HSRP ... Many SVIs

Sherif Atef Ahmed Ismail · ‎07-27-2013

Dears

Would like your assistance please regarding below

I have two 7600 routers connected together via L2 trunk. Several devices are connected to both routers and their GW are the HSRP VIP configured under SVI interface for the VLAN corresponding to this device

--- R1

Server (vlan 10) --- |

--- R2

Below is a config needed for each VLAN. Problem that we have over 400 servers/VLANs so this meams below config would be repeated 400 times.

I am afraid with below configured small HSRP hello timers, this may cause high CPU utilization

interface vlan10

description --->> device-1

ip address 10.0.0.1 255.255.255.248

standby version 2

standby 10 ip 10.0.0.3

standby 10 timers msec 300 1

standby 10 priority 120

standby 10 preempt delay minimum 100

standby 10 track <uplink-interface-PE>

no ip redirects

no ip proxy-arp

interface vlan10

description --->> device-1

ip address 10.0.0.2 255.255.255.248

standby version 2

standby 10 ip 10.0.0.3

standby 10 timers msec 300 1

standby 10 preempt delay minimum 100

no ip redirects

no ip proxy-arp

Now my question .. Since HSRP on all SVIs follow same behavior, is there a way where I can configure one HSRP to be master and all other HSRP configured under other SVIs follow this master HSRP. If this is possible then only one interface will run the HSRP timers accordingly CPU utilization will greatly reduce

I found a similar feature but for severl HSRP groups configuerd under same interface however here I want HSRP configured under different SVI inerfaces to follow one HSRP under certain interface

Is this possible ?

Thanks

Regards

Sherif Ismail

Reza Sharifi · ‎07-27-2013

Hi,

Why do you think the CPU utilization will be high with 400 HSRP groups?

If you want to have fewer HSRP groups, you can simply make your subnets larger.

BTW, if you want to have 400 HSRP groups, you need to run HSRP version 2, as version 1 supports only 255 groups.

HTH

pille1234 · ‎07-28-2013

Hi,

actually 400 SVIs is not that much for a datacenter environment and the 7600 should be more than capable.

What I'd be more concerned about are subsecond timers. I've seen some unexpected behaviour taking place with subsecond HSRP, adding additional confusion to an already tight situation. Just imagine all the log messages when all groups fail over just because the router cpu spikes, while gateway functionality was actually never at risk.

If you really need subsecond timers you might want to look at BFD and how it interoperates with HSRP. BFD offloads the hello-processing to the line cards and onyl 1 BFD neighbor adjacency is formed for all SVIs.

Regards

Pille

Sherif Atef Ahmed Ismail · ‎07-28-2013

Thanks Reza/Pille for your reply

@ Pille

Offloading HSRP from RSP720 to line card will be a good idea cause this means it will be H/W processed , correct ?

However as I remember I have tried BFD before and found a neighbor formed for every SVI interface ... Mabybe I need to test it again to confirm

Thanks

Regards

Sherif Ismail

pille1234 · ‎07-28-2013

Sherif,

the HSRP timer handling remains on the RSP720, however with BFD enabled you may use more relaxed HSRP hello intervals because the subsecond failure detection is done by BFD protocol and yes, offloading this to distributed line cards is a good thing and relieves the route processor.

In regards to neighbor adjacencies, I admit my memory turned a bit blurry, so you might be right after all.

Regards

Pille

Joseph W. Doherty · ‎07-28-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

That sounds correct. The advantage of BFD is reduced overall overhead.

Assuming you wanted to manually have primary gateway on different devices, you'll need to have neighbors on each SVI.

I think what the original poster is you're hoping for is a MST equivalent for the FHRP.