HSRP... little problem :)

Unanswered Question
Oct 27th, 2011

Hi,

My topology is like this :

FAI1 --- Router1 (fa1/0) ---------- Switch1

                     |                                        |

   (fa2/0) iBGP (fa2/0)                         |

                     |                                        |

FAI2 --- Router2 (fa1/0) ---------- Switch2

     Note : for some networks I use Router2 as default route if Router2 is UP. If Router2 is down, Router1 is the only external way. If Router1 is      down, Router2 is the ony external way.

My HSRP conf is simple as possible :

     Router1 (fa1/0)

ip add 192.168.0.10

standby 1 ip 192.168.0.1

standby 1 timer 2 6

standby 1 priority 200

standby 1 preempt delay minimum 120

     Router2 (fa1/0)

ip add 192.168.0.11

standby 1 ip 192.168.0.1

standby 1 timers 2 6

standby 1 preempy

If Switch1 and Switch2 are up. Router1 is active, Router2 is in standby. Ok that work.

If Switch1 or Switch2 is down, HSRP is active on the two routers. Is it possible to use the link used by iBGP to set the state of HSRP (I have trying with standby 1 track but that doesnt work) ?

Thanks

Jerome

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
kishore.chennupati Thu, 10/27/2011 - 04:15

Hi,

HSRP relies on a L2 network for communicating the hellos. So, in your case when one of the switch dies then both the routers cant talk to each other and hence they go Active/Active.

The simple solution to this is to have a a trunk from each router into both the switches. let me explain you.

Have a trunk between between 2960A and 2851B.   So, if the link between 2851A and 2960A goes down you have redundancy  via 2851B. Also have a trunk between the switches. The diagram is not showing it.

1. so imagine if switch A goes down. then the HSRP hellos from RouterA will still be going to Router B via switch 2.

2.  imagine switch dies then the hsrp hellos still go to router 1 via switch 1.

3. If the trunk link between the switces goes down. No problem the hellos will still be goin across.

Hope this answers your question. Please feel free to ask any more q's

BGP doesnt help in transmitting HSRP hellos

HTH

Regards

Kishore

svaibhava Thu, 10/27/2011 - 04:30

Hi Jerome

As put forward by Kishore to transmit HSRP Hellos we need L2 Link and hence the iBGP Protocol itself can not pass HSRP Hellos.

Kishore I was wondering one thing that if we are using an ISR such as 2811,2821 or 2851 they have by default on board routed ethernet ports only and no ethenet switch ports and hence the above design presents a limitation of  using Ethernet Switch Ports on the routers as we will need to create SVIs here not dot1q subinterfaces since we have multiple trunk links coming onto the same device carrying same VLANs.

If at all we are going for Ethernet Switched Cards then why not directly create an L2 Trunk between the routers ?

Whats your take on this ? Just a thought

Regards

Varma

kishore.chennupati Thu, 10/27/2011 - 05:13

All I can say Varma is that I agree with you completely .I just imprvised on the existing network. But , yes if you were to start from scratch buying new gear and set it up Then yes what you said is true.

offtopic: Did you check ur private msgs?

Regards

Kishore

svaibhava Thu, 10/27/2011 - 05:21

Hi Kishore

I did it now and you made me smile 

Regards

Varma

jquintard@actis... Thu, 10/27/2011 - 07:38

Kishore, Varma,

I dont want to use iBGP protocol but the link used by this protocol .

There are juste one thing I dont understand.

In your diagram each router need two L3 port on the LAN side (and one on the WAN side). I can add a new L3 port, it's not a problem I have a wic module for that. But what the conf for the two new port because I can't use the same subnet on two interfaces...

Jérôme

svaibhava Thu, 10/27/2011 - 08:16

Hi Jerome

The Link used for iBGP is an :L3 Link and hence can not be used to send L2 HSRP Hellos ,

Yes you are correct as I have mentioned above we can not use the above topology if we have routed ethernet ports ; As we would not be able to configure SVIs and hence we can not configure same IP on 2 Intefaces

Now coming back to your scenario if Switch 1 and Switch 2 are down the LAN users would be only connected to one Switch and despite of the fact there are two HSRP Active routers in Networks users connect to only one switch and Switch is only connected to one HSRP Router and hence there is no issue

Hope this helps to answer your query.

Regards

Varma

jquintard@actis... Thu, 10/27/2011 - 09:57
The Link used for iBGP is an :L3 Link and hence can not be used to send L2 HSRP Hellos ,

Ok

And if I add a switch module in my router (HWIC-4ESW) and a VLAN interface as L3 with HSRP ?

svaibhava Thu, 10/27/2011 - 10:08

Hi Jerome

As mentioned above when we think of the Switch failure scenario then the LAN Users are already isolated from the other Switch and HSRP is no more Valid. Even if we connect an L2 Link between the two routers by installing the required HWIC then what will happen is that the L2 Link will provide an alternate L2 switching path for the LAN users to reach the HSRP GW.

