I am facing a very strange HSRP behavior. I have two routers (backup and main) and the HSRP is changing its status on the backup from speak to active very often and showing me the logs. However on main router I don't see these logs and apparently it is stable more then 3 months. Look the logs below :
main#sh stand FastEthernet0/1 - Group 1 State is Active 17 state changes, last state change 13w0d Virtual IP address is 10.66.24.254 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.432 secs Preemption enabled Active router is local Standby router is 10.66.24.253, priority 100 (expires in 8.936 sec) Priority 110 (configured 110) Track interface FastEthernet0/0.15 state Up decrement 20 Track object 2 state Up decrement 20 Group name is "hsrp-Fa0/1-1" (default)
main# show clock 17:33:58.433 UTC Tue Jul 1 2014 main#
main#sh track Track 1 (via HSRP) Interface FastEthernet0/0.15 line-protocol Line protocol is Up 2 changes, last change 35w6d Tracked by: HSRP FastEthernet0/1 1 Track 2 Response Time Reporter 1 state State is Up 11 changes, last change 13w0d Delay up 30 secs, down 30 secs Latest operation return code: OK Latest RTT (millisecs) 3 Tracked by: HSRP FastEthernet0/1 1
Mar 31 22:42:01: %BGP-3-NOTIFICATION: sent to neighbor 220.127.116.11 4/0 (hold time expired) 0 bytes Apr 1 02:17:53: %BGP-5-ADJCHANGE: neighbor 18.104.22.168 Up Apr 1 02:18:28: %TRACKING-5-STATE: 2 rtr 1 state Down->Up Apr 1 02:18:28: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Active
Backup router =============
standby 1 ip 10.66.24.254 standby 1 preempt
Jul 1 14:56:15: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Speak -> Standby Jul 1 14:56:56: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Active Jul 1 14:56:59: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Active -> Speak Jul 1 14:57:09: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Speak -> Standby Jul 1 15:06:36: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Active Jul 1 15:06:45: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Active -> Speak Jul 1 15:06:55: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Speak -> Standby Jul 1 15:07:08: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Active Jul 1 15:07:09: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Active -> Speak Jul 1 15:07:19: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Speak -> Standby
backup#sh stand Vlan1 - Group 1 State is Standby 175 state changes, last state change 03:02:40 Virtual IP address is 10.66.24.254 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.900 secs Preemption enabled Active router is 10.66.24.252, priority 110 (expires in 8.396 sec) Standby router is local Priority 100 (default 100) Group name is "hsrp-Vl1-1" (default)
On your main router, HSRP is configured on Fa0/1 routed interface. However, on the backup, it is configured on the Vlan1 interface. Is there a possibility that the STP is reacting to some topological changes in your network that could result in transient losses of connectivity? If you run legacy STP/PVST+, reconvergence may take up to 50 seconds, long enough for HSRP on your backup router to think it should take over. If you run RSTP/RPVST+/MST, have you properly configured links to end hosts including routers as edge ports using spanning-tree portfast?
Try checking out the show spanning-tree vlan 1 detail and look for the "Number of topology changes XX last change occurred YY ago" line telling you about the detected topology changes in the VLAN1. If the time of the last change coincides with the time when your HSRP status flapped then we're on the right track here.
I believe that we found out the problem, check out the duplex and speed settings. Do you think that it might be related with the issue ?
backup#show running-config interface fastEthernet 0 Building configuration...
Current configuration : 54 bytes ! interface FastEthernet0 duplex half <<<<<<<<<<<<<<< speed 10 <<<<<<<<<<<<<<< end
backup#show spanning-tree vlan 1
VLAN1 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, address 001f.9e33.e160 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag not set, detected flag not set Number of topology changes 131425 last change occurred 02:25:08 ago from FastEthernet0 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 0, topology change 0, notification 0, aging 300
Port 1 (FastEthernet0) of VLAN1 is forwarding Port path cost 100, Port priority 128, Port Identifier 128.1. Designated root has priority 32768, address 001f.9e33.e160 Designated bridge has priority 32768, address 001f.9e33.e160 Designated port id is 128.1, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 11059037, received 181456
Good catch, it may well be the source of our problems. As Prajith suggested, it would be very interesting to see the output of the show interfaces fa0 command, especially the counters on errors and collisions. What is connected to fa0 here?
In any case, do you know why the speed and duplex were hardcoded on that interface? I do not want to change it just yet without better understanding why it is there.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...