Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
880
Views
0
Helpful
6
Replies

Rebooting a SUP2T mit DFC modules and HSRP V2 hold time

krueffer
Level 1
Level 1

‎12-02-2013 08:23 AM - edited ‎03-07-2019 04:53 PM

Guys,

I got a general question.

For a client I setup two Catalyst 6509E with SUP2Ts and DFC modules.

For HA purposes I use HSRP in the vlan connected towards their Checkpoint Firewall (and some other vlans).

While rebooting the HSRP active core I noticed, that for some vlans the switchover in HSRP took much longer than the hold time of 10 seconds.

(roughly 40 s for one instance).

This I don't understand. The only thing that comes to my mind, is that the DFC modules in the machine that was reloaded, have continued to send  HSRP V2 hellos for some time, until they have been reloaded.

Hopefully somebody can shed some light into this behaviour...

thanks

Knut

Labels:
0 Helpful
6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

‎12-02-2013 11:46 AM

Knut

As far as i am aware HSRP uses control plane packets which are generated by the RP on the supervisor. So as soon as the supervisor has gone down there should be no more HSRP packets being generated. 

The amount of time sounds suspiciously close to an STP convergence. What version of STP are you running ?

Just out of interest is there a reason not to run VSS which would remove the need for HSRP ?

Jon

0 Helpful

krueffer
Level 1
Level 1
In response to Jon Marshall

‎12-02-2013 11:07 PM

Jon,

thanks. Well STP came to my mind too. But it should be fine. The vlan is u-shaped and it is configured to use RSTP

usc153-01#sh spanning-tree vlan 3210

VLAN3210
  Spanning tree enabled protocol rstp
  Root ID    Priority    7306
             Address     e8ba.7043.b400
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    7306   (priority 4096 sys-id-ext 3210)
             Address     e8ba.7043.b400
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 480

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Po10                Desg FWD 1         128.1667 P2p
Po11                Desg FWD 1         128.1668 P2p Edge

usc153-01#

usc099-01#sh spanning-tree vlan 3210

VLAN3210
  Spanning tree enabled protocol rstp
  Root ID    Priority    7306
             Address     e8ba.7043.b400
             Cost        1
             Port        1666 (Port-channel10)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    11402  (priority 8192 sys-id-ext 3210)
             Address     e8ba.7042.cc80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 480

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Po10                Root FWD 1         128.1666 P2p
Po11                Desg FWD 1         128.1667 P2p Edge

usc099-01#

- Port Channel 10 is the link between the two cores

- Port Channel 11 is the link towards the firewall

But regardless, of how fast STP converges, HSRP should become active on  the econdary router after the hold time has expired.

That is was confuses me.

Thanks

Knut

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to krueffer

‎12-03-2013 07:50 AM

Knut

Hmmm, i am now wondering what order the 6500 shuts down in and i'm not sure to be honest. I m wondering if the port channel went down that is used for the firewalls but the supervisor was still active and sending HSRP hellos via it's port channel. This is assuming the port channel between the cores is using at least one port on the supervisors.

I appreciate you cannot simply test this but i was wondering what would happen if the port-channel connecting the 2 switches was shutdown ie. how quick would HSRP be then ?

Jon

0 Helpful

krueffer
Level 1
Level 1
In response to krueffer

‎12-03-2013 08:12 AM

Jon,

I agree, the port channel on the sup could be the last port to go down and may cause this issue.

Today I was proposing to the client to execute some tests. One of those being just to shutdown the power of the HSRP primary core.

This will proove if the reload process causes the behaviour observed.

I¨ll keep you informed. By the way, we are considering to turn the dual core in a VSS setup.

Thanks!

Knut

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to krueffer

‎12-03-2013 08:16 AM

Knut

No problem. I suspect this is the issue but it would be good to know for sure. And VSS is definitely a good idea not just for HSRP but it would solve that problem.

Jon

0 Helpful

krueffer
Level 1
Level 1
In response to Jon Marshall

‎12-03-2013 08:21 AM

Jon,

if the client is not willing to implement VSS, we may consider tracking objects to force HSRP to switch over by a change of priority. (sorry it just came to my mind)

regards

Knut

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card