It's strange solution, but it

illay · ‎10-10-2014

Hello!

I have a problem with access to the hsrp virtual address on the router.

Detailed info:

I have 1 - core router, and 2 - routers witch connected directly to core router.

1 router connected to core router and have ospf point to point session

2 router connected to core router and have ospf point to point session

On 1 router hsrp active interface, on 2nd router hsrp passive interface.

When traffic goes to virtual hsrp ip add from the core network , they goes to the router 2, and traffic is blackholed.

When i shut down hsrp interface (stanby) on router 2 - all work's fine....

Whoo know - how to fix this situation?

Core router - cisco Nexus7000

router 1, router 2 - cisco Nexus7000 (virtual router)

.

Richard Burts · ‎10-10-2014

If two routers are connected directly to the core, and especially if they are point to point links, then I wonder how HSRP is running. Can you post the output of show standby?

HTH

Rick

HTH

Rick

illay · ‎10-10-2014

They are have a L2 connectivity between router1 and router2

router 1

Vlan222 - Group 222 (HSRP-V2) (IPv4)
Local state is Active, priority 110 (Cfged 110), may preempt
    Forwarding threshold(for vPC), lower: 1 upper: 110
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.291000 sec(s)
Virtual IP address is 10.4.52.254 (Cfged)
     Secondary Virtual IP address is 10.4.30.254
     Secondary Virtual IP address is 10.4.29.254
Active router is local
Standby router is 10.4.52.252 , priority 90 expires in 5.940000 sec(s)
Authentication MD5, key-string "AxTxBt"
Virtual mac address is 0000.0c9f.f099 (Default MAC)
2 state changes, last state change 1y38w
IP redundancy name is hsrp-Vlan222-222 (default)
Secondary VIP(s):
                  10.4.30.254
                  10.4.29.254

router 2

Vlan222 - Group 222 (HSRP-V2) (IPv4)
Local state is Standby, priority 90 (Cfged 90), may preempt
Forwarding threshold(for vPC), lower: 1 upper: 90
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.698000 sec(s)
Virtual IP address is 10.4.51.254 (Cfged)
Active router is 10.4.51.253, priority 110 expires in 1.365000 sec(s)
Standby router is local
Authentication MD5, key-string "agb0"
Virtual mac address is 0000.0c9f.f098 (Default MAC)
4 state changes, last state change 30w5d
IP redundancy name is hsrp-Vlan222-222 (default)

Richard Burts · ‎10-10-2014

Thank you for providing the additional information. It does show that HSRP does appear to be running correctly and that router 1 is the active router for HSRP. So I started thinking about why would the core send traffic to router 2 if router 1 is the active router. If the core were forwarding to the HSRP virtual address then it should have gone to router 1. Then I realize that you are running OSPF between these routers. OSPF forms its adjacency using the interface address not the virtual address. So if the core is forwarding traffic using OSPF learned routes then it would not be using the HSRP virtual address but would use the interface address and that may be why it was sending traffic to router 2.

HTH

Rick

HTH

Rick

illay · ‎10-12-2014

Hmm, looks like real situation.. 8). Is any ideas how to fix this ?

illay · ‎10-13-2014

It's strange solution, but it's work. I shutdown backup hsrp interface and clear configuration of it. And after i reconfrigure this interface like new standby interface and all start work normaly...

Thanks a lot all.

8)

OSPF HSRP traffic blackhole