Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6746
Views
0
Helpful
15
Replies

HSRP active and passive

Go to solution
Horacio Gutierrez
Level 2
Level 2

‎07-22-2011 07:51 PM - edited ‎03-07-2019 01:22 AM

Hello,

If two 6509 swiches have HSRP configure can I plug servers to both 6509 switches the active switch and passive switch and will both be able to route packets.  Also if I can plug servers to the active and passive 6509 switches if the active switch goes down will the servers plugged into to that active switch will it have the Packets routed through the passive switch.  What is really the concept behind HSRP as active and passive in regards to devices plugged into the 6509 switches?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-24-2011 03:38 AM

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

If two 6509 swiches have HSRP configure can I plug servers to both 6509  switches the active switch and passive switch and will both be able to  route packets.

Yes they can, assuming there's a L2 connection between them.  (NB: you do need to be careful though you don't create unicast flooding.)

Also if I can plug servers to the active and passive  6509 switches if the active switch goes down will the servers plugged  into to that active switch will it have the Packets routed through the  passive switch. 

No. If the active switch fails, all its connected servers will also fail.  The servers connected to the passive, which should now assume the role of active, will continue to work.

What is really the concept behind HSRP as active and  passive in regards to devices plugged into the 6509 switches?

None if the devices are single homed servers.  However, if the device is another switch, which has connections to both 6500s and the servers are connected to it you're protected from the loss of one 6500.

The concept is, hosts are not bound to a physical gateway address, i.e. one physical interface on one device.  They are bound to a virtual gateway address.  The means hosts should not lose access to the network as they might if their physical gateway fails.

Can you guys give me an example where the 6509 active switch would turn  to passive. 

If another device comes on-line that's configured with both a higher priority and preempt, it will become the active gateway forcing the prior active to become passive.

If the active switch dies can HSRP still work?

Yes, if you mean the active gateway's hardware fails.  Again, whether this is useful for connected host devices, e.g. servers, depends on other physical redundancy.

PS:

As noted above, the primary purpose of HSRP, or other FHRPs (http://www.cisco.com/en/US/products/ps6644/products_ios_protocol_option_home.html), is to avoid binding a host's gateway setting to a physical interface.  However, HSRP can also be used for link and device static load balancing and can also be used for optimal gateway usage if a backend link fails.

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Horacio Gutierrez

‎07-24-2011 10:05 AM

No, if the access switch is only connected to one distribution switch and the port that the access switch is connected to goes down, and there are no other ports from that access switch to the distro switch then the access switch cannot send packets to the other distro switch.

Jon

View solution in original post

0 Helpful
15 Replies 15

Go to solution
Eduardo Aliaga
Level 4
Level 4

‎07-22-2011 10:56 PM

There are two 6509 switches. Each one has its own IP address. Let's call it "real" IPs. Besides those 2 real IPs, there's a third IP which is a "virtual" IP.

The HSRP active will always get the virtual IP.

HSRP active and HSRP standby should have connectivity, that way if the HSRP active is down, HSRP standby would assume the "active" role and also assume the virtual IP. That way the virtual IP is always up.

The PCs and servers only see and care about the virtual IP, they don't care about the real IPs.

0 Helpful

Go to solution
Sakun Sharma
Level 1
Level 1

‎07-22-2011 11:11 PM

In case of HSRP, you machines does need to take care about which device is active or passive.

In HSRP there is an virtual IP address configured in addition to those configured on Interfaces, on machine you put this IP address as Gateway address.

At backend which ever switch is active, it will forward packet, all you need to take care about is that your machine should be able to switch your gateway packet up to that switch.

If you plug your server at switch which is currently active and later become passive, you does not need to plug another cable in current active switch. Only both switches should be interconnected so that packet can reach that switch, HSRP will internally handle request forwarding to HRSP Active Switch.

0 Helpful

Go to solution
Horacio Gutierrez
Level 2
Level 2
In response to Sakun Sharma

‎07-23-2011 07:30 AM

Thanks

0 Helpful

Go to solution
Horacio Gutierrez
Level 2
Level 2
In response to Horacio Gutierrez

‎07-23-2011 07:37 AM

Can you guys give me an example where the 6509 active switch would turn to passive.  If the active switch dies can HSRP still work?

