ok, when priscilla says "now it gets hairy" its time to think about plan b. maybe this isn't really what i need to do after all. while it did seem to be a good idea at the time ...
thanks all for the advice. tomorrow we'll take another run at it. i have a couple more things i want to try. i'm going over the debug standby traces now. this is an isolated lab lan segment so i can experiment without doing harm. from what i see in the debugs the virtual mac and ip addresses move as they should from interface to interface when i pull the cable. the pc uses the virtual interface mac and ip per its arp cache which i also printed before, during and afterwards - no change. i just read a tac article that says there is an asymmetric twist to all this - the pc uses the virtual routers mac address to send but replies come back from the router with the router's actual burned in address as the mac. so i can see, well sort of see, how things could get messy. later all. ----- Original Message ----- From: Priscilla Oppenheimer Date: Thursday, March 6, 2003 7:51 pm Subject: Re: it started out as a really good idea ... [7:64638] > Larry Letterman wrote: > > > > that was my answer as well...the broken connection will black > > hole the path on > > one side or the other... > > > > Larry Letterman > > Network Engineer > > Cisco Systems > > Whew! I wasn't losing it. :-) > > For this to work, you would need a way to tell Router 1 (as well > as Router > 2), "if my E0 interface goes down, make sure I'm not the default > gateway on > my E1 interface." (And vice versa.) > > Maybe you can do that with HSRP? I don't know how though. > > HSRP does have an advanced feature to avoid LAN users using a default > gateway that has lost its access to the "rest of the network" on > its other > interface. I can't remember how to do that, but it's supported > somehow, from > what I understand. But I don't think that helps. It's not the same > as no > longer being the default gateway for the LAN that reaches the > "rest of the > network" because you're no longer the default gateway on the local > LAN. > Sorry if that's convoluted. I can't think of a better way of > saying it! ;-) > > I think a routing protocol solves the problem too, but there are some > gotchas. > > Assuming I understand his topology correctly, with a distance- > vector routing > protocol, Router 2 would not send via its E0 interface a route > that tells > Router 1 that Router 2 can get to network 10.3.0.0, due to split > horizon.That's fine. > > However, Router 2 would tell Router 1 this information via its E1 > interface. > When there's no problem, Router 1 would ingore this information > becauseRouter 1 can get to network 10.3.0.0 directly already. > > Now Router 1's E0 goes down. After the route comes out of holdown > (could be > a long time for some routing protocols) Router 1 will accept > Router 2's > offer to send to network 10.3.0.0. > > Now, it gets a little hairy..... > > Packet comes in on Router 1's E1 interface destinated to 10.3.x.x. > (That'sthe ping reply from PC 2 to PC1.) Router 1 should send the > packet back out > E1 and let Router 2 pick it up. Router 1 may send an ICMP redirect > too,which would avoid the extra hop in the future, except that > ICMP redirects > are often disabled with HSRP. > > I think that would work? It's not too pretty, but that's OK, he > said it was > a lab network. :-) > > I think the general-purpose answer is that the original poster did > sort of > misunderstand HSRP's purpose. In a hierarchical network design, > you probably > wouldn't have a router that was a default gateway on both sides of it. > > Instead, you might have two routers on a LAN acting together (with > HSRP) as > the default gateway. Both these routers can also get out to the > rest of the > network, for example the rest of the enterprise network or the > Internet, so > it doesn't matter which one gets used. > > Priscilla > > > > > > > ----- Original Message ----- > > From: Priscilla Oppenheimer > > To: [EMAIL PROTECTED] > > Sent: Thursday, March 06, 2003 3:23 PM > > Subject: Re: it started out as a really good idea ... > > [7:64638] > > > > > > Um, he already has both the E0s in the same subnet and both > > the E1s in the > > same subnet, according to his config. > > > > His drawing is confusing but I think he's got PC1 and both > > E0s in subnet > > 10.3.0.0/16, say on a hub or a switch. > > > > He's got PC2 and both E1s in subnet 10.4.0.0, on another hub > > or switch. > > > > If the problem isn't related to misconfiguration of the > > default gateway on > > the PCs, I do have another theory. :-) > > > > Say he pulls the E0 cable on Router 1. No problem, PC1 will > > start using > > Router2. > > > > Then he pings from PC1 to PC2. The ping will probably get > > there but what > > about the reply coming back? > > > > What happens if PC2 is using Router 1 and Router 1 has no way > > to send PC2's > > packet from itself to Router 2 due to the missing cable, not > > to mention > > lack > > of any routing protocol configured. > > > > Think about it! :-) > > > > Priscilla > > > > The Long and Winding Road wrote: > > > > > > ""garrett allen"" wrote in message > > > news:[EMAIL PROTECTED] > > > > i have a need for a high availability solution for a > > default > > > gateway > > > > configuration. just finished the