Re: HSRP virtual being used? - Page 2

Collin Clark · ‎06-02-2009

I have two routers and have HSRP running between the fast ethernet interfaces. Actually there are two groups running. RTR_A real IP is .1 and it is Active for .3 (group 1). RTR_B real IP is .2 and it is Active for the .4 address (group 2). I want to remove one of the groups. Anyone know how I can see if the .4 virtual is being used as a default gateway by a client?

Joseph W. Doherty · ‎06-03-2009

The problem, of course, is another host can be "sitting" on the .4 gateway but, going forward, until they transmit to the gateway, you don't know they are there. If, as others have suggested, you monitored or sniffed traffic, you might find some of the hosts, but monitor for how long?

If you have standards for host IP configurations, e.g. DHCP unless "registered/approved hosts for static gateways", you could just wait until DHCP timeouts leases and change "known" static hosts.

If you've done all that you can, then you make the change prepared for a some "phone calls - my computer isn't working right" and might also be prepared for a quick rollback "our production web server that takes sales orders doesn't work!".

PS:

I'm a bit curious why you have two HSRP groups now and moving to just one group. Reason I ask, if you were doing the two groups for host to gateway load balancing, and if you planned to move to GLBP, there's an issue I believe I've discovered with such conversions.

Collin Clark · ‎06-03-2009

This is a public network. No DHCP, all static IP's and there are no 'days w/o communications'. The problem is some of the IP's are customers in our data center and some of the engineers use the standard DG and some don't. I don't plan on using GLBP (no benefit) and the routers need to be cleaned up. I have no idea why there are two groups and I want to remove one if possible, hence my question.

Joseph W. Doherty · ‎06-03-2009

"I have no idea why there are two groups and I want to remove one if possible, hence my question."

Well one possible reason for two mHSRP groups on the same subnet could be for gateway load balancing, especially before GLBP. With the advent of GLBP, often less need for mHSRP yet there are still some situations where it's better than GLBP. (I recall mHSRP used to only be supported on the high end routers, but believe support has been extended to additional low end routers.)

With OER/PfR, which will dynamically redirect traffic on received gateway to another path, load balancing with mHSRP or GLBP can also be slightly better.

Without OER/PfR, and using a single gateway, but with peers, OSPF equal path costing might be better than gateway balancing, although perhaps a bit more difficult to configure. Same would be true for EIGRP unless you use unequal cost routing, and there are issues with that. BGP preference for single path, and conditions to take advantage of multiple peer routers also might be more troublesome than gateway load balancing. (For instance if you have two routers with complete Internet BGP route tables, that iBGP peer, and you only send data to one as a gateway, normally "equal" AS paths will use just the gateway router's external facing interface.)

PS:

As to finding hosts that are using the .4 gateway, besides sniffing, perhaps an ACL that matches against the virtual MAC and logs it, could reveal hosts configured to use it.

Collin Clark · ‎06-03-2009

I originally thought an ACL would work, but traffic would be going through it, not necessarily to it. I'll lab it up and see what happens. I understand the use of two groups, but the IP's that we're used make no sense in our environment. Completely different than everything else we use. Then again this was setup by a consultant >5 years ago.

Collin Clark · ‎06-03-2009

Just a follow up, the ACL doesn't log it hitting the virtual.

Joseph W. Doherty · ‎06-03-2009

Well that's annoying.

Concerning your other points, without knowing your network, lots of things can change over five years. It's also possible, consultant did it right then, but sometimes there's communications breakdowns too. When staffers say "I have no idea why there are two groups", sometimes indicate such.