But I don't think its needed to have an alternate L2 path becuase its not  providing any extra layer of redundancy except to keep the HSRP topology sane and ideal.

This kind of topolofy would be recommended if we want to keep the GWRTRS in Active:Standby and want to have all the traffic exiting out from the site from one router only under normal conditions due to some BW constraints.

If the network requirements allow for an Active:Active toplogy we will not need an L2 Path between the two routers .

Hope this helps to clarify on the traffic requirements.

Regards

Varma

kishore.chennupati Thu, 10/27/2011 - 14:59

Hi Jerome,

If all the users are connected to just one switch and it goes down then HSRP will not help at all.

you will have to move the users from that switch over to the other one. Have the second switch configured and ready for DR purposes. just make sure that any change you make in the primary swtich needs to be put on the secondary switch as well  which is a  bit of admin task

HTH

Regards

Kishore

jquintard@actis... Thu, 10/27/2011 - 16:15

> If all the users are connected to just one switch and it goes down then HSRP will not help at all.

In fact I have just servers with 2 NIC and an IP bonding feature.

> If the network requirements allow for an Active:Active

> toplogy we will not need an L2 Path between the two routers .

So just one L2 link between the 2 routers (like the L3 used for iBGP) ? It's not needed to cross each router on each switch ?

Jerome

kishore.chennupati Thu, 10/27/2011 - 16:29
> If the network requirements allow for an Active:Active 

> toplogy we will not need an L2 Path between the two routers .

So just one L2 link between the 2 routers (like the L3 used for iBGP) ? It's not needed to cross each router on each switch ?

Jerome

From what I understand from that statement is basically saying that we dont need HSRP. The routers work stand alone. So your traffic will go thru one router and one switch . If the switch goes down then you move the servers to the other switch and then the traffic will go thru the other router.

HTH

svaibhava Thu, 10/27/2011 - 19:10

Hi Jerome/Kishore

What I meant to say was that lets consider the below topology as Jerome said we have a server in teaming:

FAI1 --- Router1 (fa1/0) ---------- Switch1-------------NIC1---------

                     |                                    

   (fa2/0) iBGP (fa2/0)                         |                                   Server(Virtual Bond IP)

                     |                                       

FAI2 --- Router2 (fa1/0) ---------- Switch2--------------NIC2---------

Now there is no L2 Link between the Router 1 & Router 2. Lets say the Active NIC is NIC 1 and the HSRP Master is Router 1. Now the Switch 1 Crashes down and the NIC2 becomes Active and the Router 2 becomes HSRP Master now. Server is sending all its traffic to Router 2 only and thats why we do not need L2 Path between R1 & R2 in Active:Active mode.

Now if there is a requirement that whenever the Switch1 to Router1 Links goes down then still traffic should exit out of R1 only ie Active:Standby then in that case we need an L2 path between the Routers and traffic will flow like this.

After the S1-R1 Link breaks STP reconverges and activates S1-S2 Link and the Frame frommServers hits S1 and then travels from S1-S2 and then hits R2 and then travels from R2-R1 and exits out. Thats why we need L2 Link only in Active:Standby Solution.

Hope this helps to clarify your doubt.

Regards

Varma

jquintard@actis... Fri, 10/28/2011 - 12:09

Yes Varma it's correct.

I have try in my GNS lab to add a L2 between routers but It's always the same problem each server is active in the case or sw1/sw2 is down. Now I have 2 links between my 2 routers (1 L3 for iBGP and 1 L2 for HSRP with an NM-16ESW module).

The result:

Router1#sh standby brief

                     P indicates configured to preempt.

                     |

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa1/0       1   200  P Active   local           unknown         91.209.117.1

Router2#sh standby brief

                     P indicates configured to preempt.

                     |

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa1/0       1   100  P Active   local           unknown         91.209.117.1

An idea ?

Jerome

kishore.chennupati Fri, 10/28/2011 - 15:08

Hi jerome,

From your pic, you dont need 2 X L2 links between the 2 routers just one shud be enuff but It's good for redundancy though. In fact for iBGP they dont need to be directly connected, thats one of the good things about iBGP. In your diagram I can see you are using a router as a switch or are u using the ESW module on those as L2 switches. Technically it should work but not if any glitch there

May I suggest you to use the actual layer2 switch as see in in my diagram and you can confugure just like a normal layer 2 switch if you double click on it. You wont get a CLI or anything like routers because there is no image for it.

