[c-nsp] FHRP selection within Nexus

Oliver Garraux oliver at g.garraux.net
Wed Nov 13 14:28:05 EST 2013 

HSRP is only active/active if you're using VPC on Nexus.  If VPC is being
used both VPC peers will route traffic with a destination MAC of the HSRP
virtual MAC (as well as their local MAC's).

There is also a "peer gateway" feature with VPC, that allows both VPC peers
to route traffic going to the HSRP vMAC, its on local MAC, or the local MAC
of the VPC peer.  L3 traffic that one of the Nexus boxes forwards on to the
subnet has the router's local MAC for the SVI as the source.  Some poorly
behaved devices just reply straight to that local MAC rather than doing an
ARP to find the MAC of the default gateway.  The peer gateway feature is
needed to allow these broken devices to work when VPC is being used.

If you're not using VPC, HSRP on Nexus works just like it does on anything
else.

Oliver

-------------------------------------

Oliver Garraux
Check out my blog:  blog.garraux.net
Follow me on Twitter:  twitter.com/olivergarraux


On Wed, Nov 13, 2013 at 2:12 PM, Andrew Miehs <andrew at 2sheds.de> wrote:

> On Thu, Nov 14, 2013 at 6:03 AM, Gert Doering <gert at greenie.muc.de> wrote:
>
> >
> > "forwarding to the active HSRP device" and "only the active HSRP
> interface
> > answers ARP request" doesn't particularily sound "active-active" to me
> :-)
> >
> > *This* is what happens on any 6500 that does HSRP on a SVI...
> >
> > GLBP is active-active in that both L3 routers will accept packets to the
> > world, instead of L2-forwarding them to the other one inside the SVI.
> >
> >
> >
> Maybe I am missing something, but I understand the below text to indicate
> that both the primary and secondary HSRP peers will accept the packet to
> their "local" svi - rather than pushing it across the link...  (Continued
> on page 25)
>
> <quote>
>
> The most significant difference between the HSRP implementation of a
> non-vPC configuration compared with a vPC
> configuration is that the HSRP MAC addresses of a vPC configuration are
> programmed with the G (gateway) flag on
> both systems, compared with a non-vPC configuration where only the active
> HSRP interface can program the MAC
> address with the G flag.
>
> Given this fact, routable traffic can be forwarded by both the vPC primary
> device (where HSRP is primary) and the
> vPC secondary device (where HSRP is secondary), with no need to send this
> traffic to the HSRP primary device.
> Without this flag, traffic sent to the MAC address would not be routed.
>
> </quote>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list