Rep Asymmetric-Routing hsrp2

2013
REP, Asymmetric Routing

and HSRP
SOHAIL SIPRA
SASIPRA.WORDPRESS.COM | sipra@live.com
REP, Asymmetric Routing and HSRP
Table of Contents
1 Introduction .......................................................................................................................................... 2
1.1 Problem Statement ....................................................................................................................... 2
1.2 Topology........................................................................................................................................ 2
1.3 Configuration ................................................................................................................................ 3
2 Traffic Flow.......................................................................................................................................... 10
2.1 Traffic from Host (H1) on REP Segment-1................................................................................... 10
2.2 Traffic to Host (H1) on REP Segment-1 ....................................................................................... 11
2.3 Traffic from Host (H2) on REP Segment-2................................................................................... 12
2.4 Traffic to Host (H2) on REP Segment-2 ....................................................................................... 13
3 Consequence of Paths......................................................................................................................... 14
SOHAIL SIPRA 1
REP (Resilience Ethernet Protocols), Asymmetric Routing

and HSRP
1 Introduction
1.1 Problem Statement
Cisco has explained the Asymmetric Routing and HSRP in its document, (cisco Document). The document
explains how HSRP with Asymmetric Routing results in excessive unknown unicast flooding.
To explain the phenomena, its document mentioned two routers runs two HSRP instances for two VLAN,
one router active for one VLAN and other Router for another VLAN. And both routers serve as a default
gateway for one host connect to it, in the VLAN for which it is the Active HSRP peer.
1.2 Topology
Here I will try to explain same phenomena with following topology:
SOHAIL SIPRA 2
Two REP (Resilience Ethernet Protocol) rings are connected around two routers (cisco 7600 + RSP720).
Hosts, connected on the rings, are in same Vlan (Vlan 600). Dot1q Trunks runs through switches
(ME3400) and Routers to create a layer 2 domain for VLAN 600.
7600-A and 7600-B have implemented HSRP for VLAN 600. 7600-A is standby whereas 7600-B is Active
peer.
For sake load balancing Primary-Edge port of REP-Segment-1 terminate on 7600-A and REP-Segment-2’s
primary port on 7600-B. Edge Ports of both segments are terminated on alternate routers, for Segment-
1 it is 7600-B and for Segment-2 it is 7600-A. Traffic in REP Segment-1 and Segment-2 flow towards
7600-A and 7600-B respectively.
To have a traffic flow in & out of VLAN 600, a Host (Svr) in connected on 7600-C. To simulate
asymmetric routing, for this case study, static routes are configured between 7600-A, 7600-b and 7600-
C.
1.3 Configuration
Router: 7600-A Configuration
vlan 3
name REP-Admin
!
vlan 5
name Native-Vlan
!
vlan 600
name HSRP
!
interface Vlan600
description *** HSPR StandBy GW for VLAN 600***
ip address 10.0.0.253 255.255.255.0
standby 6 ip 10.1.90.6
standby 6 priority 91
standby 6 preempt
!
interface Port-channel1
description *** REP-HSRP-L2-TRUNK ***
switchport
SOHAIL SIPRA 3
switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,5,600
switchport mode trunk
!
interface GigabitEthernet1/1
description *** REP-SEG1_PRIMARY-EDGE-PORT ***
switchport
switchport trunk native vlan 5
rep segment 1 edge primary
rep preempt delay 15
rep block port id 0003C47D4FBD5980 vlan 1-4094
!
description *** REP-SEG2_EDGE-PORT ***
switchport
rep segment 2 edge
!
description *** Connected to 7600-C(Gig5/1) ***
ip address 10.1.0.5 255.255.255.252
!
ip address 10.1.0.9 255.255.255.252
!
ip route 10.2.0.0 255.255.255.0 10.1.0.6
SOHAIL SIPRA 4
Router: 7600-B Configuration

vlan 3
name REP-Admin
!
vlan 5
name Native-Vlan
!
vlan 600
name HSRP
!
interface Vlan600
description *** HSPR StandBy GW for VLAN 600***
ip address 10.0.0.254 255.255.255.0
standby 6 ip 10.1.90.6
standby 6 priority 92
standby 6 preempt
!
switchport
!
description *** REP-SEG2_PRIMARY-EDGE-PORT ***
switchport
rep segment 2 edge primary
rep preempt delay 15
rep block port id 0003C47D4FBD6690 vlan 1-4094
!
SOHAIL SIPRA 5
description *** REP-SEG1_EDGE-PORT ***

switchport
rep segment 1 edge
!
description *** Connected to 7600-C(Gig5/1) ***
ip address 10.1.0.1 255.255.255.252
!
ip address 10.1.0.10 255.255.255.252
!
ip route 10.2.0.0 255.255.255.0 10.1.0.2
Router: 7600-C Configuration

description *** Connected to Server ***
ip address 10.2.0.1 255.255.255.0
!
description *** Connected to 7600-B(Gig5/1) ***
ip address 10.1.0.2 255.255.255.252
!
description *** Connected to 7600-A(Gig5/1) ***
ip address 10.1.0.6 255.255.255.252
!
ip route 10.0.0.0 255.255.255.0 10.1.0.5
SOHAIL SIPRA 6
Switch: Sw-1 to Sw-4 Configuration

vlan 3
name REP-Admin
!
vlan 5
name Native-Vlan
!
vlan 600
name HSRP
!
description *** Access-Sw REP-Segment-1 Port ***
port-type nni
rep segment 1
!
port-type nni
rep segment 1
Switch: Sw-5 Configuration

vlan 3
name REP-Admin
!
vlan 5
name Native-Vlan
!
vlan 600
name HSRP
!
interface FastEthernet0/1
SOHAIL SIPRA 7
description *** Connected to Host-1***

port-type uni
switchport mode access
switchport access vlan 600!
!
port-type nni
rep segment 1
!
port-type nni
rep segment 1
Switch: Sw-6 and Sw-8 to Sw-10 Configuration

vlan 3
name REP-Admin
!
vlan 5
name Native-Vlan
!
vlan 600
name HSRP
!
port-type nni
SOHAIL SIPRA 8
rep segment 2
!
port-type nni
rep segment 2
Switch: Sw-7 Configuration

vlan 3
name REP-Admin
!
vlan 5
name Native-Vlan
!
vlan 600
name HSRP
interface FastEthernet0/1
description *** Connected to Host-2***
port-type uni
switchport mode access
switchport access vlan 600
!
port-type nni
rep segment 2
!
port-type nni
rep segment 2
SOHAIL SIPRA 9
2 Traffic Flow
2.1 Traffic from Host (H1) on REP Segment-1
1. H1 (10.0.0.10) send to packet to Svr (10.2.0.2)

2. H1 has to send packet to 7600-B (VIP_10.0.0.1 ), as 7600-B is an active HSRP and so acting as GW
a. So H1 broadcast ARP Request to find MAC for Virtual IP address 10.0.0.1
b. All Networking nodes, configured with vlan 600 (all Switch Sw-1 to Sw-10, 7600-A, 7600-
B and H2) hears the broadcast from H1. But being active HSRP peer with virtual IP
10.0.0.1 7600-B replies the broadcast with virtual MAC.
3. The H1 broadcasted ARP Request, provide H1’s MAC address to all network devices mentioned
in 2-b. and build ARP entry in 7600-B ARP table with H1’s IP Address & MAC address
4. The 7600-B unicast Reply, provide Virtual MAC address to all device mentioned in in the path to
H1 (devices: Sw5, Sw4, Sw3, Sw2, Sw1, 7600-A and 7600-B) and provide data for ARP table of
H1 with Virtual IP Address & Virtual MAC address.
5. Now data traffic can be forward from H1 to 7600-B for Svr.
a. This data traffic will keep on resetting MAC address timer of H1’s MAC Address in all the
device in the path to 7600-B
i. Devices are : Sw5, Sw4, Sw3, Sw2, Sw1, 7600-A and 7600-B
SOHAIL SIPRA 10
b. Devices like Sw-6, Sw-7, Sw-8, Sw-9 and Sw-10 did heard ARP broadcast from H1 and
entered its MAC Address in their MAC tables. But since then they didn’t received any
frame sourced by H1 MAC address for this communication session (H1 Svr)
2.2 Traffic to Host (H1) on REP Segment-1
1. Now Svr (10.2.0.2) want to send reply to H1

2. Svr send ARP Request for its GW (10.2.0.1) and 7600-C replied, both ARP table populated with IP
& MAC pair of each other.
3. Svr (10.2.0.2) forward frame to 7600-C (10.2.0.1), 7600-C route the packet towards 7600-A
because of Static Route configure for 10.0.0.0/24 towards 10.1.0.5
4. 7600-A received the packet for (H1)10.0.0.10. Routing finds the fact that host H1 (10.0.0.10) is
on connected network. So, router generate an ARP request for host H1 (10.0.0.10).
a. So 7600-A broadcast ARP Request to find MAC for IP address 10.0.0.10
b. All Networking nodes, configured with VLAN 600 (all Switch Sw-1 to Sw-10, 7600-A, 7600-
B, H1 and H2 ) hears the broadcast from 7600-A. But only host (H1) 10.0.0.10 replies
the broadcast with its MAC.
SOHAIL SIPRA 11
5. The 7600-A ARP broadcasted Request, provide 7600-A SVI600 MAC address (bia MAC Address) to
all device mentioned in 4-b. and build ARP entry in Host (H1) ARP table with 7600-A’s IP
Address & MAC address
6. The Host H1(10.0.0.10) unicast Reply, reset the timer of the entry of its MAC address in MAC
table all devices in the path[Sw-5, Sw-4, Sw-3, Sw-2, Sw-1 and 7600-A] to 7600-A (as they have
already learned its MAC address in section 2.1 bullet 3 ) and provide data for ARP table of
7600-A with its IP Address & its MAC address
7. Now data traffic can be forward from Svr to H1 via 7600-A.
a. This data traffic will keep on resetting MAC address timer of 7600-A’s SVI600 MAC
Address (bia MAC Address) in all the device in the path to H1.
i. Devices are : Sw-1, Sw-2, Sw-3, Sw-4, Sw-5, 7600-A
b. Devices like 7600-B, Sw-6, Sw-7, Sw-8, Sw-9 and Sw-10 did heard ARP broadcast from
7600-A and entered its MAC Address in their MAC tables. But they didn’t received any
frame sourced by 7600-A MAC address for this communication (SvrH1)
2.3 Traffic from Host (H2) on REP Segment-2
1. H2 (10.0.0.11) send to packet to Svr (10.2.0.2)

2. H2 has to send packet to 7600-B (VIP_10.0.0.1 ), as 7600-B is an active HSRP and acting as GW
SOHAIL SIPRA 12
a. So H2 broadcast ARP Request to find MAC for Virtual IP address 10.0.0.1

b. All Networking nodes, configured with VLAN 600 (all Switch Sw-1 to Sw-10, 7600-A, 7600-
B and H1) hears the broadcast from H2. But being active HSRP peer with virtual IP
10.0.0.1 7600-B replies the broadcast with virtual MAC.
3. The H2 ARP broadcasted Request, provide H2’s MAC address to all network devices mentioned
in 2-b. and build ARP entry in 7600-B ARP table with H2’s IP Address & MAC address
4. The 7600-B unicast Reply, provide Virtual MAC address to all device in path to H2 [device: Sw-6,
Sw-7] and provide data for ARP table of H2 with Virtual IP Address & Virtual MAC address.
5. Now data traffic can be forward from H2 to 7600-B for Svr.
a. This data traffic will keep on resetting MAC address timer of H2’s MAC Address in MAC
table all devices in the path to 7600-B
i. Devices are : Sw7, Sw6 and 7600-B
b. Devices like Sw-1, Sw-2, Sw-3, Sw-4, Sw-5, Sw-8, Sw-9, Sw-10, 7600-A did heard ARP
broadcast from H2 and entered its MAC Address in their MAC tables. But they didn’t
received any frame sourced by H2 MAC address for this communication (H2Svr)
2.4 Traffic to Host (H2) on REP Segment-2
1. Now Svr (10.2.0.2) want to send reply to H2
SOHAIL SIPRA 13
2. Svr (10.2.0.2 ) search its ARP Cache to find the MAC of its GW(10.2.0.1) and got it .
[Note: ARP cache was build when Svr reply to H1 describe in section 2.2. ARP Cache can be
used if time difference between “reply to H1” & “reply to H2” is less than 4 hours otherwise
ARP request will be regenerated]
3. Svr (10.2.0.2) forward frame to 7600-C (10.2.0.1), 7600-C route the packet towards 7600-A
because of Static Route configure for 10.0.0.0/24 towards 10.1.0.5
4. 7600-A received the packet for (H2)10.0.0.11. Routing finds the fact that host H2 (10.0.0.11) is
on connected network. So, router generate an ARP request for host H2 (10.0.0.11).
a. So 7600-A broadcast ARP Request to find MAC for IP address 10.0.0.11
b. All Networking nodes, configured with vlan 600 (all Switch Sw-1 to Sw-10,7600-A, 7600-
B, H1 and H2) hears the broadcast from 7600-A. But only host H2 (10.0.0.11) replies the
broadcast with its MAC.
5. The 7600-A broadcasted ARP Request, provide 7600-A SVI600 MAC address (bia MAC Address) to
all device mentioned in 4-b, those who have MAC address will reset the timer and those don’t,
they register its MAC address. This ARP Request also build ARP entry in Host (H2) ARP table
with 7600-A’s IP Address & MAC address
6. The Host H2(10.0.0.11) unicast Reply, reset the timer of the entry of its MAC address in MAC
table of the devices in path to 7600-A [devices: Sw-7, Sw-6, 7600-B] (as they have already
learned its MAC address in previous section’s 2.3 bullet 3 ) and provide data for ARP table of
7600-A with its IP Address & its MAC address.
7. Now data traffic can be forward from Svr to H2 via 7600-A.
a. This data traffic will keep on resetting MAC address timer of 7600-A’s SVI600 MAC
Address (bia MAC Address) in all the device in the path to H2.
i. Devices are : Sw6, Sw7, 7600-A and 7600-B
ii. Devices like Sw-1, Sw-2, Sw-3, Sw-4, Sw-5, Sw-8, Sw-
9, Sw-10 did heard ARP broadcast from 7600-A and entered its MAC
Address in their MAC tables. But if they didn’t received any frame
sourced by 7600-A MAC address for this communication (SvrH2)
3 Consequence of Paths
In above section we have seen four paths
1. Two for H1 and Svr communication
a. (Forward) H1  Sw-5  Sw-4  Sw-3  Sw-2  Sw-1  7600-A  7600-B  7600-C  Svr
b. (Return) Svr 7600-C 7600-A  Sw-1  Sw-2  Sw-3  Sw-4  Sw-5  H1
2. Two for H2 and Svr communication
a. (Forward) H2  Sw-7  7600-B  7600-C  Svr
b. (Return) Svr 7600-C 7600-A  7600-A  Sw-6  Sw-7  H2
So, for H1 and Svr communication, frames travel on forward path keep on updating the MAC tables
(with the source: H1 MAC address) of the all devices that will going to be used for return traffic. But in
case of H2 and Svr communication, frames travel on forward path do not update MAC table of 7600-A,
7600-A has to learn the MAC Address of H2 through ARP process. ARP take 4 hours to flush the ARP
entry whereas 7600-A MAC address table flush the entry after 5 mins.
So 7600-A doesn’t find the MAC Address of H2 in its table after five from ARP reply received, and it has
to flood packets to ports carry VLAN 600.
When flooded packet reach 7600-B, it finds the MAC address of H2 and forward to correct port. When
flooded packet reach Sw-1 it again flood to all ports expect form where it received the frame and this
flooding will go on for all switches in REP Segment -1.
SOHAIL SIPRA 14

Rep Asymmetric-Routing hsrp2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Rep Asymmetric-Routing hsrp2

Uploaded by

Copyright:

Available Formats

2013

REP, Asymmetric Routing

REP (Resilience Ethernet Protocols), Asymmetric Routing

switchport trunk encapsulation dot1q

Router: 7600-B Configuration

description * REP-SEG1_EDGE-PORT *

Router: 7600-C Configuration

Switch: Sw-1 to Sw-4 Configuration

Switch: Sw-5 Configuration

description * Connected to Host-1*

Switch: Sw-6 and Sw-8 to Sw-10 Configuration

Switch: Sw-7 Configuration

1. H1 (10.0.0.10) send to packet to Svr (10.2.0.2)

2.2 Traffic to Host (H1) on REP Segment-1

1. Now Svr (10.2.0.2) want to send reply to H1

2.3 Traffic from Host (H2) on REP Segment-2

1. H2 (10.0.0.11) send to packet to Svr (10.2.0.2)

a. So H2 broadcast ARP Request to find MAC for Virtual IP address 10.0.0.1

2.4 Traffic to Host (H2) on REP Segment-2

1. Now Svr (10.2.0.2) want to send reply to H2

You might also like