[c-nsp] Useful HSRP feature additions WAS: Rate limiting questions

Christopher E. Brown chris.brown at acsalaska.net
Sun Oct 28 22:48:43 EDT 2007 

Phil Mayers wrote:
>> The "simple low overhead" fix would be to have the HSRP master send a
>> *single* extra packet every X seconds.  Just one gratuitous ARP every
>> 200 seconds would solve the whole issue.
> 
> See my other email; in our network (6500/sup720) the HSRP master *DOES*
> send frequent packets with the vmac as a source - the HSRP hellos.
> 
> I still think "the hsrp arp/mac aging problem" refers to the *return*
> path traffic:
> 
> http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml#t8
> 
> See also:
> 
> http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080773f4b.html#wp1054004
> 
> The docs (admittedly 12.4T) state:
> 
> """The active router sources hello packets from its configured IP
> address and the HSRP virtual MAC address while..."""
> 
> ...which implies to me Cisco are well aware the vmac needs to be
> refreshed, and the issue you're seeing ought not to exist?
> 
> Are you blocking port 1985 or 224.0.0.2 or something similar?

No, this would break HSRP altogether.


Hmm, the above reffed doc does seem to show that Cisco is aware/fixing
the issue.  Most of the machines I worry about are 7200s, 7500s and
6509s w/ SUP2/MSFC2 in native mode.  These make of most of my "edge of
the core" customer or internal service machines.  The 6509s are native
mode 12.1.26/27 and standard rev for the 7200/7500 systems is 12.2.2x
(currently .22 IIRC).

It has been a while since I did an actual packet capture specific to
this issue.  I may do a few and reverify and/or look at possible IOS
updates.


As the the other side of things, I do have a number of 2 - 4 routers
HSRP groups where the actual routers are miles apart and usually on
different legs of the spanning tree star.  Unless I cannot do so for
some reason (large number of very stupid clients) all of the HSRP
speaking interfaces are running a 240 second arp timeout.

-- 
------------------------------------------------------------------------
Christopher E. Brown   <chris.brown at acsalaska.net>   desk (907) 550-8393
                                                     cell (907) 632-8492
IP Engineer - ACS
------------------------------------------------------------------------

More information about the cisco-nsp mailing list