rep, asymmetric routing and hsrp - wordpress.com · rep, asymmetric routing and hsrp sohail sipra 3...

REP, Asymmetric Routing

and HSRP

2013

SOHAIL SIPRA

SASIPRA.WORDPRESS.COM | [email protected]

REP, Asymmetric Routing and HSRP

SOHAIL SIPRA 1

Table of Contents 1 Introduction .......................................................................................................................................... 2

1.1 Problem Statement ....................................................................................................................... 2

1.2 Topology........................................................................................................................................ 2

1.3 Configuration ................................................................................................................................ 3

2 Traffic Flow .......................................................................................................................................... 10

2.1 Traffic from Host (H1) on REP Segment-1 ................................................................................... 10

2.2 Traffic to Host (H1) on REP Segment-1 ....................................................................................... 11

2.3 Traffic from Host (H2) on REP Segment-2 ................................................................................... 12

2.4 Traffic to Host (H2) on REP Segment-2 ....................................................................................... 13

3 Consequence of Paths ......................................................................................................................... 14


SOHAIL SIPRA 2

REP (Resilience Ethernet Protocols), Asymmetric Routing and HSRP 1 Introduction

1.1 Problem Statement

Cisco has explained the Asymmetric Routing and HSRP in its document, (cisco Document). The document

explains how HSRP with Asymmetric Routing results in excessive unknown unicast flooding.

To explain the phenomena, its document mentioned two routers runs two HSRP instances for two VLAN,

one router active for one VLAN and other Router for another VLAN. And both routers serve as a default

gateway for one host connect to it, in the VLAN for which it is the Active HSRP peer.

1.2 Topology

Here I will try to explain same phenomena with following topology:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml#t8


SOHAIL SIPRA 3

Two REP (Resilience Ethernet Protocol) rings are connected around two routers (cisco 7600 + RSP720).

Hosts, connected on the rings, are in same Vlan (Vlan 600). Dot1q Trunks runs through switches

(ME3400) and Routers to create a layer 2 domain for VLAN 600.

7600-A and 7600-B have implemented HSRP for VLAN 600. 7600-A is standby whereas 7600-B is Active

peer.

For sake load balancing Primary-Edge port of REP-Segment-1 terminate on 7600-A and REP-Segment-2’s

primary port on 7600-B. Edge Ports of both segments are terminated on alternate routers, for Segment-

1 it is 7600-B and for Segment-2 it is 7600-A. Traffic in REP Segment-1 and Segment-2 flow towards

7600-A and 7600-B respectively.

To have a traffic flow in & out of VLAN 600, a Host (Svr) in connected on 7600-C. To simulate

asymmetric routing, for this case study, static routes are configured between 7600-A, 7600-b and 7600-

C.

1.3 Configuration

Router: 7600-A Configuration

vlan 3

name REP-Admin

!

vlan 5

name Native-Vlan

!

vlan 600

name HSRP

!

interface Vlan600

description *** HSPR StandBy GW for VLAN 600***

ip address 10.0.0.253 255.255.255.0

standby 6 ip 10.1.90.6

standby 6 priority 91

standby 6 preempt

!

interface Port-channel1

description *** REP-HSRP-L2-TRUNK ***

switchport

http://www.cisco.com/en/US/prod/collateral/switches/ps6568/ps6580/prod_white_paper0900aecd806ec6fa.pdf


SOHAIL SIPRA 4

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,5,600

switchport mode trunk

!

interface GigabitEthernet1/1

description *** REP-SEG1_PRIMARY-EDGE-PORT ***

switchport


switchport trunk native vlan 5



rep segment 1 edge primary

rep preempt delay 15

rep block port id 0003C47D4FBD5980 vlan 1-4094

!


description *** REP-SEG2_EDGE-PORT ***

switchport





rep segment 2 edge

!


description *** Connected to 7600-C(Gig5/1) ***

ip address 10.1.0.5 255.255.255.252

!



ip address 10.1.0.9 255.255.255.252

!

ip route 10.2.0.0 255.255.255.0 10.1.0.6


SOHAIL SIPRA 5

Router: 7600-B Configuration

vlan 3

name REP-Admin

!

vlan 5

name Native-Vlan

!

vlan 600

name HSRP

!

interface Vlan600

description *** HSPR StandBy GW for VLAN 600***

ip address 10.0.0.254 255.255.255.0

standby 6 ip 10.1.90.6

standby 6 priority 92

standby 6 preempt

!



switchport




!


description *** REP-SEG2_PRIMARY-EDGE-PORT ***

switchport





rep segment 2 edge primary

rep preempt delay 15

rep block port id 0003C47D4FBD6690 vlan 1-4094

!



SOHAIL SIPRA 6

description *** REP-SEG1_EDGE-PORT ***

switchport





rep segment 1 edge

!


description *** Connected to 7600-C(Gig5/1) ***

ip address 10.1.0.1 255.255.255.252

!



ip address 10.1.0.10 255.255.255.252

!

ip route 10.2.0.0 255.255.255.0 10.1.0.2

Router: 7600-C Configuration


description *** Connected to Server ***

ip address 10.2.0.1 255.255.255.0

!


description *** Connected to 7600-B(Gig5/1) ***

ip address 10.1.0.2 255.255.255.252

!


description *** Connected to 7600-A(Gig5/1) ***

ip address 10.1.0.6 255.255.255.252

!

ip route 10.0.0.0 255.255.255.0 10.1.0.5


SOHAIL SIPRA 7

Switch: Sw-1 to Sw-4 Configuration

vlan 3

name REP-Admin

!

vlan 5

name Native-Vlan

!

vlan 600

name HSRP

!


description *** Access-Sw REP-Segment-1 Port ***

port-type nni



rep segment 1

!



port-type nni



rep segment 1

Switch: Sw-5 Configuration

vlan 3

name REP-Admin

!

vlan 5

name Native-Vlan

!

vlan 600

name HSRP

!

interface FastEthernet0/1


SOHAIL SIPRA 8

description *** Connected to Host-1***

port-type uni

switchport mode access

switchport access vlan 600!

!



port-type nni



rep segment 1

!



port-type nni



rep segment 1

Switch: Sw-6 and Sw-8 to Sw-10 Configuration

vlan 3

name REP-Admin

!

vlan 5

name Native-Vlan

!

vlan 600

name HSRP

!



port-type nni




SOHAIL SIPRA 9

rep segment 2

!



port-type nni


rep segment 2

Switch: Sw-7 Configuration

vlan 3

name REP-Admin

!

vlan 5

name Native-Vlan

!

vlan 600

name HSRP

interface FastEthernet0/1

description *** Connected to Host-2***

port-type uni

switchport mode access

switchport access vlan 600

!



port-type nni



rep segment 2

!



port-type nni



rep segment 2


SOHAIL SIPRA 10

2 Traffic Flow

2.1 Traffic from Host (H1) on REP Segment-1

1. H1 (10.0.0.10) send to packet to Svr (10.2.0.2)

2. H1 has to send packet to 7600-B (VIP_10.0.0.1 ), as 7600-B is an active HSRP and so acting as GW

a. So H1 broadcast ARP Request to find MAC for Virtual IP address 10.0.0.1

b. All Networking nodes, configured with vlan 600 (all Switch Sw-1 to Sw-10, 7600-A, 7600-

B and H2) hears the broadcast from H1. But being active HSRP peer with virtual IP

10.0.0.1 7600-B replies the broadcast with virtual MAC.

3. The H1 broadcasted ARP Request, provide H1’s MAC address to all network devices mentioned

in 2-b. and build ARP entry in 7600-B ARP table with H1’s IP Address & MAC address

4. The 7600-B unicast Reply, provide Virtual MAC address to all device mentioned in in the path to

H1 (devices: Sw5, Sw4, Sw3, Sw2, Sw1, 7600-A and 7600-B) and provide data for ARP table of

H1 with Virtual IP Address & Virtual MAC address.

