HSRP between 3 carrots
Hi all
I currently have 2 4506 CORE switch each channel trunking 4GB and the HSRP runs on them!
We´re student a new backup site as a distance of 3km... We decided to put a third central 6509 or any other switch!
The first, we´re student a stand-alone solution... the core stay there more than any other passage in the LAN... If something is wrong we turn this core as a VTP server and add the HSRP...
And second, to the third nucleus as part of the VTP and HSRP server... so 3 COREs at the same time...
My question to you, the experts, is if it's possible? I've heard of GLBP? but Im trying to check first if its possible to add a third CORE using HSRP between them!
Thanks for any help!
-WH-
Hello WH.
Here are my thoughts;
1. I wouldn't run L2 to the base layer, so no need to worry about the VTP configuration. In any case if VTP is going to run to the base layer you want to make sure that all 3 core devices have the latest information to VLAN before something goes wrong. That means you must run all three devices using the VTP Server simultaneously. This isn't really a 'feature' that you enable / disable when problems arise. Instead, it is something that should be integrated into your overall design strategy to minimize interruptions of network service by ensuring the consistency of database VLAN. VTP modes also lets you control devices can add/remove entries in the environment of databases on the VLAN.
2 HSRP configurations are defined by group numbers and use the values for priority (default = 100) to determine the active and standby roles. Each group can have several routers before (e.g. Core1 HSRP group1, priority 140 |) HSRP Core2 group1, priority 130 | CORE3, HSRP-group1, priority 120). In this case Core1 is in State active and carrots 2 and 3 are in the waking state. When the subnet loses reference1 connecivity... Processor Intel Core 2 will become the active router and when the subnet loses connectivity to processor Intel Core 2... CORE3 becomes the active router. If you want Core1 to become the active router again once things are in order you should ensure preempt is configured accordingly.
I hope this helps!
Tags: Cisco Network
Similar Questions
-
HSRP between Cisco 4321 and Cisco 887VA
Hi all
I am looking to install the following and I was wondering if anyone could answer a few questions I have.
Installation program:
- A subsidiary, our ISP gives us 20/100 leased line and ADSL circuit use for failover.
- We plan to connect the line leased to a Cisco 4321 or a G2 Cisco 2921/2951
- We intend to connect the ADSL circuit to the Cisco 887VA G2
- We will have a pair of HA of the ASA firewall 5506 x connected routers (be it via a dedicated L2 switch or a VLAN on a switch L3).
- The LAN is sitting behind the firewall.
We want to run BGP on both routers (the one that connects to the leased line and ADSL line) and configure them as a pair of HSRP/VRRP, while if the leased line LAN users cannot always access internet and you connect to the main office through a VPN S2S which ends on the firewall. BGP will be used to announce our public subnet to the ISP
Questions
- Can a 4321 and a 887VA form an HSRP/VRRP pair as they are running IOS XE and IOS?
- How much RAM and Flash is recommended on each router for BGP?
Thanks in advance for your time.
Ranil
Hello
Can a 4321 and a 887VA form an HSRP/VRRP pair as they are running IOS XE and IOS?
This isn't a problem, it will work between two routers
How much RAM and Flash is recommended on each router for BGP?
Flash is only an isuse to the size of an image, both routers should have enough speace in support of the default image size
800 s cannot support full BGP table they can not handle cpu or ram and 4321 same with 8 GB of ram can fight a bit with full table, you plan on reducing what is learned inform your ISP regarding prefixes? route map and prefix filtering?
the leased line is 100 to download 20 upward, 4321 media and aggregate of 50 - 100mps may need to get the 100mpbs for her performance / request
http://www.Cisco.com/c/dam/en/us/products/collateral/routers/4000-series...
-
Hi guys,.
I've implemented a hsrp between 2 Catalyst 4000 L3 switch software (cat4000-I9S-M and gave me problems for the last 2 weeks.) I have attached topology.
The hsrp Lab works well when a switch interface port track down the other switch succeeds the active one.
But what pre-empt makes the switch priority resume after interface has developed, users of certain judgment of network access to the Internet. For my Core_2 switch that works well, but for CORE_1.
attached topology.
Hello
I wouldn't say "...". users of certain judgment of network access to the Internet. »
Because #8-16 guests in your tracert outputs using public IP addresses, while they are within the Internet, aren't they?
If users should be able to reach some Internet destinations, I guess?
I'm just guessing but there may be a problem between your Core switches and your FW and packets are sent to the FW to another base switch when returning from the Internet?
Best regards
Milan
-
Hello
Is it possible with elegance the convergent eBGP neighbor stopped to the other CE router connection with zero drop package or power failure?
We have 2 CES linked together using iBGP and eBGP that both connect to the different EPP but on the same you.
CE1-> PPE1 - AS12345
iBGP and HSRP between these
CE2-> PPE2 - AS12345
I tried using the command ' neighbor 10.10.10.10 stop ' but I have a blackout for a few seconds.
Thank you
Hello
Latest IOSes are supported a feature called BGP soft stop that is described here:
You might be interested in checking if this device can be used on your devices.
In general, however, a phasing out of a neighbour in BGP usually is possible in making sure these routers stop to consider the routes learned from each other as usable routes before going down. This can be done in several ways in BGP - change local preference in iBGP, changing the MED or, better, the AS_PATH in eBGP, filtering the routes so marked with a specific Community (progressive shutdown of BGP relies on the use of a specific community to do it this way).
HSRP is out of the question - its placement is to end hosts, not between routers.
Best regards
Peter -
So if I have a Windows7 Home Premium 64 - bit operating system and I use a processor dual core (Intel Dual Core e5300 CPU) are fully compatible or how they work together, given the fact that Windows 7 recognizes that one of the two processors? Playback of the system is expressed in the fact that it has two current processors. Both processors work simultaneously to form a combined data stream is a dormant or they turn on and off opposing to another so that each works half the time? Many scenarios as possible, but I would like to know... the real answer as to what needs to be changed eventually to bring together a system more fluid? My main question is the operating system and the processor may be an incompatibility problem that has not yet been addressed? I can't find any answer in the Center Compatabiity of Windows 7 or anywhere else. Or is the limitation of windows 7 Home Premium and only be able to support an unfounded processor see the fact that there are many systems that are in work today with these components. ?
Hey Randy,
If your system has two separate physical processors (not hearts) and you are running Windows 7 Home Premium, the second processor is completely ignored. It turns on and turn his fans, but it does not all rights for the computer. Windows 7 Home Premium will not take advantage of a single processor.
However, if you have a single physical processor with multiple cores, Windows 7 64-bit will benefit from up to 256 cores. It is very probably the type of machine that you have because it is quite rare to have multiple processors co-location in a workstation computer.
In this scenario, Windows will use two cores for separate tasks. Applications will be evenly distributed between the carrots, unless the application has been written to take advantage of multiple cores. The two hearts are turned on and both are used when the system is running.
You can check if Windows has recognized the two hearts looking Manager of the tasks of your system:
- Open the Task Manager by right-clicking the taskbar, and then click Start Task Manager.
- Click the performance tab.
The top two graphs show how much CPU is used, as well at the moment and for a few minutes. If the CPU usage history graph seems shared, your computer has multiple processors, a single dual-core CPU or both.
Windows 7 system requirements also go in a little more detail on how many windows cores/processors can take in charge:
http://Windows.Microsoft.com/systemrequirements
Hope this helps to answer your question!
-
Hello Experts,
I have a very simple setup. I have a Cisco 1841 router with 3 interfaces. (1eth for LAN, 1eth to ISP2 and 1 eth for isps1).
I managed to create backup of VPN tunnel using course maps.
Now, I have to create a failover of VPN with a separate router. What is the best way to do it? Examples of configuration would be great.
This is my setup:
LAN - firewall-fire-(internal) router (isps1) = Tunnel VPN = VPN - Endpoint1
|
|
|
(Inside) Router (ISP2) = tunnels2 VPN = Endpoint2 VPN
So, the trick would be 2 VPN sites on 2 different routers configuration.
Thank you
Randall
Hi randall,.
Simple. Configure HSRP between 2 routers and create the same configuration on the 2nd router as well. Since the tunnel establish when there is always some interesteing traffic a router will be preferred. Simply connect two routers a switch and the inside interface in the same subnet.
Here is the link that I could help you
http://www.itsyourip.com/Cisco/how-to-configure-HSRP-in-Cisco-IOS-routers/
Let me know if you need more information
Concerning
Kishore
-
Nexus 5600 HSRP design question for VLAN stretched between 2 areas of vPc.
