HSRP on nexus 5000

Maarten Vervoorn · ‎03-26-2012

Is the routing module needed for HSRP to operate?

I do not have such module but I was able to configure the feature but it seems they do not communicate both 5Ks remain active and the virtual IP is not reachable.

The VLAN is allowed over the vPC pee-link

Here's my config

N5K-SW1# sh runn int vlan 999

!Command: show running-config interface Vlan999
!Time: Wed Jan 7 03:39:42 2009

version 5.1(3)N1(1)

interface Vlan999
no shutdown
ip address 10.71.234.252/24
hsrp 1
ip 10.71.234.254

N5K-SW1# sh int vlan 999
Vlan999 is up, line protocol is up
Hardware is EtherSVI, address is 547f.ee60.1281
Internet Address is 10.71.234.252/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec

N5K-SW1# sh hsrp interface vlan 999
Vlan999 - Group 1 (HSRP-V1) (IPv4)
Local state is Active, priority 100 (Cfged 100)
Forwarding threshold(for vPC), lower: 1 upper: 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.836000 sec(s)
Virtual IP address is 10.71.234.254 (Cfged)
Active router is local
Standby router is unknown
Authentication text "cisco"
Virtual mac address is 0000.0c07.ac01 (Default MAC)
2 state changes, last state change 00:00:29
IP redundancy name is hsrp-Vlan999-1 (default)

N5K-SW1# ping 10.71.234.253
PING 10.71.234.253 (10.71.234.253): 56 data bytes
64 bytes from 10.71.234.253: icmp_seq=0 ttl=254 time=3.262 ms
64 bytes from 10.71.234.253: icmp_seq=1 ttl=254 time=4.868 ms
64 bytes from 10.71.234.253: icmp_seq=2 ttl=254 time=4.975 ms
64 bytes from 10.71.234.253: icmp_seq=3 ttl=254 time=2.969 ms
64 bytes from 10.71.234.253: icmp_seq=4 ttl=254 time=2.975 ms

========================================================

N5K-SW2# sh runn int vlan 999

!Command: show running-config interface Vlan999
!Time: Wed Mar 18 15:06:48 2009

version 5.1(3)N1(1)

interface Vlan999
no shutdown
ip address 10.71.234.253/24
hsrp 1
ip 10.71.234.254

N5K-SW2# sh int vlan 999
Vlan999 is up, line protocol is up
Hardware is EtherSVI, address is 547f.ee60.11c1
Internet Address is 10.71.234.253/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec

N5K-SW2# sh hsrp interface vlan 999
Vlan999 - Group 1 (HSRP-V1) (IPv4)
Local state is Active, priority 100 (Cfged 100)
Forwarding threshold(for vPC), lower: 1 upper: 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.450000 sec(s)
Virtual IP address is 10.71.234.254 (Cfged)
Active router is local
Standby router is unknown
Authentication text "cisco"
Virtual mac address is 0000.0c07.ac01 (Default MAC)
2 state changes, last state change 00:23:13
IP redundancy name is hsrp-Vlan999-1 (default)

N5K-SW2# ping 10.71.234.252
PING 10.71.234.252 (10.71.234.252): 56 data bytes
64 bytes from 10.71.234.252: icmp_seq=0 ttl=254 time=3.05 ms
64 bytes from 10.71.234.252: icmp_seq=1 ttl=254 time=3.453 ms
64 bytes from 10.71.234.252: icmp_seq=2 ttl=254 time=3.515 ms
64 bytes from 10.71.234.252: icmp_seq=3 ttl=254 time=2.987 ms
64 bytes from 10.71.234.252: icmp_seq=4 ttl=254 time=2.99 ms

--- 10.71.234.252 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 2.987/3.199/3.515 ms

Chad Peterson · ‎03-26-2012

Hi Maarten,

For HSRP or any L3 protocol to run you will need the L3 daughter card. The software is still there in NX-OS so it itself is not depending on it. You'll see similar issue if you were to run EIGRP or some other routing protocol.

I'd think an enhancment could be added that would allow you to configure this (say for prep for your l3 card) but alert you that it won't be functional.

If you have further questions about this, we can continue here. Also note you can open a case with the PDI Datacenter help desk here:

www.cisco.com/go/pdihelpdesk

Hope that helps

Chad

liudongliang1996 · ‎07-13-2012

HI,Chad,I have an issue similar with Maarten's.Though I have a l3 routing card of 160G/S,I failed to make the HSRP successful.they do not communicate with each other for HSRP.Each thinks itself active and the virtual IP is not reachable.

Here is my config

version 5.1(3)N1(1a)

vrf context management

ip route 0.0.0.0/0 192.168.150.2

vpc domain 1

peer-keepalive destination 192.168.150.2

peer-config-check-bypass

delay restore 5

peer-gateway

auto-recovery

ip arp synchronize

interface Vlan11

no shutdown

no ip redirects

ip address 10.113.7.252/24

hsrp 11

preempt

priority 110

ip 10.113.7.254

interface mgmt0

ip address 192.168.150.1/30

interface port-channel20

switchport mode trunk

spanning-tree port type network

speed 10000

vpc peer-link

I can not find what 's wrong with the configration,but the result is.......

N5K-core-1# sh hsrp group 11

Vlan11 - Group 11 (HSRP-V1) (IPv4)

Local state is Active, priority 110 (Cfged 110), may preempt

Forwarding threshold(for vPC), lower: 1 upper: 110

Hellotime 3 sec, holdtime 10 sec

Next hello sent in 0.373000 sec(s)

Virtual IP address is 10.113.7.254 (Cfged)

Active router is local

Standby router is unknown

Authentication text "cisco"

Virtual mac address is 0000.0c07.ac0b (Default MAC)

2 state changes, last state change 00:33:03

IP redundancy name is hsrp-Vlan11-11 (default)

I think I would be crazy,my god.

Devavrat Oka · ‎08-26-2013

Maarten, even though you see HSRP related configs on NX-OS, it is not available without an L3 daughter card and license on the 5K.

It is similar to seeing feature glbp on the 5K, but glbp not being available on the 5K. When NX-OS was written, it wasn't segregated keeping in mind 5K vs 7K unlike the IOS for say a 3750 switch vs a 3925 router.