HSRP Issue

Onildo Ricardo Ribeiro · ‎07-01-2014

I am facing a very strange HSRP behavior. I have two routers (backup and main) and the HSRP is changing its status on the backup from speak to active very often and showing me the logs. However on main router I don't see these logs and apparently it is stable more then 3 months. Look the logs below :

Main router
===========

standby 1 ip 10.66.24.254
standby 1 priority 110
standby 1 preempt
standby 1 track FastEthernet0/0.15 20
standby 1 track 2 decrement 20
service-policy input COS-IN
end

main#sh stand
FastEthernet0/1 - Group 1
State is Active
    17 state changes, last state change 13w0d
Virtual IP address is 10.66.24.254
Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.432 secs
Preemption enabled
Active router is local
Standby router is 10.66.24.253, priority 100 (expires in 8.936 sec)
Priority 110 (configured 110)
    Track interface FastEthernet0/0.15 state Up decrement 20
    Track object 2 state Up decrement 20
Group name is "hsrp-Fa0/1-1" (default)

main# show clock
17:33:58.433 UTC Tue Jul 1 2014
main#

main#sh track
Track 1 (via HSRP)
Interface FastEthernet0/0.15 line-protocol
Line protocol is Up
    2 changes, last change 35w6d
Tracked by:
    HSRP FastEthernet0/1 1
Track 2
Response Time Reporter 1 state
State is Up
    11 changes, last change 13w0d
Delay up 30 secs, down 30 secs
Latest operation return code: OK
Latest RTT (millisecs) 3
Tracked by:
    HSRP FastEthernet0/1 1

Mar 31 22:42:01: %BGP-3-NOTIFICATION: sent to neighbor 57.213.39.13 4/0 (hold time expired) 0 bytes
Apr 1 02:17:53: %BGP-5-ADJCHANGE: neighbor 57.213.39.13 Up
Apr 1 02:18:28: %TRACKING-5-STATE: 2 rtr 1 state Down->Up
Apr 1 02:18:28: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Active

Backup router
=============

standby 1 ip 10.66.24.254
standby 1 preempt

Jul 1 14:56:15: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Speak -> Standby
Jul 1 14:56:56: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Active
Jul 1 14:56:59: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Active -> Speak
Jul 1 14:57:09: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Speak -> Standby
Jul 1 15:06:36: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Active
Jul 1 15:06:45: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Active -> Speak
Jul 1 15:06:55: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Speak -> Standby
Jul 1 15:07:08: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Active
Jul 1 15:07:09: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Active -> Speak
Jul 1 15:07:19: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Speak -> Standby

backup#sh stand
Vlan1 - Group 1
State is Standby
    175 state changes, last state change 03:02:40
Virtual IP address is 10.66.24.254
Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.900 secs
Preemption enabled
Active router is 10.66.24.252, priority 110 (expires in 8.396 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl1-1" (default)

Peter Paluch · ‎07-02-2014

Hi Onildo,

On your main router, HSRP is configured on Fa0/1 routed interface. However, on the backup, it is configured on the Vlan1 interface. Is there a possibility that the STP is reacting to some topological changes in your network that could result in transient losses of connectivity? If you run legacy STP/PVST+, reconvergence may take up to 50 seconds, long enough for HSRP on your backup router to think it should take over. If you run RSTP/RPVST+/MST, have you properly configured links to end hosts including routers as edge ports using spanning-tree portfast?

Try checking out the show spanning-tree vlan 1 detail and look for the "Number of topology changes XX last change occurred YY ago" line telling you about the detected topology changes in the VLAN1. If the time of the last change coincides with the time when your HSRP status flapped then we're on the right track here.

Please keep us posted.

Best regards,
Peter

Onildo Ricardo Ribeiro · ‎07-02-2014

I believe that we found out the problem, check out the duplex and speed settings. Do you think that it might be related with the issue ?

backup#show running-config interface fastEthernet 0
Building configuration...

Current configuration : 54 bytes
!
interface FastEthernet0
duplex half <<<<<<<<<<<<<<<
speed 10 <<<<<<<<<<<<<<<
end

backup#show spanning-tree vlan 1

VLAN1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 001f.9e33.e160
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Number of topology changes 131425 last change occurred 02:25:08 ago
from FastEthernet0
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 1 (FastEthernet0) of VLAN1 is forwarding
   Port path cost 100, Port priority 128, Port Identifier 128.1.
   Designated root has priority 32768, address 001f.9e33.e160
   Designated bridge has priority 32768, address 001f.9e33.e160
   Designated port id is 128.1, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   BPDU: sent 11059037, received 181456

Peter Paluch · ‎07-02-2014

Hello Onildo,

Good catch, it may well be the source of our problems. As Prajith suggested, it would be very interesting to see the output of the show interfaces fa0 command, especially the counters on errors and collisions. What is connected to fa0 here?

In any case, do you know why the speed and duplex were hardcoded on that interface? I do not want to change it just yet without better understanding why it is there.

Best regards,
Peter

prajithtr_2 · ‎07-02-2014

Hi onildo.ribeiro,

Can you check the physical layer connectivity between these two devices.check interface errors and drops.There is a possibility of standby device misses some hellos.

and if possible please share the diagram.

Regards

Prajith