11-24-2011 11:39 PM - edited 03-07-2019 03:35 AM
Hi all.
While running HSRP on Layer 3 swithces and if OSPF is running between them
i have seen that if we make standby switch as DR and active switch as BDR it slows the telnet access to active switch and also slows tha LAN traffic.
so in HSRP network does it matter which switch active or standby should be DR or BDR ?
Also can someone tell me why network is slow if standby switch becomes BDR?
And is both switches connect to WAN router then is it ok by network design to make WAN routers both interfaces as DR?
Thanks
Mahesh
Solved! Go to Solution.
11-25-2011 10:00 AM
The links between the 2921 and the switches can be switched to point-point.
You are also having multiple paths over the the trunk between 3550SMIA and 3550SMIB.
Reduce the number of network statements in order to limit this number to two or one.
This will not affect performance and reduce ospf processing.
In general, having several paths over the same trunk link is not really an improvement regarding the redundancy.
It will not protect you from link failure.
Routing is affected only when you should shutdown a vlan on which ospf is active.
regards,
Leo
11-29-2011 12:01 AM
I don't understand what you intend for internal ospf network, but an interface must be in active state when on lan segment there are one or more router who need to do a neighborship, to exchange routing table. Your second switch and your primary switch is on the same network so there isn't a network behind a router or switch but all your equipement known the same vlan and are default gateway of the same network by hsrp. If there was a router or switch with a network behind not reachable by layer 2 in this case ospf and routing (or static route) is needed.
11-24-2011 11:53 PM
Can You give some other information about the switch? The hsrp master is only one or it's balanced betwen two switch? The model of switch?...
11-24-2011 11:58 PM
Hi Fabio,
Thanks for reply
here is info
master switch
3550SMIA#sh standby
Vlan10 - Group 1
State is Active
2 state changes, last state change 1w0d
Virtual IP address is 192.168.10.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.076 secs
Authentication text "manveer"
Preemption enabled, delay min 120 secs
Active router is local
Standby router is 192.168.10.2, priority 100 (expires in 9.236 sec)
Priority 150 (configured 150)
IP redundancy name is "hsrp-Vl10-1" (default)
Vlan20 - Group 0
State is Active
2 state changes, last state change 1w0d
Virtual IP address is 192.168.20.3
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.072 secs
Preemption enabled
Active router is local
Standby router is 192.168.20.2, priority 100 (expires in 8.516 sec)
Priority 150 (configured 150)
IP redundancy name is "hsrp-Vl20-0" (default)
Model number: WS-C3550-24PWR-SMI
*****************************************************************************************
standby switch
3550SMIB#sh standby
Vlan10 - Group 1
State is Standby
7 state changes, last state change 1w0d
Virtual IP address is 192.168.10.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.356 secs
Authentication text "manveer"
Preemption enabled, delay min 60 secs
Active router is 192.168.10.1, priority 150 (expires in 8.184 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Vl10-1" (default)
Vlan20 - Group 0
State is Standby
4 state changes, last state change 1w0d
Virtual IP address is 192.168.20.3
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.612 secs
Preemption enabled
Active router is 192.168.20.1, priority 150 (expires in 9.188 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Vl20-0" (default)
3550SMIB#sh ver
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(44)SE6,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 09-Mar-09 20:28 by gereddy
Image text-base: 0x00003000, data-base: 0x012A99FC
ROM: Bootstrap program is C3550 boot loader
3550SMIB uptime is 1 week, 11 hours, 38 minutes
System returned to ROM by power-on
System restarted at 13:18:58 MST Thu Nov 17 2011
System image file is "flash:/c3550-ipservicesk9-mz.122-44.SE6.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco WS-C3550-24 (PowerPC) processor (revision C0) with 65526K/8192K bytes of m
emory.
Processor board ID CHK0624V0EB
Last reset from warm-reset
Running Layer2/3 Switching Image
Ethernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfaces
Ethernet-controller 2 has 12 Fast Ethernet/IEEE 802.3 interfaces
Ethernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interface
Ethernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
384K bytes of flash-simulated NVRAM.
Base ethernet MAC Address: 00:09:E8:A2:00:80
Motherboard assembly number: 73-5700-08
Power supply part number: 34-0966-02
Motherboard serial number: CAT06230HS8
Power supply serial number: LIT062102UX
Model revision number: C0
Motherboard revision number: B0
Model number: WS-C3550-24-SMI
System serial number: CHK0624V0EB
Configuration register is 0x10F
11-25-2011 12:12 AM
Both switches are connected to the same wan router with a switched virtual interface? Can you send the configuration of ospf or the full show run of both switch credential excluded?
11-25-2011 08:33 AM
Hi Fabio,
Thanks for reply
both switch connect to WAN router on separate physical interfaces.
I have attached the config with my original post.
Thanks
MAhesh
11-25-2011 12:36 AM
mahesh18 wrote:
Hi all.
so in HSRP network does it matter which switch active or standby should be DR or BDR ?
Also can someone tell me why network is slow if standby switch becomes BDR?
Best practice is to match DR with HSRP active router. However, I find it hard to comprehend how a mismatch can result in slower LAN traffic. You may notice sub-optimal routing when traffic needs to be forwarded from one router to the other in order to reach the WAN. As a result of HSRP, no icmp redirects are sent and you are in fact introducing an extra hop.
And is both switches connect to WAN router then is it ok by network design to make WAN routers both interfaces as DR?
