Re: HSRP [7:74879]
The default gateway of the client should be 10.254.0.103. DW b6l%s news:[EMAIL PROTECTED] $$ Dear all, I am slightly confused about the config of HSRP. More specifically it is the client default gateway that is confusing me. I have the following config for redundant Ethernet on Routers 1 / 2: interface FastEthernet0/1 ip address 10.254.0.1 255.255.255.0 duplex auto speed auto standby timers 3 6 standby 1 ip 10.254.0.103 standby 1 priority 255 standby 1 preempt standby 1 authentication interface FastEthernet0/1 ip address 10.254.0.2 2255.255.0 duplex auto speed auto standby timers 3 6 standby 1 ip 10.254.0.103 standbriority 200 standby 1 preempt standby 1 authentication In the case above, is the client gateway going to be 10.254.0.1 (IP Address of the Active router), which we are currently using, or is it 10.254.0.103 (HSRP IP Address)... Any help is appreciated, Sincerely, Derek **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74885t=74879 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: HSRP [7:74879]
In the case above, is the client gateway going to be 10.254.0.1 (IP Address of the Active router), which we are currently using, or is it 10.254.0.103 (HSRP IP Address)... If clients set default gateway to 10.254.0.1, when that router fails, HSRP won't be of any use. On the other hand, if they set their default gateway to 10.254.0.103, if any of the two routers is active, they will still be able to talk to the outside world. Marko. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74887t=74879 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: HSRP [7:74879]
Clients will point to the HSRP address as their default gw -Original Message- From: Marko Milivojevic [mailto:[EMAIL PROTECTED] Sent: 05 September 2003 13:05 To: [EMAIL PROTECTED] Subject: Re: HSRP [7:74879] In the case above, is the client gateway going to be 10.254.0.1 (IP Address of the Active router), which we are currently using, or is it 10.254.0.103 (HSRP IP Address)... If clients set default gateway to 10.254.0.1, when that router fails, HSRP won't be of any use. On the other hand, if they set their default gateway to 10.254.0.103, if any of the two routers is active, they will still be able to talk to the outside world. Marko. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74899t=74879 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp and icmp redirects [7:73972]
How do all incoming routes/gateway branchoffice routes look? Martijn -Oorspronkelijk bericht- Van: Robert Kimble [mailto:[EMAIL PROTECTED] Verzonden: donderdag 14 augustus 2003 16:57 Aan: [EMAIL PROTECTED] Onderwerp: hsrp and icmp redirects [7:73972] Ok. I'll try to explain what happened as best as I can. We have two 6509's each with an msfc and until last night we were only using the msfc on one of them. Last night I brought up the second msfc and set up hsrp between the two. everything worked great here in the office last night. However, this morning our branch offices had no connectivity to us. My boss went in and turned off icmp redirects on the vlan interfaces on the second msfc and everything was fine. 1. I thought icmp redirects were disabled automatically when you configure hsrp on an interface. 2. How did turning off the redirects fix the problem? (I would ask my boss but I probably look bad enough). Any way. Please let me know if you need more info to answer this question. -Bobby **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74005t=73972 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
Why would that not make sense? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74023t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
No, that would not make sense. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Robert Kimble [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: hsrp default route in ospf [7:74017] Howdy all, I have two 6509's with hsrp running between their msfc's. OSPF is advertising the ip addresses of interfaces of the routers instead of the virtual ip that I set up in hsrp. Since hsrp fails over faster than ospf, I was wondering if there is a way to have ospf advertise the virtual ip address instead of the interface addresses? Any suggestions are much appreciated ;-) **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74022t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
Because the HSRP virtual IP address is used only by the directly connected hosts (as a gateway), not by the remote devices that learn the routes via OSPF. Thanks, Zsombor Robert Kimble wrote: Why would that not make sense? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74025t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
That makes sense. I managed to find the same answer after doing some reading on Cisco's site. I appreciate the info. Thanks Zsombor! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74026t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: hsrp and icmp redirects [7:73972]
Can u provide a simple ascii diagram for your topology including the WAN connection to reach the remote branches. From: Robert Kimble Ok. I'll try to explain what happened as best as I can. We have two 6509's each with an msfc and until last night we were only using the msfc on one of them. Last night I brought up the second msfc and set up hsrp between the two. everything worked great here in the office last night. However, this morning our branch offices had no connectivity to us. My boss went in and turned off icmp redirects on the vlan interfaces on the second msfc and everything was fine. 1. I thought icmp redirects were disabled automatically when you configure hsrp on an interface. 2. How did turning off the redirects fix the problem? (I would ask my boss but I probably look bad enough). Any way. Please let me know if you need GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Add photos to your messages with MSN 8. Get 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73978t=73972 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: HSRP + ARP Problem [7:73098]
There is a known issue in some switches (6500's running hybrid mode) where the CEF adjacencies are not populated correctly. We've seen issues with pings and ARP between MSFC's. Possibly the 2950's have a similar issue... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Henrique Issamu Terada [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:28 PM To: [EMAIL PROTECTED] Subject: RES: HSRP + ARP Problem [7:73098] maybe something in the switch . . . are both routers active , noone in standby ? _ Henrique Issamu Terada, CCIE # 7460 IT Support - Open Network CPM S.A. - Tecnologia criando valor Tel.: 55 11 4196-0710 Fax: 55 11 4196-0900 [EMAIL PROTECTED] www.cpm.com.br -- --- Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se vocj nco for o destinatario ou a pessoa autorizada a receber esta mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Mensagem original- De: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED] Enviada em: segunda-feira, 28 de julho de 2003 10:58 Para: [EMAIL PROTECTED] Assunto: RE: HSRP + ARP Problem [7:73098] Try Where they also give you an alternative to use the burned HW in-address instead of a virtual HW address. http://www.cisco.com/warp/public/473/62.pdf Martijn Jansen -Oorspronkelijk bericht- Van: Tim Champion [mailto:[EMAIL PROTECTED] Verzonden: maandag 28 juli 2003 13:35 Aan: [EMAIL PROTECTED] Onderwerp: HSRP + ARP Problem [7:73098] Bit of a strange one this. We have 2 7206 routers running HSRP that are support by our telecoms provider. The fast ethernet interface of each is connected into our 2950 along with a firewall. From the switch, or firewall, I can ping either of the 'real' ip addresses but not the virtual address. I have used debug arp and seen the arp request go out for the virtual address (the telco has done the same and see's the request come in) but there is no reply. If we configure a static arp entry it all works fine. Anyone ever experienced anything like this??? Many thanks Tim Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73172t=73098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP + ARP Problem [7:73098]
Try Where they also give you an alternative to use the burned HW in-address instead of a virtual HW address. http://www.cisco.com/warp/public/473/62.pdf Martijn Jansen -Oorspronkelijk bericht- Van: Tim Champion [mailto:[EMAIL PROTECTED] Verzonden: maandag 28 juli 2003 13:35 Aan: [EMAIL PROTECTED] Onderwerp: HSRP + ARP Problem [7:73098] Bit of a strange one this. We have 2 7206 routers running HSRP that are support by our telecoms provider. The fast ethernet interface of each is connected into our 2950 along with a firewall. From the switch, or firewall, I can ping either of the 'real' ip addresses but not the virtual address. I have used debug arp and seen the arp request go out for the virtual address (the telco has done the same and see's the request come in) but there is no reply. If we configure a static arp entry it all works fine. Anyone ever experienced anything like this??? Many thanks Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73101t=73098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP + ARP Problem [7:73098]
Could you debug HSRP for us? Thought DEBUG STANDBY should do it. Cisco 7200/7500 with PA-2FEISL HSRP gets stuck in init state on PA-2FEISL module in 7200/7500. CSCdr01156 (registered customers only) software upgrade; see bug for revision details Reset the interface using the shutdown and no shutdown commands SB: Ethernet0 state Virgin - Listen SB: Starting up hot standby process SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB: Ethernet0 state Listen - Speak SB:Ethernet0 Hello out 192.168.72.20 Speak pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Speak pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Speak pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB: Ethernet0 state Speak - Standby SB:Ethernet0 Hello out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB: Ethernet0 Coup out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip 192.168.72.29 SB: Ethernet0 state Standby - Active SB:Ethernet0 Hello out 192.168.72.20 Active pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Speak pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Active pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Speak pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Active pri 100 hel 3 hol 10 ip 192.168.72.29 Martijn Jansen -Oorspronkelijk bericht- Van: Tim Champion [mailto:[EMAIL PROTECTED] Verzonden: maandag 28 juli 2003 13:35 Aan: [EMAIL PROTECTED] Onderwerp: HSRP + ARP Problem [7:73098] Bit of a strange one this. We have 2 7206 routers running HSRP that are support by our telecoms provider. The fast ethernet interface of each is connected into our 2950 along with a firewall. From the switch, or firewall, I can ping either of the 'real' ip addresses but not the virtual address. I have used debug arp and seen the arp request go out for the virtual address (the telco has done the same and see's the request come in) but there is no reply. If we configure a static arp entry it all works fine. Anyone ever experienced anything like this??? Many thanks Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73100t=73098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and IPSEC VPN [7:72034]
..that's what I thought...just needed a sanity check! Thanks! MADMAN wrote in message news:[EMAIL PROTECTED] If router A anb B share an ethernet then sure HSRP was designed exactly for this scenerio Dave Dain Deutschman wrote: Hi, Does anyone know if HSRP would be appropriate in the following scenario? ROUTERA with T1 to corporate office ROUTERB with IPSEC VPN to Corporate only used as a backup path in case the T1 on ROUTERA fails Is there any reason that this will not work or has anyone had experience with this type of situation? -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72039t=72034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and IPSEC VPN [7:72034]
If router A anb B share an ethernet then sure HSRP was designed exactly for this scenerio Dave Dain Deutschman wrote: Hi, Does anyone know if HSRP would be appropriate in the following scenario? ROUTERA with T1 to corporate office ROUTERB with IPSEC VPN to Corporate only used as a backup path in case the T1 on ROUTERA fails Is there any reason that this will not work or has anyone had experience with this type of situation? -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72037t=72034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP timer dispute [7:64658]
The overall bandwidth used by hello packets is negligible. The only thing I'd worry about is if the routers are really busy you may have premature failovers.This is probably not very likely but would be the only valid argument I could see against changing timers default value. Vajira Wijesinghe wrote in message news:[EMAIL PROTECTED] Hi group, Let me apologise first for forwarding this stupid question as a networking engineer. But i need you guy's answers just to show to my client who doesnot believe what i'm saying. We have two 6509's connected by 4-gig etherchannel and configured HSRP groups in them for the default gateway redundancy of each VLAN. As you all know, default hello time is 3 sec and hold time is 10 sec. I have reconfigured these timers to hello 1 sec and hold 4 sec. Now client is unhappy because effectively I have increased the rate of hello packet sending by 3 times. He is worrying about the amount of hello traffic I have infused to this gigabit network. Does any one of you have any comment? Thanks - (on postoffice) The information contained in this email is confidential and is meant to be read only by the person to whom it is addressed.Please visit http://www.millenniumit.com/legal/email.htm to read the entire confidentiality clause. - Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64659t=64658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP timer dispute [7:64658]
Vajira If time dealy during change over is not an issue, then use the default. Kiran From: Vajira Wijesinghe Reply-To: Vajira Wijesinghe To: [EMAIL PROTECTED] Subject: HSRP timer dispute [7:64658] Date: Thu, 6 Mar 2003 22:47:39 GMT Hi group, Let me apologise first for forwarding this stupid question as a networking engineer. But i need you guy's answers just to show to my client who doesnot believe what i'm saying. We have two 6509's connected by 4-gig etherchannel and configured HSRP groups in them for the default gateway redundancy of each VLAN. As you all know, default hello time is 3 sec and hold time is 10 sec. I have reconfigured these timers to hello 1 sec and hold 4 sec. Now client is unhappy because effectively I have increased the rate of hello packet sending by 3 times. He is worrying about the amount of hello traffic I have infused to this gigabit network. Does any one of you have any comment? Thanks - (on postoffice) The information contained in this email is confidential and is meant to be read only by the person to whom it is addressed.Please visit http://www.millenniumit.com/legal/email.htm to read the entire confidentiality clause. - _ Cricket World Cup 2003- News, Views and Match Reports. http://server1.msn.co.in/msnspecials/worldcup03/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64693t=64658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP or switch issue? [7:63768]
You might want to look up the following document on CCO: Avoiding HSRP Instability in a Switching Environment with Various Routing Platforms. Looks like www.cisco.com/warp/public/619/8.shtml -Original Message- From: John Starta [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: HSRP or switch issue? [7:63768] I'm currently experiencing an oddity with multicast traffic like HSRP that I'm looking for some ideas on. For simplicity the network design consists of 2 Cisco 3640 routers running HSRP between them connected to a single Extreme [Black Diamond] switch. Basically... extreme switch | | | | rtr1rtr2 Normally everything works just fine, but periodically -- in time, not quantity -- HSRP indicates via the %HSRP-4-DUPADDR message that I have a duplicate [IP] address. (The quantity of the messages indicating the duplicate IP address ranges from half dozen to nearly a hundred. The time between messages closely matches the HSRP HELLO interval.) When I receive these messages, on the active HSRP router for instance, they indicate the duplicate address as being the physical interface IP address of the active HSRP router with the source MAC address as the virtual MAC [address] of the active HSRP router. Receipt of these %HSRP-4-DUPADDR messages indicating the duplicate as itself suggests an issue with multicast -- a loop of sorts whereby the switch copies the multicast announcement [back] to the same switch port it originated. Keep in mind that there are no interface or HSRP state changes so the messages probably aren't coming from the standby HSRP router. (Especially since the indicated duplicate IP address is that of the physical interface on the active HSRP router, not the virtual IP.) I did some poking around on Extreme's web site and they indicate an issue with HSRP in an earlier version of code, but that is/was fixed in the version being used. Have anybody run into this before? Ideas regarding cause? I don't have access to the switch since it belongs to the customer. ., Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63784t=63768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP or switch issue? [7:63768]
I know it's pretty basic, but can we see sanitized versions of the relevant portions of your configs? What IOS are you running on your routers? Are there other devices hanging off of the switch that are in the same subnet as the routers? If so, what are they? John John Starta 2/25/03 12:11:53 PM I'm currently experiencing an oddity with multicast traffic like HSRP that I'm looking for some ideas on. For simplicity the network design consists of 2 Cisco 3640 routers running HSRP between them connected to a single Extreme [Black Diamond] switch. Basically... extreme switch | | | | rtr1rtr2 Normally everything works just fine, but periodically -- in time, not quantity -- HSRP indicates via the %HSRP-4-DUPADDR message that I have a duplicate [IP] address. (The quantity of the messages indicating the duplicate IP address ranges from half dozen to nearly a hundred. The time between messages closely matches the HSRP HELLO interval.) When I receive these messages, on the active HSRP router for instance, they indicate the duplicate address as being the physical interface IP address of the active HSRP router with the source MAC address as the virtual MAC [address] of the active HSRP router. Receipt of these %HSRP-4-DUPADDR messages indicating the duplicate as itself suggests an issue with multicast -- a loop of sorts whereby the switch copies the multicast announcement [back] to the same switch port it originated. Keep in mind that there are no interface or HSRP state changes so the messages probably aren't coming from the standby HSRP router. (Especially since the indicated duplicate IP address is that of the physical interface on the active HSRP router, not the virtual IP.) I did some poking around on Extreme's web site and they indicate an issue with HSRP in an earlier version of code, but that is/was fixed in the version being used. Have anybody run into this before? Ideas regarding cause? I don't have access to the switch since it belongs to the customer. ., Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63788t=63768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP question [7:62931]