To our new data center network, I have 4 5672UP Nexus in two data centers. Between data centers is a redundant vPc with fiber 2x10Gb. I have configured two areas VPC, one for each data center. I read that HSRP within a VPC domain is active/inactive, but I wonder what would be the right way to configure the HSRP configuration for the VLAN tense because they are two areas different vPc?
If you need isolation of FHRP between sites, this can be achieved by configuring the HSRP authentication in the same place so stop the HSRP Hellos between the treatment sites and allow each site to act in active / standby. Due to the HW on the 5600 Nexus architecture, control plane packets multicast are punted to the CPU, ignoring any PACL or MAC - ACL. So with a PACKAGE, you will not be able to filter the Hellos HSRP, ARP, BPDU, etc. that need to go to the CPU, because there is an ACL predefined to redirect traffic to control CPU and this ACL that overrides the ACL configured by the user. It is advisable to set up "no arp ip free hsrp duplicate" to repress unnecessary GARPs at each location in this design as well. Note 4-way HSRP is supported only on the latest versions of NX - OS, see also CSCuy89705.
Another solution is to run FabricPath DCI with Anycast HSRP, which will allow all the 5600 to act as an active gateway by default, refer to page 22 of the FabricPath Cisco best practices.
-Jeffords Tyler
-
Only AAS, 2 inside the kernel switches (HSRP) Best Practice Design
Hello
I design a N/W with following equipment.
1: 2 * carrots (4503)
2: single Firewall ASA 5520
I have following design options;
DRAWING 1:
- Basic switches use HSRP
- VLANs are active on a (primary) switch at a time
- CONNECT THE TWO CŒURS WITH ASA
- ASA E0 - outside (routers) switch
- ASA (redundant interface = E1 + E3) R1 - the two nuclei (HSRP)
- ASA E1 - Core 1 (F3/48) + ASA E3 - Core 2 (F3/48)
- ASA E2 - switch DMZ
DESIGN 2:
- Basic switches use HSRP
- VLANs are active on a (primary) switch at a time
- CONNECT THE TWO CŒURS FOR LAYER 2 SWITCH (INNER AREA)
- CONNECT THE LAYER 2 SWITCH TO ASA E1
The first options looks better avoid me point single failure (Layer 2 of insdie switch).
Unfortunately, I'm short on time and do not currently have access to the LAB.
Please
- Share your experience and suggest which option is preferable
- Advantages, disadvantages during the failover hsrp, other features, etc.
- indicate if there is an alternate option
- Precautions
BR,
ABDUL MAJID KHAN
Your "redundant ASA interface" is not really. Only one ASA has no real redundancy. I guess you could make a "inside the 1" and "inside 2", but they would have separate IP addresses and within hosts would not automatically from one to the other. " I would say that the complexity that introduced more than offset the second idea to have a small switch L2 VLAN between your ASA unique within the interface and your L3 core switches.
That's why I prefer the second option. A switch L2 deemed unchanged configuration being done is quite reliable - I regularly fall on them with years of availability. You can also add a quasi redundancy in option 2 by tying together your ASA E1 interfaces and E3 in an etherchannel (requires a Software ASA 8.4 or later version). that option is not possible with option 1 (at least not in the two basic switches) as an Etherchannel are two IOS switches at one end.
-
1-2 second ago stops whenever I try to open an application or switching between applications. The animation of the application icon in the status bar at the opening of the starts, pauses for 1-2 seconds and ends before you open the application. When you click on an inactive application window it pauses for 1 to 2 seconds before making the active window. This only happens after a reboot. It takes about a day being initialized for this problem to occur.
This does not seem like behaviour expected of such a new machine with charge card. All advice is appreciated.
Here is my EtreCheck report:
***
EtreCheck version: 2.9 (250)
Report generated 2016-02-03 11:33:10
Download EtreCheck from http://etrecheck.com
Running time 01:31
Performance: Excellent
Click the [Support] links to help with non-Apple products.
Click [details] for more information on this line.
Click on the link [check files] help with unknown files.
