[c-nsp] HSRP and routing asymmetry

Phil Mayers p.mayers at imperial.ac.uk
Fri Nov 21 06:11:58 EST 2008 

Michael Jager wrote:

> 
> To simplify troubleshooting, I'd like traffic flow between the access 
> layer and the core to be as symmetric as possible. So, at steady state, 
> the core will forward packets to 10.1.1.0/24 via agg1, and packet to 
> 10.1.2.0/24 via agg2.

You can achieve this to a limited degree, but I'd think very carefully - 
is the minimal gain worth the hassle?

We run a similar topology, and we just ignore it - let the traffic 
return via either path.

> 
> However, the purpose of HSRP is obviously to take care of things at 
> other-than steady state! This is where I'm running into trouble. I 
> either need to:
> 
> 1. announce both prefixes into the core from both agg devices, and have 
> the core prefer the announcement from the agg device that is currently 
> the HSRP active router for a given prefix, or:
> 
> 2. announce the prefix only from the agg device that is currently the 
> HSRP active router for that prefix.
> 
> The latter option seems easy enough to do with conditional 
> announcements, but that will track a route received from somewhere else 
> (presumably the core). I could announce a dummy prefix from one agg 
> device to the other; but I'd really like to inextricably link the 
> announcement to the HSRP state somehow.

You'd need to use something like an EEM applet; have the applet run when 
HSRP state changes (syslog match probably) and have it modify a prefix 
list (referenced from a route-map) and then run "clear ip bgp * out"

> 
> This seems like it should be a not-uncommon scenario. I've scoured a 

It's very common. Most people either ignore it, or statically set route 
costs (since the HSRP active will, normally, be in the same place)

> couple of Cisco documents - the Data Center Infrastructure Design Guide 
> looked promising, but its solution was to get a CSM to inject static 
> routes into the MSFC, and then redistribute those routes into the IGP. 
> This seems overkill (seems a bit of a waste of a CSM), and I'd like to 
> avoid this option if at all possible.
> 
> The other option I can see is to just not care about asymmetry from the 

I would advise that personally. The symmetry is nice to have but there 
are all kinds of failure modes involved in tweaking the advertisements.

The most obvious - if the link from agg1->core goes down.

Also, bear in mind that if *any* traffic hits agg2, it *will* be routed 
out via agg2 because the local "connected" route always wins - for 
example if a client on 10.1.2.0/24 talks to a server on 10.1.1.0/24 the 
path will be:

  client
  into agg2
  out of agg2
  server
  into agg1
  out of agg1
  client

> core to the aggregation layer - but I'd also like to avoid this. Has 
> anyone come across this before, and found a solution (or not!) similar 
> to what I've described?

Buy an Extreme or Foundry and use ERSP or FSRP ;o)

Seriously - HSRP can't really do this. You can force it to "sort of" do 
it, but there are non-obvious failure modes to most of the solutions.

Cisco could solve the problem for us with just a little work by 
providing an option to remove the local connected route on HSRP slaves.

More information about the cisco-nsp mailing list