Larry, Care to elaborate a little on the downside to doing this? We're doing it in our network but I'd love to present some reasons why we shouldn't and start looking at some proper VLAN config's. Right now we have something like 6 class-c networks configured on a single interface of each of our routers. I know it creates a really overpopulated broadcast domain...What else should I be considering? Thanks. Kelly Cobean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Larry Letterman Sent: Wednesday, February 12, 2003 7:31 PM To: MADMAN; CCIE FUN Cc: [EMAIL PROTECTED] Subject: Re: HSRP question I have run hsrp on primary and secondary address's and it works.. However , I support Dave's thoughts that I dont like to do it for prduction networks or for long periods of time... Larry Letterman Network Engineer Cisco Systems - Original Message - From: MADMAN To: CCIE FUN Cc: Sent: Wednesday, February 12, 2003 3:29 PM Subject: Re: HSRP question Yes you can do this but I wouldn't design a network with secondaries. Just because you can doesn't mean you should. Secondaries should be used only for temporary situations, converting ip addresses for example. have fun Dave CCIE FUN wrote: Hi all I have two routers running HSRP for a network subnet lets say for e.g 1.1.1.0/24 on E0 of both the routers. now can i add secondary address to these routers on Interface E0 and also run HSRP for these secondary address. I want to add about 10 secondary address. how will the HSRP config be. Can i run HSRP for multiple secondary addresses on these routers. thanks __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com . -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill . FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP question [7:62941]
Issues I have with secondary ip address's : In the sh ip int br command, the 10.x.x.x secondary on the below interface does not show up The dhcp request for that interface will advertise out the primary interface not the secondary address, so it is extremely difficult to get the secondary ip address's a dhcp address It adds a lot of overhead to the interface connection tables and hsrp can act strange on certain routers, especially older routers with resource limits... interface FastEthernet1/0 description 590 Brennan St. ip address 10.17.212.2 255.255.255.0 secondary ip address 171.70.34.3 255.255.255.0 no ip redirects arp timeout 1740 standby priority 105 preempt standby ip 171.70.34.1 standby track Se6/0/0 standby 2 priority 105 preempt standby 2 ip 10.17.212.1 standby 2 track Se6/0/0 hold-queue 150 in sjbrn-gw1#sh ip int br Ethernet0/0192.168.54.131 YES NVRAM up up FastEthernet1/0171.70.34.3 YES NVRAM up up Serial6/0/0171.68.2.22 YES NVRAM up up Larry Letterman Network Engineer Cisco Systems - Original Message - From: Kelly Cobean To: Larry Letterman ; Cisco groupstudy Sent: Wednesday, February 12, 2003 7:01 PM Subject: RE: HSRP question Larry, Care to elaborate a little on the downside to doing this? We're doing it in our network but I'd love to present some reasons why we shouldn't and start looking at some proper VLAN config's. Right now we have something like 6 class-c networks configured on a single interface of each of our routers. I know it creates a really overpopulated broadcast domain...What else should I be considering? Thanks. Kelly Cobean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Larry Letterman Sent: Wednesday, February 12, 2003 7:31 PM To: MADMAN; CCIE FUN Cc: [EMAIL PROTECTED] Subject: Re: HSRP question I have run hsrp on primary and secondary address's and it works.. However , I support Dave's thoughts that I dont like to do it for prduction networks or for long periods of time... Larry Letterman Network Engineer Cisco Systems - Original Message - From: MADMAN To: CCIE FUN Cc: Sent: Wednesday, February 12, 2003 3:29 PM Subject: Re: HSRP question Yes you can do this but I wouldn't design a network with secondaries. Just because you can doesn't mean you should. Secondaries should be used only for temporary situations, converting ip addresses for example. have fun Dave CCIE FUN wrote: Hi all I have two routers running HSRP for a network subnet lets say for e.g 1.1.1.0/24 on E0 of both the routers. now can i add secondary address to these routers on Interface E0 and also run HSRP for these secondary address. I want to add about 10 secondary address. how will the HSRP config be. Can i run HSRP for multiple secondary addresses on these routers. thanks __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com . -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill . . Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62941t=62941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP PROBLEM [7:62057]
the routers send hellp packets using a multicast address - check that this is not being blocked somewhere. -Original Message- From: . [mailto:[EMAIL PROTECTED]] Sent: 28 January 2003 22:46 To: [EMAIL PROTECTED] Subject: HSRP PROBLEM [7:62057] HSRP PROBLEM x.x.x.36 and x.x.x.37 are two routers. x.x.x.x.36 config: standby 1 ip x.x.x.35 standby 1 priority 150 standby 1 preempt delay minimum 2 standby 1 track serial0 10 x.x.x.x.37 config: standby 1 ip x.x.x.35 standby 1 priority 140 standby 1 prempt standby 1 track serial0 20 Problem: Both routers keep switching roles. The serial interface ain't that bad at all. It hardly goes down on both the routers. What can be the problem? Any possible solutions to test out? Thank You Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62082t=62057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
In your scenario advertising same block over both links to your provider will not help in load sharing. Redundancy is acheived but not sharing because your ISP will receive two advertisments to the same block and BGP only chooses the best route. You can overcome this in many ways, for example you if you have a /22 block. Devide it into 8 /24 blocks. Start advertising 4 /24s through the 1st router, advertise the remaining /24s through the 2nd router. Like this you acheived load-balance as your ISP will receive 1/2 of the routes via one link and the rest through the other. You are not done yet as this will provide load-sharing but not redundancy. For example if Link1 fails this means that 1/2 of your blocks will not be advertised and will stop receiving traffic for them. To avoid this, advertise through both routers an aggregate route for the whole /22. Like this your ISP will always use the more specific route and in a way balance the traffic over both links. When one of the links/routers fail, your ISP will use the aggregate route advertised from your other router to route all the traffic back to you. Another way, is to ask your provider to accept not just 1 route for the /24 but accept both by setting the maximum accepted routes to 2 instead to 1. 1 is the default and ISPs normally don't accept changing this default value. HTH, Yasser From: Ivan Yip Hi All, Thanks all your response. Now two routers adverise same block /24 to the isp. I found that they are 'load shared' in this sense. Only 1 link is the active for Inbound. For example, if I download files from outside, inbound is using say link1 and link2 is idle and no packet coming in. Some time later, I ftp again and this time is using link2 and link1 is idle. Is it normal? TIA. misconduct and Nondisclosure violations to [EMAIL PROTECTED] Protect your PC - Click here for McAfee.com VirusScan Online Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59753t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
While several of us have mentioned splitting up the netblocks that you advertise to your ISP would help spread the usage across the T1's there is something to keep in mind. If there is only 1 or so hosts that are most often the destination for traffic inbound to your site, you are still going to get more utilization across the link that advertises the network that contains that particular host/s. I mention this because I've had clients in the past split netblock assignments in an effort to get better utilization of their multiple T1 setups. But we've often found that they have 1 host providing more service than the others, that particular network will see more traffic, hence, that particular link seeing more utilization. There can be a need to be very granular about how you advertise networks and about how you have your network set up. You may have to play with moving hosts around on different netblocks if you are truly looking to get something near even traffic on each T1. You can use your interface stats to routinely check load, or better, use something like MRTG that will poll your interfaces and graph utilization over longer periods of time. Sorry if this is long winded, but you need to keep in mind what your trying to do. How to best use the resources you have and perhaps most importantly, to know how to measure it accurately to see if you've achieved the results you were looking for. -chris - Original Message - From: YASSER ALY To: Sent: Monday, December 23, 2002 11:43 AM Subject: Re: HSRP and BGP [7:59735] In your scenario advertising same block over both links to your provider will not help in load sharing. Redundancy is acheived but not sharing because your ISP will receive two advertisments to the same block and BGP only chooses the best route. You can overcome this in many ways, for example you if you have a /22 block. Devide it into 8 /24 blocks. Start advertising 4 /24s through the 1st router, advertise the remaining /24s through the 2nd router. Like this you acheived load-balance as your ISP will receive 1/2 of the routes via one link and the rest through the other. You are not done yet as this will provide load-sharing but not redundancy. For example if Link1 fails this means that 1/2 of your blocks will not be advertised and will stop receiving traffic for them. To avoid this, advertise through both routers an aggregate route for the whole /22. Like this your ISP will always use the more specific route and in a way balance the traffic over both links. When one of the links/routers fail, your ISP will use the aggregate route advertised from your other router to route all the traffic back to you. Another way, is to ask your provider to accept not just 1 route for the /24 but accept both by setting the maximum accepted routes to 2 instead to 1. 1 is the default and ISPs normally don't accept changing this default value. HTH, Yasser From: Ivan Yip Hi All, Thanks all your response. Now two routers adverise same block /24 to the isp. I found that they are 'load shared' in this sense. Only 1 link is the active for Inbound. For example, if I download files from outside, inbound is using say link1 and link2 is idle and no packet coming in. Some time later, I ftp again and this time is using link2 and link1 is idle. Is it normal? TIA. misconduct and Nondisclosure violations to [EMAIL PROTECTED] Protect your PC - Click here for McAfee.com VirusScan Online Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59759t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and BGP [7:59735]
Dear All, Thanks all useful information. Merry Christmas and Happy New Year!!! rgds, ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59777t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
Usually if you want to distribute inbound traffic between two links with the SAME isp, you attach both of those links to the same router, create a loopback ip on that router, and have your provider peer with that loopback ip. Putting them on different routers will give you redundancy as opposed to load sharing. Brian - Original Message - From: Ivan Yip To: Sent: Sunday, December 22, 2002 6:18 PM Subject: HSRP and BGP [7:59735] Hi, I have 2 routers configured with HSRP and running BGP with single ISP. For outbound traffic, it will go through the Active HSRP router. How about Inbound traffic? Can the Inbound traffic be 'load shared'? (The ISP already make the same preference on our route advertised) Or the Inbound traffic can only route back to active router link? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59736t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and BGP [7:59735]
Hi, inbound traffic has nothing to do with HSRP.It all depends how your isp is routing back traffic through bgp.so it means u can load balance on the two links. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59737t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and BGP [7:59735]
Hi, inbound traffic has nothing to do with HSRP.It all depends how your isp is routing back traffic through bgp.so it means u can load balance on the two links. Ivan Yip wrote: Hi, I have 2 routers configured with HSRP and running BGP with single ISP. For outbound traffic, it will go through the Active HSRP router. How about Inbound traffic? Can the Inbound traffic be 'load shared'? (The ISP already make the same preference on our route advertised) Or the Inbound traffic can only route back to active router link? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59738t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
Hi, I have 2 routers configured with HSRP and running BGP with single ISP. For outbound traffic, it will go through the Active HSRP router. How about Inbound traffic? Can the Inbound traffic be 'load shared'? (The ISP already make the same preference on our route advertised) Or the Inbound traffic can only route back to active router link? You get back what you advertise out. So if you want some traffic to take one link and other traffic to take the other link, then you need to advertise it that way. Let's say you have a /24 netblock. You can advertise the first half of addresses (/25) out router A and the back half (/25) out router B. Then, take it a step further by also advertising the whole /24 block out both. This way, should one link fail, the other will pick up the traffic initially destined for the failed link. This based off of the longest-match rule. Please note - my example uses a /24 split into 2 /25s. Most providers won't accept (more specifically, won't advertise to their peers) any block smaller than a /24. There are some exceptions (such as having leased your netblock from that provider). Ask your provider what their policy is. Either way, work with your provider to get the advertisements setup correctly. This is the beauty of BGP. It has all the knobs you need for such requirements. HTH, -chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59739t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
Hi All, Thanks all your response. Now two routers adverise same block /24 to the isp. I found that they are 'load shared' in this sense. Only 1 link is the active for Inbound. For example, if I download files from outside, inbound is using say link1 and link2 is idle and no packet coming in. Some time later, I ftp again and this time is using link2 and link1 is idle. Is it normal? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59740t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
Ivan Yip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, Thanks all your response. Now two routers adverise same block /24 to the isp. I found that they are 'load shared' in this sense. Only 1 link is the active for Inbound. For example, if I download files from outside, inbound is using say link1 and link2 is idle and no packet coming in. Some time later, I ftp again and this time is using link2 and link1 is idle. Is it normal? depends - per packet load sharing versus per conversation load sharing. with per packet load sharing set up correctly, each packet might take a different path. with per conversation load sharing, it is quite easy for this to happen. lets say that the router to microsoft.com is on your router's route cache for one link. any traffic to microsoft would take that one link, no matter how many other links to the internet you may have. later, you go to redhat.com. the route is not in the route cache, lookups are made, and the router chooses a different path. you really need to look at this in detail both on your side and with regards to what your ISP is doing. TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59741t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP [7:59148]
ughh...that picture didn't work...the diagonal lines in the 1st pic are supposed to come from the HQ LAN and Branch LAN, respectively. the 2nd picture should have the lines come from the outside interfaces of R1 and R2, respectively. send me an email if you need clarification... thanks, eddie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Edward Sohn Sent: Thursday, December 12, 2002 5:59 PM To: [EMAIL PROTECTED] Subject: HSRP [7:59148] I have an HQ-to-Branch Office configuration with two separate VPN connections like the following: HQ LAN-- R1 ---PIX1-INTERNETPIX2R2---Branch LAN \ / \ / --R3-PIX3-INTERNET--PIX4-R4 The network uses EIGRP, so I know that EIGRP will just choose the best route, which is fine. My question is: is the best practice to use HSRP between R1-R3 and R2-R4 as the LAN default gateway on the respective site? Or should I just choose one router as the gateway and let EIGRP choose the best path? Also, if I used two separate GRE tunnels for either path on only ONE router on each site (with only one ethernet interface) as shown below, what would be my potential problems, if any? Obviously, I know there would be better hardware redundancy with two routers at each site, but is it even recommended to do such a configuration? I have to consider every possibly option to save money for my customer (this config would save the customer one router on each end). HQ LAN-- R1 ---PIX1--INTERNETPIX2R2---Branch LAN \ / \ / PIX3-INTERNET--PIX4--- Please email me directly. Thanks, Ed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59152t=59148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hsrp isl trunking [7:57896]
Dennis, Just a little different perspective below... dennis cherry wrote: The way we have it is 2 routers connected to the 4000 switch with 4 vlans on the switch. Have set up 4 subinterfaces on each router, 1 for each van. Each with a separate ip address corresponding to the vlan number. We have 2 HSRP groups set up with 2 vlans in each group. That's one way of looking at it. But it might help to keep things clear in your mind if you consider that there really are four HSRP groups. You're simply using each group number (and, as has been pointed out, the same virtual MAC) twice. 1 router will be the active for 1 group (2 of the vlans) and the other router will be the active for the other group (2 vlans). On each subinterface for each router for each vlan, it has a unique virtual HSRP IP address. I originally thought that all would use the same virtual HSRP IP address. Did you mean that all VLANs in a group would use the same virtual address? If so, you really need to consider looking at things the way I described above. Think about it. One VLAN per subnet, right? (yes you can have more than one subnet per VLAN but you can't have more than one VLAN per subnet) So how would a host in VLAN 10 use the virtual IP of VLAN 12 as a gateway (or vice versa)? Even if the VLANs/subnets are in the same group, they're still in different networks. How could a host with ip address 10.1.1.50/24 use a virtual IP of 10.1.2.1/24 as a gateway? The host would need a gateway to reach the gateway since they're in different layer 3 networks. You are saying that there should be 4 groups (1 for each vlan) instead of the 2 groups that we have?? Or is it OK with 2 groups and the 4 unique virtual HSRP IP addresses on each router?? It's OK. But to the extent possible, at least in a real network, I'd think you would want to have a 1:1 ratio between HSRP groups and VLANs. This type of setup wasn't covered together in our class, just vlans and HSRP seperately. But in this lab we have Vlans running thru HSRP router doing ISL trunking and the routers are also running BGP and EIGRP to connect to a remote router. AHHH! Thanks for your help. Regards, Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58316t=57896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hsrp isl trunking [7:57896]
Your instructor is right. We have a pretty big Vlanned network (3000 nodes). The only way for the traffic originating from one subnet to get to another subnet is to go through a router. Therefore, each Vlan (or subnet) needs an individual gateway (router) to get to other subnets. That is why you need a standby HSRP group for each subnet. Side note - Cisco recommends that Vlan correspond to subnets - it is easier to keep track of things. Hope this helps Elwood P. Suggins CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58102t=57896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hsrp isl trunking [7:57896]
The way we have it is 2 routers connected to the 4000 switch with 4 vlans on the switch. Have set up 4 subinterfaces on each router, 1 for each van. Each with a separate ip address corresponding to the vlan number. We have 2 HSRP groups set up with 2 vlans in each group. 1 router will be the active for 1 group (2 of the vlans) and the other router will be the active for the other group (2 vlans). On each subinterface for each router for each vlan, it has a unique virtual HSRP IP address. I originally thought that all would use the same virtual HSRP IP address. You are saying that there should be 4 groups (1 for each vlan) instead of the 2 groups that we have?? Or is it OK with 2 groups and the 4 unique virtual HSRP IP addresses on each router?? This type of setup wasn't covered together in our class, just vlans and HSRP seperately. But in this lab we have Vlans running thru HSRP router doing ISL trunking and the routers are also running BGP and EIGRP to connect to a remote router. AHHH! Thanks for your help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58138t=57896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp isl trunking [7:58144]
Dennis, It's better to have a unique HSRP group for each VLAN. Cisco bases the virtual MAC address on the group. If you reuse the group number, you'll have duplicate MAC addresses. Granted, they're on seperate VLANs and shouldn't matter, but I had a Cat4000 that didn't like it at all, and gave me lots of logged messages about MACs moving around. Chuck Church CCIE #8776, MCNE, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58144t=58144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp isl trunking [7:58144]
And.. on the new msfc-2 you only get 16 hsrp groups supposedly the issue that chuck states below is not an issue with the new msfc-2 for the 6509's Chuck Church wrote: Dennis, It's better to have a unique HSRP group for each VLAN. Cisco bases the virtual MAC address on the group. If you reuse the group number, you'll have duplicate MAC addresses. Granted, they're on seperate VLANs and shouldn't matter, but I had a Cat4000 that didn't like it at all, and gave me lots of logged messages about MACs moving around. Chuck Church CCIE #8776, MCNE, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58151t=58144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp isl trunking [7:58144]
I think the 'use-bia' may have been a fix for the problem as well. It's been a while since it happened. For all I know it might have been a problem with the CatOS on the switch. Chuck Church CCIE #8776, MCNE, MCSE - Original Message - From: Larry Letterman To: Chuck Church Cc: Sent: Tuesday, November 26, 2002 6:36 PM Subject: Re: hsrp isl trunking [7:58144] And.. on the new msfc-2 you only get 16 hsrp groups supposedly the issue that chuck states below is not an issue with the new msfc-2 for the 6509's Chuck Church wrote: Dennis, It's better to have a unique HSRP group for each VLAN. Cisco bases the virtual MAC address on the group. If you reuse the group number, you'll have duplicate MAC addresses. Granted, they're on seperate VLANs and shouldn't matter, but I had a Cat4000 that didn't like it at all, and gave me lots of logged messages about MACs moving around. Chuck Church CCIE #8776, MCNE, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58153t=58144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hsrp isl trunking [7:57896]
Come on, anyone?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58093t=57896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP - Cat4006 stuck in INIT state [7:57771]
Can we see your running config for the HSRP group setup? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 9:38 AM To: [EMAIL PROTECTED] Subject: HSRP - Cat4006 stuck in INIT state [7:57771] Trying to test HSRP between 2 Cat4006s running IOS 12.1(8a)EW1. 'Sho standby brief' says that the vlan routing never gets switched over to standy router and stays in the INIT state. Rtr 1 is standby for VLAN2 Rtr 2 is active for VLAN2 perform a shutdown on interface VLAN2 on rtr 2; 'sho stand brief' gives no ip addresses for active and standby rtrs., but instead both say INIT. Any ideas? tia, Mary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5t=57771 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP - Cat4006 stuck in INIT state [7:57771]
Here's some links on CCO: pad pad pad Avoiding HSRP Instability in a Switching Environment with Various Router Platforms http://www.cisco.com/warp/public/619/8.shtml Understanding and Troubleshooting HSRP Problems in Catalyst Switch Networks http://www.cisco.com/warp/public/473/62.shtml -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 9:38 AM To: [EMAIL PROTECTED] Subject: HSRP - Cat4006 stuck in INIT state [7:57771] Trying to test HSRP between 2 Cat4006s running IOS 12.1(8a)EW1. 'Sho standby brief' says that the vlan routing never gets switched over to standy router and stays in the INIT state. Rtr 1 is standby for VLAN2 Rtr 2 is active for VLAN2 perform a shutdown on interface VLAN2 on rtr 2; 'sho stand brief' gives no ip addresses for active and standby rtrs., but instead both say INIT. Any ideas? tia, Mary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57784t=57771 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP - Cat4006 stuck in INIT state [7:57771]
Hey, upgrade the OS on the switch to 6.3.6 / 7.2.1 or higher and you should be fine. Check out the last section of this url: http://www.cisco.com/warp/customer/473/62.shtml dayo --- Creighton Bill-BCREIGH1 wrote: Can we see your running config for the HSRP group setup? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 9:38 AM To: [EMAIL PROTECTED] Subject: HSRP - Cat4006 stuck in INIT state [7:57771] Trying to test HSRP between 2 Cat4006s running IOS 12.1(8a)EW1. 'Sho standby brief' says that the vlan routing never gets switched over to standy router and stays in the INIT state. Rtr 1 is standby for VLAN2 Rtr 2 is active for VLAN2 perform a shutdown on interface VLAN2 on rtr 2; 'sho stand brief' gives no ip addresses for active and standby rtrs., but instead both say INIT. Any ideas? tia, Mary [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57790t=57771 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP VLAN Load Balancing [7:56689]
Dale Kling wrote: Is there another way to do this? Don't know about easier, (haven't had a chance to play with this in the lab yet) but Cisco has recently announced Gateway Load Balancing Protocol, (GLBP) for balancing first-hop gateways. I found a quick white-paper on the topic. Hope it helps give you a quick idea about whether it will fill you needs. http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/glbpd_ds.htm --Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56808t=56689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP VLAN Load Balancing [7:56689]
That is the way I used to do it at the ISP I used to work at...before the layoffs...We had two 6509's linked together in a full-mesh and used a cfg similar to what you have. If there is another way. I'd be interested in finding out about it. HTH's Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56691t=56689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP VLAN Load Balancing [7:56689]
Do not add the preempt command to the standby device that you want to loose the election because they will force an election that they will eventually loose. Second add a preempt delay to the device that you want to win the election after a reload. This will allow them an opportunity to build there routing tables and initialize any other services before they take over the active role. I also set the device I want to be in standby to a priority of 150 and the device I want to be active to 200. This give me more room to make changes the the roles at a later date with more range to work in. I also chose numbers above the default priority of 100 on purpose. Cat1: Interface Vlan 5 ip address 150.50.5.5 255.255.255.0 standby 1 ip 150.50.5.100 standby 1 priority 150 standby 2 ip 150.50.5.200 standby 2 priority 200 preempt delay 90 Cat2: Interface Vlan 5 ip addres 150.50.5.10 255.255.255.0 standby 1 ip 150.50.5.100 standby 1 priority 200 preempt delay 90 standby 2 ip 150.50.5.200 standby 2 priority 150 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56704t=56689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and subnets [7:52991]
enabled wrote: I didn't mean to scare anyone with the bizarre addressing. Maybe I went a little overboard while trying to create an extreme situation. No problem. ;-) More below... I have not done HSRP in some time and I got confused by likening HSRP peers to IPSec or ISAKMP peers (where peer IP addresses can be specified). I had forgotten about the virtual MAC and ARP. =) - Here's what I have: - 2 sites in the same metro area- A and Z - Both sites have similar sized links to the same provider. Here's the problem I am trying to solve: 1. Need fail-over, if not load-sharing (most inbound traffic is headed to A and it has enough capacity on it's own, so load-sharing isn't critical). 2. Both sites to be connected by high speed metro fiber. I am trying to decide whether to route or bridge this link. I was told that I could use HSRP on the provider routers for fail-over if I bridged and kept the HSRP addresses in the same subnet. This could work. But keep in mind that what HSRP does for you is provide redundancy for the host-default gateway link. Sorry to harp on this again, but this will only work if your hosts are on the same subnet also. In other words, if your campus networks at these two sites are all bridged and switched already, then you should be OK with this solution of also bridging across the new high-speed metro fiber. Another option is a routing protocol. Of course, this is free advice based on little data, so be careful with it. ;-) Priscilla -- I know this sounds like a job for BGP, but I wanted to explore all options. Thanks, Sam At 09:56 PM 9/10/2002 +, you wrote: enabled wrote: Is there a rule stating that addresses in a HSRP group need to be in the same subnet? For example can I have 2 devices with the following addresses: RouterA: 10.10.10.1 RouterB: 172.16.10.1 HSRP address: 192.168.10.1 What problem are you trying to solve? Haven't heard that one in a while!? ;-) Why would 10.10.10.1 and 172.16.10.1 be offering redundant default gateway services to the same hosts? (Recall that HSRP provides redundancy for the end host-to-default gateway link.) An end host's default gateway must be on the same LAN (broadcast domain, IP subnet) as the end host. The end host ARPs to find the MAC address to send off-net packets to. The ARP broadcast contains the IP address of the default gateway that the host is searching. With HSRP, the active router responds with the phantom MAC address. Priscilla Thanks, Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53127t=52991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and subnets [7:52991]
HSRP is used when two or more routers share interfaces on the same LAN subnet. The LAN interface IP addresses and the HSRP addresses must all be in the same subnet unless you're purposefully trying to create some bizarre behavior. John enabled 9/10/02 8:59:30 AM Is there a rule stating that addresses in a HSRP group need to be in the same subnet? For example can I have 2 devices with the following addresses: RouterA: 10.10.10.1 RouterB: 172.16.10.1 HSRP address: 192.168.10.1 Thanks, Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52996t=52991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and subnets [7:52991]
enabled wrote: Is there a rule stating that addresses in a HSRP group need to be in the same subnet? For example can I have 2 devices with the following addresses: RouterA: 10.10.10.1 RouterB: 172.16.10.1 HSRP address: 192.168.10.1 What problem are you trying to solve? Haven't heard that one in a while!? ;-) Why would 10.10.10.1 and 172.16.10.1 be offering redundant default gateway services to the same hosts? (Recall that HSRP provides redundancy for the end host-to-default gateway link.) An end host's default gateway must be on the same LAN (broadcast domain, IP subnet) as the end host. The end host ARPs to find the MAC address to send off-net packets to. The ARP broadcast contains the IP address of the default gateway that the host is searching. With HSRP, the active router responds with the phantom MAC address. Priscilla Thanks, Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53036t=52991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and subnets [7:52991]
I didn't mean to scare anyone with the bizarre addressing. Maybe I went a little overboard while trying to create an extreme situation. I have not done HSRP in some time and I got confused by likening HSRP peers to IPSec or ISAKMP peers (where peer IP addresses can be specified). I had forgotten about the virtual MAC and ARP. =) - Here's what I have: - 2 sites in the same metro area- A and Z - Both sites have similar sized links to the same provider. Here's the problem I am trying to solve: 1. Need fail-over, if not load-sharing (most inbound traffic is headed to A and it has enough capacity on it's own, so load-sharing isn't critical). 2. Both sites to be connected by high speed metro fiber. I am trying to decide whether to route or bridge this link. I was told that I could use HSRP on the provider routers for fail-over if I bridged and kept the HSRP addresses in the same subnet. -- I know this sounds like a job for BGP, but I wanted to explore all options. Thanks, Sam At 09:56 PM 9/10/2002 +, you wrote: enabled wrote: Is there a rule stating that addresses in a HSRP group need to be in the same subnet? For example can I have 2 devices with the following addresses: RouterA: 10.10.10.1 RouterB: 172.16.10.1 HSRP address: 192.168.10.1 What problem are you trying to solve? Haven't heard that one in a while!? ;-) Why would 10.10.10.1 and 172.16.10.1 be offering redundant default gateway services to the same hosts? (Recall that HSRP provides redundancy for the end host-to-default gateway link.) An end host's default gateway must be on the same LAN (broadcast domain, IP subnet) as the end host. The end host ARPs to find the MAC address to send off-net packets to. The ARP broadcast contains the IP address of the default gateway that the host is searching. With HSRP, the active router responds with the phantom MAC address. Priscilla Thanks, Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53064t=52991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP OSPF [7:50626]
Your hosts use HSRP, to set the HOST ip default to the HSRP virtual Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50628t=50626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP OSPF [7:50626]
