05-09-2020 07:31 AM
R1 is connected downstream to two distribution switches (DSW-1 and DSW-2) via /30 subnets. All three are advertising the their /30 interfaces in area 0. The distribution switches are configured with HSRP for their SVIs, advertise their SVIs in area 0, and connected to each other via a layer 2 trunk. They are also cross connected to downstream access switches using layer 2 trunks. VLANs are across the access switches.
If all the layer 2 connections from DSW-1 are lost, DSW-2 becomes HSRP active, but R1's OSPF will still show a route to DSW-1 for 10.1.10.0 and cause drops. How do I stop DSW-1 from advertising the local connected virtual interfaces into the routing table and into OSPF when its layer 2 connections are lost? Or, is the design flawed?
R1
int Gi0/0
ip address 10.0.0.1 255.255.255.252
int Gi0/1
ip address 10.0.0.5 255.255.255.252
router ospf 1
router-id 0.0.0.1
network 10.0.0.1 0.0.0.0 area 0
network 10.0.0.5 0.0.0.0 area 0
show ip route ospf
O 10.1.10.0/24 [110/2] via 10.0.0.2, 00:10:12, GigabitEthernet0/0
[110/2] via 10.0.0.6, 00:10:57, GigabitEthernet0/1
DSW-1
int Gi0/0
ip address 10.0.0.2 255.255.255.252
int vlan 10
ip address 10.1.10.1 255.255.255.0
standby 10 ip 10.1.10.254
standby 10 preempt
standby 10 priority 110
ospf router 1
router-id 0.0.0.2
network 10.0.0.2 0.0.0.0 area 0
network 10.1.10.1 0.0.0.0 area 0
show ip route
C 10.1.10.0/24 is directly connected, Vlan10
L 10.1.10.1/32 is directly connected, Vlan10
DSW-2
int Gi0/0
ip address 10.0.0.6 255.255.255.252
int vlan 10
ip address 10.1.10.2 255.255.255.0
standby 10 ip 10.1.10.254
standby 10 preempt
router ospf 1
router-id 0.0.0.3
network 10.0.0.6 0.0.0.0 area 0
network 10.1.10.2 0.0.0.0 area 0
show ip route
C 10.1.10.0/24 is directly connected, Vlan10
L 10.1.10.2/32 is directly connected, Vlan10
05-09-2020 02:24 PM
I see some design issue here if DS1 and DS2 has single Link with Trunk - you need to consider multiple Trunks between DSW1 and DSW2.
If not both DSW1 and DSW2 become HSRP Active their point of view, if the between Links fails.
Seconds R1 has no visibility of your HSRP (until you have any tracking system in place ?)
Since R1 thinks neigh is up and getting the routes and prefered here.
05-09-2020 03:24 PM - edited 05-09-2020 03:25 PM
Helo
You could use an EEM script to advertise enable for that interface as an when the HSRP transitions.
Example:
event manager applet UP
action 1.0 syslog pattern "%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Active -> Speak"
action 1.1 cli command "conf t"
action 1.2 cli command "router ospf 1"
action 1.3 cli command "network 10.1.10.2 0.0.0.0 area 0 "
action 1.4 cli command "end"
event manger applet DOWN
action 1.0 syslog pattern "%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Standby -> Active"
action 2.0 cli command "enable"
action 2.1 cli command "conf t"
action 2.2 cli command "router ospf 1"
action 2.3 cli command "no network 10.1.10.2 0.0.0.0 area 0 "
action 2.4 cli command "end
05-09-2020 07:44 PM
Hi Paul,
Using EEM is a great solution for when the standby HSRP goes active or back to standby, because the DSW-2 produces the state change syslog messages. However, I couldn't get this to work on the active HSRP DSW-1 switch. I'm guessing because it doesn't change its state and doesn't produce any syslog messages when the L2 links go down.
05-10-2020 12:14 AM
Hello
@CourtK- wrote:
If all the layer 2 connections from DSW-1 are lost, DSW-2 becomes HSRP active,
I'm guessing because it doesn't change its state and doesn't produce any syslog messages when the L2 links go down.
So just to confirm the HSRP state does change correctly but you dont receive any syslog notification on either switch?
05-10-2020 06:50 AM
Hopefully the picture can explain the network scenario better than my words.
To balaji: I added the L2 bundled trunk links into the design. The red Xs in the picture are the L2 links that go down. I do not have tracking configured, because I don't know what to track. Maybe a loop back on DSW-2 within the 10.1.10.0 subnet? Can tracking change the advertised OSPF routes on DSW-1?
To paul: The HSRP active state does not change on the higher priority distribution switch (DSW-1). Using EEM on DSW-2 to watch the speak to standby and standby to active syslog messages is working and is able to manipulate its ospf network command accordingly. However, I don't know how to get EEM on DSW-1 to do the same, because its state does not change from active.
Would Virtual Stackwise or VSS handle this scenario better than HSRP?
05-11-2020 09:18 AM
Thanks for the drawing. Here is my understanding of what is going on.
- HSRP actively sends messages between peers. If DSW1 links go down DSW2 stops receiving HSRP from its peer and transitions to active state. DSW1 does not mark vlan 10 as down and continues to have active state in HSRP. So you have 2 active devices in HSRP.
- As far as routing is concerned the network statement in OSPF says that as long as vlan 10 is in the up state it should be advertised.
So so both of your issues are related to DSW1 not considering vlan 10 to be in the down state. A switch will consider a vlan to be up if either of 2 conditions are true:
- there is at least one device connected to a port in that vlan
- the vlan is carried on a trunk
so would either of those conditions be true? Perhaps when this happens next time you could post output of these commands
show interface status
show interface trunk
05-11-2020 01:51 PM
Thanks for the information, as per your X mark the link go down, Both HSRP become Active / Active here ? since they do not see each other. due to failure of link, they are not aware each other live.
So as @Richard Burts mentioned, VLAN you refering for the OSPF interface never go down, router see as active neighbour and send the traffic, but blackhole beyond VLAN here.
There are different ways to fix and make things more complicated. that is the reason always prefer to have alternative path to minimise the links go down between DSW1 to 2
how frequently you having this issue ?
05-12-2020 02:43 PM
The original poster asks if the design is flawed. My response is that it is probably not flawed. Network Design provides for failure of a primary path by providing an alternate path. In this design there are 2 alternate paths. So I think it is a good design.
But perhaps there are implementation details that defeat the good design? Do all 3 paths go through some equipment where if one fails then all will fail? Or is there some other aspect that if one fails then the others will fail?
05-10-2020 12:34 AM
Just to Confirm " L2 links go down" which L2 Link is this, between DSW ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide