Re: configuring hsrp on cisco N7k with HP tor switch

sunny jarwal · ‎03-16-2018

this is the scenario where i want to configure HSRP between both the nexus

1) both the ips 172.15.15.252 & 172.15.15.253 are configured on nexus as interface vlan 15 and 172.15.15.1 is virtual ip for hsrp.

2) both the nexus is connected via peer link which is trunk link.

3) there is also trunk link between nexus and hp tor switch.

4) both the tor having default route towards nexus hsrp ip (172.15.15.1).

5) whole server environment is behind tor and whole user environment is behind nexus.

so will it be ok to run hsrp in above mentioned scenario for redundancy??

what can be the challenges???

is there can be situation where both nexus stuck in active-active this can affect whole flow from server to user.

so please suggest the best configuration for the above.

Thanks

EduardR · ‎03-20-2018

Hi,

Just a question, are you using your N7k in vPC mode against the HP? or are they just 2 stand alone routers with L3 links?

By the way, you just need to configure the HSRP with the proper preempt and priorities and you will be OK, there is a cisco entry about that: Nexus 7000 Series Switches Using HSRP Configuration Example

sunny jarwal · ‎03-20-2018

Hii, Both the nexus are connected via VPC. Nexus is simply connected with HP switch via trunk link. VPC is only running between both the nexus.

Reza Sharifi · ‎03-20-2018

Running HSRP should not be an issue. I recommend running HSRP version 2 and matching your vlan ids with HSRP instances. For example vlan 300 with HSRP 300, vlan 325 and HSRP 325 and so on...

This makes management of vlan and HSRP so much simpler because if you remember the vlan id you know the HSRP instance. Make one side active by assigning it higher priority and preemption and the other side (stand-by) default and no preemption.

HTH

sunny jarwal · ‎03-20-2018

Hi Reza, This is what i have found to do and implementing the same, and one another thing which i would like to know that as HP switch is connected via both the nexus and all the links are trunk link so here stp will be taking place to avoid the L2 loops as both nexus are also connected via VPC trunk link. and in this case port of HP tor switch must be blocked..?? because any of the port connecting both the nexus must not block as it is the only link by which they are updating the HSRP states. so please correct me if i am wrong for above mentioned observation. Thanks

Reza Sharifi · ‎03-20-2018

Hi,

Yes, that is correct. vPC peer link should not be blocking as if you do, it will break all HSRP instances.

I am not familiar with HP at all but I think if you make the Nexus switches as primary root and backup root and make sure the HP switches can see the Nexus as root and backup, it should all work fine. Also, maybe you can aggregate the links from HP to Nexus by putting them in Portchannels. HP should support LACP and mode "on" but again I have never used them and so can't be sure.

HTH

Reza Sharifi · ‎03-20-2018

BTW, make sure your root switch matches with HSRP active and the backup root with HSRP stand-by.

Also, make the same root switch primary for vPC.

HTH

EduardR · ‎03-20-2018

We got many CISCO-HP LACP configurations on place that are working OK, i think the best approach is connecting the HP with vPC with both the Nexus, it that configuration the HSRP and other features must not be a problem.

sunny jarwal · ‎03-20-2018

Hii,

But as there is only one link from each hp switch coming to nexus so there is no much sense of using port channel unless there is more than one link between same source and destination.

but one key point need to be take care is that HP switch is connected via both the nexus and all the links are trunk link so here stp will be taking place to avoid the L2 loops as both nexus are also connected via VPC trunk link. and in this case port of HP tor switch must be blocked..?? because any of the port connecting both the nexus must not block as it is the only link by which they are updating the HSRP states.

so please correct me if i am wrong for above mentioned observation.

Thanks

sunny jarwal · ‎03-20-2018

hiii,

But as there is only one link from each hp switch coming to nexus so there is no much sense of using port-channel unless there is more than one line although i can check with the configuration as mentioned and to make it sure that no any port of nexus should be in blocking state though at the same time one port from hp switch can be in blocking mode to avoid L2 loops.