Gil Shulman wrote: Hi all, I know that I asked this question in the past, but I still have some problem with this issue. What I am trying to do is as follows: Site A| Site B __802.1q _ |_ | _ _|_ | SW-L3 |--| SW - L2 | | | SW - L3 |-| SW - L2| ||--|_| | ||-|_| // | / / // | / / // | Vlan2//Vlan3 / Vlan3 / / / Vlan 2 // / / / / / / _/__/ /__/ | || | |Host A | | Host B | |__| |___| The L-3 at site A and B holds two HSRP IP addresses for each Vlan, Vlan 2 Vlan 3. Host A B don't hold a static default gateway configuration, they are running an OSPF process and should learn their default gateway IP address via OSPF advertisements. Is it custom software or something? What ARE Host A and Host B? In general, IP hosts don't learn the default gateway from a routing protocol. AppleTalk and DECnet work that way. And a Novell IPX host learns about a router from the GetNearestServer interaction. But IP generally doesn't work that way. Instead, you manually configure a default gateway (or let the host learn it via DHCP). This has the obvious disadvantage that the default gateway could go down. That's why HSRP was invented. HSRP deals with the first hop workstation-to-router connection, in the control plane. OSPF and routing protocols deal with router-to-router paths in the management plane. A host can also learn about other routers through ICMP redirects. On a PC, you can isuse a route print command to verify whether a host has learned more than one way out, i.e. more than one workstation-to-router connection. Another alternative for IP workstation-to-router communication is the Router Discovery Protocol (RDP). RFC 1256 specifies the RDP extension to ICMP. With RDP, each router periodically multicasts an ICMP router advertisement packet from each of its interfaces, announcing the IP address of that interface. Workstations discover the addresses of their local routers simply by listening for advertisements, in a similar fashion to the method AppleTalk workstations use to discover the address of a router. When a workstation starts up, it can multicast an ICMP router solicitation packet to ask for immediate advertisements, rather than wait for the next periodic advertisement to arrive. Now, you may have a custom operating system or custom software that doesn't behave in the normal IP way, in which case, you need to tell us more about your situation. The question is, how can I advertise an HSRP IP address via OSPF routing protocol. I have been trying to achieve it by using the default-information originate always but the default gateway which the hosts gets is the real IP address of the interface. Perhaps the IOS developers never considered this a requirement and never made it possible to advertise the virtual HSRP address in an OSPF packet, since they solve two different problems. There may be a workaround, but I can't find one. Once again, I have to ask, what ARE these hosts? If they can talk OSPF, why don't you just let them use OSPF? OSPF can be designed to support the redundancy that you require. OSPF has support for quick convergence. HSRP solved a different problem, which was that IP, despite good routing protocols, didn't support quick convergence for the workstation-to-router first-hop problem. Priscilla Help will be most appreciated. Cheers, Gil ** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. ** eSafe scanned this email for viruses, vandals and malicious content ** ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50636t=50626 -- FAQ,
RE: HSRP OSPF [7:50626]
I thought of one workaround but I don't know if it would work. Use a loopback interface. Perhaps OSPF would use the address in a way that would meet your needs. Then, would IOS let you say that the HSRP address is the loopback address also?? That's the part that I don't have time to test. It may be an off the wall suggestion, but your question is sort of off the wall too!? ;-) Priscilla Priscilla Oppenheimer wrote: Gil Shulman wrote: Hi all, I know that I asked this question in the past, but I still have some problem with this issue. What I am trying to do is as follows: Site A| Site B __802.1q _ |_ | _ _|_ | SW-L3 |--| SW - L2 | | | SW - L3 |-| SW - L2| ||--|_| | ||-|_| // | // // | / / // | Vlan2//Vlan3 / Vlan3 / / / Vlan 2 // / / / / / / _/__/ /__/ | || | |Host A | | Host B | |__| |___| The L-3 at site A and B holds two HSRP IP addresses for each Vlan, Vlan 2 Vlan 3. Host A B don't hold a static default gateway configuration, they are running an OSPF process and should learn their default gateway IP address via OSPF advertisements. Is it custom software or something? What ARE Host A and Host B? In general, IP hosts don't learn the default gateway from a routing protocol. AppleTalk and DECnet work that way. And a Novell IPX host learns about a router from the GetNearestServer interaction. But IP generally doesn't work that way. Instead, you manually configure a default gateway (or let the host learn it via DHCP). This has the obvious disadvantage that the default gateway could go down. That's why HSRP was invented. HSRP deals with the first hop workstation-to-router connection, in the control plane. OSPF and routing protocols deal with router-to-router paths in the management plane. A host can also learn about other routers through ICMP redirects. On a PC, you can isuse a route print command to verify whether a host has learned more than one way out, i.e. more than one workstation-to-router connection. Another alternative for IP workstation-to-router communication is the Router Discovery Protocol (RDP). RFC 1256 specifies the RDP extension to ICMP. With RDP, each router periodically multicasts an ICMP router advertisement packet from each of its interfaces, announcing the IP address of that interface. Workstations discover the addresses of their local routers simply by listening for advertisements, in a similar fashion to the method AppleTalk workstations use to discover the address of a router. When a workstation starts up, it can multicast an ICMP router solicitation packet to ask for immediate advertisements, rather than wait for the next periodic advertisement to arrive. Now, you may have a custom operating system or custom software that doesn't behave in the normal IP way, in which case, you need to tell us more about your situation. The question is, how can I advertise an HSRP IP address via OSPF routing protocol. I have been trying to achieve it by using the default-information originate always but the default gateway which the hosts gets is the real IP address of the interface. Perhaps the IOS developers never considered this a requirement and never made it possible to advertise the virtual HSRP address in an OSPF packet, since they solve two different problems. There may be a workaround, but I can't find one. Once again, I have to ask, what ARE these hosts? If they can talk OSPF, why don't you just let them use OSPF? OSPF can be designed to support the redundancy that you require. OSPF has support for quick convergence. HSRP solved a different problem, which was that IP, despite good routing protocols, didn't support quick convergence for the workstation-to-router first-hop problem. Priscilla Help will be most appreciated. Cheers, Gil ** The contents of this email and any attachments are
RE: HSRP on MSFC [7:49221]
Hi Amit, Yes You can use two MSFC for HSRP ,no problem.You can explain more if still some doubt for config. All the best, Vipul. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49223t=49221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP on MSFC [7:49221]
Yes, it works and ive set it up before. We have it running atm, as long as your vlans are mirrored on both msfc's, its fine. just setup like normal hsrp on any other router Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49224t=49221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 9:21 PM -0400 6/23/02, Kevin Cullimore wrote: It's a problem when: people assume that symmetry exists when HSRP similar L3 failover technologies are implemented. It's a problem getting in the way of: people's understanding of those failover technologies. Otherwise, I'm thinking that the flexibility (wherein conversations in different directions may be treated differently) is quite welcome. Comments? I was not assuming load-sharing (i.e., multiple HSRP groups), so I'd expect to have the two routers essentially with the same routing table. What would be different would be their uplinks, unless, possibly, there were an additional link connecting the two routers. In other words, I had considered the simple case of two redundant routers, each of which could handle the full load. Perhaps they might have physically diverse uplinks, but I wouldn't expect them to have radically different optimal routes. Consider the following: Local_LAN | -- | | R1 R2 | | telco_1 telco_2 | | R3 R4 | | -- Corporate_Network Seems to me that of R3 and R4, the coproarate network knows one of those as the route to the Local_LAN, preferably the router that is the HSRP primary. hhh thinking about this, interesting design study. HSRP effects only Local_LAN traffic to the Corporate_net. Does return traffic route matter? hhm. would good design consider that R3 and R4 also be an HSRP pair? If they were, what would the effect be, as opposed to if they were not? Maybe I'm outsmarting myself about the data flow implications? Certainly, one can create scenarios where load-sharing or other factors make the two routers significantly different. Depending on the goals and budget, you might even have HSRP in edge routers and more complex routing at a distribution tier. For that matter, people often don't consider L2 failover techniques (e.g., UplinkFast and EtherChannel) with switches feeding the HSRP routers as another aspect of no-single-point-of-failure. - Original Message - From: Howard C. Berkowitz To: Sent: 23 June 2002 3:54 pm Subject: Re: Re: HSRP [7:47177] At 3:08 PM -0400 6/23/02, Kevin Cullimore wrote: A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). Kevin, how is the asymmetry a problem? The HSRP linked routers presumably have the same routing tables, although the backup might have to ARP for its first packet forwarded. Even if that's an issue, promiscuous ARP learning shouldn't be all that much of a problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47289t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
I think the picture got messed up. But, let's say R1 and R2 are running HSRP on the Local LAN. It doesn't matter which one becomes primary. If the clients send to one router, but the other router has a better route, than the router will send the packet back out the Local LAN to the other router. It's the typical extra hop that many networks have. The router should send an ICMP Redirect (although that is disabled by default when using HSRP.) But it works without any major hitches because both routers have complete routing tables that describe the entire internetwork. Since your picture is symmetrical (or at least I think it was?) the same thing can occur on the Corporate LAN. R3 and R3 can run HSRP too. Now, for traffic coming back, we have a more interesting problem It would depend on the routing protocol and the maximum-paths configuration, wouldn't it? For some routing protocols, each router would only know one way back. If that way includes the broken interface, then the protocol will have to converge before traffic can make it back. A few more comments in line... Consider the following: Local_LAN | -- | | R1 R2 | | telco_1 telco_2 | | R3 R4 | | -- Corporate_Network Seems to me that of R3 and R4, the coproarate network knows one of those as the route to the Local_LAN, preferably the router that is the HSRP primary. You mean the HSRP primary on the Local LAN? Of course the routers on the Corporate Network don't know anything about HSRP on the Local LAN. Plus, it doesn't matter whether their path goes back via R1 or R2. Which one it chooses would depend on the routing protocol. Maybe it's IGRP and one of the links has much less bandwidth so the other is preferred. Maybe you're using variance so that both routes are known. hhh thinking about this, interesting design study. HSRP effects only Local_LAN traffic to the Corporate_net. Does return traffic route matter? HSRP on the Local LAN doesn't affect it. Other things do. hhm. would good design consider that R3 and R4 also be an HSRP pair? In your simple design, sure, I would say make them HSRP pairs too. You might want to know some load balancing and make one the active for some VLANs and the other the active for other VLANs. I know you know all this basic stuff. ;-) If you meant for this to be a more advanced discussion, just let me know. Thanks. Priscilla If they were, what would the effect be, as opposed to if they were not Maybe I'm outsmarting myself about the data flow implications? Certainly, one can create scenarios where load-sharing or other factors make the two routers significantly different. Depending on the goals and budget, you might even have HSRP in edge routers and more complex routing at a distribution tier. For that matter, people often don't consider L2 failover techniques (e.g., UplinkFast and EtherChannel) with switches feeding the HSRP routers as another aspect of no-single-point-of-failure. - Original Message - From: Howard C. Berkowitz To: Sent: 23 June 2002 3:54 pm Subject: Re: Re: HSRP [7:47177] At 3:08 PM -0400 6/23/02, Kevin Cullimore wrote: A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). Kevin, how is the asymmetry a problem? The HSRP linked routers presumably have the same routing tables, although the backup might have to ARP for its first packet forwarded. Even if that's an issue, promiscuous ARP learning shouldn't be all that much of a problem. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47300t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP [7:47177]
This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. RouterA/B tells ClientB -- RouterA will be handling your requests to ClientA ClientA then sends more packets to ClientB via RouterA. ClientB responds to ClientA via RouterA. Janitor comes in and accidentally unplugs RouterA's power cord. ClientA now has to re-establish a connection with ClientB. I have seen the above scenario happen in a failover test when implementing a new core but did not have a bug in my ear to watch the MAC addresses. It has my curiosity perked. In theory I beleive RouterB would re-establish communication after a failed hi are you there packet to RouterA. I will have to wait until a lab is set up to play out the scenario. Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47232t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP [7:47177]
This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. Router A never tells Client A that Router A will be handling your requests. As you mentioned, Client A talks to the Virtual Router via the Virtual IP address which it ARPs to find the Virtual MAC. Client A never knows which of the HSRP routers is intercepting and processing it's requests When Client A sends a frame to the Virtual MAC to go out of it's gateway, both Router A and Router B hear the packet, but only the HSRP Active router will process it. So if, the janitor steps in and unplugs Router A, then after Router B misses enough Hello packets from Router A, it declares itself the Active HSRP router for that HSRP group, and at that point it starts to process the information sent to the Virtual IP/Virtual MAC. This is all transparent to the end clients, Client A in this example. So as far as Client A knows, it's still sending traffic to the Virtual IP via the Virtual MAC address it has in its ARP cache. HTH, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47235t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. Router A never tells Client A that Router A will be handling your requests. As you mentioned, Client A talks to the Virtual Router via the Virtual IP address which it ARPs to find the Virtual MAC. Client A never knows which of the HSRP routers is intercepting and processing it's requests When Client A sends a frame to the Virtual MAC to go out of it's gateway, both Router A and Router B hear the packet, but only the HSRP Active router will process it. So if, the janitor steps in and unplugs Router A, then after Router B misses enough Hello packets from Router A, it declares itself the Active HSRP router for that HSRP group, and at that point it starts to process the information sent to the Virtual IP/Virtual MAC. This is all transparent to the end clients, Client A in this example. So as far as Client A knows, it's still sending traffic to the Virtual IP via the Virtual MAC address it has in its ARP cache. HTH, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47236t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
Perhaps this will help explain http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#xtocid23 Yes, HSRP creates a single virtual IP and MAC pair. Yes, when one router fails, the standby router assumes control of this virtual IP and MAC pair. From an end station standpoint, nothing has changed. The end station knows the virtual IP, as configured in it's own settings, or as received as part of its DHCP configuration. In either case, no end station knows all of the IP's of all of the members of the HSRP group. Unless things have changed recently, there is no way to configure multiple default gateways on a Windows machine, at least. This is the reason HSRP, and now VRRP, were developed. If the end station does not already know the MAC of the default gateway, it sends an ARP request, as is standard operating procedure for any host seeking the MAC of an IP. The active router replies with the virtual MAC. You may also want to refer to the VRRP RFC. VRRP is the open standard intended to replace the several proprietary methods that now exist. The first couple of pages provide a good explanation and a good background of the problem to be solved. ftp://ftp.isi.edu/in-notes/rfc2338.txt Tom LongTrip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. Router A never tells Client A that Router A will be handling your requests. As you mentioned, Client A talks to the Virtual Router via the Virtual IP address which it ARPs to find the Virtual MAC. Client A never knows which of the HSRP routers is intercepting and processing it's requests When Client A sends a frame to the Virtual MAC to go out of it's gateway, both Router A and Router B hear the packet, but only the HSRP Active router will process it. So if, the janitor steps in and unplugs Router A, then after Router B misses enough Hello packets from Router A, it declares itself the Active HSRP router for that HSRP group, and at that point it starts to process the information sent to the Virtual IP/Virtual MAC. This is all transparent to the end clients, Client A in this example. So as far as Client A knows, it's still sending traffic to the Virtual IP via the Virtual MAC address it has in its ARP cache. HTH, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47238t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
U/C/M planes and understanding protocols (was Re: HSRP [7:47240]
