[c-nsp] HSRP vs VRRP
Robert Crowe
rocrowe at cisco.com
Tue Oct 18 18:13:36 EDT 2005
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gert Doering
Sent: Tuesday, October 18, 2005 5:45 PM
To: Tim Durack
Cc: Gert Doering; jean; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] HSRP vs VRRP
>Hi,
>On Tue, Oct 18, 2005 at 02:07:29PM -0400, Tim Durack wrote:
> That's why it's preferable to design things so R1 is connected to SW1
> and SW2, same for R2.
> This will avoid partitioning the network under various failure modes.
>How do you do that? Etherchannel is only going to work when going from a
router to the same switch (counting 3750 stacks as >"single switch"
>here, for the purpose of the argument), and BVI'ing two ethernets on the
router will usually end up in abysmal performance.
>So how to connect R1 (and R2) to SW1 and SW2 into the same VLAN?
[..]
> The assymetric situation has caught us out when running urpf filtering
> on interfaces that are also running HSRP.
Yep, another thing to watch out for.
RC> ESR(config-if)#ip verify unicast reverse-path allow-self-ping
> It basically means you can't always ping the interface addresses. Only
> affects monitoring though, not transit.
Think "reflexive access lists" and/or "ip inspect"...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list