[c-nsp] Rate limiting questions

Phil Mayers p.mayers at imperial.ac.uk
Sun Oct 28 08:27:05 EDT 2007


On Sat, 2007-10-27 at 18:02 +0300, Tassos Chatzithomaoglou wrote:
> One ugly way to do it would be to create an eem applet on both routers which would do the following:
> 
> 1) watch for syslog messages "STANDBY ....Active->xxx" and then "decrease" the metric of these 
> redistributed connected routes through configuring the local router
> 2) watch for syslog messages "STANDBY ....xxx->Active" and then "increase" the metric of these 
> redistributed connected routes through configuring the local router

That only gets you halfway. The standby router still has a connected
route which CANNOT be overridden by a routing protocol route; so in my
original diagram if packets even *hit* the standby, they'll go out the
100meg link as opposed to across the gigE link to the active router

It is also, as you say, very very ugly.

> 
> I guess if eem can watch the hsrp state, it would be even easier.
> 
> Of course if you have a lot of hsrp groups, that is going to be a long config, but it might do the job.
> 
> 
> One nice way (if your network design allows it) is to track (through hsrp) the upstream 
> interface/connection of the hsrp primary router and if it loses connectivity (you can use ip sla/rtr 
> to check non-direct connectivity), then switch over to the standby hsrp router, which should always 
> announce the same networks as the primary router, but using a smaller metric.
> 
> I personally use such a design and it works very well, especially after tuning the ospf timers.

As do we, but there are circumstances where that does not help; e.g.
imagine stateful layer2 firewalls or load-balancers downstream of the
hsrp active/standby routers and where you ABSOLUTELY MUST guarantee that
the return path traffic takes the same route as the outbound.

Without the ability to remove the local connected route on the hsrp
standby, it can be difficult to ensure that.





More information about the cisco-nsp mailing list