Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1312
Views
0
Helpful
6
Replies

HSRP causing switch CAM entries to expire

harman121
Level 1
Level 1

‎08-05-2015 11:12 AM - edited ‎03-08-2019 01:14 AM

I have host which is connected to a switch. I need to establish a communication with a server which is not in my network. So I am using two routers(gateways) ,configured with HSRP, between my host and the server.

When I send a ARP request for the MAC address of the server, I receive HSRP virtual MAC as an ARP response. Hence HSRP virtual MAC is resolved for an IP of the server in the ARP table and also this HSRP virtual MAC gets added to the switch CAM table. 

I start sending packets to the server (HSRP MAC as the destination MAC) and I am receiving the response from the server. But on analyzing the response from the server, I found out that the packet has source MAC as that of one of the physical router's (gateway's) MAC address but not the HSRP virtual MAC. I was expecting that the packet I received will have the source MAC as HSRP MAC, since I was sending all the packet to HSRP MAC.

Since packets are received with physical router's MAC and no packet is received with HSRP virtual MAC as source MAC after the initial ARP response, hence once the switch's CAM aging interval is expired, switch's CAM table entry corresponding to HSRP MAC is removed. Therefore all the packets designed to HSRP MAC are now getting broadcasted by the switch. Which is causing a huge increase in my network traffic.

So are the routers configured correctly with HSRP? Is it the right behavior that in case of HSRP, host will send packet to HSRP MAC but will receive the packet from physical router MAC? Is there any way to configure routers so that packets are received with HSRP virtual MAC.

Labels:
0 Helpful
6 Replies 6

Peter Paluch
Cisco Employee
Cisco Employee

‎08-05-2015 05:06 PM

Hello,

You have presented a very good analysis of HSRP. You are correct that even though packets going through the default gateway will be encapsulated into frames destined to the virtual HSRP MAC address, the responses will be forwarded back to the host using the real MAC address of the router's NIC as their source. This is normal and expected.

However, the HSRP Active router should be sending its Hello packets sourced from the virtual HSRP MAC address. Therefore, switches should never age out this MAC address because a frame from that address is received every 10 seconds by default.

If you suspect that a flooding in your network is caused by the virtual HSRP MAC address expiring from your switches, please try to capture Hello packets from the Active router and double-check their source MAC address. If it is set to the virtual MAC address of an HSRP group then the flooding is probably caused by something else (in any case, you should verify the presence of the virtual MAC address in switches' CAMs).

Are you perhaps running HSRP follow group feature?

Best regards,
Peter

0 Helpful

harman121
Level 1
Level 1
In response to Peter Paluch

‎08-05-2015 07:32 PM

Thanks peter for your response.

So do you mean that these hello packets are sent to switch also,with source MAC as HSRP MAC. I thought hello packets are just exchanged between  the two routers. Is my understanding correct? What will be the destination MAC for these hello packets?

 

0 Helpful

Umesh Shetty
Level 1
Level 1
In response to harman121

‎08-05-2015 09:16 PM

Hi ,

The hsrp help packets are sent out to the multicast IP address 224.0.0.2 (reserved for all routers in a subnet) and the multicast mac 0100.5e00.0002. This multicast packet is sent out all interfaces within this vlan and any router interface which is connected in the broadcast domain and is configured for HSRP will listen and participate in this HSRP process. As a result of this flooding all L2 switches are aware of the source mac of this frame and always have their mac table updated. Peter correct me here if I am wrong !

 

Regards

Umesh 

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Umesh Shetty

‎08-06-2015 12:50 AM

Umesh,

You are perfectly correct. The Hellos from Active router are sourced from the virtual HSRP MAC and destined to a multicast MAC address, causing them to be effectively flooded in the whole (V)LAN, thereby allowing each switch to learn the location of the Active router.

Best regards,
Peter

0 Helpful

harman121
Level 1
Level 1
In response to Peter Paluch

‎08-06-2015 09:03 AM

Thanks Peter, Umesh for your support. Information provided by you is very useful.

0 Helpful

Steve Fuller
Level 9
Level 9
In response to harman121

‎08-06-2015 09:37 AM

Hi,

Just to add to what Peter and Umesh have already provided, if you're seeing flooding in your LAN is it definitely traffic destined to the HSRP MAC address that is being flooded or is it traffic destined to the servers MAC address?

In an environment such as you describe you might see unicast flooding of the return traffic. Take a read of Asymmetric Routing and Unicast Flooding and check whether this matches your topology and the behaviour you're seeing.

As described in the document, for this scenario "the recommended work-around is to tune the ARP timer to be equal to or less than the CAM aging timer".

Regards

0 Helpful
Customers Also Viewed These Support Documents