SP vs. HSRP

Answered Question
Jan 17th, 2008
User Badges:

Can anyone tell me which protocol wins out regarding where traffic is sent. I have a vlan that is dual-homed to two 6500s. On the 6500-1 the spanning-tree priority is set to 16384 with a standby priority of 200. On the other(6500-2) I see a SP priority of 8192 and standby priority of 101.


I believe the normal way you'd want these configured is to have sp pri 8192 and stand pri 200 on the same link, but I need some confirmation. What I'm seeing is that traffic is traversing the 6500-2 link that has the higher sp pri(but the lower stand pri). Would this mean that the sp pri would always win out over stand if it's not configured correctly?


/rls

Correct Answer by Jon Marshall about 9 years 6 months ago


Yes the gateway would remain the same. And you are also correct in the traffic path you describe.


In this scenario we are talking about a failed link as opposed to a failed supervisor for example so it's concerned with STP rather than HSRP. HSRP doesn't need to help because your clients still have an active path (thanks to STP). Where HSRP comes into it's own is if your supervisor failed in the switch that had the active gateways.


HSRP tracking is used to track interfaces other than the interfaces that your are running the HSRP on. There are times when you want to be able to move the active gateway based on another interface failing, although again in this case it isn't really an issue because you have a L2 interconnect between your 6500 switches.


Yes 6500-1 would take over as the gateway for that vlan if the L3 function on 6500-2 became unavilable - usuallly a failed supervisor module, assuming of course you do not have redundant suprevisors in each chassis.


Jon



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (4 ratings)
Loading.
Jon Marshall Thu, 01/17/2008 - 11:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Could you explain your topology in a bit more detail.


For example if you are talking about an access switch connecting to the 2 6500 switches and the 6500 switches are interconnected with a L2 link then your access layer switch will have to block one link for that vlan. It will use the one with the shortest path to the root bridge, in this case 6500-2 based on STP priorities you give.


Jon

rsamuel708 Thu, 01/17/2008 - 13:20
User Badges:

Jon, I've attached a visio to diagram what I'm seeing.


After thinking about it, I guess the traffic I'm seeing (in/out-bound) on the router port connected to the forwarding port on the switch is normal, and out only on the blocking port on the router would be correct.


I still see a little bit of traffic outbound on the router interface connected to the blocking port but I'm assuming that is hsrp hello traffic maybe?


So, without STP in the mix traffic would flow the route with the highest HSRP value? Does using STP trump the HSRP value always as in this case?


I may not be explaining myself well. Let me know if you need more info in order to answer. I may not be understanding completely what STP is doing as I'm relatively new to working in a n environment where STP is even used.


Thanks.


/rls



Attachment: 
Jon Marshall Thu, 01/17/2008 - 13:26
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Don't have visio on my laptop at home so will look at this when i'm in work tomorrow.


STP and HSRP are working at different layers. STP is layer 2 and is concerned with maintaining a loop free network. HSRP is concerned with providing a redundant layer 3 gateway primarily for end hosts.


I'll get back to you on the visio.


Jon

rsamuel708 Thu, 01/17/2008 - 13:43
User Badges:

Ok. The visio is not overly helpful in this discussion, but I've converted it to a jpeg for you. I just show that the link where traffic is flowing in/out has a higher stp pri with a lower hsrp priority.


So the STP value dictates which link traffic will use for in/outbound traffic when it's enable right? I know it's L2, but the L3 protocol HSRP usually dictates that traffic when it's configured by itself without STP. That's true right?


/rls



Attachment: 
Jon Marshall Thu, 01/17/2008 - 14:03
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, thanks for the jpeg.


First thing, with the topology you have you have to have STP running or else you will get a layer 2 loop.


If you look at your diagram you can see that there is a path from the bottom switch (sw1 for this description) up to 6500-2, 6500-2 -> 6500-1 and then 6500-1 to sw1 again. You cannot have all these links active or packets such as broadcasts would just loop round and round eventually bringing your network to it's knees.



So before HSRP even comes into the equation one of those links must be blocked. Now STP exchanges BPDU's (basically packets with swtich info in them) between each other and based on this information the switches work out which links to block and which links to forward on. Going in to the STP election process would make this a very long explanation but in short because you have set 6500-2 to be 8192 and 6500-1 to be 16384 then one of the links from sw1 needs to be blocked. 8192 is a lower priority (which is preferred in STP) and so that link is kept forwarding but the link to 6500-1 is blocked. Note that if you are running PVST+ this is done a per vlan basis.


So moving onto HSRP. Bear in mind that HSRP is primarily used by clients/servers and layer 2 switches for their default gateway. So say you have a client PC on sw1 that is in the vlan that is being forwarded on the sw1 -> 6500-2 switch.