Problem: Computer is too slow
Description:
1-2 second ago stops whenever I try to open an application or switching between applications.
iMac (retina 5K, 27 inches, end of 2015)
[Data sheet] - [User Guide] - [Warranty & Service]
iMac - model: iMac17, 1
1 4 GHz Intel Core i7 CPU: 4 strands
32 GB of expandable RAM - [Instructions]
BANK 0/DIMM0
8 GB DDR3-1867 MHz ok
0/DIMM1 BANK
8 GB DDR3-1867 MHz ok
BANK 1/DIMM0
8 GB DDR3-1867 MHz ok
BANK 1/DIMM1
8 GB DDR3-1867 MHz ok
Bluetooth: Good - transfer/Airdrop2 taken in charge
Wireless: unknown
AMD Radeon R9 M395X - VRAM: 4096 MB
iMac 5120 x 2880
OS X El Capitan 10.11.3 (15 d 21) - time since started: about one day
SM1024G SSD APPLE disk0: (1 TB) (Solid State - TRIM: Yes)
EFI (disk0s1)
: 210 MB HD (disk0s3)
[recovery] recovery: 650 MB iMac (disk1) /: 999,33 (Go 652,85 free)
Storage of carrots: disk0s2 999.70 GB Online
Broadcom Corp. Bluetooth USB host controller.
Apple Inc. FaceTime HD camera (built-in)
Western Digital my passport 071D 1 TB
EFI (disk2s1)
: 210 MB Boot OS X (disk2s3)
: 134 MB Backup local (DIS3) Volumes/iMac/iMac local backup: 999,51 (Go 107,33 free)
Encrypted AES - XTS unlocked
Storage of carrots: disk2s2 999.83 Go online
Apple Inc. IPhone.
Reader SuperDrive for MacBook Air Apple Inc..
Apple Inc. Thunderbolt_bus.
Mac App Store and identified developers
/Library/LaunchAgents/com.support.com.PerUser.Nexusd.plist
/Library/LaunchAgents/com.support.com.PerUser.Nexussrvd.plist
2 unknown files found. [Check files]
/ System/Library/Extensions
com [no charge]. Belcarra.iokit.USBLAN_netpart (2.0.2) [Support]
com [no charge]. Belcarra.iokit.USBLAN_usbpart (2.0.2) [Support]
com [no charge]. RemoteControl.USBLAN.usbpart (2.0.6) [Support]
/System/Library/Extensions/Belcarra.USBLAN_netpart.kext/contents/plugins
[no charge] com.belcarra.IOKit.netpart.Panther (1.6.1) [Support]
/System/Library/Extensions/Belcarra.USBLAN_usbpart.kext/contents/plugins
[no charge] com.belcarra.IOKit.usbpart.Panther (1.6.1) [Support]
/ System/Library/extensions/remotecontrol. USBLAN_usbpart.kext/contents/plugins
com [no charge]. RemoteControl.USBLAN.panther (1.6.1) [Support]
[loading] 148 tasks Apple
[operation] 88 tasks Apple
[loading] 191 tasks Apple
[operation] 96 tasks Apple
[loading] com.adobe.AAM.Updater - 1.0.plist [Support]
[loading] com.adobe.CS5ServiceManager.plist [Support]
[loading] com.support.com.peruser.Nexusd.plist [Support]
[failure] com.support.com.peruser.Nexussrvd.plist [Support]
[loading] com.adobe.SwitchBoard.plist [Support]
[loading] com.adobe.agsservice.plist [Support]
[loading] com.adobe.fpsaud.plist [Support]
[operation] com.backblaze.bzserv.plist [Support]
[loading] com.malwarebytes.MBAMHelperTool.plist [Support]
[loading] com.microsoft.office.licensing.helper.plist [Support]
[operation] com.sonos.SonosLibraryServer.plist [Support]
[loading] com.adobe.AAM.Updater - 1.0.plist [Support]
[failure] com.adobe.ARM. [...]. plist [Support]
com.apple.CSConfigDotMacCert [fail]-[...] @me.com - SharedServices.Agent.plist
[operation] com.backblaze.bzbmenu.plist [Support]
[failure] com.google.GoogleContactSyncAgent.plist [Support]
[loading] com.google.keystone.agent.plist [Support]
[operation] com.spotify.webhelper.plist [Support]
[loading] com.valvesoftware.steamclean.plist [Support]
[operation] net .infinite - labs.SIMBLEnablerForSandboxedApps.plist [Support]
[operation] ws.agile.1PasswordAgent.plist [Support]
Workflow application (/ Applications/Flux.app)
iTunesHelper Application (/ Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Cinch Application (/ Applications/Cinch.app)
Canon IJ Network Scanner Selector2 hidden Application (/ library/printers/Canon/IJScanner/utilities/Canon IJ Network scan Selector2.app)
SizeUp Application (/ Applications/SizeUp.app)
Dropbox application (/ Applications/Dropbox.app)
The messages application (/ Applications/Messages.app)
iTunes application (/ Applications/iTunes.app)
[operation] 2BUA8C4S2C.com.agilebits.onepassword - osx-helper
[ongoing] com.Apple.XPC.launchd.oneshot.0x10000005.EtreCheck
[ongoing] com.getdropbox.dropbox.48992
[ongoing] com.irradiatedsoftware.Cinch.151392
[ongoing] com.irradiatedsoftware.SizeUp.12192
[ongoing] jp.co.Canon.bj.scan.network.scannerselector2.90592
jp.co.canon.bj.printer.app.MPNEX213.45792 [loading]
[ongoing] JP.co.Canon.cijscannerregister.14112
[ongoing] org.herf.Flux.49952
AdobeAAMDetect: Version: 1.0.0.0 - 10.6 [Support] SDK AdobeAAMDetect
FlashPlayer - 10.6: Version: 20.0.0.286 - SDK 10.6 [Support]
QuickTime Plugin: Version: unknown
Flash Player: Version: 20.0.0.286 - SDK 10.6 [Support]
Default browser: Version: 601 - SDK 10.11
SharePointBrowserPlugin: Version: 14.5.8 - SDK 10.6 [Support]
Unity Web Player: Version: UnityPlayer version 5.2.0f3 - 10.6 SDK [Support]
Silverlight: Version: 5.1.41105.0 - SDK 10.6 [Support]
JavaAppletPlugin: Version: update of Java 7 55 check version
WebEx64: Version: 1.0 - SDK 10.5 [Support]
Web of Google Earth plugin: Version: 7.1 [Support]
1Password
Add to the list of Amazon gift
InvisibleHand
Little time
PIN button
Backblaze backup [Support]
Flash Player [Support]
Skip system files: No.
Mobile backups: OFF
Automatic backup: YES
Volumes to back up:
iMac: disc size: 999,33 GB disc used: 346,49 GB
Destinations:
The iMac HD Gallagher family backup local [Local]
Total size: 999,51 GB
Total number of backups: 82
An older backup: 27/05/15, 12:54 AM
Last backup: 03/02/16, 10:34
Backup disk size: too small
Backup size 999,51 GB< (disk="" used="" 346.49="" gb="" x="">
140% nsurlsessiond (2)
85% launchservicesd
78% photolibraryd
11% cloudphotosd
9% com.apple.photomodel
Top of page process of memory: ⓘ
1.70 GB kernel_task
1.12 GB launchservicesd
1.12 GB cloudd
Softwareupdated 492 MB
Photolibraryd 229 MB
6.39 GB of free RAM
26,00 used GB RAM (18,35 GB being cached)
8 MB Swap used
3 February 2016, 11:31:58 /Library/Logs/DiagnosticReports/launchservicesd_2016-02-03-113158_[redacted].cp u_resource.diag [details]
/ System/Library/CoreServices/launchservicesd
3 February 2016, 11:30:22 ~/Library/Logs/DiagnosticReports/iTunes_2016-02-03-113022_[redacted].crash
com.apple.iTunes - /Applications/iTunes.app/Contents/MacOS/iTunes
3 February 2016, 08:18:45 /Library/Logs/DiagnosticReports/nsurlsessiond_2016-02-03-081845_[redacted].cpu_ resource.diag [details]
/ usr/libexec/nsurlsessiond
1 February 2016, 19:53:04 self-test - spent
Hello Agent37,
What are your settings of Photos? Looks like you have a ton of photos regenerate and transferring to iCloud. I've seen similar reports, but I'm not a heavy user of Photos. I'll see if I can move your question on the forum Photos: Photos for Mac
-
Hello
I wonder which of these 2 configurations would be preferable to provide bridges of high availability for the client's Office.
I have a working configuration right now composed of 2 SRI configured with HSRP as a proof of concept. The question is what is the best solution to scale for the production. I have a gigabit link between the customer gateway and my gateway so that their LAN traffic can be routed through my internet connection failure in the service of their in their border router or Internet service provider.
Option 1. 2 layer 3 switches (cisco 3650)
Option 2. 2 routers (cisco 2911)
I can provide more if necessary context.
Thanks for your help!