5. Now data traffic can be forward from H1 to 7600-B for Svr.

a. This data traffic will keep on resetting MAC address timer of H1’s MAC Address in all the

device in the path to 7600-B

i. Devices are : Sw5, Sw4, Sw3, Sw2, Sw1, 7600-A and 7600-B


SOHAIL SIPRA 11

b. Devices like Sw-6, Sw-7, Sw-8, Sw-9 and Sw-10 did heard ARP broadcast from H1 and

entered its MAC Address in their MAC tables. But since then they didn’t received any

frame sourced by H1 MAC address for this communication session (H1Svr)

2.2 Traffic to Host (H1) on REP Segment-1

1. Now Svr (10.2.0.2) want to send reply to H1

2. Svr send ARP Request for its GW (10.2.0.1) and 7600-C replied, both ARP table populated with IP

& MAC pair of each other.

3. Svr (10.2.0.2) forward frame to 7600-C (10.2.0.1), 7600-C route the packet towards 7600-A

because of Static Route configure for 10.0.0.0/24 towards 10.1.0.5

4. 7600-A received the packet for (H1)10.0.0.10. Routing finds the fact that host H1 (10.0.0.10) is

on connected network. So, router generate an ARP request for host H1 (10.0.0.10).

a. So 7600-A broadcast ARP Request to find MAC for IP address 10.0.0.10

b. All Networking nodes, configured with VLAN 600 (all Switch Sw-1 to Sw-10, 7600-A, 7600-

B, H1 and H2 ) hears the broadcast from 7600-A. But only host (H1) 10.0.0.10 replies

the broadcast with its MAC.


SOHAIL SIPRA 12

5. The 7600-A ARP broadcasted Request, provide 7600-A SVI600 MAC address (bia MAC Address) to

all device mentioned in 4-b. and build ARP entry in Host (H1) ARP table with 7600-A’s IP

Address & MAC address

6. The Host H1(10.0.0.10) unicast Reply, reset the timer of the entry of its MAC address in MAC

table all devices in the path[Sw-5, Sw-4, Sw-3, Sw-2, Sw-1 and 7600-A] to 7600-A (as they have

already learned its MAC address in section 2.1 bullet 3 ) and provide data for ARP table of

7600-A with its IP Address & its MAC address

7. Now data traffic can be forward from Svr to H1 via 7600-A.

a. This data traffic will keep on resetting MAC address timer of 7600-A’s SVI600 MAC

Address (bia MAC Address) in all the device in the path to H1.

i. Devices are : Sw-1, Sw-2, Sw-3, Sw-4, Sw-5, 7600-A

b. Devices like 7600-B, Sw-6, Sw-7, Sw-8, Sw-9 and Sw-10 did heard ARP broadcast from

7600-A and entered its MAC Address in their MAC tables. But they didn’t received any

frame sourced by 7600-A MAC address for this communication (SvrH1)

2.3 Traffic from Host (H2) on REP Segment-2

1. H2 (10.0.0.11) send to packet to Svr (10.2.0.2)

2. H2 has to send packet to 7600-B (VIP_10.0.0.1 ), as 7600-B is an active HSRP and acting as GW


SOHAIL SIPRA 13

a. So H2 broadcast ARP Request to find MAC for Virtual IP address 10.0.0.1

b. All Networking nodes, configured with VLAN 600 (all Switch Sw-1 to Sw-10, 7600-A, 7600-

B and H1) hears the broadcast from H2. But being active HSRP peer with virtual IP

10.0.0.1 7600-B replies the broadcast with virtual MAC.

3. The H2 ARP broadcasted Request, provide H2’s MAC address to all network devices mentioned

in 2-b. and build ARP entry in 7600-B ARP table with H2’s IP Address & MAC address

4. The 7600-B unicast Reply, provide Virtual MAC address to all device in path to H2 [device: Sw-6,

Sw-7] and provide data for ARP table of H2 with Virtual IP Address & Virtual MAC address.

