Re: hsrp / glbp - Page 2

hs08 · ‎05-30-2023

Hello,

If we have simple topology like this picture where Core 1 and Core 2 run HSRP/GLBP, i just want to know if connection from C1 to C2 is mandotary needed or we can remove that?

Joseph W. Doherty · ‎05-31-2023

"I am puzzled by the responses that a connection c1 to c2 is not required. If there is not a connection c1 to c2 how will the negotiation for active/standby take place?"

Via D1.

PS:

BTW, w/o C1<>C2 L2, C1<>D1 and D1<>C2 could be routed ports on both core L3s, still supporting HSRP or GLBP.

MHM Cisco World · ‎05-31-2023

why interconnect is not needed ? if we interconnect the C1 and C2 and the DS1 loss connection to C1, the HSRP active must change from C1 to C2 and that normal since the link from C2->DS1->C1 is lost meaning there is issue in C1 so the C2 will not hear HSRP from C1 and C2 become new active hsrp
what if interconnect C1 and C2 here, the DS1 even if it loss connection to C1 the C2 still here C1 via interconnect link and this lead to host in DS1 loss connectivity (the GW of Host point to C1)

So we dont need interconnect ?

NO we need interconnect but not as L2 but as L3.
this solve point above and also if the traffic from ISP/WAN direct to C1 (not shift after the DS1-C1 link failed) the traffic will not drop it will go through interconnect link to C2 and from there to DS1

hs08 · ‎05-31-2023

Hello @MHM Cisco World

How if we have multiple DS connected to both Core? I believe if one DS is down the HRSP state will not changed, am i rigth?

MHM Cisco World · ‎05-31-2023

the DS is failed or the DS-C1or2 link Down ?

hs08 · ‎06-02-2023

can be DS1 failed or one uplink of DS1 failed with this topology. I believe with that scenario HSRP will not failover since HSRP communication can be done via DS2, also with same scenario we will prevent from STP issue. AM i right?

Joseph W. Doherty · ‎06-02-2023

Correct, HSRP will not fail over.

If fact, STP, prior to a failure will have already blocked a link. Depending on what actually fails, STP might unblock or need to do nothing.

Unclear, what's the "STP issue".

MHM Cisco World · ‎06-02-2023

I Mention before we need l3 link interconenct c1 and c2 IF DS1 and DS2 have different vlan.

This design need hsrp group

In such

Ds1 have vlanx have hsrp group x active c1 and standby c2

So if the link from ds1 to c1 down the c2 will be now active for hsrp group x of vlanx.

There is hsrp fialover in this case.

Joseph W. Doherty · ‎06-02-2023

Reading @MHM Cisco World reply, and all the other replies, shows many conflicts. I believe that might be due to assumptions being made as some important information was not described by OP (unless I missed it).

Specifically, are the D# devices L2 or L3 switches? Are the C# devices L3 switches or routers? For any L3 switches, are the being used L2, L3 switches (SVIs) or like routers (routed ports)?

Richard Burts · ‎06-02-2023

I agree that it is likely that there are different understandings of the environment and clarifications are needed.

HTH

Rick

Joseph W. Doherty · ‎05-31-2023

If you're unconcerned about failure scenarios, only two links are "needed". For example, rather than having C1<>D1<>C2 you might also have D1<>C1<>C2 or D1<>C2<>C1, those too would function using HSRP or GLBP.

In a later post, you posit what if you had a second switch, D2, with it, and D1 only having (each) a link to C1 and C2, i.e. no C1<>C2 link. Sure that works, but there too you only need 3 links to interconnect 4 switches, unless you're concerned with redundancy.

Ignoring redundancy, though, does still leave consideration of "optimal" link placement for your traffic flows. Again, using just your 3 switch topology, why might you chose C1<>D1<>C2 vs. C1<>C2<>D1 or C2<>C1<>D1?

Even if you have the the full mesh between your 3 switches, now that you have a L2 loop, which link might you insure STP blocks?

Generally, in most designs, if possible, you try to avoid needless transit hops. So, for both your 3 switch and 4 switch topologies, a link between C1<>C2 is likely STP blocked, so that traffic doesn't needlessly need to transit a second core switch. With a 4 switch topology, with a C1<>C2 connection, if C1<>D1 link fails, does it matter whether D1, to reach C1, goes D1<>C2<>C1 or D1<>C2<>D2<>C1? Well, the latter appears to have an extra transit hop, also that extra transit hop is an edge switch, which might not have the capacity and/or port bandwidth of your core switches.