0 Helpful

Go to solution
Sakun Sharma
Level 1
Level 1
In response to Horacio Gutierrez

‎07-23-2011 10:02 AM

Example Network:

HSRP works on interface basis, if interface attached to router / gateway goes down, HSRP for that L3 switch will become passive and other L3 switch having path to gateway is become active.

In above case Switch 0 is Active for HSRP and Switch 1 is standby for HSRP and Server 0 is attached to Switch 0 and trunking is set between two switches.

Now if HRSP interface of Switch 0 goes down then HRSP for Switch 0 will become passive and HSRP for Switch 1 will become Active, and all the communication from Server 0 will resume without making any change in Server 0 configuration via Switch 1.

There are standard timers to detect Active router failture, after which standby router takes Active routers place.

--

Regards

Sakun Sharma

0 Helpful

Go to solution
Amit Aneja
Level 3
Level 3

‎07-23-2011 10:30 AM

The two HSRP devices will exchange hello packets (default interval 3 sec) & if one devices does not hear hellos from the other device for 10 secs, it declares itself as active. Hello packet will have the priority, so that the devices can decide which will be active or standby.

Now, let me go back to your question i.e. what would happen to the devices that are connected to a switch (active/standby) that goes down??

The answer is that the devices connected to that switch will be down. The objective of HSRP is to provide gateway redundancy.

Consider two distribution switches (.2 &.3)& lot of access switches connected to both of them. Servers are connected to access switches not distribution switches which are doing HSRP.

Let's consider that the gateway configured on all of servers is .2 & that switch goes down, so you would have to change the gateway on all your servers to .3. That's a lot of work.

What HSRP does is that if .2 is down .3 will take over. This is done by using a Virtual IP that stays with the Active HSRP device, if it goes down, the standby device will take that address. Virtual IP will be configured as gateway on your servers.

Detailed explaination of HSRP at following link:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml

HTH

Amit

0 Helpful

Go to solution
Horacio Gutierrez
Level 2
Level 2
In response to Amit Aneja

‎07-23-2011 01:48 PM

What if the trunking between the two 6509 switches goes down, does that mean the servers dont have any connectivity

would VSS be a better protocol to use than HSRP.  Also will HSRP work if I have access switch connected to port 1 on switch 1 and a different access switch connected to port 1 on switch 2 or I can have nothing connected to port 1 on switch 2 for HSRP to work?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Horacio Gutierrez

‎07-23-2011 01:55 PM

If the trunk link between the 2 switches running HSRP goes down and there is no other L2 path between the switches then both switches become active and answer requests for the VIP because they each think the other is down. You don't want this to happen hence the reason the trunk between switches doing inter-vlan routing and running HSRP should be made up of multiple physical links.

VSS is not really comparable to HSRP. HSRP is a protocol that runs on all L3 switches and routers. VSS is very specific and only runs on the 6500 switches. 6500 switches are expensive and are often not needed in small to medium sized networks. You would not pick the 6500 switches simply because you didn't want to run HSRP.

HSRP doesn't care what it connected to the switches. As long as there is a L2 path between the switches it doesn't matter what it connected to the switches, HSRP will still run.

Jon

0 Helpful

Go to solution
Amit Aneja
Level 3
Level 3
In response to Horacio Gutierrez

‎07-23-2011 03:36 PM

Horacio,

If the trunk is down & the switches have no L2 path to communicate, then both the switches will report Active. That's the situation you would definately want to avoid.

In the scenario that you have mentioned, i.e. when one access switch is connected to one dist router only, it won't be able to go out when that dist. layer switch is down. This is single point of failure.

What's really recommended is that the access switches have redundant connections to distribution layer switches that are running HSRP. So, just in case one HSRP router is down, the access switches can go out using the other HSRP router/switch.

VSS is a different breed altogether, works only with 6500 as mentioned by Jon in the previous reply.

HTH,

Amit Aneja

0 Helpful

Go to solution
Sakun Sharma
Level 1
Level 1
In response to Horacio Gutierrez

‎07-23-2011 09:52 PM

Hello Horacio Gutierrez,

As in above example we have seen, that when link between Switch 0 and Router 0 fails, the Switch 1 take the active role of HSRP and start forwarding messages from Server 0. All what is needed for server is that it has L2 connectivity upto Switch 1 which in that case is provided by Trunk Link.

