HSRP Configuration Between 7606 Routers

Unanswered Question
Oct 31st, 2009

Hello All:

We are looking to add a second 7606 router to our current configuration (we are currently running a single 7606 router) so that we will have some redundancy at our core. I have been putting together an implementation plan for the insertion of the new 7606 and I just had a question about the connection (which looks like a crossover cable) between the two routers. I have seen a number of diagrams that show a cable/connection between the two routers and I have seen the same number of different drawings that don't show any connection directly between the routers. My question(s) is the following: With respect to HSRP, is the connection directly between routers needed (or can all communication take place via the interfaces in the HSRP config). If the connection is needed, does anyone know what kind of connection it is supposed to be configured as (trunk, switchport, ?)? The only thing I have been able to find after two days of Internet searching was a statement that is can be a trunk connection. I guess I would like to know what the "best practice" is for HSRP. Okay, thank you in advance for your assistance and guidance!

Cheers,

Travis

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sat, 10/31/2009 - 23:36

Hello Travis,

the classic design with an access layer made of L2 LAN switches include a L2 trunk between the two distribution device.

on the L2 trunk all the client vlans and possibly some others are permitted.

for each vlan, STP will block one uplink on each access layer switch.

the link between the two core switches has to be fast enough to handle traffic.

A port channel of 2 GE is the minimum nowdays for this with many implementations moving to a channel of 2 tengiga.

the alternate design you have found is named U design: in this case no L2 link between the two distribution devices exist.

Communication between the distribution switches happen via the two uplinks of each access layer switch.

The U design is good for using GLBP and both uplinks.

We use HSRP with classic design. with HSRP the U design would see only one link used for upstream direction and one link idle.

Someone worries about the potential for going through both core switches for return traffic but the added latency is usually minimal given an inter-swich link of enough speed.

Hope to help

Giuseppe

travis_bonfigli Sun, 11/01/2009 - 04:50

Giuseppe:

Hello and many thanks for the reply! I just found the link to the write-up on HSRP that had me puzzled ( http://jayceechou.wordpress.com/2009/05/17/hsrp/ ). In looking over the first image in this explanation, it looks like the two routers have a direct connection between the two of them and at the end of the article they mention that it is a crossover connection set up as a trunk - is this what you are describing in your reply as the U design? Again, many thanks for the reply!

Cheers,

Travis

Giuseppe Larosa Sun, 11/01/2009 - 05:16

Hello Travis,

no actually the horizontal link should be the classical design if devices were switches.

in U design no direct L2 connection between the two core/distribution exists.

In any case a L2 path between the two must exist to exchange HSRP hellos

the classic design is a triangle

CSW1++++++++CSW2

and each access layer switch has a trunk uplink to CSW1 and one trunk uplink to CSW2.

STP makes one uplink the root port and the other one is blocked (alternate root port)

I'm used to this classic design / triangle design.

the U design may be more suitable when using GLBP that has load balancing capabilities (when multiple clients exist in the vlan).

With routers like the ones in the picture of your link, the horizontal link is a L3 link that allows each router to send traffic to the other one in case the link to WAN fails and for exchanging routing updates.

I would suggest to google into Cisco web site also.

There are other possible tunings you may like to apply:

-tracking of wan interfaces to change HSRP active router in case of failure of link to external world.

- HSRP authentication

I recommend to put an authentication in HSRP it can help in some fault scenarios to avoid to join two HSRP groups using the same group number.

Hope to help

Giuseppe

nwmerc1224 Sun, 11/01/2009 - 17:17

Hello Travis,

Are your users today connecting into the single 7606 directly? Or do you have another switch downstream of this 7606?

Can you provide a current diagram and the proposed 7606 insertion diagram?

Actions

This Discussion