A 2911 Cisco is not likely to deal with 1 Gbps of load. Highly unlikely.
If you need to do NAT, IPSec, or something like that you will need a router. Probably something SRI 4000 series.
Otherwise, use the switch Cisco 3650. It will connect dish a Gbps link without any problem.
-
Hello world
In a HSRP scenario where the router is active router and router B is the standby router, what happen if the connection between the switch two fails?
data traffic is split in two?
Thanks Paolo
Hello
It should go active active on each side
-
Design of switching between Nexus7K and active / standby firewall
In the attached diagram, Nexus7K is used in two ways: on the left side, pair NX7K connects to the firewall as layer 2 trunks. vPC VLAN are shared through resources. The firewall is a pair in Active mode / standby. On the right side, another pair of NX7K connects to the firewall as layer 3 rotued links. HSRP or VRRP is running between the pair of NX7K for firewall VLAN SVI.
Because even NX7K have mesh connections to the active firewall units / standby, I want to make sure in failover scenarios (failover firewalls or failures of NX7K), the link that remains between the pair of NX7K and the firewall can actually send traffic (not perforated black).
Failure scenarios I can think of include: Firewall active failover on the eve, failure of the main device NX7K, double NX7K active and failure of peers-link NX7K vPC. I would like to get some advice on what I should consider and implement in these scenarios to achieve high availability.
Many thanks for any advice.
Hello
your topology, I see that the main problem is that the physical connectivity from the firewall to the pair of devices nexus in topologies to fails to a redundant link to the N7K
first since you're using vPC with one counterpart vPC linking the pair of N7K then you must follow the recommendations of Cisco firewalls of L2 and L3 link connection
L2 if you pass vPC vlan on the trunk in your topology and firewall then there is a possibility of blocking traffic or drop cases underwritten by vPC loop prevention mechanism in the case for example a vPC counterpart link gose down
the fix to the East either:
use no-vPC VLAN and link to switch separate inter for VLANs (i thin that you already have this link)
or multi home L2 connects each firewall for the two switch N7K and assuming that HSRP is configured in the N7K and static routing is used between the firewall and the N7K
for links to L3 Firewalls:
You must stream as well (if possible and recommend) and use a static routing between N7K and firewalls and firewalls must point to the VIP of HSRP N7K
multiple L3 and L3 dyanaminc routing peering on the link of the vPC-peer is not supported design
Look at the discussion that might help as well
https://supportforums.Cisco.com/message/3792466#3792466
hope this helps
If useful rates
-
We have a facility at a client, in which case a Cisco 887-GOES-K9 and a 887-GOES-SEC-K9 Cisco are all connected to their own ADSL connections in our clients MPLS cloud.
We have HSRP running sideways LAN between these routers and the active router (SEC - K9) keeps track of our MPLS sponge (10.10.10.1) address. The HSRP priority will increase from 110 to 80 if the tracker goes down.
The configuration is the following:
Configuration (887-GOES-SEC-K9)
follow 123 accessibility of als 1 ip
auto discovering IP sla
ALS IP 1
10.10.10.1 ICMP echo source-interface Dialer0
frequency 10
IP SLA annex 1 point of life to always start-time nowinterface Vlan1
IP address 192.168.1.252 255.255.255.0
NBAR IP protocol discovery
sleep 10 ip 192.168.1.254
standby priority 10 110
10 standby preempt
waiting 10 to see 123 decrement 30Watch Config (887-SEC-K9)
interface Vlan1
IP 192.168.1.253 255.255.255.0
NBAR IP protocol discovery
sleep 10 ip 192.168.1.254
10 90 standby priority
10 standby preemptOur client is not is not complaining of any performance issues. However when I look at the logs of the primary, I see severe HSRP beat.
