Forum Discussion
Networker_66674
Nimbostratus
NimbostratusICMP Blues
Hi All,
I am running version 10.2 and ran into an issue where ICMP is not working correctly Here is the setup I just recently deployed a ADC where the Primary and Secondary ADC is connected to VLANX on a newly constructed Cisco Switch Router. When initiating pings from the ADC to the HSRP shared address of VLANx or to any address on VLANx, or to addresses to VLAN Y and z, there is no response. However, if I initiate a ping from the switch on VLAN X, Y and Z I recieve a response. Also the ADCs can ping ping each other.
I performed some sniffer traces but for some reason I can't see how the packets are being ignored which they are.
Networker
16 Replies
- The_BhattmanHi Networker,
Without a network diagram it's hard to say what the issue could be. Is it possible to provide a network diagram? It doesn't have to have the real addresses but it will help the community understand where we can assist you the best.
thanks,
Bhattman 
Networker_66674Hi Bhattman,
Wow...what a quick response. Unfortunatly, I cannot provide a network diagram. However, I can provide some additional details
The ADC is directly connected to VLAN X. However, VLAN Y and Z are class C segments that the ADC is not connected to but the switch is carrying the segments. So all traffic is staying on the same set of switches.
We are using Cisco Nexus 7010s running v4.2 NX-OS code. The ADCs are 8900s.
What other information do you need?
Networker- The_BhattmanHi Networker,
Normally I don't get to respond because there are so many other talented volunteers in this community like Hoolio and Chris who manage to always beat me to the punch :-). Hopefully they can show up and help out as well
As you mentioned you are using Cisco Nexus 7010s. There are several considerations when using that particular switch. Can you tell me if you are running any special configurations beyond the normal L2/L3 configurations you find in Cisco IOS. For example VDC, VPC, Unified Fabric configurations?
Bhattman - Networker_66674Thanks again for responding. I am at my wits end on this one. Been trying to figure this out for 5 days now.
I am running VDC and VPC, which we have ran in the past. Infact, I have a environment similiarly setup else which works fine.
Networker - The_BhattmanHi Networker,
No problem. Let's see if we can't get you close to your solution as possible.
Are all the VLANs in the same VDC? If they are on separate VDCs do you have any wiring configured so you can route between them on the same switch?
Also in the other environment you mentioned is the ADC connected to the Cisco Nexus Core Switch or another Devices somewhere downstream or upstream?
Bhattman - Networker_66674They are all on the same VDC and the ADC in the other environment are connected downstream onto a Cisco IOS switch which is connected to a Cisco NX OS also running on a in the same VDC and VPC configuration.
Networker - The_BhattmanHI Networker,
Okay I am starting to see where the problem could be. Can you tell me if you have peer-gateway defined in your vPC configuration?
Bhattman - Networker_66674What!? Really!? What is vPC gateway and where would I find it?
Networker - The_BhattmanHi Networker,
Sorry it's called vpc peer-gateway. Cisco defines it as the following
"PC peer-gateway functionality allows a vPC switch to act as the active gateway for packets that are addressed to the router MAC address of the vPC peer. This feature enables local forwarding of such packets without the need to cross the vPC peer-link. In this scenario, the feature optimizes use of the peer-link and avoids potential traffic loss."
The thing is that VPC uses virtual mac-addresses and the F5 is most likely responding to the VPC peer-link mac-address instead of the mac-address that is embedded in the packet. I suspect that you are running into this issue.
You would find it in your VPC Domain statement
Bhattman - Networker_66674I don't see it in the configs at all.
Can I simply add it in? Will it cause a disruption?
Networker