At 9:23 PM -0400 6/22/02, Priscilla Oppenheimer wrote: There might be a Howard-inspired lesson in this. ;-) If you're referring to the insight the U/C/M plane model gives to understanding protocols, you're absolutely right. It adds depth that the basic OSI model does not. For that matter, of course, Cisco, in its courseware, ignores the additional ISO interpretive/extension documents. In the Control Plane, the host ARPs for its default gateway, which in this case is configured to be the HSRP virtual IP address of the routers. Exactly. Control Plane protocols [1] run between hosts and local routers/switches. [1] The U/C/M model is the original one from Broadband ISDN/ATM. In the IETF, there's some tendency to merge C and M plane functions, which I think is a bad idea. OTOH, I've designed routers that had ARP and routing protocols running in the same non-forwarding processors, and I think of that as coexistence of C and M planes. In the Management Plane, the routers talk amongst themselves to make sure that the virtual IP and MAC addresses stay live. Yep. Management Plane protocols run between network elements like routers and switches. That HSRP may run over the same physical medium as the hosts doesn't make it control plane. In the User Plane, the host sends user traffic (Ping in my case) and the routers forward traffic, without regards to HSRP. Sure, the host uses the virtual MAC address as its destination, but it doesn't know there's anything virtual about it. The routers forward the reply without any concerns about HSRP. I did run this on some rather old routers running IOS 11.0, but I'm pretty sure the results would be the same on newer IOS (although you can get an HSRP-configured router to do ICMP Redirects now.) Also, it wasn't exactly the scenario the original poster asked about, in that he seemed to be implying the source and dest were out the same interface on the router, and he was asking about just the request maybe, whereas I got the reply involved. His exact scenario was harder to set up. Hm. I'll give it a try. Unfortunately, my routers don't do VLANs (too old), but I could try it with secondary addresses. OK, tried it, same result. The only time you see the virtual MAC address is on the original request from the host. Forwarded requests and replies don't use it. Gotta run. I really do have a life outside my lab?! ;-) Priscilla At 08:31 PM 6/22/02, Michael L. Williams wrote: Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 12:17 AM 6/22/02, Tim Potier wrote: Lets say I have HSRP configured on a series of routers... I know clients are sending packets to the MAC/IP of the well known virtual MAC with Cisco equipment. Assume the receiving station recieves the packet directly from the router participating in HSRP with the highest priority... what is the source MAC the receiving station sees? The reply will come from the actual MAC address of the router interface. At this point, the router is just forwarding packets. It doesn't care that HSRP is configured I was thinking the same thing. Sure, a client that sends to the Virtual IP for the HSRP gateway uses the virtual MAC to send to, but as far as return traffic, it seems the router would just receive the packet, lookup which interface it should go out, then rewrite the source/dest MACs in the frame and send it out no HSRP involved Mike W. -- What Problem are you trying to solve? ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com Technical Director, CertificationZone.com http://www.certificationzone.com retired Certified Cisco Systems Instructor (CID) #93005 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47240t=47240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
Generally speaking, people tend to configure hsrp for addresses serving as default gateways. When the client's NIC software initializes gathers values for the default gateway (dynamically or otherwise), it arps for the gateway's mac address, which, under ideal conditions, is answered by the active member of the HSRP group. If the active member of the HSRP group fails, and the standby ISs can detect this, They will begin answering on behalf of the mac address associated with the ip default gateway address. If the client attempts to speak directly to the other address the router is maintaining on the same ip network it will arp for the BIA of the IS's ethernet interface. - Original Message - From: LongTrip To: Sent: 23 June 2002 12:44 pm Subject: Re: Re: HSRP [7:47177] So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. Router A never tells Client A that Router A will be handling your requests. As you mentioned, Client A talks to the Virtual Router via the Virtual IP address which it ARPs to find the Virtual MAC. Client A never knows which of the HSRP routers is intercepting and processing it's requests When Client A sends a frame to the Virtual MAC to go out of it's gateway, both Router A and Router B hear the packet, but only the HSRP Active router will process it. So if, the janitor steps in and unplugs Router A, then after Router B misses enough Hello packets from Router A, it declares itself the Active HSRP router for that HSRP group, and at that point it starts to process the information sent to the Virtual IP/Virtual MAC. This is all transparent to the end clients, Client A in this example. So as far as Client A knows, it's still sending traffic to the Virtual IP via the Virtual MAC address it has in its ARP cache. HTH, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47243t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
hmmm maybe there was a misunderstanding on my part of an earlier post that mentioned The only time you see the virtual MAC address is on the original request from the host. Forwarded requests and replies don't use it. . I understood this to mean that after the initial set up of communications that the virtual mac address was not used in subsequent data transmissions. This will be one for a lab experiment on my part. Until I see it the result with my own eyes it will be a question. Kim From: Thomas E. Lawrence Date: 2002/06/23 Sun PM 01:08:17 EDT To: [EMAIL PROTECTED] Subject: Re: Re: HSRP [7:47177] Perhaps this will help explain http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#xtocid23 Yes, HSRP creates a single virtual IP and MAC pair. Yes, when one router fails, the standby router assumes control of this virtual IP and MAC pair. From an end station standpoint, nothing has changed. The end station knows the virtual IP, as configured in it's own settings, or as received as part of its DHCP configuration. In either case, no end station knows all of the IP's of all of the members of the HSRP group. Unless things have changed recently, there is no way to configure multiple default gateways on a Windows machine, at least. This is the reason HSRP, and now VRRP, were developed. If the end station does not already know the MAC of the default gateway, it sends an ARP request, as is standard operating procedure for any host seeking the MAC of an IP. The active router replies with the virtual MAC. You may also want to refer to the VRRP RFC. VRRP is the open standard intended to replace the several proprietary methods that now exist. The first couple of pages provide a good explanation and a good background of the problem to be solved. ftp://ftp.isi.edu/in-notes/rfc2338.txt Tom LongTrip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. Router A never tells Client A that Router A will be handling your requests. As you mentioned, Client A talks to the Virtual Router via the Virtual IP address which it ARPs to find the Virtual MAC. Client A never knows which of the HSRP routers is intercepting and processing it's requests When Client A sends a frame to the Virtual MAC to go out of it's gateway, both Router A and Router B hear the packet, but only the HSRP Active router will process it. So if, the janitor steps in and unplugs Router A, then after Router B misses enough Hello packets from Router A, it declares itself the Active HSRP router for that HSRP group, and at that point it starts to process the information sent to the Virtual IP/Virtual MAC. This is all transparent to the end clients, Client A in this example. So as far as Client A knows, it's still sending traffic to the Virtual IP via the Virtual MAC address it has in its ARP cache. HTH, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47244t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). - Original Message - From: LongTrip To: Sent: 23 June 2002 2:22 pm Subject: Re: Re: HSRP [7:47177] hmmm maybe there was a misunderstanding on my part of an earlier post that mentioned The only time you see the virtual MAC address is on the original request from the host. Forwarded requests and replies don't use it. . I understood this to mean that after the initial set up of communications that the virtual mac address was not used in subsequent data transmissions. This will be one for a lab experiment on my part. Until I see it the result with my own eyes it will be a question. Kim From: Thomas E. Lawrence Date: 2002/06/23 Sun PM 01:08:17 EDT To: [EMAIL PROTECTED] Subject: Re: Re: HSRP [7:47177] Perhaps this will help explain http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#xtocid23 Yes, HSRP creates a single virtual IP and MAC pair. Yes, when one router fails, the standby router assumes control of this virtual IP and MAC pair. From an end station standpoint, nothing has changed. The end station knows the virtual IP, as configured in it's own settings, or as received as part of its DHCP configuration. In either case, no end station knows all of the IP's of all of the members of the HSRP group. Unless things have changed recently, there is no way to configure multiple default gateways on a Windows machine, at least. This is the reason HSRP, and now VRRP, were developed. If the end station does not already know the MAC of the default gateway, it sends an ARP request, as is standard operating procedure for any host seeking the MAC of an IP. The active router replies with the virtual MAC. You may also want to refer to the VRRP RFC. VRRP is the open standard intended to replace the several proprietary methods that now exist. The first couple of pages provide a good explanation and a good background of the problem to be solved. ftp://ftp.isi.edu/in-notes/rfc2338.txt Tom LongTrip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. Router A never tells Client A that Router A will be handling your requests. As you mentioned, Client A talks to the Virtual Router via the Virtual IP address which it ARPs to find the Virtual MAC. Client A never knows which of the HSRP routers is intercepting and processing it's requests When Client A sends a frame to the Virtual MAC to go out of it's gateway, both Router A and Router B hear the packet, but only the HSRP Active router will process it. So if, the janitor steps in and unplugs Router A, then after Router B misses enough Hello packets from Router A, it declares itself the Active HSRP router for that HSRP group, and at that point it starts to process the information sent to the Virtual IP/Virtual MAC. This is all transparent to the end clients, Client A in this example. So as far as Client A knows, it's still sending traffic to the Virtual IP via the Virtual MAC address it has in its ARP cache. HTH, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47247t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com
Re: HSRP [7:47177]
Sometimes I suspect we get lost in forest, and all we can see are the trees. Let's look at this from the perspective of how data is moved from here to there. Comments below: Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping CL: The ARP process is used by any host ( router or PC or other workstation ) when it has data for a particular host at a particular IP address. The host knows through the XOR process that the destination host is on th same subnet. Since devices on the same subnet are operating at the L2 layer, a MAC is required. The host says, essentially I have data for network address. What MAC should I use? and the appropriate host replies use this one - I'm that IP address, here is my MAC address CL: So in the case you state, there is no reason for Router B to do anything. It does not have data to transmit to host A. to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB CL: Not exactly. The router that is the HSRP primary does all the talking to host A. RouterA/B tells ClientA -- RouterA will be handling your requests. CL: not exactly. The HSRP primary device, using the virtual IP/MAC, does all the communication at this point. there is no provision for a process as you describe. Well, maybe proxy ARP falls into this kind of category, but that's different. RouterA/B tells ClientB -- RouterA will be handling your requests to ClientA ClientA then sends more packets to ClientB via RouterA. CL: sure, in practical terms. But host A is still sending packets to the virtual IP/ virtual MAC address, not to physical addresses. ClientB responds to ClientA via RouterA. Janitor comes in and accidentally unplugs RouterA's power cord. ClientA now has to re-establish a connection with ClientB. CL: well, in theory, host A never knows that a failover has occured. So far as host A is concerned, it is still communicating with the physical device whose IP and MAC are those that it learned at the beginning of tis process. that is, the virtual IP/MAC I have seen the above scenario happen in a failover test when implementing a new core but did not have a bug in my ear to watch the MAC addresses. It has my curiosity perked. In theory I beleive RouterB would re-establish communication after a failed hi are you there packet to RouterA. I will have to wait until a lab is set up to play out the scenario. CL: what you should find is that from the host perspective, nothing changes. I don't have sniffer experience, but I would hazzard the guess that your sniffer traces will see no changes to source and destination IP's, and no change to source and destination MACs. I base this upon my understanding of the process of how a host sends packets. A more detailed look at the theory may be found in Comer's Internetworking with TCP/IP volume 1. CL: My point being that the rules of host to host communication do not split off into a zillion different special cases every time some fix or other is introduced. HSRP is based on the router side, and is designed specifically to keep things simple and consistent as far as the hosts on the particular segment are concerned. Packets move from host to host using the same rules and processes every time. These rules don't change just because there is an HSRP router pair on the segment. they do not change just because there is an OSPF virtual link somewhere along the line. They do not change just because you are on dial backup, rather than the primary WAN link. It becomes far easier to understand when you start from the fundamental principal, and move outwards, than if you get lost in the maze of looking at everything as a special case. CL: sorry for the soap box. over the past few days there have been several threads which have indicated to me that certain fundamentals are not understood. Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47248t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
Kevin Cullimore wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). CL: good point. in my experience, in the quest for 100% up time, the process still depends upon routers at either end to determine the reachability and account for that in the routing protocol. for example, I have my HSRP pair, and each has a WAN link to different carriers. Those links terminate into some central network somnewhere. CL: so when the remote site HSSRP primary fails, two things have to happen. 1) the failover router has to take over and 2) the routers at the far end of the links have to note the link failure to the primary, mark that route as down, and start using the secondary path. CL: seems to me this is the flaw in the system. Might be fine if you are using HSRP merely as failover connectivity to the internet. May not be so fine if you are using HSRP as failover from a branch office to HQ. Depending on the aplication. Depending upon the time it takes to get the new routes in place. CL: as an aside, I just had a convcersation along these lines with a customer, to whom I had to explain at length what HSRP was, what it did, how it behaved, and therefore why what he was thinking was probably not a good idea. Not that we couldn't have done it. But that in the end what the customer wanted me to do wuld have put him at more risk than if he left things as they were. Not to mention the loss of bandwidth that HSRP would have created for him. - Original Message - From: LongTrip To: Sent: 23 June 2002 2:22 pm Subject: Re: Re: HSRP [7:47177] hmmm maybe there was a misunderstanding on my part of an earlier post that mentioned The only time you see the virtual MAC address is on the original request from the host. Forwarded requests and replies don't use it. . I understood this to mean that after the initial set up of communications that the virtual mac address was not used in subsequent data transmissions. This will be one for a lab experiment on my part. Until I see it the result with my own eyes it will be a question. Kim From: Thomas E. Lawrence Date: 2002/06/23 Sun PM 01:08:17 EDT To: [EMAIL PROTECTED] Subject: Re: Re: HSRP [7:47177] Perhaps this will help explain http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#xtocid23 Yes, HSRP creates a single virtual IP and MAC pair. Yes, when one router fails, the standby router assumes control of this virtual IP and MAC pair. From an end station standpoint, nothing has changed. The end station knows the virtual IP, as configured in it's own settings, or as received as part of its DHCP configuration. In either case, no end station knows all of the IP's of all of the members of the HSRP group. Unless things have changed recently, there is no way to configure multiple default gateways on a Windows machine, at least. This is the reason HSRP, and now VRRP, were developed. If the end station does not already know the MAC of the default gateway, it sends an ARP request, as is standard operating procedure for any host seeking the MAC of an IP. The active router replies with the virtual MAC. You may also want to refer to the VRRP RFC. VRRP is the open standard intended to replace the several proprietary methods that now exist. The first couple of pages provide a good explanation and a good background of the problem to be solved. ftp://ftp.isi.edu/in-notes/rfc2338.txt Tom LongTrip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was usin
Re: Re: HSRP [7:47177]
