[c-nsp] Sharing HSRP group numbers across multiple HSRP instances

Arie Vayner (avayner) avayner at cisco.com
Mon Dec 22 14:46:40 EST 2008 

Justin,

The group number sets the virtual MAC address assigned to that group.
If you have some transparent L2 infrastructure (such as a VPLS domain
you try to transit) this could cause issues, and using different groups
per different VLANs is critical. In most other cases there is no need to
change group numbers between VLANs.

Take a look here:
http://www.cisco.com/en/US/docs/ios/ipapp/command/reference/iap_s2.html#
wp1073440

Another point is that you can use HSRPv2, which extends the group number
to 4096:
http://www.cisco.com/en/US/docs/ios/ipapp/command/reference/iap_s3.html#
wp1063204

Arie

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin Shore
Sent: Monday, December 22, 2008 21:19
To: 'Cisco-nsp'
Subject: [c-nsp] Sharing HSRP group numbers across multiple HSRP
instances

I have a situation in which I'm wondering if I can use the same HSRP 
group number for multiple SVIs on a pair of 7600s.  The VLANs all 
perform similar functions in groups of 3; outside of FWSM contexts, 
inside of FWSM context, SVI for terminating client IPSec VPNs.  Ie, each

customer has 3 VLANs that perform these functions.  I have multiple 
customers and each has 3 VLANs in VRFs (where applicable) on my 7600s 
carved out for these specific functions.

Can I use the same HSRP group for each of the individual 3 VLANs across 
multiple customers?  ie:

Customer	VLAN	Purpose
-------------------------------
1		1501	Outside
1		1601	Inside
1		1701	CVPN
2		1502	Outside
2		1602	Inside
2		1702	CVPN
3		1503	Outside
3		1603	Inside
3		1703	CVPN

Purpose		HSRP Group
---------------------------
FWSM outside	100
FWSM inside	101
CVPN		102

VLANs 1501-1503 get group 100, 1601-1603 get group 101, 1701-1703 get 
group 102.  Each customer VLAN performing that specific role shares that

HSRP group #.  That's worded better.  All VLANs share the same L2 
infrastructure (actually they never leave the 7600s).

Is this doable or should I just use HSRPv2 and one of the 4096 group #s 
available to me?  Would sharing group #s result in few HSRP hellos send 
and processed, thus lower RP overhead?

Just curious.  Thanks
  Justin
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list