[c-nsp] Useful HSRP feature additions WAS: Rate limiting questions

Christopher E. Brown chris.brown at acsalaska.net
Sat Oct 27 18:12:33 EDT 2007


Phil Mayers wrote:
> On Fri, 2007-10-26 at 12:10 -0800, Christopher E. Brown wrote:
>> Phil Mayers wrote:
>>> On Fri, 2007-10-26 at 13:08 -0500, Justin Shore wrote:
>>>> Phil Mayers wrote:
>>>>>> Is there a HSRP option to tell the standby router to only route traffic 
>>>>>> when it's active?  VRRP and GLBP would have the same problem I imagine. 
>>>>> No. This is a frequently requested feature.
>>>> I think I'll ping my account team to add my voice to the list.  This 
>>>> seems like an awfully easy feature addition to me.  I can't think of any 
>>> At first hearing it does indeed seem easy. Having put some thought into
>>> why Cisco don't offer this (fairly obvious) feature, I've concluded
>>> there are some non-trivial difficulties doing it in the fully general
>>> cases that HSRP can support, and on some forwarding architectures.
>>>
>>>
>>>> downside to doing it either.
>>>>
>>>> Justin
>>
>> I think a more useful HSRP feature would be
>>
>> standby 116 gratuitous arp 240
>>
>> in order to solve the longstanding issues with MAC table aging v.s. ARP
>> table aging w/ HSRP.
> 
> As I understand it, the "longstanding" arp/mac aging mismatch issue
> occurs when traffic is returning via the standby and the standby ages
> out the mac entry because it isn't seeing the outbound packets.
> 
> The hsrp master doing grat. arps for itself doesn't address that, does
> it?
> 
>> I wouldn't think that generating grat arps for the HSRP address with the
>> HSRP MAC would be that hard.
> 
> It wouldn't. I don't see how it would solve the problem though.


No, the issue is that the HSRP master never *sends* traffic using the
HSRP virtual MAC address.  It will respond to ARPs, and accept traffic,
but but all traffic put on the wire has a src MAC from the physical
interface.

This is not unexpected, I mean if you have multiple HSRP groups how
would it know which MAC to use when forwarding, best to use the actual
interface MAC.


So, machines ARP for the GW address.

The HSRP master responds with the virtual MAC.

Virtual MAC now in mac table of switches and ARP table of routers.

5 min later, the MAC entry times out, but the ARP entries are there for
another 4hr 55min...  Now we have our layer2 network with no target for
that MAC and flooding everywhere.


The HSRP MAC(s) are there to point at, but the interface MAC itself is
the one used to put packets on the wire.  I am not suggesting what we
change that, it would break things.  I just think we should have the
option of sending a gratuitous arp using the HSRP mac.



-- 
------------------------------------------------------------------------
Christopher E. Brown   <chris.brown at acsalaska.net>   desk (907) 550-8393
                                                     cell (907) 632-8492
IP Engineer - ACS
------------------------------------------------------------------------


More information about the cisco-nsp mailing list