I will keep that in mind while investigating this and other things. Thx :) Kim From: Kevin Cullimore Date: 2002/06/23 Sun PM 03:08:54 EDT To: [EMAIL PROTECTED] Subject: Re: Re: HSRP [7:47177] A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). - Original Message - From: LongTrip To: Sent: 23 June 2002 2:22 pm Subject: Re: Re: HSRP [7:47177] hmmm maybe there was a misunderstanding on my part of an earlier post that mentioned The only time you see the virtual MAC address is on the original request from the host. Forwarded requests and replies don't use it. . I understood this to mean that after the initial set up of communications that the virtual mac address was not used in subsequent data transmissions. This will be one for a lab experiment on my part. Until I see it the result with my own eyes it will be a question. Kim From: Thomas E. Lawrence Date: 2002/06/23 Sun PM 01:08:17 EDT To: [EMAIL PROTECTED] Subject: Re: Re: HSRP [7:47177] Perhaps this will help explain http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#xtocid23 Yes, HSRP creates a single virtual IP and MAC pair. Yes, when one router fails, the standby router assumes control of this virtual IP and MAC pair. From an end station standpoint, nothing has changed. The end station knows the virtual IP, as configured in it's own settings, or as received as part of its DHCP configuration. In either case, no end station knows all of the IP's of all of the members of the HSRP group. Unless things have changed recently, there is no way to configure multiple default gateways on a Windows machine, at least. This is the reason HSRP, and now VRRP, were developed. If the end station does not already know the MAC of the default gateway, it sends an ARP request, as is standard operating procedure for any host seeking the MAC of an IP. The active router replies with the virtual MAC. You may also want to refer to the VRRP RFC. VRRP is the open standard intended to replace the several proprietary methods that now exist. The first couple of pages provide a good explanation and a good background of the problem to be solved. ftp://ftp.isi.edu/in-notes/rfc2338.txt Tom LongTrip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. Router A never tells Client A that Router A will be handling your requests. As you mentioned, Client A talks to the Virtual Router via the Virtual IP address which it ARPs to find the Virtual MAC. Client A never knows which of the HSRP routers is intercepting and processing it's requests When Client A sends a frame to the Virtual MAC to go out of it's gateway, both Router A and Router B hear the packet, but only the HSRP Active router will process it. So if, the janitor steps in and unplugs Router A, then after Router B misses enough Hello packets from Router A, it declares itself the Active HSRP router for that HSRP group, and at that point it starts to process the information sent to the Virtual IP/Virtual MAC. This is all transparent to the end clients, Client A in this example. So
Re: Re: HSRP [7:47177]
At 3:08 PM -0400 6/23/02, Kevin Cullimore wrote: A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). Kevin, how is the asymmetry a problem? The HSRP linked routers presumably have the same routing tables, although the backup might have to ARP for its first packet forwarded. Even if that's an issue, promiscuous ARP learning shouldn't be all that much of a problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47251t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
A general point to keep in mind is that failover, like monitoring CAN be over-engineered to the point where mechanisms put in place to address high-availability needs get in each other's way and undermine the original intent. - Original Message - From: Chuck To: Sent: 23 June 2002 3:30 pm Subject: Re: Re: HSRP [7:47177] Kevin Cullimore wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). CL: good point. in my experience, in the quest for 100% up time, the process still depends upon routers at either end to determine the reachability and account for that in the routing protocol. for example, I have my HSRP pair, and each has a WAN link to different carriers. Those links terminate into some central network somnewhere. CL: so when the remote site HSSRP primary fails, two things have to happen. 1) the failover router has to take over and 2) the routers at the far end of the links have to note the link failure to the primary, mark that route as down, and start using the secondary path. CL: seems to me this is the flaw in the system. Might be fine if you are using HSRP merely as failover connectivity to the internet. May not be so fine if you are using HSRP as failover from a branch office to HQ. Depending on the aplication. Depending upon the time it takes to get the new routes in place. CL: as an aside, I just had a convcersation along these lines with a customer, to whom I had to explain at length what HSRP was, what it did, how it behaved, and therefore why what he was thinking was probably not a good idea. Not that we couldn't have done it. But that in the end what the customer wanted me to do wuld have put him at more risk than if he left things as they were. Not to mention the loss of bandwidth that HSRP would have created for him. - Original Message - From: LongTrip To: Sent: 23 June 2002 2:22 pm Subject: Re: Re: HSRP [7:47177] hmmm maybe there was a misunderstanding on my part of an earlier post that mentioned The only time you see the virtual MAC address is on the original request from the host. Forwarded requests and replies don't use it. . I understood this to mean that after the initial set up of communications that the virtual mac address was not used in subsequent data transmissions. This will be one for a lab experiment on my part. Until I see it the result with my own eyes it will be a question. Kim From: Thomas E. Lawrence Date: 2002/06/23 Sun PM 01:08:17 EDT To: [EMAIL PROTECTED] Subject: Re: Re: HSRP [7:47177] Perhaps this will help explain http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#xtocid23 Yes, HSRP creates a single virtual IP and MAC pair. Yes, when one router fails, the standby router assumes control of this virtual IP and MAC pair. From an end station standpoint, nothing has changed. The end station knows the virtual IP, as configured in it's own settings, or as received as part of its DHCP configuration. In either case, no end station knows all of the IP's of all of the members of the HSRP group. Unless things have changed recently, there is no way to configure multiple default gateways on a Windows machine, at least. This is the reason HSRP, and now VRRP, were developed. If the end station does not already know the MAC of the default gateway, it sends an ARP request, as is standard operating procedure for any host seeking the MAC of an IP. The active router replies with the virtual MAC. You may also want to refer to the VRRP RFC. VRRP is the open standard intended to replace the several proprietary methods that now exist. The first couple of pages provide a good explanation and a good background of the problem to be solved. ftp://ftp.isi.edu/in-notes/rfc2338.txt Tom LongTrip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]"&
Re: HSRP [7:47177]
At 10:19 AM 6/23/02, Kim Graham wrote: This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). Well, there's not really an initial hi, although I like the literary sound of that. The client ARPs for its default gateway and the router answers. The client has been configured with the virtual IP address for the gateway. The active router responds with the virtual MAC address in the ARP reply. But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? It's completely transparent to the client. The standby router takes over and forwards packets addressed to the virtual MAC address. Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. RouterA/B tells ClientB -- RouterA will be handling your requests to ClientA ClientA then sends more packets to ClientB via RouterA. ClientB responds to ClientA via RouterA. Janitor comes in and accidentally unplugs RouterA's power cord. ClientA now has to re-establish a connection with ClientB. I have seen the above scenario happen in a failover test when implementing a new core but did not have a bug in my ear to watch the MAC addresses. It has my curiosity perked. In theory I beleive RouterB would re-establish communication after a failed hi are you there packet to RouterA. I will have to wait until a lab is set up to play out the scenario. Kim Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47261t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
At 02:22 PM 6/23/02, LongTrip wrote: hmmm maybe there was a misunderstanding on my part of an earlier post that mentioned The only time you see the virtual MAC address is on the original request from the host. Forwarded requests and replies don't use it. . Each request from the host uses the virtual MAC address in the destination. In my experiments, I was only doing a single ping. There was just one request. I understood this to mean that after the initial set up of communications that the virtual mac address was not used in subsequent data transmissions. You jumped to the wrong conclusion. Theoretically, the client doesn't even know any other address. How could it use it? Also, how could redundancy work if it used an actual address for an interface that might go down?? In actuality, the client could know other addresses, by the way, since the ping (or whatever) replies that the router forwards come from the router's real MAC address. But the PC ignores this. Some operating systems could use it though. UNIX used to just reverse the MAC addresses on the next packet. (Long story, not relevant). Also, you might find it interesting (and confusing) to know that the ARP reply from the active HSRP router actually does come from the real address. But the ARP data in the reply supplies the virtual MAC address. Here is the ARP reply from the active HSRP router after the client ARPed for the virtual IP address of the gateway, which was 10.10.0.3. Notice that the source Ethernet address and the Sender's Hardware address in the ARP data don't match? Cool, eh? Ethernet Header Destination: 00:00:0E:D5:C7:E7 Source: 00:00:0C:05:3E:80 Protocol Type:0x0806 IP ARP ARP - Address Resolution Protocol Hardware: 1 Ethernet (10Mb) Protocol: 0x0800 IP Hardware Address Length:6 Protocol Address Length:4 Operation:2 ARP Response Sender Hardware Address:00:00:0C:07:AC:00 Sender Internet Address:10.10.0.3 Target Hardware Address:00:00:0E:D5:C7:E7 Target Internet Address:10.10.0.10 This will be one for a lab experiment on my part. Until I see it the result with my own eyes it will be a question. Why is it a question? I did a bunch of research for you. Why don't you read what I have written and what others wrote? (Although doing your own research is a good idea too.) Priscilla Kim From: Thomas E. Lawrence Date: 2002/06/23 Sun PM 01:08:17 EDT To: [EMAIL PROTECTED] Subject: Re: Re: HSRP [7:47177] Perhaps this will help explain http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#xtocid23 Yes, HSRP creates a single virtual IP and MAC pair. Yes, when one router fails, the standby router assumes control of this virtual IP and MAC pair. From an end station standpoint, nothing has changed. The end station knows the virtual IP, as configured in it's own settings, or as received as part of its DHCP configuration. In either case, no end station knows all of the IP's of all of the members of the HSRP group. Unless things have changed recently, there is no way to configure multiple default gateways on a Windows machine, at least. This is the reason HSRP, and now VRRP, were developed. If the end station does not already know the MAC of the default gateway, it sends an ARP request, as is standard operating procedure for any host seeking the MAC of an IP. The active router replies with the virtual MAC. You may also want to refer to the VRRP RFC. VRRP is the open standard intended to replace the several proprietary methods that now exist. The first couple of pages provide a good explanation and a good background of the problem to be solved. ftp://ftp.isi.edu/in-notes/rfc2338.txt Tom LongTrip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB
Re: Re: HSRP [7:47177]
It's a problem when: people assume that symmetry exists when HSRP similar L3 failover technologies are implemented. It's a problem getting in the way of: people's understanding of those failover technologies. Otherwise, I'm thinking that the flexibility (wherein conversations in different directions may be treated differently) is quite welcome. Comments? - Original Message - From: Howard C. Berkowitz To: Sent: 23 June 2002 3:54 pm Subject: Re: Re: HSRP [7:47177] At 3:08 PM -0400 6/23/02, Kevin Cullimore wrote: A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). Kevin, how is the asymmetry a problem? The HSRP linked routers presumably have the same routing tables, although the backup might have to ARP for its first packet forwarded. Even if that's an issue, promiscuous ARP learning shouldn't be all that much of a problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47267t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
At 9:21 PM -0400 6/23/02, Kevin Cullimore wrote: It's a problem when: people assume that symmetry exists when HSRP similar L3 failover technologies are implemented. It's a problem getting in the way of: people's understanding of those failover technologies. Otherwise, I'm thinking that the flexibility (wherein conversations in different directions may be treated differently) is quite welcome. Comments? I was not assuming load-sharing (i.e., multiple HSRP groups), so I'd expect to have the two routers essentially with the same routing table. What would be different would be their uplinks, unless, possibly, there were an additional link connecting the two routers. In other words, I had considered the simple case of two redundant routers, each of which could handle the full load. Perhaps they might have physically diverse uplinks, but I wouldn't expect them to have radically different optimal routes. Certainly, one can create scenarios where load-sharing or other factors make the two routers significantly different. Depending on the goals and budget, you might even have HSRP in edge routers and more complex routing at a distribution tier. For that matter, people often don't consider L2 failover techniques (e.g., UplinkFast and EtherChannel) with switches feeding the HSRP routers as another aspect of no-single-point-of-failure. - Original Message - From: Howard C. Berkowitz To: Sent: 23 June 2002 3:54 pm Subject: Re: Re: HSRP [7:47177] At 3:08 PM -0400 6/23/02, Kevin Cullimore wrote: A useful notion to keep in mind is that hsrp and its un-patented counterparts (you'd think that during the past century, people would learn from IBM's example, but apparently that isn't the case) are profoundly asymmetric in scope: they are concerned with the host-default gateway portion of the conversation, not the return path (although implementational specifics might force them to address the return path in some circumstances). Kevin, how is the asymmetry a problem? The HSRP linked routers presumably have the same routing tables, although the backup might have to ARP for its first packet forwarded. Even if that's an issue, promiscuous ARP learning shouldn't be all that much of a problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47273t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: HSRP [7:47177]
Comments in line. From: Priscilla Oppenheimer Date: 2002/06/23 Sun PM 08:19:23 EDT To: [EMAIL PROTECTED] Subject: Re: Re: HSRP [7:47177] At 02:22 PM 6/23/02, LongTrip wrote: hmmm maybe there was a misunderstanding on my part of an earlier post that mentioned The only time you see the virtual MAC address is on the original request from the host. Forwarded requests and replies don't use it. . Each request from the host uses the virtual MAC address in the destination. In my experiments, I was only doing a single ping. There was just one request. I understood this to mean that after the initial set up of communications that the virtual mac address was not used in subsequent data transmissions. You jumped to the wrong conclusion. Theoretically, the client doesn't even know any other address. How could it use it? Also, how could redundancy work if it used an actual address for an interface that might go down?? Agreed, hence my curiosity. As mentioned earlier it was a misinterruptation on my part. Thank you for taking the time to explain. Also, you might find it interesting (and confusing) to know that the ARP reply from the active HSRP router actually does come from the real address. But the ARP data in the reply supplies the virtual MAC address. Here is the ARP reply from the active HSRP router after the client ARPed for the virtual IP address of the gateway, which was 10.10.0.3. Notice that the source Ethernet address and the Sender's Hardware address in the ARP data don't match? Cool, eh? Very cool :) Ethernet Header Destination: 00:00:0E:D5:C7:E7 Source: 00:00:0C:05:3E:80 Protocol Type:0x0806 IP ARP ARP - Address Resolution Protocol Hardware: 1 Ethernet (10Mb) Protocol: 0x0800 IP Hardware Address Length:6 Protocol Address Length:4 Operation:2 ARP Response Sender Hardware Address:00:00:0C:07:AC:00 Sender Internet Address:10.10.0.3 Target Hardware Address:00:00:0E:D5:C7:E7 Target Internet Address:10.10.0.10 This will be one for a lab experiment on my part. Until I see it the result with my own eyes it will be a question. Why is it a question? I did a bunch of research for you. Why don't you read what I have written and what others wrote? (Although doing your own research is a good idea too.) I am not dismissing anyone's research or explainations, I am thankful there are others out there willing to share thoughts, research and ideas. But as you say doing your own research is a good idea. I learn a lot by reading, as well as a lot from doing. It is a kin to if you push the wagon down the hill full it goes faster than if it was empty. We all know that fact, but the ride down the hill in a speeding red, wood panelled wagon is much more fun than watching it go down the hill empty. Kim Priscilla Kim From: Thomas E. Lawrence Date: 2002/06/23 Sun PM 01:08:17 EDT To: [EMAIL PROTECTED] Subject: Re: Re: HSRP [7:47177] Perhaps this will help explain http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#xtocid23 Yes, HSRP creates a single virtual IP and MAC pair. Yes, when one router fails, the standby router assumes control of this virtual IP and MAC pair. From an end station standpoint, nothing has changed. The end station knows the virtual IP, as configured in it's own settings, or as received as part of its DHCP configuration. In either case, no end station knows all of the IP's of all of the members of the HSRP group. Unless things have changed recently, there is no way to configure multiple default gateways on a Windows machine, at least. This is the reason HSRP, and now VRRP, were developed. If the end station does not already know the MAC of the default gateway, it sends an ARP request, as is standard operating procedure for any host seeking the MAC of an IP. The active router replies with the virtual MAC. You may also want to refer to the VRRP RFC. VRRP is the open standard intended to replace the several proprietary methods that now exist. The first couple of pages provide a good explanation and a good background of the problem to be solved. ftp://ftp.isi.edu/in-notes/rfc2338.txt Tom LongTrip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I under
