HSRP virtual being used?

Unanswered Question
Jun 2nd, 2009

I have two routers and have HSRP running between the fast ethernet interfaces. Actually there are two groups running. RTR_A real IP is .1 and it is Active for .3 (group 1). RTR_B real IP is .2 and it is Active for the .4 address (group 2). I want to remove one of the groups. Anyone know how I can see if the .4 virtual is being used as a default gateway by a client?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.7 (3 ratings)
Loading.
cisco_lad2004 Tue, 06/02/2009 - 11:44

I would use a sniffer if I expect to see heavy load of ARP request.

"debug arp" would also help...but I simply would not dare :-)

Sam

Collin Clark Tue, 06/02/2009 - 12:11

These are on our internet routers, so no debug of course. Sniffer might be OK, but I was hoping for some magical command I didn't know.

Collin Clark Tue, 06/02/2009 - 12:20

I just did a debug on arp in the lab and it shows physical interfaces, not virtuals :-(

cisco_lad2004 Tue, 06/02/2009 - 12:27

I got both IP and MAC, perhaps we have different setup and configs.

*Mar 18 11:25:43.803: IP ARP: sent req src 10.1.1.1 cc01.12f4.0010,

dst 10.1.1.2 cc02.12f4.0010 FastEthernet1/0

Collin Clark Tue, 06/02/2009 - 12:29

I did too, but it shows the physical interface instead of the virtual interface.

rakesh.hegde Tue, 06/02/2009 - 13:46

Hi Collin,

You may wan to use mac address input accounting on Router B to get all MACs that sent frames to the interface.

int <>

ip accounting mac-address input

sh int <> mac-accounting

-Rakesh

Collin Clark Wed, 06/03/2009 - 05:20

Rakesh,

Thanks for the pointer. I'll lab it up and see if it gives me the info I need.

Collin Clark Wed, 06/03/2009 - 05:35

Rakesh,

We're getting closer. I enabled accounting, sent some traffic, but the command show interface VLAN1 mac-acc shows the source MACs destined for the VLAN1 interface. That's works, but I may have clients pointing directly to the physical interface. Thanks for the command.

Edison Ortiz Tue, 06/02/2009 - 14:36

How can you determine that? A Client would have this information statically or dynamically within its TCP/IP information so what's to say this client hasn't be used for 2 weeks because the user was on vacation?

I'm afraid this request is not possible to accomplish without some leg work or having some technical support calls.

__

Edison.

rakesh.hegde Tue, 06/02/2009 - 15:50

Hi Edison,

The command can be used to get a fair idea of the number of MACs sending traffic to router's interface. If we have just 2 routers and hosts, and if group 2 is active on Router B and no client is using .4, you shouldn't see any traffic right ?

It may or may not help depending on what else is going on in the LAN.

-Rakesh

Edison Ortiz Tue, 06/02/2009 - 16:04

Rakesh,

Sorry for any confusion but I didn't reply to you but to Collin. I suggest to view these posts in a threaded format.

___

Edison.

Collin Clark Wed, 06/03/2009 - 05:23

PUBLIC NETWORK. There are no clients that haven't been used for two weeks. Please read and understand before posting.

Joseph W. Doherty Wed, 06/03/2009 - 04:37

The problem, of course, is another host can be "sitting" on the .4 gateway but, going forward, until they transmit to the gateway, you don't know they are there. If, as others have suggested, you monitored or sniffed traffic, you might find some of the hosts, but monitor for how long?

If you have standards for host IP configurations, e.g. DHCP unless "registered/approved hosts for static gateways", you could just wait until DHCP timeouts leases and change "known" static hosts.

If you've done all that you can, then you make the change prepared for a some "phone calls - my computer isn't working right" and might also be prepared for a quick rollback "our production web server that takes sales orders doesn't work!".

PS:

I'm a bit curious why you have two HSRP groups now and moving to just one group. Reason I ask, if you were doing the two groups for host to gateway load balancing, and if you planned to move to GLBP, there's an issue I believe I've discovered with such conversions.

Collin Clark Wed, 06/03/2009 - 05:19

This is a public network. No DHCP, all static IP's and there are no 'days w/o communications'. The problem is some of the IP's are customers in our data center and some of the engineers use the standard DG and some don't. I don't plan on using GLBP (no benefit) and the routers need to be cleaned up. I have no idea why there are two groups and I want to remove one if possible, hence my question.

Joseph W. Doherty Wed, 06/03/2009 - 09:38

"I have no idea why there are two groups and I want to remove one if possible, hence my question."

Well one possible reason for two mHSRP groups on the same subnet could be for gateway load balancing, especially before GLBP. With the advent of GLBP, often less need for mHSRP yet there are still some situations where it's better than GLBP. (I recall mHSRP used to only be supported on the high end routers, but believe support has been extended to additional low end routers.)

With OER/PfR, which will dynamically redirect traffic on received gateway to another path, load balancing with mHSRP or GLBP can also be slightly better.

Without OER/PfR, and using a single gateway, but with peers, OSPF equal path costing might be better than gateway balancing, although perhaps a bit more difficult to configure. Same would be true for EIGRP unless you use unequal cost routing, and there are issues with that. BGP preference for single path, and conditions to take advantage of multiple peer routers also might be more troublesome than gateway load balancing. (For instance if you have two routers with complete Internet BGP route tables, that iBGP peer, and you only send data to one as a gateway, normally "equal" AS paths will use just the gateway router's external facing interface.)

PS:

As to finding hosts that are using the .4 gateway, besides sniffing, perhaps an ACL that matches against the virtual MAC and logs it, could reveal hosts configured to use it.

Collin Clark Wed, 06/03/2009 - 09:44

I originally thought an ACL would work, but traffic would be going through it, not necessarily to it. I'll lab it up and see what happens. I understand the use of two groups, but the IP's that we're used make no sense in our environment. Completely different than everything else we use. Then again this was setup by a consultant >5 years ago.

Joseph W. Doherty Wed, 06/03/2009 - 10:04

Well that's annoying.

Concerning your other points, without knowing your network, lots of things can change over five years. It's also possible, consultant did it right then, but sometimes there's communications breakdowns too. When staffers say "I have no idea why there are two groups", sometimes indicate such.

Actions

This Discussion