On WAN links, the best practice is to configure point-point links:
interface FastEthernet0/0
ip address 10.2.0.253 255.255.255.252
ip ospf network point-to-point
regards,
Leo
11-25-2011 08:37 AM
Hi Leo,
Thanks for reply.
Router which connects to internet and 2 Lan switches is DR to both the Lan switches interfaces.
Is it good design to do like this?
mahesh
11-25-2011 08:53 AM
When all nodes are in one subnet, its ok.
When you have two separate interfaces, each running ospf to one switch, I would say point-point is a better solution.
This not really a big deal, just making the ospf peering process more effective by removing the unnecessary burden of the DR/BDR election process.
regards,
Leo
11-25-2011 08:58 AM
Hi Leo,
Thanks for reply.
so right now my lan interfaces are brodcast type as shown from active switch
3550SMIA# sh ip ospf int
Loopback0 is up, line protocol is up
Internet Address 192.168.7.2/32, Area 0
Process ID 1, Router ID 3.3.3.3, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
FastEthernet0/11 is up, line protocol is up (connected)
Internet Address 192.168.5.2/31, Area 0
Process ID 1, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 192.168.6.3, Interface address 192.168.5.3
Backup Designated router (ID) 3.3.3.3, Interface address 192.168.5.2
Timer intervals configured, Hello 40, Dead 160, Wait 160, Retransmit 5
oob-resync timeout 160
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 6/6, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 3, maximum is 4
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.6.3 (Designated Router)
Suppress hello for 0 neighbor(s)
Can i make then point to point by this config ---
interface FastEthernet0/0
ip address 10.2.0.253 255.255.255.252
ip ospf network point-to-point
Regards
MAhesh
11-25-2011 09:06 AM
Please post the output of: sh ip ospf nei
Any interface with only one neigbor can be a point-point.
regards,
Leo
11-25-2011 09:25 AM
Mathesh, to better understand... when you have the primary switch as DR, and secondary as BDR, the netwok works fine, and when the primary is BDR and secondary DR the network is slow? Or is always slow when the BDR start?
Have you checked the cpu level? If is high try to put in passive the ospf on SVI and active only on link router. You don't need switch becomes neighbor on each svi.
Send us an output of show ip ospf neigh, and a show of cpu process when you see the network slow.
11-25-2011 09:44 AM
Hi Fabino.
Thanks for reply.
I have attached the sh ip ospf nei .
CPU level on Router touches 99
1 99 9 6 15 1 11 1 1 11 1
220625222995769666196322222220352212126710422292422222220222586564340091
100 ** *
90 ** *
80 ** *
70 ** * *
60 ** * * *
50 ** * * *
40 ** * * *
30 ** * * *
20 ** * * *
10 ** * ************ * * **** ** * ***** ****
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
Switch CPU level is
2321134122413221211331222212322112311312 42222222111212313242121211332
4468611208689532739465821273067674509812863525067984163210240584598411
100
90
80
70
60
50 * *
40 * * * * * * * *
30 ** ** ** ** * ** * *** * * * * * ** * * * * * **
20 ******* ******* * ***************** ** * ********** **** ****** ******
10 **********************************************************************
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
3550SMIA#
when router touches cpu level 99 is it bad?
As average cpu of router is still slow
Thanks
mahesh
11-25-2011 09:39 AM
Hi Leo,
Here is required info
3550SMIA# sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
192.168.6.3 1 FULL/DR 00:02:04 192.168.5.3 FastEthernet0/11
192.168.30.2 1 FULL/BDR 00:02:01 192.168.30.2 Vlan30
192.168.30.2 1 FULL/BDR 00:02:01 192.168.20.2 Vlan20
192.168.30.2 1 FULL/BDR 00:02:01 192.168.10.2 Vlan10
Standby switch
3550SMIB#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
192.168.6.3 1 FULL/DR 00:02:00 192.168.6.3 FastEthernet0/11
3.3.3.3 1 FULL/DR 00:02:31 192.168.30.1 Vlan30
3.3.3.3 1 FULL/DR 00:02:31 192.168.20.1 Vlan20
3.3.3.3 1 FULL/DR 00:02:31 192.168.10.1 Vlan10
2691Router#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
192.168.30.2 1 FULL/BDR 00:02:29 192.168.6.2 FastEthernet1/0
3.3.3.3 1 FULL/BDR 00:02:04 192.168.5.2 FastEthernet0/1
Thanks
MAhesh
11-25-2011 10:00 AM
The links between the 2921 and the switches can be switched to point-point.
You are also having multiple paths over the the trunk between 3550SMIA and 3550SMIB.
Reduce the number of network statements in order to limit this number to two or one.
This will not affect performance and reduce ospf processing.
In general, having several paths over the same trunk link is not really an improvement regarding the redundancy.
It will not protect you from link failure.
Routing is affected only when you should shutdown a vlan on which ospf is active.
regards,
Leo
11-25-2011 10:25 AM
So Leo as i said, it's not necessary to have active ospf on all vlan, it can be configured in passive state.
Mahesh, as you can immagine if the processor is 99% only for routing proces it's impossible to work for the switch, and this switch is not so young.
Chek also the configuration of some link in the running config i see interface in access but not configured in mode access that interface can become trunk if other switch wil be connected and if interface without tag is different can create a lot of problem.
Regarding loopack interface it hasn't any sense with that address and with the command router id.
By Mahesh.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide