Thursday, August 19, 2010

Problem in HSRP - Standby IP can't ping from standby device

We have configured all the devices as shown in topology and configuration.

Part B is older Network which is working on Static Routing and Part A is newer Network which need to be using Dynamic Routing.We have used OSPF for the same. HSRP is working ok. But we have found that we can not ping standby ip fron the device where the specified vlan is in standby or otherthan active state.e.g.

on CORE - 1

Vlan 2 is Active and on rest of COREs this vlan is either in Standby or Listen state. In this case we can not ping standby ip i.e. from CORE - 2 , CORE - 3, CORE - 4 where vlan 2 is not active.

Also we have found that HSRP is changing its state continously after some time.

We have also tried the same by doing all the topology using Dynamic Routing but the result is same. Please help to resolve this issue. Or Please suggest what can I do in this topology so that we can resolve or improve the performance.

1. Mostly, HSRP is providing default gateway redundancy for end devices, like PC or servers, so that end devices points virtual HSRP IP address as their default gateway and end devices can always go out to other subnets even if one router failed.

* RFC mentioned as: -HSRP is not intended as a replacement for existing dynamic router discovery mechanisms and those protocols should be used instead whenever possible [1].

2. So, you should configure HSRP on Distribution SW for access vlans, not in core.

Some customer configure HSRP for routing redundancy but it is not a good practice

Routing protocol provides better redundancy for L3 connections.

For redundancy for CORE and Distributions, you should just rely on OSPF protocol.

Please click here for the Cisco Data Center architecture Overview to learn more on how you should design 3 Tier networks.

* VLAN 1, 3 and 4 all have the same HSRP Group ID of "3". This discrepancy should be evident in the "sh logs".

* When you define the same HSRP group ID on multiple interfaces, they all share the same HSRP virtual MAC address. In most modern LAN switches, there are no issues because they maintain a per-VLAN MAC address table. However, if your network contains any third party switches which maintain a system-wide MAC address table regardless of VLAN, you may experience problems.

