Look at this way. HSRP (and VRRP) share a virtual IP
address among the devices participating. Hosts point
their default-gateway to this Virtual IP address. This
allows the hosts to still forward traffic when the
primary router/switch interface goes down and the
standby router/switch changes over to active. This is
the function of HSRP/VRRP - to provide a shared IP
address among multiple interfaces on the same network.
If the interface is in standby mode for HSRP then the
standby IP address isn't active on this interface, but
the primary IP is active and ip-helper, routing, and
all other IP features you have configured are active
unless the interface is down, etc.
Currently, there isn't a way to stop ip-helper from
forwarding when the HSRP address is in standby mode
since ip-helper isn't part of HSRP. Maybe they need to
add a feature, like standby helper or something so
when HSRP is being used it will only forward UDP
broadcast traffic on the device that has the HSRP IP
active. Example: if such a feature existed, then you
wouldn't use ip-helper on HSRP interfaces - you would
use standby-helper if you just wanted UDP forwarded on
device with active HSRP IP address.
The only way to get around forwarding UDP broadcasts
from both routers would to remove the ip-helper from
one of the interfaces. The problem here is when the
other interface goes down you're not going to forward
the UDP broadcasts anymore. The other solution would
to be make the DHCP server local so ip-helper wasn't
needed.
If you search on cisco.com for HSRP and IP-helper
you'll get a document on UDP Flooding which involves
bridge-groups and using spanning-tree to block.
Erick
--- Bob Vance <[EMAIL PROTECTED]> wrote:
> I was told this in another venue:
>
> >It is the nature of HSRP. Both routers listen to
> broadcast traffic.
> Both
> >routers are configured as a DHCP and BOOTP relay
> agent in order to get
> >redundancy. So all DHCP and BOOTP broadcast traffic
> is sent twice to
> the
> >central server.
>
> Is there some reason for this to be true?
> It does not seem right to me.
>
> My understanding is that, normally, HSRP does not
> depend on multiple
> routers in the group to forward traffic. The HSRP
> group appears as one
> router to the side where it is being redundant, with
> the primary router
> forwarding all traffic. The standby doesn't
> participate, except
> possibly
> on reply traffic
>
> I think that you would agree that it is not normal
> nor good (maybe not
> necessarily bad, but certainly not good :) for a
> router arbitrarily to
> send duplicate packets onto a subnet and this is, in
> effect, what would
> be happening here.
>
> In single-group HSRP mode, I can see no reason for
> this to be
> required --
> I would think that it would be sufficient for the
> UDP forwarding simply
> to follow the primary router.
>
> Multi-group HSRP seems to present some other
> possibilities/problems that
> I haven't explored in depth yet. One point is that
> it would appear that
> having MHSRP primary routers forwarding DHCP (at
> least the broadcasts)
> would require extraordinary configuration on the
> DHCP server. For
> example, if the clients are in the same subnet, then
> which default
> gateway should it send to the client? Thus, MHSRP
> *with* DHCP
> forwarding
> would seem to require, practically, multiple subnets
> and broadcast
> domains -- i.e., VLANs.
>
> Comments?
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
