[c-nsp] standby use-bia?

Bruce Pinsky bep at whack.org
Thu Dec 2 11:15:06 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jon Lewis wrote:
| On Thu, 2 Dec 2004, Rodney Dunn wrote:
|
|
|>His subject line daid "use-bia" but I don't see it
|>mentioned in the email anywhere.
|>
|>
|>>>We ran into an issue recently where an HSRP switchover happened and a
|>>>bunch of our L3 switches either didn't get or didn't act on the
|>>>gratuitous arp the active router is supposed to send when it's
|>>>configured with use-bia and goes active.  This got me thinking about
|
|       ^^^^^^^^^^^^^^^^^^^^^^^
|
|>>>ways around having the HSRP group members having different MAC
|>>>addresses.
|
|
| The issue is, I'm using use-bia now, and it's caused problems.  In my
| original message, I implied that one of the options I think would work is
| to use-bia on one 7500 and use that 7500's bia on the others via
| configured virtual mac addr.  My fear in that case is that at some point
| the router with use-bia might decide to use a different bia (from a
| different FE card...we're doing etherchannel, so each router would have
| several bias to choose from) and cause the problem I'm hoping to avoid.
| So it seems like picking/making up a mac addr and configuring that to be
| the virtual mac addr on all the HSRP group members would be the best way
| to go.  I just wonder why that doesn't seem to be documented as a
| recommended way to get around the VIP2/VIP4 32 AF limit.  i.e. I have to
| wonder if there's some gotcha I haven't considered that makes this a bad
| idea?...other than what would happen if I just randomly picked a mac addr
| and something on the LAN happened to have that as its mac addr.
|

You could probably reduce the chance of that last gotcha by setting the LAA
bit in the MAC address.

As I previously mentioned, my only other worry would be whether your
switches allow the same MAC address to appear in different VLANs, i.e. a
forwarding table per VLAN.  The 6500's certainly do.  I know that some
lower end switches (including cisco's) don't and that the VLAN concept is
used only to limit flooding and broadcasts.  I've been bitten by this
before and it makes for some peculiar behavior as well as horrible performance.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFBrz+JE1XcgMgrtyYRAsoHAJ9pBz9Sr32WxgkogEdNkFESFXmZeQCfR7lZ
ZWQZG6vCv7Q7E8CqOIOmOsI=
=aics
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list