If the client PC wants to send traffic to a server on a different vlan it needs to send the traffic to it's default-gateway which is on 6500-1. But because the link from sw1 -> 6500-1 is blocked by STP the path has to be


sw1 -> 6500-2 -> 6500-1


So in answer to one of your original questions, yes you should have the active HSRP gateway on the same switch that you have set as the root switch for that subnet.


As mentioned you can "load balance" across both uplinks eg.


all your odd numbered vlans -


6500-1 - STP 8192 HSRP priority 110

6500-2 - STP 16384 HSRP priority 100


all your even numbered vlans


6500-1 - STP 16384 HSRP priority 100

6500-2 - STP 8192 HSRP priority 110


With the above setup sw1 -> 6500-1 uplink will forward for all odd vlans and block for all even vlans.

sw1 -> 6500-2 uplink will forward for all even vlans and block for all odd vlans.


Finally it's worth mentioning that it is not a disaster if they don't match all the time. Your link between the 2 6500 switches should be able to compensate for the extra traffic.


Hope all this makes sense


Jon




rsamuel708 Thu, 01/17/2008 - 16:48
User Badges:

Thanks for the detailed explanation Jon, and I do understand what you're saying. ;-) So I guess it makes sense that STP, being L2, makes the decision to block a port prior to any L3 decisions that HSRP would make regarding where traffic should be sent...correct?


So looking a step further I wanted to discuss what happens in a failure scenario: if the forwarding link goes down, STP would unblock the previously blocked port and allow traffic to traverse that link. HSRP would also decrement its value by the default amount(10) which is where my concern lies. We currently have our HSRP values set to 201 for pri and 101 for standby. When everything is set up correctly...meaning the correct STP value with the correct HSRP value, will traffic fail over as expected with no intervention? The HSRP values on the failed link will still be higher than the link that STP just unblocked!


And you're right, even though the values for this particular vlan are flip-flopped, traffic moves along just fine. I just wanted to get a better understanding of what decisions are being made between the L2 and L3 protocols.


/rls

Jon Marshall Thu, 01/17/2008 - 19:14
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

HSRP does not make decisions about where to send traffic at L3, that is what routing does. HSRP is merely there to provide redundant gateways.


If the forwarding link goes down then yes the link from sw1 -> 6500-1 would become active. However HSRP would not decrement anything unless it was tracking an interface. If you are not tracking an interface the HSRP priorities would stay as they were.


Traffic will fail over but in your new scenario your active switch at L2 would be 6500-1 and your active gateway would be on 6500-2. Agan it doesn't matter too much and hopefully a link failure would be fixed failry quickly in which case STP would then revert back to using sw1 -> 6500-2.


In a switched network STP will create a loop free topology. After that L3 protocols can run along the active links. So in a sense yes the L2 decsions (STP) take precedence and only when the STP calculations have completed do the routing protocols then work out their routes.


Jon

rsamuel708 Thu, 01/17/2008 - 19:48
User Badges:

So the gate would continue to be the same? That would mean traffic would have to go to 6500-1, then use the crosslink over to 6500-2 until the link is repaired? In this scenario, how is HSRP really helping without tracking the interface? Your servers/hosts are still using the same gate. Would 6500-1 only take over as the gate if 6500-2 became completely unreachable?


/rls

Correct Answer
Jon Marshall Thu, 01/17/2008 - 23:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Yes the gateway would remain the same. And you are also correct in the traffic path you describe.


In this scenario we are talking about a failed link as opposed to a failed supervisor for example so it's concerned with STP rather than HSRP. HSRP doesn't need to help because your clients still have an active path (thanks to STP). Where HSRP comes into it's own is if your supervisor failed in the switch that had the active gateways.


HSRP tracking is used to track interfaces other than the interfaces that your are running the HSRP on. There are times when you want to be able to move the active gateway based on another interface failing, although again in this case it isn't really an issue because you have a L2 interconnect between your 6500 switches.


Yes 6500-1 would take over as the gateway for that vlan if the L3 function on 6500-2 became unavilable - usuallly a failed supervisor module, assuming of course you do not have redundant suprevisors in each chassis.


Jon



rsamuel708 Fri, 01/18/2008 - 05:44
User Badges:

Jon, your explanations have been extremely helpful in my understanding of how these protocols work together. I appreciate the time you took to put together such detailed explanations.


Thanks again.


/rls

ney25 Sat, 01/19/2008 - 03:17
User Badges:

Hi rsameul,


seems you really enjoying jon's explanation.

then, you should rate all these post. :)


thanks.


regards,

Jackal

Actions

This Discussion