Solved: Which switch should be DR or BDR while running HSRP

mahesh18 · ‎11-24-2011

Hi all.

While running HSRP on Layer 3 swithces and if OSPF is running between them

i have seen that if we make standby switch as DR and active switch as BDR it slows the telnet access to active switch and also slows tha LAN traffic.

so in HSRP network does it matter which switch active or standby should be DR or BDR ?

Also can someone tell me why network is slow if standby switch becomes BDR?

And is both switches connect to WAN router then is it ok by network design to make WAN routers both interfaces as DR?

Thanks

Mahesh

lgijssel · ‎11-25-2011

The links between the 2921 and the switches can be switched to point-point.

You are also having multiple paths over the the trunk between 3550SMIA and 3550SMIB.

Reduce the number of network statements in order to limit this number to two or one.

This will not affect performance and reduce ospf processing.

In general, having several paths over the same trunk link is not really an improvement regarding the redundancy.

It will not protect you from link failure.

Routing is affected only when you should shutdown a vlan on which ospf is active.

regards,

Leo

View solution in original post

Beetlejuice01 · ‎11-29-2011

I don't understand what you intend for internal ospf network, but an interface must be in active state when on lan segment there are one or more router who need to do a neighborship, to exchange routing table. Your second switch and your primary switch is on the same network so there isn't a network behind a router or switch but all your equipement known the same vlan and are default gateway of the same network by hsrp. If there was a router or switch with a network behind not reachable by layer 2 in this case ospf and routing (or static route) is needed.

View solution in original post

Beetlejuice01 · ‎11-24-2011

Can You give some other information about the switch? The hsrp master is only one or it's balanced betwen two switch? The model of switch?...

mahesh18 · ‎11-24-2011

Hi Fabio,

Thanks for reply

here is info

master switch

3550SMIA#sh standby
Vlan10 - Group 1
State is Active
    2 state changes, last state change 1w0d
Virtual IP address is 192.168.10.3
Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.076 secs
Authentication text "manveer"
Preemption enabled, delay min 120 secs
Active router is local
Standby router is 192.168.10.2, priority 100 (expires in 9.236 sec)
Priority 150 (configured 150)
IP redundancy name is "hsrp-Vl10-1" (default)
Vlan20 - Group 0
State is Active
    2 state changes, last state change 1w0d
Virtual IP address is 192.168.20.3
Active virtual MAC address is 0000.0c07.ac00
    Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.072 secs
Preemption enabled
Active router is local
Standby router is 192.168.20.2, priority 100 (expires in 8.516 sec)
Priority 150 (configured 150)
IP redundancy name is "hsrp-Vl20-0" (default)

Model number: WS-C3550-24PWR-SMI

*****************************************************************************************

standby switch

3550SMIB#sh standby
Vlan10 - Group 1
State is Standby
    7 state changes, last state change 1w0d
Virtual IP address is 192.168.10.3
Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.356 secs
Authentication text "manveer"
Preemption enabled, delay min 60 secs
Active router is 192.168.10.1, priority 150 (expires in 8.184 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Vl10-1" (default)
Vlan20 - Group 0
State is Standby
    4 state changes, last state change 1w0d
Virtual IP address is 192.168.20.3
Active virtual MAC address is 0000.0c07.ac00
    Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.612 secs
Preemption enabled
Active router is 192.168.20.1, priority 150 (expires in 9.188 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Vl20-0" (default)

3550SMIB#sh ver
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(44)SE6,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 09-Mar-09 20:28 by gereddy
Image text-base: 0x00003000, data-base: 0x012A99FC

ROM: Bootstrap program is C3550 boot loader

3550SMIB uptime is 1 week, 11 hours, 38 minutes
System returned to ROM by power-on
System restarted at 13:18:58 MST Thu Nov 17 2011
System image file is "flash:/c3550-ipservicesk9-mz.122-44.SE6.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco WS-C3550-24 (PowerPC) processor (revision C0) with 65526K/8192K bytes of m
emory.
Processor board ID CHK0624V0EB
Last reset from warm-reset
Running Layer2/3 Switching Image

Ethernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 2 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interface

24 FastEthernet interfaces
2 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.
384K bytes of flash-simulated NVRAM.
Base ethernet MAC Address: 00:09:E8:A2:00:80
Motherboard assembly number: 73-5700-08
Power supply part number: 34-0966-02
Motherboard serial number: CAT06230HS8
Power supply serial number: LIT062102UX
Model revision number: C0
Motherboard revision number: B0
Model number: WS-C3550-24-SMI
System serial number: CHK0624V0EB
Configuration register is 0x10F

Beetlejuice01 · ‎11-25-2011

Both switches are connected to the same wan router with a switched virtual interface? Can you send the configuration of ospf or the full show run of both switch credential excluded?

mahesh18 · ‎11-25-2011

Hi Fabio,

Thanks for reply

both switch connect to WAN router on separate physical interfaces.

I have attached the config with my original post.

Thanks

MAhesh

lgijssel · ‎11-25-2011

mahesh18 wrote:

Hi all.

so in HSRP network does it matter which switch active or standby should be DR or BDR ?

Also can someone tell me why network is slow if standby switch becomes BDR?

Best practice is to match DR with HSRP active router. However, I find it hard to comprehend how a mismatch can result in slower LAN traffic. You may notice sub-optimal routing when traffic needs to be forwarded from one router to the other in order to reach the WAN. As a result of HSRP, no icmp redirects are sent and you are in fact introducing an extra hop.

And is both switches connect to WAN router then is it ok by network design to make WAN routers both interfaces as DR?

On WAN links, the best practice is to configure point-point links:

interface FastEthernet0/0
ip address 10.2.0.253 255.255.255.252
ip ospf network point-to-point

regards,

Leo

mahesh18 · ‎11-25-2011

Hi Leo,

Thanks for reply.

Router which connects to internet and 2 Lan switches is DR to both the Lan switches interfaces.

Is it good design to do like this?

mahesh

lgijssel · ‎11-25-2011

When all nodes are in one subnet, its ok.

When you have two separate interfaces, each running ospf to one switch, I would say point-point is a better solution.

This not really a big deal, just making the ospf peering process more effective by removing the unnecessary burden of the DR/BDR election process.

regards,

Leo

mahesh18 · ‎11-25-2011

Hi Leo,

Thanks for reply.

so right now my lan interfaces are brodcast type as shown from active switch

3550SMIA# sh ip ospf int

Loopback0 is up, line protocol is up

Internet Address 192.168.7.2/32, Area 0

Process ID 1, Router ID 3.3.3.3, Network Type LOOPBACK, Cost: 1

Loopback interface is treated as a stub Host

FastEthernet0/11 is up, line protocol is up (connected)

Internet Address 192.168.5.2/31, Area 0

Process ID 1, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State BDR, Priority 1

Designated Router (ID) 192.168.6.3, Interface address 192.168.5.3

Backup Designated router (ID) 3.3.3.3, Interface address 192.168.5.2

Timer intervals configured, Hello 40, Dead 160, Wait 160, Retransmit 5

oob-resync timeout 160

Hello due in 00:00:01

Supports Link-local Signaling (LLS)

Cisco NSF helper support enabled

IETF NSF helper support enabled

Index 6/6, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 3, maximum is 4

Last flood scan time is 0 msec, maximum is 4 msec

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 192.168.6.3 (Designated Router)

Suppress hello for 0 neighbor(s)

Can i make then point to point by this config ---

interface FastEthernet0/0
ip address 10.2.0.253 255.255.255.252
ip ospf network point-to-point

Regards

MAhesh

lgijssel · ‎11-25-2011

Please post the output of: sh ip ospf nei

Any interface with only one neigbor can be a point-point.

regards,

Leo

Beetlejuice01 · ‎11-25-2011

Mathesh, to better understand... when you have the primary switch as DR, and secondary as BDR, the netwok works fine, and when the primary is BDR and secondary DR the network is slow? Or is always slow when the BDR start?

Have you checked the cpu level? If is high try to put in passive the ospf on SVI and active only on link router. You don't need switch becomes neighbor on each svi.

Send us an output of show ip ospf neigh, and a show of cpu process when you see the network slow.

mahesh18 · ‎11-25-2011

Hi Fabino.

Thanks for reply.

I have attached the sh ip ospf nei .

CPU level on Router touches 99

1 99 9 6 15 1 11 1 1 11 1

220625222995769666196322222220352212126710422292422222220222586564340091

100 ** *

90 ** *

80 ** *

70 ** * *

60 ** * * *

50 ** * * *

40 ** * * *

30 ** * * *

20 ** * * *

10 ** * ************ * * **** ** * ***** ****

0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..

0 5 0 5 0 5 0 5 0 5 0 5 0

CPU% per hour (last 72 hours)

* = maximum CPU% # = average CPU%

Switch CPU level is

2321134122413221211331222212322112311312 42222222111212313242121211332
    4468611208689532739465821273067674509812863525067984163210240584598411
100
90
80
70
60
50           *                              *
40       *   * *       *             * *   *                 *
30 ** ** ** ** * ** *     ***   * *   * * * **      * * * * * **
20 ******* ******* * ***************** ** * ********** **** ****** ******
10 **********************************************************************
   0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
             0    5    0    5    0    5    0    5    0    5    0    5    0
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%

3550SMIA#

when router touches cpu level 99 is it bad?

As average cpu of router is still slow

Thanks

mahesh

mahesh18 · ‎11-25-2011

Hi Leo,

Here is required info

3550SMIA# sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.6.3       1   FULL/DR         00:02:04    192.168.5.3     FastEthernet0/11
192.168.30.2      1   FULL/BDR        00:02:01    192.168.30.2    Vlan30
192.168.30.2      1   FULL/BDR        00:02:01    192.168.20.2    Vlan20
192.168.30.2      1   FULL/BDR        00:02:01    192.168.10.2    Vlan10

Standby switch

3550SMIB#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.6.3       1   FULL/DR         00:02:00    192.168.6.3     FastEthernet0/11
3.3.3.3           1   FULL/DR         00:02:31    192.168.30.1    Vlan30
3.3.3.3           1   FULL/DR         00:02:31    192.168.20.1    Vlan20
3.3.3.3           1   FULL/DR         00:02:31    192.168.10.1    Vlan10

2691Router#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.30.2      1   FULL/BDR        00:02:29    192.168.6.2     FastEthernet1/0
3.3.3.3           1   FULL/BDR        00:02:04    192.168.5.2     FastEthernet0/1

Thanks

MAhesh

lgijssel · ‎11-25-2011

The links between the 2921 and the switches can be switched to point-point.

You are also having multiple paths over the the trunk between 3550SMIA and 3550SMIB.

Reduce the number of network statements in order to limit this number to two or one.

This will not affect performance and reduce ospf processing.

In general, having several paths over the same trunk link is not really an improvement regarding the redundancy.

It will not protect you from link failure.

Routing is affected only when you should shutdown a vlan on which ospf is active.

regards,

Leo

Beetlejuice01 · ‎11-25-2011

So Leo as i said, it's not necessary to have active ospf on all vlan, it can be configured in passive state.

Mahesh, as you can immagine if the processor is 99% only for routing proces it's impossible to work for the switch, and this switch is not so young.

Chek also the configuration of some link in the running config i see interface in access but not configured in mode access that interface can become trunk if other switch wil be connected and if interface without tag is different can create a lot of problem.

Regarding loopack interface it hasn't any sense with that address and with the command router id.

By Mahesh.