June 10-13:21:16 CEST: % FOLLOW-UP-5-STATE: accessibility of als 1 ip 123 Up-> down
June 10-13:21:16 CEST: % HSRP-5-STATECHANGE: Vlan1 Grp 10 active state-> Speak
June 10-13:21:21 CEST: % FOLLOW-UP-5-STATE: accessibility of als 1 ip 123 Down-> Up
June 10-13:21:22 CEST: % HSRP-5-STATECHANGE: Vlan1 Grp 10 State Speak-> Active
June 10 at 13:36:26 CEST: % FOLLOW-UP-5-STATE: accessibility of als 1 ip 123 Up-> down
June 10 at 13:36:28 BST: % HSRP-5-STATECHANGE: Vlan1 Grp 10 active state-> Speak
June 10 at 13:36:31 CEST: % FOLLOW-UP-5-STATE: accessibility of als 1 ip 123 Down-> Up
June 10-13:36:34 CEST: % HSRP-5-STATECHANGE: Vlan1 Grp 10 State Speak-> ActiveMy understanding of the above config is that assets will be poll IP MPLS sponge at intervals of 10 seconds using ICMP. However based on the log above, it seems that the active router detects that a ping fails 13:36:26 but realizes then he returned at 13:36:31 only 5 seconds later. But if only, he asks every 10 seconds, wouldn't he at LEAST 10 seconds until what he questions again to see that it is?
Given the length and line noise on some of these sites MPLS, a small piece of packet loss and reduced speed is acceptable. However, I want to assure you that I understand perfectly followed works before I watch his sensitivity to allow perhaps more tolerance of adjustment.
Thanks for any help in advance. :)
Hello
Tracking queries ip SLA I think that every 5 sec (not sure on that) and your sending a ping every 10 seconds via ip sla
So if als Miss ping then the follow-up question again before an another sla ping and the follow-up will kick down your state of hrsp.
You have verified that the destination address sla is indeed available, then maybe try adding a delay to the State track down.
follow 123
deadline 30 downRES
Paul
-
FabricPath or OTV between two data center using Direct fiber cable
Hello
I have two data center both of them has the same equipment N7k, N5k and N2k, and we want the dataCenter being active/active, I'm really confused to use OTV or FabricPath characteristic, if someone can help me with my scenario and explain to me what is the best solution and advantage and disadvantage between OTV and PabrcPath.
Many thanks in advance
Hi Steven,
No problem, I'll go through your points as completely as possible. I advise you to read more about these protocols, maybe if you have access to INE or similar, see their videos on this. I would also like to say again that I have not seen all documentation Cisco indicating that FabricPath to be used as a DCI.
With regard to the way fabric you ask what follows...
1. only can use it between two datacenters of you have more we can't, please correct me?
No, you can use the path of fabric with more than two data centers, but even with OTV, you can use it with more than two data centers.
2. HSRP localization can not be implemented as OTV. However You can have two differnet Gateways at the Data Center 1 and 2 using two different HSRP groups. If server is moved dynamically from, (i didn't understand this point can you please explain with example?
OK, so this is a GREAT topic. Location of HSRP CAN be implemented with OTV, but cannot be implemented with fabric path. First hop redundancy protocols can be localized and is supported by Cisco with OTV, this basically allows the same default gateway to reside in two of your data centers providing the ACTIVE/ACTIVE configuration. So no matter where your VM is, they did not change their default, even if gateway your servers to move to the other datacenter.
If we didn't have this, we would have only an active member of HSRP divided between DC and things would be extremely troublesome in regard to traffic flows. A virtual machine in DC2 VLAN needs to talk to host in VLAN B. But the default gateway is completely in DC1. So frame is sent to the ICD in DC1, then the gateway by default, routes packets VLAN B. This VLAN B lies in fact in DC2, so now it has to go all the way back to DC2. You get my point...? :)
With localization happen only local to the domain controller. If all servers / VMS in the domain controller can speak locally to its "own" default gateway.
3. unknown unicast flooding (can you give me an example?)
Unknown unicast traffic is unicast packets/images with unknown destination mac address. By default, switches are flooding this type of traffic to all ports in the VLAN. With path of fabric that would take place during your DCI, but with OTV, it is all taken care locally, so massive savings on bandwidth here and it is much more effective.
4. ARP optimization between Data Center (can you give an example regarding ARP optimization?)
There is another function of OTV, which makes it far superior on the way of tissue. Essentially, we are reducing the volume of traffic passing through the transport infrastructure (i.e. ICD)
When ARP, host in DC1 to host that responds in DC2, we use links and there is travel time of package that might be minimal, but is not the most optimal. OTV AED - or edge device spy ARP response and subsequently knows that this mapping exists from there. ARP takes place after the first Protocol, the EDA almost proxy ARP to DC1 so the ARP request locally does not have to travel to DC2.
5. Typically two flows (Odd VLANs by OTV-VDC-1 and even vlans by OTV-VDC-2) carry the entire layer 2 traffic flow between the two Data Centes. Hence the load balancing the links is not efficient. ( (can you explain compare with FabricPath if you have example?)
IMHO, it's bad and good. Balance the workload of the OTV if you have more than an AED on site. VLAN strange appointment via an AED, even numbered VLAN go through the other. Depending on traffic on VLANs, this could become unbalanced. Fabric used by all its links to mac addresses 'route' to the respective SID - ID switch she needs to do. So perhaps a better uniformity of split here.
6. VLAN scalability for OTV is lower than FabricPath as of this content writing. (can you explain what this mean i didn't understand it)
I completely disagree with this comment. I too do not understand.
7. Resiliency of FabricPath network is better than OTV in some failure scenarios.(can me an example ?)
I also disagree with that. Resilience of path of fabric could be same as OTV or perhaps better. However, my personal experience is that OTV fine tuning with things like BFD failover is much faster!
Fabric is good because the control of aircraft ISIS and its operation is admirable, but could say the same for the OTV.
Lets say one of the DCI links had to die, the transmission of the tissue path would continue through the other links, then perhaps for low latency, high frequency, environments that would be beneficial. OTV will change the EDA and re - learn mac, announced by other AEDS, addresses, but as I said, the time could be extremely minimal and tuning. This isn't a big deal, unless you need under second time convergence!
I hope that I have answered your questions, I recommend use for your DCI OTV, use the path of fabric for your inside of local switching in your DC. This has been implemented repeatedly and the links I sent you the models validated Cisco also point out.
Remember - fabric has been built to be a step towards TRILL, and replacement of protocols spanning-tree, OTV was built especially for the dci. They are both built and examples of specific design. It makes no sense to get these confused or mixed up, unless there is a real and pressing the case.
Joel conclusion is right, use the right tools for the job. If the use case is good for the FP then OK, if not, OTV.
Rcmnd - reading http://www.packetmischief.ca/2013/04/23/DCI-series-overlay-transport-vir...
These are just my thoughts.
Bilal (CCIE #45032)
-
How to configure the FWSM with HSRP support
Hi all
We have 2 * 6500 Series switches with each FWSM core installed.
There are some users of VLANs (each floor) and a lot of servers inside that belong to some other VLANs.
Basic switches have been configured with redundancy HSRP (active/passive).
Today, I am picky with FWSM routed mode configuration.
There is no problem with the default configuration and testing,
I mean assigning VLANS to FWSM and delete addresses IP of MSFC.
But unfortunately whenever I have such a configuration, do I lose naturally redundancy between switches.
In our situation HSRP is a must.
Is it possible to fix this design in routed mode, with support HSRP. ?
Thank you
Erdem.
Hi Erdem,
(correct me if I'm wrong, Jon) - If you remove all the Lass you must route all traffic of course the FWSM.
What we did was to create a transfer network (VLAN) with a SVI and FWSM inside external interface. Now, the default gateway on the FWSM is on the IP address of the SVI. So most of the range is configured on the switch.
Kind regards
Jürgen
Maybe you are looking for
-
Drive external DRIVE with Boot Camp Win8.1 only recognized by a Mac?
I need to create a HARD drive containing Windows 8.1 for a retina 2015 13 "MacBook Pro with a small SSD. If I understand correctly, Boot Camp wouldn't install Windows on what be it external. I used a 2012 MacBook Pro 13 "and the Boot Camp Assistant u
-
I recently created a Skype account associated with my microsoft account like he told me to post a bond with her. I then separate this account from my microsoft account. I then create a new Skype account with my account microsoft even, but then I real
-
Slot Y510p m2 NGFF SSD - drive is not identified
Hi all! I just installed my new SSD 128 GB (MyDigitalSSD SC2 Super Cache 2 42mm SATA III 6 G m2 NGFF M2 SSD Solid State Drive 128 GB) on my Lenovo Y510p (59406634), but when I turned the laptop on the drive was not recognized by the BIOS, in manageme
-
Error 0x8100000A occurs due to a previously failed backup.
I'm running Windows Vista Ultimate and I get an error (0x8100000A) since the last backup failed, how can I fix it or start a new backup, I have first back up on DVD and I want to enjoy my staff to backup to an external drive fat32
-
OfficeJet Pro 8610: Printing Photos
Hello I have an Officejet Pro 8610 and whenever I try to print photos on photo paper, that the pictures come out running together and wet with I can do to fix this