cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1294
Views
0
Helpful
13
Replies

HSRP with vPC

mohankumarm
Beginner
Beginner

Hello,

Just want to check if you can use the burned-in MAC option on HSRP on VLAN interfaces in the current NX-OS version 6.x. testing shows that nothing seems to break during failover if this option is configured .

Thanks and Regards.

4 Accepted Solutions

Accepted Solutions

Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert

Hi Mohan,

This issue can only happns if you are using IPv6.

Packet Forwarding in a vPC with a HSRP V6 Group

In a vPC, packets that are forwarded through an HSRP virtual IP address (VIP) or virtual MAC address (VMAC) might fail. This situation can occur if a VLAN that is in a vPC has a HSRP V6 group and has the use-bia option enabled on an interface. Layer 3 traffic will be disrupted and packets might not reach the VIP. Removing the use-bia option from the interface in the vPC should correct this issue.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/51_nx-os_release_note.html

HTH

View solution in original post

Hi Mohan,

I would just go with traditional virtual MAC which is default and no need for an additional command. I really could not find what benefit this command provides.

Just my opinion.

HTH

Reza

View solution in original post

Hi Mohan,

With traditional, there is no need to configure any mac address at all.  It is all done for you when you create your HSRP group.  Make sure to use HSRP version 2, as it provides the benefit of having the same vlan id matching your HSRP group because ver 2 supports up to 4094 groups.  I think, ver 1 is only up to 255.

So, it is nice and convenient to have for example vlan 425 and HSRP group 425.  You couldn't do this with ver 1 since the max number of HSRP group is 255. You also want to make sure what ever device is your primary vPC to be the active HSRP and the secondary vPC to be the backup HSRP.

HTH

Reza

View solution in original post

Here is sample config of HSRP on your primary vPC

interface Vlan517

  ip address 192.xx.xx.67/27

  hsrp version 2

  hsrp 517

  hsrp version 2

  priority 110

   ip 192.xx.xx.65

  no shutdown

HTH

Reza

View solution in original post

13 Replies 13

InayathUlla Sharieff
Cisco Employee
Cisco Employee

Hi Mohan,

To configure HSRP to use the burned-in MAC address of the interface for the virtual MAC address, use the following command in interface configuration mode:

Command

Purpose

hsrp use-bia[scope interface]

Example:

switch(config-if)# hsrp use-bia

Ref;http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html

HTH

Regards

Inayath

*Plz rate all usefull posts.

Hi Inayath,

Thanks very much indeed, but is there any caveat when you use this is the question now..which according to Reza is a bug for v6 HSRP groups.

Thanks and Regards

Mohan

Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert

Hi Mohan,

I have never used the use-bia command, but Is there a reason for not using the virtual mac address?

Reza

Hi Reza,

The thought process here to use this command was because the layer 2 uplinks to the core will have two forwarding entries always in the mac table if "use-bia" is used  and also if you are using special servers like NetApp, which need mac address sourced of the Burned in address.  So just wondering if it is safe to use the floating virtual vs use-bia.

Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert

Hi Mohan,

This issue can only happns if you are using IPv6.

Packet Forwarding in a vPC with a HSRP V6 Group

In a vPC, packets that are forwarded through an HSRP virtual IP address (VIP) or virtual MAC address (VMAC) might fail. This situation can occur if a VLAN that is in a vPC has a HSRP V6 group and has the use-bia option enabled on an interface. Layer 3 traffic will be disrupted and packets might not reach the VIP. Removing the use-bia option from the interface in the vPC should correct this issue.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/51_nx-os_release_note.html

HTH

Great! so applying this command affects v6 but was going through the 6.x release notes last night and using ":use-bia" was not recommended ..cannot find that now...but may be due to the above reason...

But which is better to use then?

Thanks and Regards,

Mohan

Hi Mohan,

I would just go with traditional virtual MAC which is default and no need for an additional command. I really could not find what benefit this command provides.

Just my opinion.

HTH

Reza

Hi Reza,

With the traditional one, is it required to hard code mac's on both primary and secondary or is it just dont anything and the defaults will take care of itself..for Virtual MAC i mean.

Hi Mohan,

With traditional, there is no need to configure any mac address at all.  It is all done for you when you create your HSRP group.  Make sure to use HSRP version 2, as it provides the benefit of having the same vlan id matching your HSRP group because ver 2 supports up to 4094 groups.  I think, ver 1 is only up to 255.

So, it is nice and convenient to have for example vlan 425 and HSRP group 425.  You couldn't do this with ver 1 since the max number of HSRP group is 255. You also want to make sure what ever device is your primary vPC to be the active HSRP and the secondary vPC to be the backup HSRP.

HTH

Reza

Hi Reza,

All done, we have everything configured as above, v2 groups, priorities for active etc, but we had the additional "use-bia" which we will remove to go traditional.

Thanks very much again..

Best Regards,

Mohan

Here is sample config of HSRP on your primary vPC

interface Vlan517

  ip address 192.xx.xx.67/27

  hsrp version 2

  hsrp 517

  hsrp version 2

  priority 110

   ip 192.xx.xx.65

  no shutdown

HTH

Reza

Thanks a tonne mate. we are using v2 as well which makes it easy to match those vlan interfaces with the group numbers..thanks a lot again.

Best Regards,

Mohan

Glad to help Mohan.

Good luck and thanks for the ratings

Reza

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers