cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1372
Views
5
Helpful
10
Replies

HSRP Multicasting Hello Packets

Netmart
Level 1
Level 1

Hello,

I was wondering, how HSRP multicast [Hello messages] are routed.

For example in HSRP vers1 [224.0.0.2] and HSRP vers2 [224.0.0.102].

Taking some captures, I realized that HSRPvers1 has a TTL of 1 while HSRP vers does have a TTL value of 255.

Does it mean that HSRPvers2 Hello Packets can traverse multiple hops [crossing BCAST boundaries, while HSRPvers1 is contained within one BCAST domain.

 

Please advise.

10 Replies 10

Cristian Matei
VIP Alumni
VIP Alumni

Hi,

 

   The multicast range of 224.0.0.0 to 224.0.0.255 is reserved for routing protocols(like OSPF, EIGRP), discovery mechanisms (like PIM, IGMP) and any other control-plane functions. That multicast range, should never be forwarded out of the link, regardless of the TTL values, and for this reason most protocols use a TTL of 1. There are exceptions to this TTL value, as there are protocols and use-cases where the same protocol can run in unicast mode, thus it needs a TTL value greater than 1. This is not the case of HSRP, regardless of the version. So HSRP will stay on the local broadcast domain.

 

Regards,

Cristian Matei.

Hello Cristian,

Thank you for your prompt reply. It makes sense what your are saying. However, I was wondering, why was able to see a TTL of 255 when capturing HSRPv2.

Please take a look at the attachment.

 

Thanks,

 

 

Hi,

According to the destination mac address, it's 00-00-5e-00-01-*

Look like it's VRRP instead of HSRP.

In the specification, the TTL for VRRP must be 255 or else be discarded.

May be Wireshark wrongly decoded the packet as HSRP.

Hi ngkin,

Agree, VRRP has a TT: of 255 [RFC2338].

However, we do have only HSRPv2 configured in this case. And according to RFC2281, HSRPv1 has a TTL value of 1.; there  is no word on HSRPv2. Therefore, I was wondering what source is confirming the TTL value for HSRPvers2.                                

 

Regards,

netmart

 

 

 

 

 

Hello @Netmart ,

I have found the following document on HSRP FAQ

https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9281-3.html#q34

 

 

  • The group numbers in version 1 are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095. For example, new MAC address range will be used, 0000.0C9F.Fyyy, where yyy = 000-FFF (0-4095).

  • HSRP version 2 uses the new IP multicast address 224.0.0.102 to send hello packets instead of the multicast address of 224.0.0.2, which is used by version 1.

so you should be able to see the difference at IP level.

note: in the ethernet header the destination MAC address is the first one not the second.

 

about the use of TTL 255 you can see it as an additional security measure: no packet coming from another subnet can have TTL 255. This is used optionally to secure eBGP sessions or OSPF in some environments.

And also VRRP uses this logic.

As noted by @Cristian Matei all 224.0.0.X are link local and cannot be routed by multicast routing enabled routers.

 

Hope to help

Giuseppe

 

 

Hi,

 

   The presented packet capture shows VRRP packets, not HSRP packets. HSRP uses a TTL value of 1 for both versions (v1 and v2).

 

Regards,

Cristian Matei.

Hello @Cristian Matei ,

the packet capture picture refers to HSRPv2 as the destination IPv4 address is 224.0.0.102 and encapsulation is UDP port 1985 both src port and dest port.

 

VRRP uses IP protocol 112 and destination multicast address 224.0.0.18 according to

http://www.networksorcery.com/enp/protocol/vrrp.htm

 

I have no hint about the TTL value.

 

Hope to help

Giuseppe

 

Hi,

 

  @Giuseppe Larosa Thanks for that, i really have no idea how i've seen that capture as VRRP. Still, tested out on couple IOS and IOS-XE devices, HSRPv2 has a TTL of 1. So, it seems that this is not really consistent, with the TTL of 255 for HSRPv2? What HW platform and code are you running to test HSRPv2, that you have a TTL of 255?

 

Regards,

Cristian Matei.

Hello @Cristian Matei ,

the packet capture isn't mine. It is the original poster of this thread that should answer to your questions.

This happens when answering so many posts my dear :)

I am happy that you have became very active in cisco forums.

 

Best Regards

Giuseppe

 

Hi,

 

 @Giuseppe Larosa I know I've screened the output way too fast, but still, to see it as VRRP instead of HSRP. The question was actually for the owner of the thread.

   I'm happy to be back active on the forums, for a while now.

 

Regards,

Cristian Matei.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco