HSRP Failover

I've only skim over the HSRP sections of the FLG, but sitting here at work, a question popped into my head as I go over the process.

If the Active switch/router handles all the incoming traffic for the virtual mac/ip, when it fails and the standby takes over, what happens to the cache entries on the host/switches in the transit path?

If R1 and R2 is connected to S1, and R1 is the active router, wouldn't S1 have an entry in its cam table for the virtual mac associated with the port R1 is plugged into? When the link on R1 and R2 takes over, wouldn't the switch still forward request out its port to R1 until the entry is aged out?

Find more posts tagged with

Comments

Coolhandluke

this is a very good point that i never thought about. i can only assume that when a backup takes over it sends a packet (broadcast or multicast) to update the cam on the subnet. this is an assumption so im willing to be corrected but it makes sense

networker050184

Coolhandluke wrote: »

this is a very good point that i never thought about. i can only assume that when a backup takes over it sends a packet (broadcast or multicast) to update the cam on the subnet. this is an assumption so im willing to be corrected but it makes sense

Yes, the router will send a gratuitous arp once it assumes the master role causing the switch to updates its MAC table.

ITdude

pham0329 wrote: »

I've only skim over the HSRP sections of the FLG, but sitting here at work, a question popped into my head as I go over the process.

That is the kind of thought process that will benefit you in the long run. Always question.

Keep it up!

Forsaken_GA

And knowing how that works, you'll also understand that layer 2 adjacency issues can screw with your Active/Standby relationships, which is why you'll see that STP reconvergences can cause the standby to think the Active router is gone occasionally.

pham0329

Thanks for the clarifications guys.

Forsaken, can you expand on your point a bit?

Forsaken_GA

pham0329 wrote: »

Thanks for the clarifications guys.

Forsaken, can you expand on your point a bit?

An STP convergence can cause the standby to go active for a bit, and generate error messages on the active router that it's detecting a duplicate for the VIP. This often leads folks to believe there's a problem with HSRP (especially if they're reviewing logs afterwards), when it's actually unrelated to HSRP at all

pham0329

Forsaken_GA wrote: »

An STP convergence can cause the standby to go active for a bit, and generate error messages on the active router that it's detecting a duplicate for the VIP. This often leads folks to believe there's a problem with HSRP (especially if they're reviewing logs afterwards), when it's actually unrelated to HSRP at all

I have another question, kind of relating to the point you brought up. What happens if both routers thinks it's the active router?

For example, if both routers are connected to a a switch, and I place an ACL that prevents Hellos from being exchange? Since the standby no longer receives Hellos, it transitions to the Active state. How does HSRP handles that?

Forsaken_GA

pham0329 wrote: »

I have another question, kind of relating to the point you brought up. What happens if both routers thinks it's the active router?

For example, if both routers are connected to a a switch, and I place an ACL that prevents Hellos from being exchange? Since the standby no longer receives Hellos, it transitions to the Active state. How does HSRP handles that?

Well, let me ask you this -

What would happen if you put two separate routers with interfaces in the same network and configured those interfaces with the same IP? Because that's effectively the same thing, both routers would purport to be the owner of the VIP.

I'll leave it to you to determine why duplicate IP addresses on the network is bad, especially for gateway interfaces