5 Replies Latest reply: Apr 30, 2012 8:58 AM by Elvin Arias RSS

    HSRP Weird Questions:

    Vijay Swaminathan

      Hi Experts:

       

      I would like to following question on HSRP clarified:

       

      1. Does HSRP has any limitation on the # of standby in the group??

      2. My understanding on HSRP State transition is:

       

      Disabled --> Init ---> Listen ---> Speak --> Standby ---> active

       

      Is there any possibility that the HSRP Speaking switches can stay at the states INIT (interface down ??)   / LISTEN / SPEAK? and not move to standby / active?

       

      3. Any idea why the Virtual IP address configured needed on both active and standby??

       

      I labbed it up (ofcourse on GNS3) and following are my observation.....

       

      ACTIVE:

       

      !

      interface Vlan10

      ip address 10.10.10.2 255.255.255.0

      standby 1 ip 10.10.10.4     >> Configured Virtual IP

      standby 1 priority 150

      standby 1 preempt

      end

       

       

      Standby:

       

      Current configuration : 99 bytes

      !

      interface Vlan10

      ip address 10.10.10.3 255.255.255.0     >>> Virtual IP not Configured:

      standby 1 ip

      standby 1 priority 101

      end

       

      The standby learns Virtual IP from ACTIVE.

       

      DSW2#sh standby | i Vir

        Virtual IP address is 10.10.10.4 (learnt)

      DSW2#

       

      and it is learnt even when the Active is down. Just to illustrate, i shut down the interface on active and the output on standby is shown below:

       

      DSW2#sh standby

      Vlan10 - Group 1

        State is Active

          8 state changes, last state change 00:00:08

        Virtual IP address is 10.10.10.4 (learnt)

        Active virtual MAC address is 0000.0c07.ac01

          Local virtual MAC address is 0000.0c07.ac01 (v1 default)

        Hello time 3 sec, hold time 10 sec

          Next hello sent in 0.112 secs

        Preemption disabled

        Active router is local

        Standby router is unknown

        Priority 101 (configured 101)

        IP redundancy name is "hsrp-Vl10-1" (default)

      DSW2#

       

      A ping from Host works

       

      HOST#traceroute 1.1.1.1

       

       

      Type escape sequence to abort.

      Tracing the route to 1.1.1.1

       

       

        1 10.10.10.3 92 msec 8 msec 80 msec   >>> Goes through the standby

        2 10.10.13.1 40 msec *  84 msec

      HOST#

       

      4. Do the Virtual IP configured on both active and standby have to match??

       

      as an example, the following work:

       

      Active:

       

      interface Vlan10

      ip address 10.10.10.2 255.255.255.0

      standby 1 ip 10.10.10.4

      standby 1 priority 150

      standby 1 preempt

      end

       

      Standby:

      interface Vlan10

      ip address 10.10.10.3 255.255.255.0

      standby 1 ip 10.10.10.1

      standby 1 priority 101

      standby 1 preempt

       

      in the above example, the virtual Ip on both standby and active does not match but still it takes works .. or am I missing something here?

       

      topology as given in the thread https://learningnetwork.cisco.com/thread/42347

       

      Message was edited by: Vijay Swaminathan

        • 1. Re: HSRP Weird Questions:
          JeffA

          Vijay-

          1.  I believe HSPR v1 is limited to 16 group numbers.  I understand you can use a group number multiple times (in different vlans) but the max # of different group numbers is 16.  In v2, I believe the limit is increased to 4096.

           

          2. not sure.

           

          3. interesting, I didn't know that.

           

          4. I can't think of a reason why one wouldn't want the active and standby to have the same VIP.  I think the whole idea behind a VIPs is to ensure a specific IP (e.g. a default gateway) would still be reachable if the active router went down and the standby took over.  In your example, if the active router went down, clients with a default gateway of 10.10.10.1 would no longer have a DGW.   HTH

          • 2. Re: HSRP Weird Questions:
            Vijay Swaminathan

            Thanks Jeff for the information.

             

            Following are my observations after labbing it up a few :

             

            1. There can be only one Active and one Standby. Rest all in that group would act as Backup.

            2. When the interface is down, the HSRP state would be "INIT" and when the switch is acting as a backup, then the HSRP state would be "LISTEN". I'm still not sure if we can forcefully make to stay on SPEAK and stay there by not becoming active or standby.

             

            3. Still hunting for a good reason.

             

            -Vijay

            • 3. Re: HSRP Weird Questions:
              Vijay Swaminathan

              One interesting observation:

               

              Lets say that we have 3 switches in the HSRP Group.

               

              SWA --> priority 150

              SWB --> Priority 160

              SWC --> Priority 200

               

              on switch C i have disabled Preempt. Lets assume that A and B are brought up.

               

              SWB will be the Active Router and SWA will be the Standby Router.

               

              now lets bring up SWC now. since the preempt is disabled, it does not become active. But it will become standby instead of staying in Backup state. it does take prioirty into account when becoming standby (even if the preempt is disabled) but does not take prioirty into account to become active:

               

              -Vijay

               

              Message was edited by: Vijay Swaminathan

              • 4. Re: HSRP Weird Questions:
                BIGEVIL

                Some interesting points that you have raised Vijay -

                 

                In amswer to the first question (number of groups) that is platform dependant.

                 

                (config-if)#standby ?

                  <0-255>         group number

                 

                This is taken from a 2900 (but i tested this on a few boxes) i did once see a 6513 hit a limit on groups but cannot think of what that limit was off hand.

                In your last post - i belive that once the timers expire it will go to standby. As you know for this to become the active and take over from the current active you would have to have preempt cmd on. I never get the chance you have three boxes using HSRP and mostly only see two.

                • 5. Re: HSRP Weird Questions:
                  Elvin Arias

                  Firstable the HSRP states are listed as follows:

                   

                  Disable

                  Init

                  Learning

                  Listening

                  Speak

                  Standby

                  Active

                   

                  If you need further help and explanations about ALL the states, i'll help, but now let's go to the other part. HSRP can have different problem situations that you should know for production enviroments, and one of the first situations is when the Virtual IPs (VIPs) are different. As you know HSRP uses a group number in order to identify the segment, but the messages are identified by the VIP address sended inside the HSRP packet by the active router (yes, the only router who sends the packet with the actual VIP identifying the HSRP packet is the active router). But what if we have this non-symetric VIPs? Well, the answer is easy, you should receive a log message with the folloing descriptions:

                   

                  %HSRP-4-DIFFVIP1: FastEthernet0/0 Grp 1 active routers virtual IP address 10.12.12.253 is different to the locally configured address 10.12.12.254

                   

                  In this case the local router (which is the standby) is complaining about the difference between the locally configured VIP address (10.12.12.254), and the VIP of the active router (which is 10.12.12.253). You will have communication problems, because if you try to ping the standby address (10.12.12.254) you will not be able to reach it. A way to reach it is to set the 10.12.12.254 router as the active for the segment, but in this case the 10.12.12.253 will not be reached by the client. This process will indefinetly go until you solve the problem.

                   

                  What about the client perspective? Imagine that the client is configured with the active 10.12.12.253 VIP address, and this router fail for some reason, in this case (as you might thinking) the clients will be configured with the 10.12.12.253 IP as the default gateway, but now the active address is the 10.12.12.254, and the client will have trouble to connect to the outside, since it's exit IP address is different from the the new active router's IP address due a misconfiguration problem.

                   

                  Elvin