.255.128


Any help much appreciated

Veritas
CCSP, CCNA, CCSA
Logged

Offline jmelika

  • Administrator
  • Hero Member
  • *****
  • Posts: 341
  • Karma: 7
Re: Issue binding NSIP to VLAN
« Reply #1 on: June 01, 2009, 10:51:14 AM »
Hi Veritas and welcome to the forum.  This might explain the issues you're having with the sync.  What version of firmware are you running?  Try using the GUI to add the IP address.  There might be something visible to you from there that's hidden in the cli.

Good luck!
Logged

Offline veritas

  • Contributor
  • *
  • Posts: 3
  • Karma: 0
Re: Issue binding NSIP to VLAN
« Reply #2 on: June 02, 2009, 04:52:13 AM »
i am running v9.0.67.7 on both Netscalers. I have managed to fix the mismatches by binding the NSIP to the 0/1 interface by using the configns command in the CLI.

When looking at both ns.conf files (from each netscaler) they both now look identical (apart from differing NSIPs). But they are still not synchronising, any ideas?
Logged

Offline Marco Schirrmeister

  • Hero Member
  • *****
  • Posts: 101
  • Karma: 14
Re: Issue binding NSIP to VLAN
« Reply #3 on: June 02, 2009, 06:06:01 AM »
The error that you are getting "Address already in use" is normal.
I'm wondering how or why it worked on NS2.

You can't bind the NSIP or an IP from the subnet where the NSIP lives to a vlan.

What's the reason that you want to bind the NSIP to a tagged vlan?
If you really can't change it on the switch you should try adding a vlan to the NetScaler IP in the configns menu.


Marco
Logged

Offline veritas

  • Contributor
  • *
  • Posts: 3
  • Karma: 0
Re: Issue binding NSIP to VLAN
« Reply #4 on: June 03, 2009, 03:31:14 AM »
vlan 1 is a legacy vlan so cannot be used for the NSIP. I have changed the VLAN in configns to vlan 2 which works fine for management but there is an issue with netscalers seeing each other. i have looked at the ARP table and they cant see each other (arp incomplete) but somehow i can manage them, bizarre.

I then removed the NSIP VLAN so defaulted back to VLAN 1. And somehow it all works! The NSIP VLAN 1 being patched into a switchport on VLAN 2. however state sync is now working.

Logged

Offline jmelika

  • Administrator
  • Hero Member
  • *****
  • Posts: 341
  • Karma: 7
Re: Issue binding NSIP to VLAN
« Reply #5 on: June 03, 2009, 09:02:34 PM »
this is very bizarre, but I'm glad you finally got it working.  You may have run into an unknown bug.
Logged

Offline evildani

  • Administrator
  • Hero Member
  • *****
  • Posts: 389
  • Karma: 22
Re: Issue binding NSIP to VLAN
« Reply #6 on: June 04, 2009, 08:05:41 AM »
Be carefull all sync is done via the NSIP on both NS. They communicate via a RPC process and exchange all info, so the Failover will fail on certain conditions, and it is very dangerous if the sync is failing.
Please check that the nsroot password and rpcnode password are the same, use the CLI for both of them.
The command worked on the NS2 because it is not broadcasting via ARP the IPs, so he can add allmost any IP.
In my experience it is easier to config the vlan on the switch, and simply leave it as portfast, no trunking and no encapsulation.

Tell me how it goes and we can do some more debugging.

Daniel
Logged

Offline Marco Schirrmeister

  • Hero Member
  • *****
  • Posts: 101
  • Karma: 14
Re: Issue binding NSIP to VLAN
« Reply #7 on: June 05, 2009, 05:21:29 AM »
Veritas,

what do you mean with vlan 1 is the legacy vlan and can not be used? Does you Switch admin not allow you to use it, or has he changed it?

By default on a Cisco switch the native vlan is vlan 1 and I use it all the time normally. Except when you change the native vlan with "switchport native vlan XX".

When you said they couldn't see each other, then I think the config on the switch was different to the config on your NS's.

I also don't understand what you mean with,
Quote
The NSIP VLAN 1 being patched into a switchport on VLAN 2
Can you maybe post your switch port configuration?

My NS IPs are normally in a subnet where the native vlan is still vlan 1 and in this subnet are only devices connected with their management cards/ports.

One other thing. Be careful with the option "switchport native vlan". I had some trouble some times ago on a Cisco 4507.
I tested first on a 2960 a LACP channel. The switchports were trunk ports with many tagged vlans and the native vlan was also change from 1 to something else.
I bound the LA/1 without the tagged option to the new native vlan and with the tagged option to all the other vlans. Everything was working fine.

Once I tried to implement the successful test on the production 4507 switch nothing was working. The channel did not really come up and the devices did not see each other over the channel.
The problem was the "switchport trunk native vlan vlan-id" option. Once this option was added things were broken.

I talked with Citrix Support and they tried to reproduce it in their labs. Unfortunately they did not have a 4507. But there was a known bug in the IOS that was at this time fixed in IOS releases for 3750 and 6500.

That is probably a different topic/story, but after my experience I'm carefully with other native vlans then 1 and I always try to use the default when possible.


Marco
Logged
Pages: [1]   Go Up
« previous next »