I just put QEMU host as I didnt configure one

HSRP works beautifully in GNS3.  I have done tons of labs on GNS3 for HSRP and never had a problem

HTH

Kishore

jquintard@actis... Sat, 10/29/2011 - 04:11

So, I have changed my conf, now my topology is like this :

With this conf :

R1 (same thing for R2) :

interface Port-channel1

switchport mode trunk

interface FastEthernet3/0

description R2

switchport mode trunk

channel-group 1 mode on

interface FastEthernet3/1

description R2

switchport mode trunk

channel-group 1 mode on

interface FastEthernet3/2

description SW1

switchport mode trunk

interface FastEthernet3/3

description SW2

switchport mode trunk

interface Vlan10

ip address 91.209.117.10 255.255.255.0

standby 10 ip 91.209.117.1

standby 10 timers 2 6

standby 10 priority 200

SW1 (same thing for SW2) :

interface FastEthernet0/0

description R1

switchport mode trunk

interface FastEthernet0/1

description R2

switchport mode trunk

interface FastEthernet0/2

description Server

switchport access vlan 10

spanning-tree portfast

Now it's ok, R1 is active, R2 is in stanby. But there are little very strange problem. From server I can ping 91.209.117.10 (or R2 with 91.209.117.11) but not the HSRP virtual IP add.

If I lookat ARP table on server :

tc@Server:~$ arp

? (91.209.117.1) at 00:00:0c:07:ac:0a [ether]  on bond0

? (91.209.117.10) at cc:1d:1c:fc:00:00 [ether]  on bond0

And the mac address table on SW1 :

Switch1#sh mac-address-table

*Mar  1 00:53:39.163: %SYS-5-CONFIG_I: Configured from console by console

Destination Address  Address Type  VLAN  Destination Port

-------------------  ------------  ----  --------------------

cc21.15f8.0000          Self          1     Vlan1

0000.0c07.ac0a          Dynamic      10     FastEthernet0/0

00aa.0086.fe00          Dynamic      10     FastEthernet0/2

cc1d.1cfc.0000          Dynamic      10     FastEthernet0/0

cc1d.1cfc.f302          Dynamic       1     FastEthernet0/0

cc1d.1cfc.0000          Dynamic       1     FastEthernet0/0

I have the correct VLAN/MAC for the HSRP address :

Router1#sh standby

Vlan10 - Group 10

  State is Active

    2 state changes, last state change 01:29:09

  Virtual IP address is 91.209.117.1

  Active virtual MAC address is 0000.0c07.ac0a

    Local virtual MAC address is 0000.0c07.ac0a (v1 default)

  Hello time 2 sec, hold time 6 sec

    Next hello sent in 0.248 secs

  Preemption enabled, delay min 120 secs

  Active router is local

  Standby router is unknown

  Priority 200 (configured 200)

    Track interface FastEthernet0/0 state Up decrement 10

  IP redundancy name is "hsrp-Vl10-10" (default)

Why I can't reach this address ?

svaibhava Sat, 10/29/2011 - 05:30

Hi Jerome

Can you ping the HSRP IP from R1/R2 itself ?

Regards

Varma

andrewswanson Sat, 10/29/2011 - 05:45

the standby router for vlan 10 is listed as 'unknown' in your output for R1. does vlan10 exist in the vlan databases on R1 and R2?

hth

andy

jquintard@actis... Sat, 10/29/2011 - 09:14

@Varma.

Yes no problem from R1/R2.

@Andy

It's normal R2 was down when I have made the last test (see the screenshot).

jquintard@actis... Sat, 10/29/2011 - 09:38

Hi,

I have find a command on another lab but I dont understand the command and the result.

If I add on R1/R2 :

int vlan 10

ip pim sparse-mode

That work BUT if I reload routers I can't ping and if I remove this command I can ping.

Why ?

svaibhava Sat, 10/29/2011 - 22:40

Hi Jerome

"ip pim sparse-mode" is used to enable multiast routing and I don't think it has anything to do with HSRP here..Its a not so expected behaviour we are seeing for HSRP..

What series router are you using..Is it a real network or some lab setup in GNS or something ?

If R1/R2 can ping HSRP IP and User can ping R1/R2 Physical IP then I don't see any issue on HSRP Layer.

Not sure many be a weird platform/IOS behaviour...

Regards

Varma

jquintard@actis... Sat, 10/29/2011 - 23:29

Hi varma,

In fact I thing I need to use pim because I not use HSRP on the default VLAN. I think have found my problem with the restart because the DR needed by the sparse mode was missing. I test my lab but I think my issue is completed.

Jerome

Actions

Login or Register to take actions

This Discussion

Posted October 27, 2011 at 3:17 AM
Stats:
Replies:21 Avg. Rating:
Views:1001 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,730
4 7,083
5 6,742
Rank Username Points
165
82
70
69
55