HSRP (Hot Standby Routing Protocol)

Lessons Discussion
206

Hello Paul

That’s a very interesting experiment you performed, and it’s very useful for all of our readers. So it seems that when you issue the shutdown command, the router sends a resign packet before it actually goes down. This causes the standby router to assume the active role. This behavior is not standardized, and you may see slightly different behaviors in different model devices.

Now if instead of shutting down the interface you simply unplugged the port, you would not see a resign packet, and you would likely need to have the hold time expire before the standby router becomes active. Such an experiment would be more appropriate with real devices, I don’t know how a device in CML would react to the disconnection of a link like that. If you do try it out let us know.

I hope this has been helpful!

Laz

207

Dear Lazarus,

I have some doubts on HSRP design when using two cases.

Case 1 : Using hsrp on both the distribution switches and connect these two distribution switches with L2 link.
And downstream switches are access layer switches.

Case 2: Using hsrp on both the distribution switches and connect these two distribution switches with L3 link.
And downstream switches are access layer switches.

Could you please make me understand what are the advantages and disadvantages on the above designs traditionally.

Because when I use case 1 in my design.
Whenever I make SVI interface shutdown on primary switch the end user pc will not able to reach gateway even the secondary switch is still operational.

I see stp is blocking the backup link with blk port. How can I overcome this issue by forwarding the traffic even when the primary SVI is going down manually as shutdown.

Please advise on this.

Thanks…
Mahesh

208

Hello Maheshwaran

HSRP, like all First Hop Redunandcy Protocols (FHRPs) is designed to be used to provide redundant gateways for end-user devices. So if you do deploy HSRP at the Distribution Layer, you must make sure that your connection to your Access switches is only via Layer 2. It should look something like this:

image
image733×535 43 KB

Now having said that, should your connection between the distribution switches be an L2 connection or an L3 connection? Well, it depends. :slight_smile: Both will actually work. The important thing here is to have a path between the two switches so that the SVIs on which you’ve configured HSRP can communicate. Those SVIs should be on the same Layer 2 segment.

Case 1: If you have an L2 link between the switches, and make it a trunk, and you have included the VLANs on which the SVIs using HSRP reside, then HSRP messages will be sent directly over that L2 link like so:

image
image675×530 89.3 KB

Case 2: If you have an L3 link between the switches, that link cannot be used to exchange HSRP messages. However, the SVIs will still be able to communicate over the L2 links with the access switches like so:
image
image697×515 90.6 KB

Which should you choose? Well, that depends. Both will work, but if you choose case 1, you are creating a Layer 2 loop, and thus STP will block one of the ports to prevent the loop. This may result in what you are seeing, a blocked port leading to the redundant gateway. This is why you must ensure that STP priorities are set so that the active HSRP switch becomes the STP root bridge and the standby becomes the secondary root bridge.

If you choose case 2, you don’t have issues with STP, since the L3 link between the switches prevents the creation of a Layer 2 loop. But this results in fewer redundant links (i.e. the link between the switches), so there is a tradeoff.

Adjust the STP root bridge priorities accordingly and see your results, and let us know.

I hope this has been helpful!

Laz

1 Like
209

Hello, everyone.

What are these messages that are being sent? What do they do?

obrázok
obrázok1605×145 8.72 KB

obrázok
obrázok500×281 5.14 KB

//Edit: This is an excellent lesson that covers pretty much everything HSRP has to offer. However, it would be a good addition if this lesson was updated to include more timer information. For example, regardless of what timers are configured, the active router’s settings override everyone.

Then, when using msec timers in HSRPv1, they aren’t propagated in the HSRP messages (they are sent as 0) because the HSRPv1 field for timers is in seconds. In v2, this change is propagated to everyone because the HSRPv2 for timers is in milliseconds which is another main difference between v1 and v2.

David

210

Hello David

These are messages sent between the HSRP devices. The UDP source port of 1985 is used by HSRP for the exchange of such messages. Also, the 224.0.0.2 multicast address is used for HSRP members to communicate with each other. The Op Code of 3 shows that the messages are used to share their current state and priority.

As stated in this Cisco Configuration Guide on HSRP:

The members of the virtual router group continually exchange status messages. This way, one router can assume the routing responsibility of another if one is out of commission for either planned or unplanned reasons.

As for your comments, thanks for the feedback. I will relay them to Rene to consider making modifications.

I hope this has been helpful!

Laz

211

Hello Laz.

Thank you for the response. However, isn’t the use of these Advertise messages redundant if you consider the fact that we already have hellos?

Thank you.
David

212

Hello David

It’s interesting to look into the inner workings of protocols like HSRP. Version 1 has been defined in RFC 2281 and there it does have some info about message Op codes, however, it is version 2 that has the Advertise messages, so it’s not described in that RFC. And HSRPv2 was never defined in a new RFC, so there is no “definitive source” of information for the way the protocol operates.

However, from information I have gleaned from various sources, the hello Op code is 0, as in the original RFC, while that of Advertise is Op code 3.

The Advertise message is sent when a router wants to advertise its own state. These messages are sent periodically according to Cisco documentation, but there is no specification as to what triggers them or if they are based on a timer.

Another bit of information offered by Cisco is this:

To minimize network traffic, only the Active and Standby routers send periodic HSRP messages once the protocol has completed the election process.

But it doesn’t specify what those messages are, hellos or advertise, or both?

In any case, the hello and advertise messages serve slightly different purposes, and that is why they are both needed. Hellos are sent as keepalives, while advertisements include status information that may be necessary at specific times.

I hope this has been helpful!

Laz