[c-nsp] HSRP to VRRP migration

Phil Mayers p.mayers at imperial.ac.uk
Thu Mar 12 07:36:04 EDT 2015


On 12/03/15 11:26, Gert Doering wrote:
> Hi,
>
> On Thu, Mar 12, 2015 at 11:18:05AM +0000, Phil Mayers wrote:
>> The main risk is the g-arp being dropped/missed.
>
> That's why one of the previous posters suggested to move the *HSRP* master
> to a different IP in between - that way, packets addressed to the
> "old default gateway MAC" (HSRP) will still reach someone, while a new
> ARP request for the default gateway IP will return the VRRP MAC...

Good point. I didn't absorb that when scanning the thread.

>
> But it still needs to have the "move HSRP to new IP" and "activate VRRP
> with gateway IP" quite close together, with the chance for a few packets
> lost in between...   so "lab it, announce maintenance, then do".

Definitely.

>
> (Insert rant about HSRP v2 being required for IPv6, and then not actually
> being permitted to put IPv4 and IPv6 on the same group, so there is *no*
> reason to force IPv4 to HSRP v2 in the end - and that one actually hurts
> about as much as "move to VRRP" because the old VMAC disappears...)

Makes me pine: back in the day, things like ESRP were super-useful, 
combining layer2 loop prevention with an FHRP and preventing asymmetric 
return-path routing.

These days, all the cool kids are doing MLAG and dual-active FHRP, but 
it would be nice to see some of the warts in the FHRP protocols removed. 
In particular there seem to be some odd interactions/limitations with 
the vMAC in a bunch of places :o/


More information about the cisco-nsp mailing list