[c-nsp] HSRP, and the router on the other side...

Michael K. Smith - Adhost mksmith at adhost.com
Mon Mar 29 16:51:41 EDT 2010 

Answers in line below.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Rick Coloccia
> Sent: Monday, March 29, 2010 12:40 PM
> To: 'Cisco-nsp'
> Subject: [c-nsp] HSRP, and the router on the other side...
> 
> Hi Everyone,
> 
> Please view this message in a fixed width font for the bad ascii art
to
> make sense... thanks!
> 
> I have an HSRP question, I'm hoping someone here can clarify something
> for me that isn't made clear in any of the many "how to use HSRP" web
> sites all over the web.
> 
> Most of HSRP makes sense to me:
> 
> plug many hosts into a switch
> plug the switch into 2 routers
> configure the two interfaces on the routers to belong to the same hsrp
> group and to share a third virtual ip address
> tell the many hosts that the virtual ip address is their router.
> 
> on the two routers, tell each that their upstream router is exactly
who
> it is.  In my case I am using a static route from each of the two
> routers to a third router that is upstream from both of these two
> routers doing the hsrp.
> 
> Here's my question:  How do I tell the upstream router to get back to
> my
> hosts via the switch on which the virtual ip address resides?
> 
> 
> 
>              +---+    +---+      +------+
>              | s |----| R |------|      |
> +-------+    | w |    | 1 |      |      |
> | host1 |----| i |    +---+      |      |   +-------+
> +-------+    | t |               | core |---| host2 |
>              | c |    +---+      |      |   +-------+
>              | h |----| R |------|      |
>              +---+    | 2 |      |      |
>                       +---+      +------+
> 
> 
> addresses:
> host1: 10.10.10.10/24
> r1, int connected to switch: 10.10.10.2/24
> r2, int connected to switch: 10.10.10.3/24
> virtual address shared by r1 and r2: 10.10.10.1/24
> 
> r1 and r2 connect to the core, both in vlan 7.
> 
> r1, int connected to the core: 10.10.11.2/24
> r2, int connected to the core: 10.10.11.3/24
> int vlan 7 in the core: 10.10.11.1/24
> 
> host2 is in vlan8 in the core: 10.10.12.10/24
> int vlan8 in the core: 10.10.12.1/24
> 
> 
> so my question, restated, is this:
> 
> What is the route that I should have in the core for it to know how to
> get traffic to hosts in the 10.10.10.0/24 net?
> 
> ip route 10.10.10.0 255.255.255.0 10.10.10.2
> and/or
> ip route 10.10.10.0 255.255.255.0 10.10.10.3
> and/or
> ip route 10.10.10.0 255.255.255.0 Vlan7
> 
You shouldn't have to route 10.10.10.x because it's directly connected
on those routers, assuming you have an IGP that is propagating connected
routes into your routers.  The HSRP address is for your hosts to have
default-gateway failover.


> A related question:
> I am getting dropped traceroute packets when I try to traceroute to
one
> of the three addresses involved in the HSRP, but never a packed is
> dropped when connecting to a host behind the hsrp routers.  Is that
> normal?
> 
> traceroute to 10.10.10.3(10.10.10.3), 30 hops max, 38 byte packets
>  1  10.10.12.1  0.284 ms  0.207 ms  0.202 ms  0.196 ms
>  2  10.10.11.2  0.446 ms  0.430 ms  0.44
>  3  10.10.10.3  0.507 ms *  0.545 ms *
> 
> See the *  instead of the times?  I don't know what that's all about.
> Can someone enlighten me?
> 

You often see traceroute oddities with HSRP because the traffic comes in
one HSRP interface and goes out another.  As an example, if your inbound
traffic comes in towards the host on router A which *doesn't* have the
HSRP gateway, the host will respond through router B with the HSRP
gateway.  This is due to the fact that the inbound traffic can get to
the host over the directly connected interface that has the non-active
virtual-address because it's ARP'able.

Regards,

Mike

More information about the cisco-nsp mailing list