Solved: HSRP - Relevance of Group - Best Practice ?

Anup Sasikumar · ‎05-21-2013

Hi all ,

1 ) What is exactly the relavance of HSRP group ?

2) What is exactly the best practise when configuring HSRP groups - Each group for each vlan or Same group for all VLANs ?

Regards,
Anup

siddhartham · ‎05-21-2013

1 ) What is exactly the relavance of HSRP group ?

Routers that provide redundancy for a given gateway address are assigned to a common HSRP group-

So you can create a single group with 10 Routers for one VLAN interface- one router becomes Active, otherone becomes standby and rest stay in listen state

Or you can create multiple groups for the same VLAN interface and use the groups for load balancing traffic across uplinks

2) What is exactly the best practise when configuring HSRP groups - Each group for each vlan or Same group for all VLANs ?

HSRP groups are locally significant, so you can use the same group number for all the VLAN interfaces but if you have a bigger switch that supports more than 16 group number then its better to match the group number with VLAN number for simplicity and for troubleshooting purposes.

Siddhartha

View solution in original post

Sandeep Choudhary · ‎05-21-2013

Hi Anup,

I dont know, it is the right answer for u or not:

HSRP groups

When using the standby command to setup HSRP, one optional parameter is to use a group number. When I configure it, I typically always use one, even though I never really had a good reason to do it.

One thing to keep in mind is dealing with the virtual MAC address HSRP uses. By default, this MAC address is 0000.0c07.ac00, if no group number is specified. If a group number is used, it is added to the last word. For example, group three becomes 0000.0c07.ac03.

In general, you will usually only use one HSRP group per vlan, so this isn't a problem. But if you have another device spanning multiple vlans that needs to talk to multiple HSRP speakers simultaneously, this can create MAC address conflicts if the same HSRP groups are used.

it’s a good idea to use different numbers if you have a more complex topology with multiple VLANs. There can be only one Active and one Standby router per HSRP group. The Standby router will only step in if the Active fails.

Hope it helps.

Regards

milan.kulik · ‎05-21-2013

Hi,

in the past the IOS even did not allow to use the same HSRP group within different VLANs on the same device.

It's allowed nowadays, but don't forget there might be other devices running HSRP managed by somebody else within the LAN.

If you leave your devices to run HSRP in the default group, they might interact with the other devices.

So IMHO, the best practice is to use non-default HSRP groups.

And secure your HSRP using an authentication (MD5 or text password at least) if supported by your IOS.

Regards,

Milan

Anup Sasikumar · ‎05-21-2013

Thank you Sandeep and Milan for your valuable feedbacks !

Actually I started looking into the relavance of HSRP Group numbers and it 's effect on the nodes when I started getting lot of alerts like these

04214: .May 20 06:31:01.460: %STANDBY-3-DUPADDR: Duplicate address 172.19.17.10 on Vlan713, sourced by 0000.0c07.ac1b

According to Cisco documentation ( http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml#t20)

this can happen if there is

Momentary STP loops

EtherChannel configuration issues or

Duplicated frames

So when I checked the HSRP configurations , different group numbers were used for each VLAN in the infrastructure.

Regards,
Anup

siddhartham · ‎05-21-2013

1 ) What is exactly the relavance of HSRP group ?

Routers that provide redundancy for a given gateway address are assigned to a common HSRP group-

So you can create a single group with 10 Routers for one VLAN interface- one router becomes Active, otherone becomes standby and rest stay in listen state

Or you can create multiple groups for the same VLAN interface and use the groups for load balancing traffic across uplinks

2) What is exactly the best practise when configuring HSRP groups - Each group for each vlan or Same group for all VLANs ?

HSRP groups are locally significant, so you can use the same group number for all the VLAN interfaces but if you have a bigger switch that supports more than 16 group number then its better to match the group number with VLAN number for simplicity and for troubleshooting purposes.

Siddhartha

Anup Sasikumar · ‎05-21-2013

Thanks for the information , Siddhartha !

I never knew you I could use more than two routers when configuring HSRP !

So I can use different group numbers for the same VLAN interface as well ? Wouldn't that cause the single Standby IP to have different MAC addresses ?

Regards,
Anup

siddhartham · ‎05-21-2013

So I can use different group numbers for the same VLAN interface as well ? Wouldn't that cause the single Standby IP to have different MAC addresses ?

you are right if you use the same standby IP for both groups.

But you will use different standby and different VIP if you define multiple groups for the same VLAN- this for loadbalancing host across multiple uplinks- some of the hosts will have Group1's VIP and other hosts will have Group2's VIP as their DG

Siddhartha

aceandy79 · ‎05-04-2017

The notion of matching group numbers with the VLAN ID is fine until you want to dual-stack your network. You can't use IPv4 and IPv6 addresses in the same HSRP group, so you are probably forced to use common group numbers, covering multiple VLANs, exclusively for IPv6.

This is a rather unpleasant surprise to people who have made a nice, neat HSRP configuration where everything matches, and then start looking at v6 deployment.