[c-nsp] Sharing HSRP group numbers across multiple HSRP instances

Murphy, William William.Murphy at uth.tmc.edu
Mon Dec 22 17:27:56 EST 2008 

If you are placing lots of HSRP groups on the same interface I would imagine
at some point hello traffic would become an issue...  I guess it really
depends on the bandwidth and how aggressively you tune your timers...

Bill

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin Shore
Sent: Monday, December 22, 2008 4:07 PM
To: Arie Vayner (avayner)
Cc: Cisco-nsp
Subject: Re: [c-nsp] Sharing HSRP group numbers across multiple HSRP
instances

Arie & Christian,

Thanks for the replies.  So re-using HSRP group #s doesn't create any 
conflicts?  That's good to know.  It also won't reduce the load?  That's 
unfortunately.  For some reason I had it in my mind that you could 
create some sort of collective HSRP instance over a common L2 
infrastructure that would share hellos and switch as one common unit. 
It would be list MST for HSRP essentially.

One design scenario I didn't ask about was if I could do the same thing 
with HSRP instances on sub-ints of a router.  On the other end of these 
MPLS/VPNs is a pair of ISRs facing a 3560 with 1Q trunks.  On each ISR 
is an int facing the 3560 and that int is broken up into several 
sub-ints.  I have HSRP instances on those as well.  I have a matching 
instance on each ISR for each customer VLAN.  However I just tried to 
create a new sub-int with the same HSRP group # and it yelled at me. 
Apparently it isn't supported on the same physical interface.

% Must use unique HSRP group number for each logical interface
    that is a member of the same physical interface.

This isn't a problem for me.  Our contiguous L2 infrastructure isn't so 
big that 4096 HSRP group numbers won't handle it.  I doubt if we'll have 
more than 1000 before I'm breaking it up into smaller pieces for 
bandwidth reasons.

Thanks for the info
  Justin



Arie Vayner (avayner) wrote:
> Justin,
> 
> The group number sets the virtual MAC address assigned to that group.
> If you have some transparent L2 infrastructure (such as a VPLS domain
> you try to transit) this could cause issues, and using different groups
> per different VLANs is critical. In most other cases there is no need to
> change group numbers between VLANs.
> 
> Take a look here:
> http://www.cisco.com/en/US/docs/ios/ipapp/command/reference/iap_s2.html#
> wp1073440
> 
> Another point is that you can use HSRPv2, which extends the group number
> to 4096:
> http://www.cisco.com/en/US/docs/ios/ipapp/command/reference/iap_s3.html#
> wp1063204
> 
> Arie
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin Shore
> Sent: Monday, December 22, 2008 21:19
> To: 'Cisco-nsp'
> Subject: [c-nsp] Sharing HSRP group numbers across multiple HSRP
> instances
> 
> I have a situation in which I'm wondering if I can use the same HSRP 
> group number for multiple SVIs on a pair of 7600s.  The VLANs all 
> perform similar functions in groups of 3; outside of FWSM contexts, 
> inside of FWSM context, SVI for terminating client IPSec VPNs.  Ie, each
> 
> customer has 3 VLANs that perform these functions.  I have multiple 
> customers and each has 3 VLANs in VRFs (where applicable) on my 7600s 
> carved out for these specific functions.
> 
> Can I use the same HSRP group for each of the individual 3 VLANs across 
> multiple customers?  ie:
> 
> Customer	VLAN	Purpose
> -------------------------------
> 1		1501	Outside
> 1		1601	Inside
> 1		1701	CVPN
> 2		1502	Outside
> 2		1602	Inside
> 2		1702	CVPN
> 3		1503	Outside
> 3		1603	Inside
> 3		1703	CVPN
> 
> Purpose		HSRP Group
> ---------------------------
> FWSM outside	100
> FWSM inside	101
> CVPN		102
> 
> VLANs 1501-1503 get group 100, 1601-1603 get group 101, 1701-1703 get 
> group 102.  Each customer VLAN performing that specific role shares that
> 
> HSRP group #.  That's worded better.  All VLANs share the same L2 
> infrastructure (actually they never leave the 7600s).
> 
> Is this doable or should I just use HSRPv2 and one of the 4096 group #s 
> available to me?  Would sharing group #s result in few HSRP hellos send 
> and processed, thus lower RP overhead?
> 
> Just curious.  Thanks
>   Justin
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4327 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20081222/bf5afd25/attachment.bin>

More information about the cisco-nsp mailing list