Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1066
Views
0
Helpful
6
Replies

HSRP: Does standby forward ARP request to the Active?

Go to solution
Acc94
Level 1
Level 1

‎04-03-2020 01:05 AM

Hello all!

 

I have some doubts about the way HSRP works. Regarding the topology included below (ignore the interfaces' status, it's just a topology drawing), imagine PC0 is connected to SW1 but not to SW2. SW2 is the active member of the HSRP, when the PC0 sends and ARP request for the HSRP VIP, which device will reply and which one will manage the traffic? Will SW1 just forward the ARP request to SW2? Thanks!!

 

HSRP.PNG

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎04-03-2020 05:33 AM

Hi,

 

   With HSRP, only the Active Device, which owns the VIP, will answer to ARP queries for the VIP. The ARP request for VIP sent by PC0 is a broadcast packet; when SW1 receives it, it forwards it out all ports in STP FW state for the same VLAN, and because it has an SVI in that VLAN it also processes the broadcast; the moment SW1 processes the ARP request, it sees it is for the VIP which is not owned by SW1, thus the packet is silently dropped; the ARP reply from SW2, which owns the VIP, is delivered in unicast form back to PC0.

 

Regards,

Cristian Matei.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
ngkin2010
Level 7
Level 7

‎04-03-2020 05:16 AM - edited ‎04-03-2020 05:17 AM

Hi,

The HSRP group configured on Sw1 and Sw2 should be on the same broadcast domain, such that both Sw1 and Sw2 can exchange their HSRP packet and negotiate the active / standby role.

That's mean PC0, Sw1's SVI and Sw2's SVI are within the same broadcast domain. When PC0 is broadcasting ARP request (for VIP), Sw1 and Sw2 should able receive the ARP request. The the active HSRP will response to the ARP request.

In the physical view,
PC0 <=== VLAN X ===> SW1 < === VLAN X ====> SW2

So, answering to your question: Yes, SW1 does forward ARP request to SW2. Not because of HSRP, but just because it's a broadcast frame (e.g. dst mac address: FFFF.FFFF.FFFF)

0 Helpful

Go to solution
Acc94
Level 1
Level 1
In response to ngkin2010

‎04-03-2020 05:28 AM - edited ‎04-03-2020 05:31 AM

Thank you for the answer! However, the point of my question is, even the active router replies with the virtual MAC (imagine 1111.1111.1111), once the PC sends a packet with MAC destination 1111.1111.111, packet will be received by the standby switch as it's the only possible path. 

 

Will the standby switch routes the packet as it's destination is the virtual HSRP MAC, or will be transparent and will directly be forwarded to the active one?

 

Just to clarify the packet flow:

 

PC sends a packet with the virtual MAC address as destination --> The packet is received by the standby switch as it's the only possible path --> Will the standby switch route the packet as it has the virtual MAC address even itself is the standby one?

 

Thanks!

0 Helpful

Go to solution
ngkin2010
Level 7
Level 7
In response to Acc94

‎04-03-2020 05:35 AM - edited ‎04-03-2020 05:36 AM

Hi,

 

 

PC sends a packet with the virtual MAC address as destination --> The packet is received by the standby switch as it's the only possible path --> Will the standby switch route the packet as it has the virtual MAC address even itself is the standby one?

 

 

Standby switch will not have the virtual MAC, and it will look on its MAC address table, and forward it according, just like a normal frame.

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to Acc94

‎04-03-2020 05:37 AM

Hi,

 

    Only the HSRP Active owns the VIP and the VMAC, thus for your answer, as long as SW2 is the HSRP Active with VMAC of 1111.1111.1111, only SW2 can process frames destined to the VMAC of 1111.1111.1111. So SW1 will just forward the frame with a DMAC of 1111.1111.1111, like any other frame, based on its MAC address table.

 

Regards,

Cristian Matei.

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎04-03-2020 05:33 AM

Hi,

 

   With HSRP, only the Active Device, which owns the VIP, will answer to ARP queries for the VIP. The ARP request for VIP sent by PC0 is a broadcast packet; when SW1 receives it, it forwards it out all ports in STP FW state for the same VLAN, and because it has an SVI in that VLAN it also processes the broadcast; the moment SW1 processes the ARP request, it sees it is for the VIP which is not owned by SW1, thus the packet is silently dropped; the ARP reply from SW2, which owns the VIP, is delivered in unicast form back to PC0.

 

Regards,

Cristian Matei.

0 Helpful

Go to solution
Acc94
Level 1
Level 1
In response to Cristian Matei

‎04-03-2020 06:02 AM

Thank you all for the replies, now everything is clear!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card