12-13-2010 10:35 AM - edited 03-06-2019 02:30 PM
I am confused about HSRP groups. I understand that they are associated with a unique virtual MAC.I read one article that said a different group id is used for every block of 16 vlans; however my CCNP study book says I can use one group for all interfaces. I have also read about MHSRP, and load sharing using 2 group ID's.
We expect to have hundreds, if not thousands of vlans at our distribution layer. I would like to provide HSRP functionality for each vlan; but my understanding is I am limited to 256 HSRP groups. If I can use one group id for all interfaces, this should be plenty; however i am confused how the Virtual IP of each vlan will interact with the group ID. We are using 3750-X platform
Any information would be helpful.
12-13-2010 10:52 AM
You can re-use the same group number on every vlan.
Their purpose is merely to be able to differentiate between groups on the same vlan by varying the v-mac address.
These virtual addresses only need to be unique within a vlan. (!)
Remember that mac addresses are not preserved when crossing a layer3 border so this is perfectly legal.
The only restriction is the amount of processing required to handle a large number of groups.
regards,
Leo
12-13-2010 11:08 AM
Hi Leo,
Very nice answer! Please allow me a small remark:
You can re-use the same group number on every vlan.
This usually works on multilayer switches but not on routers:
R6-CE(config)#int fa0/1.11
R6-CE(config-subif)#enc d 11
R6-CE(config-subif)#ip addr 10.0.11.254 255.255.255.0
R6-CE(config-subif)#standby 1 ip 10.0.11.1
R6-CE(config-subif)#int fa0/1.12
R6-CE(config-subif)#enc d 12
R6-CE(config-subif)#ip addr 10.0.12.254 255.255.255.0
R6-CE(config-subif)#standby 1 ip 10.0.12.1
% Must use unique HSRP group number for each logical interface
that is a member of the same physical interface.
R6-CE(config-subif)#
I am not entirely sure why is it necessary since the 802.1Q tag can provide sufficient separation and uniqueness even if the vMAC addresses are identical between two different VLANs. But obviously, Cisco routers need it
Best regards,
Peter
12-13-2010 11:02 AM
Hello Michael,
You have very interesting questions. Let's go over them.
I read one article that said a different group id is used for every block of 16 vlans; however my CCNP study book says I can use one group for all interfaces
As far as I know, the statement about different group ID for a block of 16 VLANs is incorrect - or it has to be interpreted correctly. Can you provide the entire context of that statement? In any case, on an Ethernet wire, different HSRP groups have to use different MAC addresses, hence the need for unique ID => unique MAC for a VLAN.
What is perhaps confusing here is when actually the group IDs have to be different. If the interfaces provide unique source MAC addresses then the groups can be identical. Usually, this is true for multiple physical interfaces on a router. The same goes for SVIs on multilayer switches - usually, each SVI has a unique MAC address. If, however, two SVIs shared the same MAC (which is perhaps the situation you were talking about at the beginning) then the group IDs would have to be different. The same goes for subinterfaces of the same physical interface - the group IDs have to be unique.
We expect to have hundreds, if not thousands of vlans at our distribution layer. I would like to provide HSRP functionality for each vlan; but my understanding is I am limited to 256 HSRP groups.
I guess that because each SVI has its own MAC address, you can reuse the group IDs on each SVI. However, there is also another solution - using HSRPv2 that supports 4096 unique IDs. Please consult this article for further information:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gthsrpv2.html
Running hundreds of HSRP groups may be difficult on the switch CPU because of the additional work required to maintain a HSRP state for each group. On 12.4T IOSes, there is an optimization that allows to declare one master group on an interface, and let other client groups simply inherit the state of the master group, without going over individual elections. I am not sure if that is supported also on 3750-X but at least it is worth a try. See the following documents:
Please feel welcome to ask further!
Best regards,
Peter
12-13-2010 11:51 AM
You are correct, Peter, in that it gets confusing as to when the group id's have to be unique. BTW, the statement about using one group ID per 16 vlans is from this 3550 reference: http://www.cisco.com/en/US/products/hw/switches/ps646/products_qanda_item09186a00801cb707.shtml#q3. I think it is specific to running many groups over one interface.
I read the 3750-x supports 256 instances; however in a mixed stack, it supports only 32 instances. Then I ran across this old post : https://supportforums.cisco.com/message/105133 in which He was applying one group id across many vlans, and hit that 32 instance limit at the 33rd vlan config. Does this then imply I will hit the same limitation with regard to 256 instances?
I come from an environment of running 13 HSRP vlans (very LARGE vlans, but still only 13), to running potentially a thousand or so vlans (small vlans at that).
I wil continue reading up; but appreciate very much the input from the group. Thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide