Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2186
Views
5
Helpful
10
Replies

HSRP Multicasting Hello Packets

Netmart
Level 3
Level 3

‎03-26-2020 07:29 PM

Hello,

I was wondering, how HSRP multicast [Hello messages] are routed.

For example in HSRP vers1 [224.0.0.2] and HSRP vers2 [224.0.0.102].

Taking some captures, I realized that HSRPvers1 has a TTL of 1 while HSRP vers does have a TTL value of 255.

Does it mean that HSRPvers2 Hello Packets can traverse multiple hops [crossing BCAST boundaries, while HSRPvers1 is contained within one BCAST domain.

 

Please advise.

Labels:
0 Helpful
10 Replies 10

Cristian Matei
VIP Alumni
VIP Alumni

‎03-27-2020 01:33 AM

Hi,

 

   The multicast range of 224.0.0.0 to 224.0.0.255 is reserved for routing protocols(like OSPF, EIGRP), discovery mechanisms (like PIM, IGMP) and any other control-plane functions. That multicast range, should never be forwarded out of the link, regardless of the TTL values, and for this reason most protocols use a TTL of 1. There are exceptions to this TTL value, as there are protocols and use-cases where the same protocol can run in unicast mode, thus it needs a TTL value greater than 1. This is not the case of HSRP, regardless of the version. So HSRP will stay on the local broadcast domain.

 

Regards,

Cristian Matei.

Netmart
Level 3
Level 3
In response to Cristian Matei

‎03-28-2020 06:21 PM

Hello Cristian,

Thank you for your prompt reply. It makes sense what your are saying. However, I was wondering, why was able to see a TTL of 255 when capturing HSRPv2.

Please take a look at the attachment.

 

Thanks,

 

 

HSRPv2.png
Preview file
42 KB
0 Helpful

ngkin2010
Level 7
Level 7
In response to Netmart

‎03-28-2020 09:32 PM

Hi,

According to the destination mac address, it's 00-00-5e-00-01-*

Look like it's VRRP instead of HSRP.

In the specification, the TTL for VRRP must be 255 or else be discarded.

May be Wireshark wrongly decoded the packet as HSRP.
0 Helpful

Netmart
Level 3
Level 3
In response to ngkin2010

‎03-29-2020 12:55 PM

Hi ngkin,

Agree, VRRP has a TT: of 255 [RFC2338].

However, we do have only HSRPv2 configured in this case. And according to RFC2281, HSRPv1 has a TTL value of 1.; there  is no word on HSRPv2. Therefore, I was wondering what source is confirming the TTL value for HSRPvers2.                                

 

Regards,

netmart

 

 

 

 

 

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Netmart

‎03-29-2020 01:31 PM

Hello @Netmart ,

I have found the following document on HSRP FAQ

https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9281-3.html#q34

 

 

  • The group numbers in version 1 are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095. For example, new MAC address range will be used, 0000.0C9F.Fyyy, where yyy = 000-FFF (0-4095).

  • HSRP version 2 uses the new IP multicast address 224.0.0.102 to send hello packets instead of the multicast address of 224.0.0.2, which is used by version 1.

so you should be able to see the difference at IP level.

note: in the ethernet header the destination MAC address is the first one not the second.

 

about the use of TTL 255 you can see it as an additional security measure: no packet coming from another subnet can have TTL 255. This is used optionally to secure eBGP sessions or OSPF in some environments.

And also VRRP uses this logic.

As noted by @Cristian Matei all 224.0.0.X are link local and cannot be routed by multicast routing enabled routers.

 

Hope to help

Giuseppe

 

 

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Netmart

‎03-30-2020 06:16 AM - edited ‎03-30-2020 07:40 AM

Hi,

 

   The presented packet capture shows VRRP packets, not HSRP packets. HSRP uses a TTL value of 1 for both versions (v1 and v2).

 

Regards,

Cristian Matei.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Cristian Matei

‎03-30-2020 07:23 AM

Hello @Cristian Matei ,

the packet capture picture refers to HSRPv2 as the destination IPv4 address is 224.0.0.102 and encapsulation is UDP port 1985 both src port and dest port.

 

VRRP uses IP protocol 112 and destination multicast address 224.0.0.18 according to

http://www.networksorcery.com/enp/protocol/vrrp.htm

 

I have no hint about the TTL value.

 

Hope to help

Giuseppe

 

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Giuseppe Larosa

‎03-30-2020 07:44 AM

Hi,

 

  @Giuseppe Larosa Thanks for that, i really have no idea how i've seen that capture as VRRP. Still, tested out on couple IOS and IOS-XE devices, HSRPv2 has a TTL of 1. So, it seems that this is not really consistent, with the TTL of 255 for HSRPv2? What HW platform and code are you running to test HSRPv2, that you have a TTL of 255?

 

Regards,

Cristian Matei.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Cristian Matei

‎03-30-2020 07:50 AM

Hello @Cristian Matei ,

the packet capture isn't mine. It is the original poster of this thread that should answer to your questions.

This happens when answering so many posts my dear :)

I am happy that you have became very active in cisco forums.

 

Best Regards

Giuseppe

 

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Giuseppe Larosa

‎03-30-2020 08:07 AM

Hi,

 

 @Giuseppe Larosa I know I've screened the output way too fast, but still, to see it as VRRP instead of HSRP. The question was actually for the owner of the thread.

   I'm happy to be back active on the forums, for a while now.

 

Regards,

Cristian Matei.

0 Helpful
Top