Re: HSRP [7:47177]
Tim, If you have not hard configured the MAC address then it will be the MAC of the virtual router. This MAC address is a combination of 3 things; vendor code, well known HSRP virtual MAC address, and the group number of the active router. Below are listed some sources of information. http://www.cisco.com/warp/public/473/62.shtml#addressing Quote: HSRP Standby IP Address Communication (All Media Except Token Ring) Since host workstations are configured with their default gateway as the HSRP standby IP address, hosts must communicate with the MAC address associated with the HSRP standby IP address. This MAC address will be a virtual MAC address composed of .0c07.ac**, where ** is the HSRP group number in hexadecimal based on the respective interface. For example, HSRP group one will use the HSRP virtual MAC address of .0c07.ac01. Hosts on the adjoining LAN segment use the normal ARP process to resolve the associated MAC addresses. End Quote: Building Cisco Multilayer Switched Networks (chapter 7) MAC - .0c07.ac01 .0c - Vendor identifier Cisco 07.ac- Well known HSRP Virtual MAC address 01 - Group address http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1214ea1/3550scg/swhsrp.htm It is configurable if you need to do so with the following command. standby [group-number] mac-address mac-address or standby use-bia Kim From: Tim Potier Date: 2002/06/22 Sat AM 12:17:36 EDT To: [EMAIL PROTECTED] Subject: HSRP [7:47177] Lets say I have HSRP configured on a series of routers... I know clients are sending packets to the MAC/IP of the well known virtual MAC with Cisco equipment. Assume the receiving station recieves the packet directly from the router participating in HSRP with the highest priority... what is the source MAC the receiving station sees? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47189t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP [7:47177]
At 12:17 AM 6/22/02, Tim Potier wrote: Lets say I have HSRP configured on a series of routers... I know clients are sending packets to the MAC/IP of the well known virtual MAC with Cisco equipment. Assume the receiving station recieves the packet directly from the router participating in HSRP with the highest priority... what is the source MAC the receiving station sees? The reply will come from the actual MAC address of the router interface. At this point, the router is just forwarding packets. It doesn't care that HSRP is configured. I tried a test. I have 2 routers (Albany and Charlotte) and a PC, like this: more nets more nets | | | | Albany--EthernetCharlotte 10.10.0.1| 10.10.0.2 00 00 0C 05 3E 80| 00 00 0C 00 2E 75 standby ip 10.0.0.3 | standby ip 10.0.0.3 | | PC address = 10.10.0.10 gateway = 10.10.0.3 running EtherPeek Albany#show standby Ethernet0 - Group 0 Local state is Active, priority 100 Hellotime 3 holdtime 10 Next hello sent in 0:00:02 Hot standby IP address is 10.10.0.3 configured Active router is local Standby router is 10.10.0.2 expires in 0:00:09 charlotte#show standby Ethernet0 - Group 0 Local state is Standby, priority 100 Hellotime 3 holdtime 10 Next hello sent in 0:00:00 Hot standby IP address is 10.0.0.3 configured Active router is 10.10.0.1 expires in 0:00:07 Standby router is local charlotte# Albany is active. The MAC virtual address is 00:00:0C:07:AC:00. I ping to anything on the network from my PC. If the destination is reachable via Charlotte, then I see the packet go from my PC MAC to 00:00:0C:07:AC:00 (the virtual MAC address.) Then I see the same packet go from Albany's real MAC address to Charlotte's real MAC address (with no ICMP Redirect, by the way). If the destination is reachable via Albany, then I don't see the second packet. Regardless, in all cases the ping reply comes back from the real MAC address of Albany or Charlotte. Here's the simpler case where I pinged 172.16.50.1 which is reachable via Albany. Ping: Ethernet Header Destination: 00:00:0C:07:AC:00 Source: 00:00:0E:D5:C7:E7 Protocol Type:0x0800 IP IP Header - Internet Protocol Datagram Version: 4 Header Length:5 (20 bytes) Type of Service: % Total Length: 60 Identifier: 6400 Fragmentation Flags: %000 Fragment Offset: 0 (0 bytes) Time To Live: 32 Protocol: 1 ICMP - Internet Control Message Protocol Header Checksum: 0x999C Source IP Address:10.10.0.10 Dest. IP Address: 172.16.50.1 No IP Options ICMP - Internet Control Messages Protocol ICMP Type:8 Echo Request Code: 0 Checksum: 0x355C Identifier: 0x0200 Sequence Number: 0x0016 Ping Reply: Ethernet Header Destination: 00:00:0E:D5:C7:E7 Source: 00:00:0C:05:3E:80 Protocol Type:0x0800 IP IP Header - Internet Protocol Datagram Version: 4 Header Length:5 (20 bytes) Type of Service: % Total Length: 60 Identifier: 6400 Fragmentation Flags: %000 Fragment Offset: 0 (0 bytes) Time To Live: 255 Protocol: 1 ICMP - Internet Control Message Protocol Header Checksum: 0xBA9B Source IP Address:172.16.50.1 Dest. IP Address: 10.10.0.10 No IP Options ICMP - Internet Control Messages Protocol ICMP Type:0 Echo Reply Code: 0 Checksum: 0x3D5C Identifier: 0x0200 Sequence Number: 0x0016 HTH. Priscilla Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47212t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP [7:47177]
Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 12:17 AM 6/22/02, Tim Potier wrote: Lets say I have HSRP configured on a series of routers... I know clients are sending packets to the MAC/IP of the well known virtual MAC with Cisco equipment. Assume the receiving station recieves the packet directly from the router participating in HSRP with the highest priority... what is the source MAC the receiving station sees? The reply will come from the actual MAC address of the router interface. At this point, the router is just forwarding packets. It doesn't care that HSRP is configured I was thinking the same thing. Sure, a client that sends to the Virtual IP for the HSRP gateway uses the virtual MAC to send to, but as far as return traffic, it seems the router would just receive the packet, lookup which interface it should go out, then rewrite the source/dest MACs in the frame and send it out no HSRP involved Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47213t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP [7:47177]
There might be a Howard-inspired lesson in this. ;-) In the Control Plane, the host ARPs for its default gateway, which in this case is configured to be the HSRP virtual IP address of the routers. In the Management Plane, the routers talk amongst themselves to make sure that the virtual IP and MAC addresses stay live. In the User Plane, the host sends user traffic (Ping in my case) and the routers forward traffic, without regards to HSRP. Sure, the host uses the virtual MAC address as its destination, but it doesn't know there's anything virtual about it. The routers forward the reply without any concerns about HSRP. I did run this on some rather old routers running IOS 11.0, but I'm pretty sure the results would be the same on newer IOS (although you can get an HSRP-configured router to do ICMP Redirects now.) Also, it wasn't exactly the scenario the original poster asked about, in that he seemed to be implying the source and dest were out the same interface on the router, and he was asking about just the request maybe, whereas I got the reply involved. His exact scenario was harder to set up. Hm. I'll give it a try. Unfortunately, my routers don't do VLANs (too old), but I could try it with secondary addresses. OK, tried it, same result. The only time you see the virtual MAC address is on the original request from the host. Forwarded requests and replies don't use it. Gotta run. I really do have a life outside my lab?! ;-) Priscilla At 08:31 PM 6/22/02, Michael L. Williams wrote: Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 12:17 AM 6/22/02, Tim Potier wrote: Lets say I have HSRP configured on a series of routers... I know clients are sending packets to the MAC/IP of the well known virtual MAC with Cisco equipment. Assume the receiving station recieves the packet directly from the router participating in HSRP with the highest priority... what is the source MAC the receiving station sees? The reply will come from the actual MAC address of the router interface. At this point, the router is just forwarding packets. It doesn't care that HSRP is configured I was thinking the same thing. Sure, a client that sends to the Virtual IP for the HSRP gateway uses the virtual MAC to send to, but as far as return traffic, it seems the router would just receive the packet, lookup which interface it should go out, then rewrite the source/dest MACs in the frame and send it out no HSRP involved Mike W. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47218t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP [7:47177]
Thank you all! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47225t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP on 6509 with Hybrid into PIX's in failover mo [7:46929]
I had a customer that did the same thing you described on our 6509's with only 1 sup eng (don't ask me why there was no redundancy - big mistake)that were going into a PIX 510. The cfg is below, and what the standby group info looked like. That was before they shut down and gave us good net guys the boot. The names hav been removed to protect the innocent. HTH's... #show standby FastEthernet4/26 - Group 30 Local state is Active, priority 150, may preempt Preemption delayed for at least 300 secs Hellotime 3 holdtime 10 Next hello sent in 00:00:00.098 Hot standby IP address is 128.242.170.1 configured Active router is local Standby router is unknown expired Standby virtual mac address is .0c07.ac1e 61 state changes, last state change 18:27:52 6509 #1 ! interface FastEthernet4/26 description AC: XXX -local wire ip address 128.242.170.3 255.255.255.240 no ip redirects no ip proxy-arp ip route-cache same-interface duplex full speed 10 no cdp enable standby 30 priority 150 preempt delay 300 standby 30 ip 128.242.170.1 6509 #2 = ! interface FastEthernet4/26 description AC: -local wire ip address 128.242.170.3 255.255.255.240 no ip redirects no ip proxy-arp ip route-cache same-interface duplex full speed 10 no cdp enable standby 30 priority 100 preempt delay 300 standby 30 ip 128.242.170.1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46969t=46929 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP MAC address [7:44290]
Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44292t=44290 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP Source MAC adder [7:35892]
Weird... my messaged got hacked during transit of group study (I 2x checked my sent box... and it reminded me of my telecom days left my station fine...must be your rx. heheheh) ... guess it doesn't like the repeat characters??? so here it is again... with some _underlines_ thrown in to maybe help prevent it happening again... === what I see is::: AAA (22.22) -- DDD (236.57) -- CCC (22.22) DDD (236.57) CCC (22.22) DDD (236.57) !! -- CCC (22.22) DDD (236.57) CCC (22.22) DDD (236.57) CCC (22.22) DDD (236.57) CCC (22.22) DDD (236.57) !! CCC (22.22) DDD (236.57) CCC (22.22) -- DDD (236.57) etc, you get the idea... OK, right up front, the conversation from AAA to DDD and then DDD to CCC makes sense to me.. :-) But why does the back-up mfsc suddenly transmit? He's not Primary, they haven't swapped active [did a sh logg]. My thoughts right now::: HSRP is a listening protocol and not a speaking protocolbut even if that is true [can't find anything DEFINITIVE at CCO] what makes the back-up interface suddenly decide to talk? And it doesn't seem to be a load-balance thing but rather new-session related... But what does that matter? ie: why would the secondary mfsc even see this traffic... Any thoughts? CCO links mucho appreciated if they explain this... Does the 6500 series automatically session-balance when using HSRP? Looking forward to your thoughts TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35896t=35892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP Source MAC adder [7:35892]
my lord arghhh, I will re-tx maybe put it in a diff format!!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35898t=35892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP Source MAC adder [7:35892]
OK, figured it was a groupstudy e-mail prob, because a bcc to my home e-mail showed up fine...but then...looking at it via web board makes it look okso now I'm not sure if the message got hacked up or not... :-/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35907t=35892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP on MSFCs with DECnet [7:34828]
Sorry. It's not an answer. ;-) I was wondering if you found an answer to this interesting quesiton, however. There may be no other solution than to use the BIA and rely on gratuitous ARP? (Well, you could get rid of DECnet or try to isolate it to a pocket of the network. That could be a bit drastic, though. You probably have some important applications that use it.) Priscilla At 03:11 AM 2/8/02, Caplan M wrote: Hi, I'm working with the following scenario. msfc1 msfc2 ip -10.1.1.1 ip 10.1.1.2 DECnet - 1.1 DECnet 1.2 | HSRP - 10.1.1.3 | | | - | | IP hosts DECnet hosts I'm putting together a design using 2 6509s each with MSFCs. I want to provide IP redundancy via HSRP, but also run DECnet on both VLAN interfaces. The virtual MAC address problem of HSRP interacting with DECnet can be solved using 'standby use-bia' command. However I would prefer not to rely on the 'gratuitous arp' solution for my IP hosts; I dont know if they are all compliant. A better solution for a normal router is to use sub interfaces and the scope command, say a 2620. That way, I could configure IP on one sub-interface, and DECnet on another sub-interface. This would mean DECnet hosts could talk happily to their DR using the DEC aa-00-04-00-xx-xx MAC address, while the IP hosts could talk to the Cisco OUI virtual mac address - ie HSRP would only be configured on one of the subinterfaces eg: int fa0.1 ip addr 10.1.1.1 255.255.255.0 standby 1 ip 10.1.1.3 pre int fa0.2 decnet cost 10 But I dont see how I can do this trick with an MSFC. You cant split a VLAN interface into sub-interfaces. So how do I make a VLAN interface talk DECnet with aa-00-04 MAC address, and also respond to the normal HSRP cisco MAC address. Any ideas ? I really dont want to rely on gratuitous ARP. I'm sure that anything you can do with a 2620, you should be able to to at least as good with 6500s and MSFC !! Thanks in advance Mark Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34999t=34828 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/redundant ipx [7:33072]
IPX hosts use IPXRIP to figure out where to send traffic so it's not necessary to configure redundancy. They don't have a default gateway like an IP host would. If you have two exit points from a LAN, the hosts will dynamically figure out how to get to remote networks with no additional configuration. At least I think that's how it works. :-) I haven't had any coffee yet today so I can't be held responsible for the accuracy of my posts. John Patrick Ramsey 1/24/02 6:52:24 AM Fellow listers, Does ipx have a redundant routing mechanism? If I have 2 6509's with a gig trunk port (all vlans), HSRP for IP traffic and the router dies in one, is IPX just hosed? Or does it even matter? I know that ipx interfaces are not configured quite the same as ip interfaces and are really just network numbers. The router then knows to route between ipx networks. But which 6509 will route the traffic? Or is it automatically dynamic? What exactly is going on? -Patrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33083t=33072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/redundant ipx [7:33072]
In IPX your host wants to get to IPX network x and the first router to answer the request will forward the packets. If that router goes belly up than the other will take over since he will answer first by default. I'm sure others who know the intricacies more than I can give a more elegant answer. Dave Patrick Ramsey wrote: Fellow listers, Does ipx have a redundant routing mechanism? If I have 2 6509's with a gig trunk port (all vlans), HSRP for IP traffic and the router dies in one, is IPX just hosed? Or does it even matter? I know that ipx interfaces are not configured quite the same as ip interfaces and are really just network numbers. The router then knows to route between ipx networks. But which 6509 will route the traffic? Or is it automatically dynamic? What exactly is going on? -Patrick -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33089t=33072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/redundant ipx [7:33072]
Good protocols don't need a hack like HSRP. ;-) Seriously, an IPX client sends a RIP Find Network Number broadcast at initialization and if a problem occurs. Any router can respond. AppleTalk doesn't need HSRP either. AppleTalk end nodes listen to RTMP packets and figure out the address of the sending routers. I don't think DECnet needs HSRP either. Nor does Banyan. Just IP. Priscilla At 08:52 AM 1/24/02, Patrick Ramsey wrote: Fellow listers, Does ipx have a redundant routing mechanism? If I have 2 6509's with a gig trunk port (all vlans), HSRP for IP traffic and the router dies in one, is IPX just hosed? Or does it even matter? I know that ipx interfaces are not configured quite the same as ip interfaces and are really just network numbers. The router then knows to route between ipx networks. But which 6509 will route the traffic? Or is it automatically dynamic? What exactly is going on? -Patrick Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33114t=33072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/redundant ipx [7:33072]
well ... I've completely designed this network all wrong then! Maybe I should consider banyan? : p Priscilla Oppenheimer 01/24/02 03:53PM Good protocols don't need a hack like HSRP. ;-) Seriously, an IPX client sends a RIP Find Network Number broadcast at initialization and if a problem occurs. Any router can respond. AppleTalk doesn't need HSRP either. AppleTalk end nodes listen to RTMP packets and figure out the address of the sending routers. I don't think DECnet needs HSRP either. Nor does Banyan. Just IP. Priscilla At 08:52 AM 1/24/02, Patrick Ramsey wrote: Fellow listers, Does ipx have a redundant routing mechanism? If I have 2 6509's with a gig trunk port (all vlans), HSRP for IP traffic and the router dies in one, is IPX just hosed? Or does it even matter? I know that ipx interfaces are not configured quite the same as ip interfaces and are really just network numbers. The router then knows to route between ipx networks. But which 6509 will route the traffic? Or is it automatically dynamic? What exactly is going on? -Patrick Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33122t=33072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/ospf/eigrp for redundant internet [7:29417]