5. Now data traffic can be forward from H2 to 7600-B for Svr.

a. This data traffic will keep on resetting MAC address timer of H2’s MAC Address in MAC

table all devices in the path to 7600-B

i. Devices are : Sw7, Sw6 and 7600-B

b. Devices like Sw-1, Sw-2, Sw-3, Sw-4, Sw-5, Sw-8, Sw-9, Sw-10, 7600-A did heard ARP

broadcast from H2 and entered its MAC Address in their MAC tables. But they didn’t

received any frame sourced by H2 MAC address for this communication (H2Svr)

2.4 Traffic to Host (H2) on REP Segment-2

1. Now Svr (10.2.0.2) want to send reply to H2


SOHAIL SIPRA 14

2. Svr (10.2.0.2 ) search its ARP Cache to find the MAC of its GW(10.2.0.1) and got it .

[Note: ARP cache was build when Svr reply to H1 describe in section 2.2. ARP Cache can be

used if time difference between “reply to H1” & “reply to H2” is less than 4 hours otherwise

ARP request will be regenerated]

3. Svr (10.2.0.2) forward frame to 7600-C (10.2.0.1), 7600-C route the packet towards 7600-A

because of Static Route configure for 10.0.0.0/24 towards 10.1.0.5

4. 7600-A received the packet for (H2)10.0.0.11. Routing finds the fact that host H2 (10.0.0.11) is

on connected network. So, router generate an ARP request for host H2 (10.0.0.11).

a. So 7600-A broadcast ARP Request to find MAC for IP address 10.0.0.11

b. All Networking nodes, configured with vlan 600 (all Switch Sw-1 to Sw-10,7600-A, 7600-

B, H1 and H2) hears the broadcast from 7600-A. But only host H2 (10.0.0.11) replies the

broadcast with its MAC.

5. The 7600-A broadcasted ARP Request, provide 7600-A SVI600 MAC address (bia MAC Address) to

all device mentioned in 4-b, those who have MAC address will reset the timer and those don’t,

they register its MAC address. This ARP Request also build ARP entry in Host (H2) ARP table

with 7600-A’s IP Address & MAC address

6. The Host H2(10.0.0.11) unicast Reply, reset the timer of the entry of its MAC address in MAC

table of the devices in path to 7600-A [devices: Sw-7, Sw-6, 7600-B] (as they have already

learned its MAC address in previous section’s 2.3 bullet 3 ) and provide data for ARP table of

7600-A with its IP Address & its MAC address.

7. Now data traffic can be forward from Svr to H2 via 7600-A.

a. This data traffic will keep on resetting MAC address timer of 7600-A’s SVI600 MAC

Address (bia MAC Address) in all the device in the path to H2.

i. Devices are : Sw6, Sw7, 7600-A and 7600-B

ii. Devices like Sw-1, Sw-2, Sw-3, Sw-4, Sw-5, Sw-8, Sw-

9, Sw-10 did heard ARP broadcast from 7600-A and entered its MAC

Address in their MAC tables. But if they didn’t received any frame sourced by 7600-A MAC address for this communication (SvrH2)

3 Consequence of Paths In above section we have seen four paths

1. Two for H1 and Svr communication

a. (Forward) H1 Sw-5 Sw-4 Sw-3 Sw-2 Sw-1 7600-A 7600-B 7600-C Svr b. (Return) Svr 7600-C 7600-A Sw-1 Sw-2 Sw-3 Sw-4 Sw-5 H1

2. Two for H2 and Svr communication

a. (Forward) H2 Sw-7 7600-B 7600-C Svr b. (Return) Svr 7600-C 7600-A 7600-A Sw-6 Sw-7 H2

So, for H1 and Svr communication, frames travel on forward path keep on updating the MAC tables (with the source: H1 MAC address) of the all devices that will going to be used for return traffic. But in case of H2 and Svr communication, frames travel on forward path do not update MAC table of 7600-A, 7600-A has to learn the MAC Address of H2 through ARP process. ARP take 4 hours to flush the ARP entry whereas 7600-A MAC address table flush the entry after 5 mins. So 7600-A doesn’t find the MAC Address of H2 in its table after five from ARP reply received, and it has to flood packets to ports carry VLAN 600. When flooded packet reach 7600-B, it finds the MAC address of H2 and forward to correct port. When flooded packet reach Sw-1 it again flood to all ports expect form where it received the frame and this flooding will go on for all switches in REP Segment -1.

rep, asymmetric routing and hsrp - wordpress.com · rep, asymmetric routing and hsrp sohail sipra 3...

Documents