ccdp and thought it > > might be > > > > interesting to try hsrp on a pair of 2514's. put some of > > > that theory > > > > to work. instead of highly resiliant i've managed to > > > configure it for > > > > mass failure. arg.., not exactly what i had in mind. > > now, > > > any time i > > > > take down 1 of the 4 links, the connect between 2 remote > > > hosts dies. > > > > this is in a lab (production is not a lab, production is > > not > > > a lab...) > > > > so it is a mystery i would like to solve, but it is not > > > critical. > > > > > > > > here is the basic config (hope it makes it): > > > > > > > > pc host 1 -----+----- e0 router 1, e1 ----+--------- pc > > > host 2 > > > > | | > > > > |----- e0 router 2, e1 ----| > > > > > > > > the routers act as a default gateway between the internal > > > network > > > > (represented by pc host 1) and the external world > > > (represented by pc > > > > host 2). i have used 10.3 and 10.4 /16 as the addresses > > for > > > each side > > > > of the divide. i want to run hsrp on both sets of router > > > interfaces so > > > > that in the event a router or an interface fails, the > > traffic > > > impact is > > > > minimized. in the real world pc host 2 will be a firewall > > > and there > > > > will be other hosts off that segment as well > > > > > > > > looks easy. sounds plausible. read the cisco docs. > > looks > > > like it > > > > should work. minimal incantations before tickling the > > > keyboard. key > > > > in the configs and it fires up nicely. do the show standby > > > thingee and > > > > all looks cool. can ping the 2 stations end to end. most > > > excellent. > > > > put a router in debug mode. when i pull one of the 4 > > router > > > cables the > > > > router goes through a state change but no bits make it to > > the > > > far end. > > > > not even the shiney ones. bitstream courtesy of ping. > > > > > > > > maybe i misunderstood what hsrp was suppose to do. the > > > configs are > > > > below, along with the show standby results. both are > > 2514's > > > (2 aui's) > > > > and both are running 12.2(1d). probably forgot to put the > > > interface in > > > > mumble mode or something equally easy. no laughter, > > please. > > > > > > > > > HSRP assumes the ehternet interfaces to be on the same > > subnet. > > > your ehternet > > > side is on two different subnets. hence - no failover. > > > > > > to get this to work using 2514's: > > > > > > > > > E0----------2514_1-----------E1 > > > > > > E0----------2514_2-----------E1 > > > > > > > > > the e0's on the same subnet, the e1's on the same subnet > > > > > > > > > > > > > > > > > > > > thanks in advance. > > > > > > > > router 1 > > > > interface Ethernet0 > > > > ip address 10.3.255.2 255.255.0.0 > > > > no ip route-cache > > > > no ip mroute-cache > > > > standby 1 priority 200 preempt > > > > standby 1 ip 10.3.0.2 > > > > ! > > > > interface Ethernet1 > > > > ip address 10.4.254.2 255.255.0.0 > > > > no ip route-cache > > > > no ip mroute-cache > > > > standby 2 priority 200 preempt > > > > standby 2 ip 10.4.254.10 > > > > > > > > > > > > router 2 > > > > interface Ethernet0 > > > > ip address 10.3.255.1 255.255.0.0 > > > > no ip route-cache > > > > no ip mroute-cache > > > > standby 1 priority 225 preempt > > > > standby 1 ip 10.3.0.2 > > > > ! > > > > interface Ethernet1 > > > > ip address 10.4.254.1 255.255.0.0 > > > > no ip route-cache > > > > no ip mroute-cache > > > > standby 2 priority 150 preempt > > > > standby 2 ip 10.4.254.10 > > > > > > > > results of show standby > > > > Router1#show standby > > > > Ethernet0 - Group 1 > > > > Local state is Standby, priority 200, may preempt > > > > Hellotime 3 holdtime 10 > > > > Next hello sent in 00:00:00.940 > > > > Hot standby IP address is 10.3.0.2 configured > > > > Active router is 10.3.255.1 expires in 00:00:09, > > priority > > > 225 > > > > Standby router is local > > > > 20 state changes, last state change 00:22:34 > > > > Ethernet1 - Group 2 > > > > Local state is Active, priority 200, may preempt > > > > Hellotime 3 holdtime 10 > > > > Next hello sent in 00:00:01.676 > > > > Hot standby IP address is 10.4.254.10 configured > > > > Active router is local > > > > Standby router is 10.4.254.1 expires in 00:00:08 > > > > Standby virtual mac address is 0000.0c07.ac02 > > > > 17 state changes, last state change 00:23:26 > > > > Router1# > > > > > > > > Router2#show standby > > > > Ethernet0 - Group 1 > > > > Local state is Active, priority 225, may preempt > > > > Hellotime 3 holdtime 10 > > > > Next hello sent in 00:00:01.010 > > > > Hot standby IP address is 10.3.0.2 configured > > > > Active router is local > > > > Standby router is 10.3.255.2 expires in 00:00:09 > > > > Standby virtual mac address is 0000.0c07.ac01 > > > > 24 state changes, last state change 00:22:04 > > > > Ethernet1 - Group 2 > > > > Local state is Standby, priority 150, may preempt > > > > Hellotime 3 holdtime 10 > > > > Next hello sent in 00:00:01.272 > > > > Hot standby IP address is 10.4.254.10 configured > > > > Active router is 10.4.254.2 expires in 00:00:09, > > priority > > > 200 > > > > Standby router is local > > > > 32 state changes, last state change 00:22:25 > > > > Router2# > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64680&t=64638 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
