HSRP

jack samuel · ‎08-03-2013

Hello,

Please find the attached topology.

I met with an strange situation and i need help from you experts,

i have 2 core and N7K in vPC+ and below that N5K also in vPC+ connecting the fabric extenders on it, I have a connectivity to 6500 from N7K-1 with an layer 3 interface pointing a default route towards 6500, I have pointed a default route from N7K-2 to N7K-1 because i have only 1 link towards 6500 from N7K1.

The strange part what i want to highlight is whenever i shut the SVI interface for any subnet on N7K1 the users in that subnet are not able to reach 6500 though i have a N7K-2 interface live with an HSRP active role.

Any hint please

jack samuel · ‎08-19-2013

Hello Experts,

Anybody can help me to solve the issue.

Thanks

richbarb · ‎08-19-2013

Hello Jack,

Remember that hsrp in vPC has a active/active behavior.

The issue is when the SVI goes up in the second peer, the SVI is the GW of the network and requires to the second router do the packet forward.

If a receive a packet from a vpc peer by the peer-link, and to reach out the network I need send traffic back to the same peer, this will not be allowed. As a chicken or the egg dilemma.

To solve this, keep the SVI on the peer that have connection to outside the network (makes sense because if your SW1 goes down, your outside communication goes together and the SVI on the second peer will be a black hole), or connect the 6500 as a vpc member instead a orphan port.

This kind of traffic will be not allowed.

jack samuel · ‎08-24-2013

Dear Richard,

Sorry to reply late , your reply is not clear for me canyou elaborate more for me please

richbarb · ‎08-24-2013

What I mean is that you can't send out a packet to a peer-switch to receive back, this is not allowed.

In your scenario you can enable the peer-gateway feature to avoid this black hole.