Solved: Re: Proper Configuration of Nexus 7000 HSRP Priority?

coolbreeze · ‎06-01-2021

Hello!

I have two Nexus 7Ks running version 6.2(12).

The environment is brownfield, and I am confused what's the "correct" or typical way to configure priority for HSRP on vPC peers. Does the command for priority need to match between the HSRP group members, or are they supposed to be different? Or is it admin preference based on the desired behavior?

Two examples below, wondering if one is better than the other - assuming 7K#1 should be active router:

EXAMPLE 1 (with brevity) - HSRP priority configuration matching:

hostname 7K-1

interface Vlan50

hsrp 50

name TheFiveO

preempt

priority 110 forwarding-threshold lower 105 upper 110

ip 10.5.50.1

!

hostname 7K-2

interface Vlan50

hsrp 50

name TheFiveO

priority 110 forwarding-threshold lower 105 upper 110

ip 10.5.50.1

!

EXAMPLE 2 (with brevity) - HSRP priority configuration with Active higher than Standby:

hostname 7K-1

interface Vlan50

hsrp 50

name TheFiveO

preempt

priority 110 forwarding-threshold lower 105 upper 110

ip 10.5.50.1

!

hostname 7K-2

interface Vlan50

hsrp 50

name TheFiveO

priority 110 forwarding-threshold lower 95 upper 100

ip 10.5.50.1

!

Hopefully that makes sense...thank you!

Richard Burts · ‎06-03-2021

The original poster asks this question "if the config lines for priority and forwarding threshold need to match or not or if it is arbitrary." I suggest that the answer is that no the priority does not need to match and that while sometimes it might appear arbitrary it should not be arbitrary. Based on your statement that assuming 7K#1 should be active router I would expect to see the priority for 7K#1 to be set perhaps as 110 and the priority for 7K#2 to be set perhaps as 105. If the priority levels are different then you have helped to determine which peer will be active. If both have the same priority then determination of which is active depends on other things and may not come out the way that you prefer. The general principle for setting priority is that priorities of different value help determine which peer will be active and that the difference in priority levels should be less than the default for decrement of priority (especially if you are using something like track in HSRP).

HTH

Rick

View solution in original post

marce1000 · ‎06-02-2021

- FYI : https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-os/unicast/configuration/guide/l3_cli_nxos/l3_hsrp.html

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

coolbreeze · ‎06-02-2021

Thanks for the reply -

So I have already read through the document that was the configuration guide for our firmware version I mentioned, which looks basically the same as the one you provided. But I do not see within or where in the document it says the answer to my question if the config lines for priority and forwarding threshold need to match or not or if it is arbitrary. It doesn't seem to specify or clarify anywhere on that. Am I just missing something seeing it?

MHM Cisco World · ‎06-02-2021

If both NSK is vPC Peer then
1- Control plane depend on priority of each HSRP Peer, for example ARP request is only reply by active.
2- Data plane will forward traffic for both NSK, i.e. active/active state which make NSK forward traffic by both vPC peer

Richard Burts · ‎06-03-2021

The original poster asks this question "if the config lines for priority and forwarding threshold need to match or not or if it is arbitrary." I suggest that the answer is that no the priority does not need to match and that while sometimes it might appear arbitrary it should not be arbitrary. Based on your statement that assuming 7K#1 should be active router I would expect to see the priority for 7K#1 to be set perhaps as 110 and the priority for 7K#2 to be set perhaps as 105. If the priority levels are different then you have helped to determine which peer will be active. If both have the same priority then determination of which is active depends on other things and may not come out the way that you prefer. The general principle for setting priority is that priorities of different value help determine which peer will be active and that the difference in priority levels should be less than the default for decrement of priority (especially if you are using something like track in HSRP).

HTH

Rick

coolbreeze · ‎06-03-2021

Thanks Richard!

That was my original understanding and was taught for configuring HSRP, but the brownfield's config for HSRP at data centers is all over the place at times, so I just wanted to be sure.

Richard Burts · ‎06-03-2021

You are welcome. I am glad that my explanation was helpful. HSRP can be very interesting, and occasionally complicated, to configure. I have worked with customers implementing HSRP for them who said they really did not care with HSRP peer was active, they just wanted HSRP to provide failover if one peer had a problem. For them there is really no point in configuring parameters such as priority or preempt. But other customers, like you apparently, do want a specified peer to be active if it is possible. For this you should configure priority and also preempt. By setting these to appropriate values you get your choice of which peer is active and get failover.

Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

MHM Cisco World · ‎06-03-2021

friend your explanation is not for Nexus, Nexus deal with HSRP as I mention above.

MHM Cisco World · ‎06-03-2021

https://www.ciscozine.com/nexus-vpc-hsrp-vrrp-active-active/

Richard Burts · ‎06-03-2021

@MHM Cisco World The article for which you gave the link is interesting. And one of its points is that in this implementation both of the Nexus are active. In the original post they specified that "assuming 7K#1 should be active router" (and implying that 7K#2 should be standby). I believe that what I suggested works and would achieve their objective.

HTH

Rick

MHM Cisco World · ‎06-03-2021

Thanks,

but he mention “ hsrp on vpc peer” on original post so it is vpc.

coolbreeze · ‎06-03-2021

Thanks for following up.

I was including the information that these 7Ks do have a vPC trunk connection between them, and since the configuration guide specifies that upper/lower threshold values are used by vPC to determine when to fail over to the vPC trunk altogether. The configuration suggested by Richard Burts is the typical configuration I normally see and have used in the past that does work as I expect it to. I suppose I was needing a simple sanity check on it

e.g. for the configuration I would use for my particular situation with 7k-1 being the active router:

#7K-1

Interface Vlan50

hsrp 50

Priority 110 forwarding-threshold lower 105 upper 110

#7K-2

Interface vlan 50

hsrp 50

priority 100 forwarding-threshold lower 95 upper 100