Now as per your question there can be two scenarios:

  1. If Link on Switch 0 to Router also fails and trunking also fails.
  2. If just trunking fails.

In case 1:

If both of the links fail, then Server 0 will not be able to reach Switch 1 (as Switch 1 will be active because link on Switch 0 is down) and Server 0 will be unable to reach gateway.

In case 2:

It will act as mentioned by John and Amit above that both will assume active state, but as Server 0 is attached to Switch 0 and has no connectivity with Switch 1, Server 0 gateway packets will be forwarded by Switch 0.

Generally trunking links are made up of multiple physical links using bundling them into single virtual link using EtherChannel or Port Aggregation, so if any single physical interface fails, then also trunking link does not goes down, as there are other multiple links in that bundle.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-24-2011 03:38 AM

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

If two 6509 swiches have HSRP configure can I plug servers to both 6509  switches the active switch and passive switch and will both be able to  route packets.

Yes they can, assuming there's a L2 connection between them.  (NB: you do need to be careful though you don't create unicast flooding.)

Also if I can plug servers to the active and passive  6509 switches if the active switch goes down will the servers plugged  into to that active switch will it have the Packets routed through the  passive switch. 

No. If the active switch fails, all its connected servers will also fail.  The servers connected to the passive, which should now assume the role of active, will continue to work.

What is really the concept behind HSRP as active and  passive in regards to devices plugged into the 6509 switches?

None if the devices are single homed servers.  However, if the device is another switch, which has connections to both 6500s and the servers are connected to it you're protected from the loss of one 6500.

The concept is, hosts are not bound to a physical gateway address, i.e. one physical interface on one device.  They are bound to a virtual gateway address.  The means hosts should not lose access to the network as they might if their physical gateway fails.

Can you guys give me an example where the 6509 active switch would turn  to passive. 

If another device comes on-line that's configured with both a higher priority and preempt, it will become the active gateway forcing the prior active to become passive.

If the active switch dies can HSRP still work?

Yes, if you mean the active gateway's hardware fails.  Again, whether this is useful for connected host devices, e.g. servers, depends on other physical redundancy.

PS:

As noted above, the primary purpose of HSRP, or other FHRPs (http://www.cisco.com/en/US/products/ps6644/products_ios_protocol_option_home.html), is to avoid binding a host's gateway setting to a physical interface.  However, HSRP can also be used for link and device static load balancing and can also be used for optimal gateway usage if a backend link fails.

0 Helpful

Go to solution
Horacio Gutierrez
Level 2
Level 2
In response to Joseph W. Doherty

‎07-24-2011 08:32 AM

So let me see if I gets this right, because there are alot of variables involved with HSRP.  Please let me know for each scenario mention below if its correct or wrong.

Thank You.

1.If the the access switch that is connected to the active switch, and the active switch goes down then your completetly screwed because there is no trunk connectivity between the two distribution switches so the servers connected to that access switch wont have connectivity.

2. If the trunks connection between the two switches goes down then the access switch connected to any distribution switch will not be able to foward packets.

3. If the port on the distribution switch goes down then that access swich connected to that down port will still have connectivity because it will use the other passive distrubition switch to foward the packets.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Horacio Gutierrez

‎07-24-2011 08:48 AM

1) No this is incorrect. You would connect the access switch to both distro switches so if the active switch went down you would still have a connection. If the active switch goes down it has nothing to do with whether or not there is a trunk link. If the active switch fails and the access switch only connects to the active switch then you have lost connectivity but not because of a trunk link or not between the distro switches.

2) Again not correct. If the trunk link goes down both distro switches become active in HSRP terms. This would not stop the access switch forwarding packets but it is something you need to sort out as both distro switches are forwarding.

Note if the access-layer switch is connected to both distro switches and the trunk link between the distro switches fails then HSRP messages may well be able to go between the distro switches via the access switch links.

3) if the access switch is dual connected to both switches then yes traffic can go to the HSRP standby switch and then across the trunk link to the HSRP active switch.

This is why you generally interconnect switches with etherchannels ie. multiple physical links so you you can lose on link without losing connectivity.

Jon

0 Helpful

Go to solution
Horacio Gutierrez
Level 2
Level 2
In response to Jon Marshall

‎07-24-2011 08:59 AM

Hello Jon,

For scenario 3, if the access switch is only connected to one distribution switch and the port goes down can  the access switch connected to that port down still find a way to foward packets accross the other distribution switch?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card