If each site has multiple links, are they to the same or different providers? If each only has 1 link, then regardless of what routing method you use, a down linl=a down site. You could get an as, do ibgp between them and make them multihomed, though that costs dough. At a minumum, you could dual home each site to the same provider, thereby not needing bgp.. Brian Sonic Whalen Success = Preparation + Opportunity On Mon, 17 Dec 2001, Patrick Ramsey wrote: Ok guys/gals, I have a scenario here that I am trying to implement and before I start working on it, I would like some personal opinions/expereinces from anyone that cares to respond. we have 6 major facilities all connected via various speed wan links. Each facillity has it's own connection to the internet with default routes set accordingly. Each facillity then has statics back to each of the other facillites. Currently their is no redundancy in the internet connectivity. If one site loses it's internet T, then it's down until that T comes back. Nobody has ever complained about this being an issue, but it just seems a bit silly to pay for 6 T's and not get full use of them. I have never setup hsrp before and am reading about it right now. But is hsrp all that I need to accomplish this task? each facillity has mulitple networks seperated by it's core layer3 switch, then the wan links are either 2600's or 3600's thanks! -Patrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29421t=29417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/ospf/eigrp for redundant internet [7:29417]
well each site has one link to the inernet but it also has it's wan link to the enterprise. What I want though is for one site's internet connection to go down and it be able to use it's wan link to find another way to get to the internet. -Patrick Brian Whalen 12/17/01 04:46PM If each site has multiple links, are they to the same or different providers? If each only has 1 link, then regardless of what routing method you use, a down linl=a down site. You could get an as, do ibgp between them and make them multihomed, though that costs dough. At a minumum, you could dual home each site to the same provider, thereby not needing bgp.. Brian Sonic Whalen Success = Preparation + Opportunity On Mon, 17 Dec 2001, Patrick Ramsey wrote: Ok guys/gals, I have a scenario here that I am trying to implement and before I start working on it, I would like some personal opinions/expereinces from anyone that cares to respond. we have 6 major facilities all connected via various speed wan links. Each facillity has it's own connection to the internet with default routes set accordingly. Each facillity then has statics back to each of the other facillites. Currently their is no redundancy in the internet connectivity. If one site loses it's internet T, then it's down until that T comes back. Nobody has ever complained about this being an issue, but it just seems a bit silly to pay for 6 T's and not get full use of them. I have never setup hsrp before and am reading about it right now. But is hsrp all that I need to accomplish this task? each facillity has mulitple networks seperated by it's core layer3 switch, then the wan links are either 2600's or 3600's thanks! -Patrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29423t=29417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/ospf/eigrp for redundant internet [7:29417]
backup default route, just use a higher metric. Assuming you are willing to do that.. Brian Sonic Whalen Success = Preparation + Opportunity On Mon, 17 Dec 2001, Patrick Ramsey wrote: well each site has one link to the inernet but it also has it's wan link to the enterprise. What I want though is for one site's internet connection to go down and it be able to use it's wan link to find another way to get to the internet. -Patrick Brian Whalen 12/17/01 04:46PM If each site has multiple links, are they to the same or different providers? If each only has 1 link, then regardless of what routing method you use, a down linl=a down site. You could get an as, do ibgp between them and make them multihomed, though that costs dough. At a minumum, you could dual home each site to the same provider, thereby not needing bgp.. Brian Sonic Whalen Success = Preparation + Opportunity On Mon, 17 Dec 2001, Patrick Ramsey wrote: Ok guys/gals, I have a scenario here that I am trying to implement and before I start working on it, I would like some personal opinions/expereinces from anyone that cares to respond. we have 6 major facilities all connected via various speed wan links. Each facillity has it's own connection to the internet with default routes set accordingly. Each facillity then has statics back to each of the other facillites. Currently their is no redundancy in the internet connectivity. If one site loses it's internet T, then it's down until that T comes back. Nobody has ever complained about this being an issue, but it just seems a bit silly to pay for 6 T's and not get full use of them. I have never setup hsrp before and am reading about it right now. But is hsrp all that I need to accomplish this task? each facillity has mulitple networks seperated by it's core layer3 switch, then the wan links are either 2600's or 3600's thanks! -Patrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29424t=29417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/ospf/eigrp for redundant internet [7:29417]
HSRP is for backing up LAN connections. It will not work in your situation as I understand it. If you're using OSPF you could restructure things so that your border routers are injecting 0.0.0.0/0 as an E1 route into the area. If you let those propagate throughout your network each router will choose the closest available exit. This assumes that this use of default routing won't break something else you're doing. Perhaps you could also do this manually using weighted static default routes in your areas. HTH, John Patrick Ramsey 12/17/01 3:51:08 PM Ok guys/gals, I have a scenario here that I am trying to implement and before I start working on it, I would like some personal opinions/expereinces from anyone that cares to respond. we have 6 major facilities all connected via various speed wan links. Each facillity has it's own connection to the internet with default routes set accordingly. Each facillity then has statics back to each of the other facillites. Currently their is no redundancy in the internet connectivity. If one site loses it's internet T, then it's down until that T comes back. Nobody has ever complained about this being an issue, but it just seems a bit silly to pay for 6 T's and not get full use of them. I have never setup hsrp before and am reading about it right now. But is hsrp all that I need to accomplish this task? each facillity has mulitple networks seperated by it's core layer3 switch, then the wan links are either 2600's or 3600's thanks! -Patrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29425t=29417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/ospf/eigrp for redundant internet [7:29417]
No HSRP is not for you. HSPR provides redundancy when you have two routers on the same LAN. You simply need to set up a floating default to another location that makes the most sense as a backup from a particular site. Dave Patrick Ramsey wrote: Ok guys/gals, I have a scenario here that I am trying to implement and before I start working on it, I would like some personal opinions/expereinces from anyone that cares to respond. we have 6 major facilities all connected via various speed wan links. Each facillity has it's own connection to the internet with default routes set accordingly. Each facillity then has statics back to each of the other facillites. Currently their is no redundancy in the internet connectivity. If one site loses it's internet T, then it's down until that T comes back. Nobody has ever complained about this being an issue, but it just seems a bit silly to pay for 6 T's and not get full use of them. I have never setup hsrp before and am reading about it right now. But is hsrp all that I need to accomplish this task? each facillity has mulitple networks seperated by it's core layer3 switch, then the wan links are either 2600's or 3600's thanks! -Patrick -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29433t=29417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/ospf/eigrp for redundant internet [7:29417]
This isn't a job for HSRP. HSRP provides redundancy from end-station clients to their default gateway. The clients' default gateway(s) must be in the same subnet as the clients. It doesn't sound like that would be the case for any of the non-local routers. It sounds like a job for a routing protocol. IGRP claims to figure out a candidate default route. Would it dynamically select a new route when the Internet interface went down? Or how about using OSPF and its ability to interject Type 4 routes to Autonomous System Boundary Routers? You could probably do this without a routing protocol too with a backup command of some sort of a floating static (default) route. OK, so I'm waving my hands here. ;-) But I can say for sure that you're barking up the wrong tree with HSRP. Priscilla At 05:51 PM 12/17/01, Patrick Ramsey wrote: Ok guys/gals, I have a scenario here that I am trying to implement and before I start working on it, I would like some personal opinions/expereinces from anyone that cares to respond. we have 6 major facilities all connected via various speed wan links. Each facillity has it's own connection to the internet with default routes set accordingly. Each facillity then has statics back to each of the other facillites. Currently their is no redundancy in the internet connectivity. If one site loses it's internet T, then it's down until that T comes back. Nobody has ever complained about this being an issue, but it just seems a bit silly to pay for 6 T's and not get full use of them. I have never setup hsrp before and am reading about it right now. But is hsrp all that I need to accomplish this task? each facillity has mulitple networks seperated by it's core layer3 switch, then the wan links are either 2600's or 3600's thanks! -Patrick Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29434t=29417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/ospf/eigrp for redundant internet [7:29417]
yeah I think that was the consensous. : ) I'm going to do some more reading and research this a bit more. From what I can tell I think the simplest will be the floating static default route. thanks! (and to everyone else!) -Patrick Priscilla Oppenheimer 12/17/01 07:11PM This isn't a job for HSRP. HSRP provides redundancy from end-station clients to their default gateway. The clients' default gateway(s) must be in the same subnet as the clients. It doesn't sound like that would be the case for any of the non-local routers. It sounds like a job for a routing protocol. IGRP claims to figure out a candidate default route. Would it dynamically select a new route when the Internet interface went down? Or how about using OSPF and its ability to interject Type 4 routes to Autonomous System Boundary Routers? You could probably do this without a routing protocol too with a backup command of some sort of a floating static (default) route. OK, so I'm waving my hands here. ;-) But I can say for sure that you're barking up the wrong tree with HSRP. Priscilla At 05:51 PM 12/17/01, Patrick Ramsey wrote: Ok guys/gals, I have a scenario here that I am trying to implement and before I start working on it, I would like some personal opinions/expereinces from anyone that cares to respond. we have 6 major facilities all connected via various speed wan links. Each facillity has it's own connection to the internet with default routes set accordingly. Each facillity then has statics back to each of the other facillites. Currently their is no redundancy in the internet connectivity. If one site loses it's internet T, then it's down until that T comes back. Nobody has ever complained about this being an issue, but it just seems a bit silly to pay for 6 T's and not get full use of them. I have never setup hsrp before and am reading about it right now. But is hsrp all that I need to accomplish this task? each facillity has mulitple networks seperated by it's core layer3 switch, then the wan links are either 2600's or 3600's thanks! -Patrick Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29437t=29417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hsrp/ospf/eigrp for redundant internet [7:29417]
in its most simple form, without a routing protocol, you could at each site go; ip route 0.0.0.0 0.0.0.0 internet connected interface ip route 0.0.0.0 0.0.0.0 enterprise connected interface 200 Then of course with internet traffic cruising your normally private network, some security auditing may be in order, depending on your setup. Brian Sonic Whalen Success = Preparation + Opportunity On Mon, 17 Dec 2001, Patrick Ramsey wrote: yeah I think that was the consensous. : ) I'm going to do some more reading and research this a bit more. From what I can tell I think the simplest will be the floating static default route. thanks! (and to everyone else!) -Patrick Priscilla Oppenheimer 12/17/01 07:11PM This isn't a job for HSRP. HSRP provides redundancy from end-station clients to their default gateway. The clients' default gateway(s) must be in the same subnet as the clients. It doesn't sound like that would be the case for any of the non-local routers. It sounds like a job for a routing protocol. IGRP claims to figure out a candidate default route. Would it dynamically select a new route when the Internet interface went down? Or how about using OSPF and its ability to interject Type 4 routes to Autonomous System Boundary Routers? You could probably do this without a routing protocol too with a backup command of some sort of a floating static (default) route. OK, so I'm waving my hands here. ;-) But I can say for sure that you're barking up the wrong tree with HSRP. Priscilla At 05:51 PM 12/17/01, Patrick Ramsey wrote: Ok guys/gals, I have a scenario here that I am trying to implement and before I start working on it, I would like some personal opinions/expereinces from anyone that cares to respond. we have 6 major facilities all connected via various speed wan links. Each facillity has it's own connection to the internet with default routes set accordingly. Each facillity then has statics back to each of the other facillites. Currently their is no redundancy in the internet connectivity. If one site loses it's internet T, then it's down until that T comes back. Nobody has ever complained about this being an issue, but it just seems a bit silly to pay for 6 T's and not get full use of them. I have never setup hsrp before and am reading about it right now. But is hsrp all that I need to accomplish this task? each facillity has mulitple networks seperated by it's core layer3 switch, then the wan links are either 2600's or 3600's thanks! -Patrick Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29441t=29417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP design [7:28982]
The load balacing of the VLANs is recommended best practice, however the RSM does not have wire speed access to the backplane, it has two I/O ports each one 200Mbps FDX(from memory). By default all odd VLANs are assigned to the first port and all even VLANs to the second. So if you have all even VLANs supported on one switch, that RSM will only be using half of it's throughput capability. You can see the VLAN allocation by issuing the show cont c5ip command. After some initial queue stuff each VLAN is listed along with the port it is assigned to. To maximise the RSM capabilities you therfore have two choices 1. Split the odd and even VLANs over the two RSMs. 2. Reassign half of the VLANs in each RSM to the other I/O. This of course is only an issue of you are likely to exceed 200Mbps throughput. RB. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29052t=28982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP design [7:28982]
Richard, Good information. Here is part of the output of this command when I give this command on one of our 5500 RSMs. FYI: We have 2 5500s with RSMs, however, with the exception of one VLAN, RSM#1 is the HSRP primary for all other VLANs. Heres the output: VlanTypeDMA Channel Method 1 ethernet1auto 2 ethernet0auto 8 ethernet1auto 142 ethernet0auto 200 ethernet1auto 201 ethernet0auto 202 ethernet1auto 203 ethernet0auto 204 ethernet1auto 205 ethernet0auto 206 ethernet1auto 1000ethernet0auto Is the DMA channel above the two I/O ports your spoke of? Just curious because you also mentioned that By default all odd VLANs are assigned to the first port and all even VLANs to the second. AFAIK, we haven't changed the default behaviour on the RSM, and it seems to have split up the VLANs evenly across the two DMA Channels. What's your take on that? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29062t=28982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP design [7:28982]
Mike, DMA channels are indeed the I/O's ports I refered to, but I couldn't remember what they were called (each time I learn something new , something old falls out the other end). I came across this about three years ago while setting up a multicast network and experiencing throughput problems, IOS was 112-13_P(1). It looks like Cisco have changed the allocation method, what IOS are you running? RB. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29065t=28982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP design [7:28982]
Do both RSMs need to be on the same subnet? Thanks richard beddow wrote: Mike, DMA channels are indeed the I/O's ports I refered to, but I couldn't remember what they were called (each time I learn something new , something old falls out the other end). I came across this about three years ago while setting up a multicast network and experiencing throughput problems, IOS was 112-13_P(1). It looks like Cisco have changed the allocation method, what IOS are you running? RB. [GroupStudy.com removed an attachment of type text/x-vcard which had a name of khramov.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29089t=28982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]