So, one might consider "mandatory" something truly required (needed) to function. However, much of network design addresses trying to have something "better" than the most basic "mandatory" design and/or considers other network factors like traffic flows, failure scenarios, cost to provide, etc.

MHM Cisco World · ‎06-02-2023

I see many confuse, it some way hard to merge all protocol together to make your network Optimal but I will summary it to you
this design when using single DS and multi DS with and without same VLAN

Joseph W. Doherty · ‎06-02-2023

At this point, would be helpful if you clarify the kind of devices your C# devices are, and if L3 switches, how you're providing the L3 interfaces.

Why?

Because, for example in your 2nd diagram, if cores are L3 switches, using SVIs, and D# devices are VLAN capable L2 switches, with a DS1 and DS2, using TRUNKs, using two VLANs, you wouldn't need any C1<>C2 connection, although you do need STP.

In your 3rd diagram, again with cores being L3 switches and SVIs, you don't need your red or green links, as you have redundancy having 4 links. Again, though, you'll need STP.

Again, after reading all the conflicting information, I believe the conflicts are based on presumptions about the actual environment being used, which very much impacts possible solutions.

Without full clarify of the environment, you can easily bump into "corner cases", which very much can impact the design.

For example, in your first diagram, remove the L3 interconnect. Will it work, sure does, don't need STP either. Data from D1 goes to C1's active gateway. Data to D1, though, might come from either C1 or C2. I.e. HSRP determines egress from D1, but not ingress to D1.

Now, still using your first diagram, without any interconnect, C2<>D1 link fails. Does that take down SVI??? If not, and it might not (like are there any other interfaces on C2 in that VLAN that are up), data might still try to reach D1 via C2, but it cannot! D1 can still send out via C1, and likely some data will come back via C1, but again, all data?

A variation of the forgoing, C1<>D1 link fails. Again, assuming C1's SVI doesn't go down, C1 and C2 will both try to be the active gateway, as they can no longer see each other (via D1). No problem for D1 egress, it will switch to C2, the gateway it can see, but C1 might, like prior, black hole traffic going to D1.

Interestingly, if we do add an L3 interconnect between C1 and C2, if the C1 interface doesn't logically drop, it will not route traffic to C2, it will blackhole the traffic to D1 instead.

Personally, for a basic design like the first diagram, the C1<>C2 link I would configure both as L2 and L3, with STP configured to block C1<>C2 first for the VLAN to D1, but still allow L3 between C1 and C2. I.e. it covers all the bases.

Further, in the real world, I very much try to avoid spanning VLANs across logical devices, except from a L2 edge (single logical - e.g. stack, chassis with redundancy) to its L2/L3 distro (single logical - e.g. stack, chassis with redundancy, VSS, vPC). I.e. very much try to avoid L2/STP redundancy situations or a need for a FHRP. (Although, by such design, STP isn't needed, I keep it enabled just in case someone "accidentally" forms a L2 loop.)

MHM Cisco World · ‎06-02-2023

Friend you need to read more to make my solution clear to you

L3 interconnect can done by router port or using access port svi (transit vlan with vlan not same use in ds)

The C is core SW do you know that we use Core router in enterprise or DC !!!

why interconnect between C1-C2 if the active is C1 and DS1 loss connect to C2 and return traffic from EdgeRouter retrun C2 how traffic is go to DS1!!!

No need STP!!!! never never advised something like this' this SW we need STp always' even if we know the stp is always fwd we dont sure if some body wrongly connect SW and make l2 loop.

And if you have other points about my design' we are free to share you ideas about optimal design.

Joseph W. Doherty · ‎06-02-2023

Your solution is unclear, like mine and others have been, because we have not fully defined the network environment.

Regarding using a "router" for a core in DC or Enterprise, first you're assuming this is a DC or Enterprise core, which in my experience usually don't use FHRPs. Second, regardless what a network vendor calls them, DC or Enterprise "routers" are more than a traditional router, the latter I haven't seen used in a core in decades. See, you're making my point, you're designing for DCs or Enterprises, while I have in mind Catalysts 2Ks and 3Ks.

As to actually relying on STP, as I wrote, my designs, for decades, don't rely on it. However, I've had to support such, well, until I could upgrade them.

"why interconnect between C1-C2 if the active is C1 and DS1 loss connect to C2 and return traffic from EdgeRouter retrun C2 how traffic is go to DS1!!!"

Counter question, if interface on C2 drops, why is traffic going to it at all? Again, you're making assumptions, which might be correct or not, ditto with my assumptions.

To recap, without much more information about the network environment, none of us can declare one design better or right than another. We can, though, declare the assumptions we're using.