HSRP MAC Flap

Hey People,

I have a very strange issue in my lab

Router 1 Interface:
interface GigabitEthernet0/0
 ip address 10.10.10.2 255.255.255.0
 standby version 2
 standby 1 ip 10.10.10.1
 standby 1 timers 1 3
 standby 1 priority 120
 standby 1 preempt delay reload 120

 

Router 2 Interface:
interface GigabitEthernet0/0
 ip address 10.10.10.7 255.255.255.0
 standby version 2
 standby 1 ip 10.10.10.1
 standby 1 timers 1 3
 standby 1 priority 85
 standby 1 preempt delay reload 120

 

Very strangely , this is what I see in the switch :

Switch-1#sh mac address-table | i 1/0/48  ----------------> This is Router (1)
  10    0000.0c9f.f001    DYNAMIC     Gi1/0/48
  10    c89c.1dcd.a580    DYNAMIC     Gi1/0/48
Switch-1#sh mac address-table | i 2/0/46 --------------------> This is Router (2)
  10    7081.05c9.ad00    DYNAMIC     Gi2/0/46

 

I have constant MAC flap on these two switch interfaces where there should be none and HSRP should work normally!

Any idea?

 

 

Thanks
Sam

Comments

  • Looks like R1 is the HSRP Active, as expected per the configuration. Which MAC address is flapping?Also paste the log message.

  • ssg14ssg14 ✭✭ ✭✭

    Thanks Cristian,

     

    Another strange thing is I have one way ping :

    Router-1#ping 10.10.10.7
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.10.10.7, timeout is 2 seconds:
    .!!!!
    Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms
    Router-1#

     

    Router-2#ping 10.10.10.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)
    Router-2#

     

    What log do you need me to paste here?

     

     

    Thanks
    Sam

  • Very strangely , this is what I see in the switch :

    Switch-1#sh mac address-table | i 1/0/48  ----------------> This is Router (1)
      10    0000.0c9f.f001    DYNAMIC     Gi1/0/48
      10    c89c.1dcd.a580    DYNAMIC     Gi1/0/48
    Switch-1#sh mac address-table | i 2/0/46 --------------------> This is Router (2)
      10    7081.05c9.ad00    DYNAMIC     Gi2/0/46

    I see you have the interface information formatted as if they are splitted across two different module switch. Are you sure the two devices are on the same vlan? Because if the active router cannot see the other one, the virtual mac address could bounce between the two interface and you should see flapping ports because each one elects itself as active. I saw this exact problem around few time ago.

    But i agree with Cristian, if you send us some logs and more informations we could help you to spot the issue better.

     

  • If you look on the left column, it is the same VLAN, namely VLAN 10.

    Clearly you could, temporarily have a MAC flap of the VMAC, in case both routers consider themselves to be active, initially before they see each other; but if this is persistent, as the HSRP config looks good, you could have a L2 issue; also post the output of "show standby" from both routers.

  • ssg14ssg14 ✭✭ ✭✭

    Please check below:

     

    Switch is a 2960 stacked switch:

    Switch-1#sh switch
    Switch/Stack Mac Address : c414.3c6f.b680
                                               H/W   Current
    Switch#  Role   Mac Address     Priority Version  State
    ----------------------------------------------------------
    *1       Master c414.3c6f.b680     15     1       Ready
     2       Member 64d8.14d8.fe80     1      1       Ready

     

    Router-1#sh standby
    GigabitEthernet0/0 - Group 1 (version 2)
      State is Active
        14 state changes, last state change 02:07:44
      Virtual IP address is 10.10.10.1
      Active virtual MAC address is 0000.0c9f.f001
        Local virtual MAC address is 0000.0c9f.f001 (v2 default)
      Hello time 1 sec, hold time 3 sec
        Next hello sent in 0.176 secs
      Preemption enabled, delay reload 120 secs
      Active router is local
      Standby router is 10.10.10.7, priority 85 (expires in 2.960 sec)
      Priority 120 (configured 120)

     

    Router-2#sh standby
    GigabitEthernet0/0 - Group 1 (version 2)
      State is Standby
        20 state changes, last state change 02:09:00
      Virtual IP address is 10.10.10.1
      Active virtual MAC address is 0000.0c9f.f001
        Local virtual MAC address is 0000.0c9f.f001 (v2 default)
      Hello time 1 sec, hold time 3 sec
        Next hello sent in 0.688 secs
      Preemption enabled, delay reload 120 secs
      Active router is 10.10.10.2, priority 120 (expires in 2.720 sec)
        MAC address is c89c.1dcd.a580
      Standby router is local
      Priority 85 (configured 85)
     

  • Hi,

     

    Depending on which routers you have, the issue might be that the hold time (and also hello) are a bit too agressive - especially for a lab setup. According to Cisco the hold time should not be bellow 4 sec.

     

    Thanks,

     

    Gabriel

  • True, i've misread the output; vlan is the same and also the show standby confirms that the active and standby roles are correctly followed.

    Regarding the timers i am not sure that could be the issue in this case because at least the ping should be working between hardware interface of the routers, right?

    So it could be a temporarily L2 issue. Otherwise it could be a bug too.

    Can you do from router 2 a ping like:

    ping 10.10.10.2 repeat 1000000 and check if there are sporadic successful hits?

  • Hi,

       Unless you hit a bug, timers are not a problem, Cisco may recommend 4 seconds just to be on the safe side; think about, it, you even have ms intervals with HSRP, what would be the use case of it if you should use 4 seconds as dead interval.

      Back to your problem, if you don't have those IP addresses in use by other devices in the network(VIP and real addresses), and i see many state change between the routers, like R2 says is suffered 20 changes, last one being 2 hours ago. It could be because random STP reconvergence in VLAN 10, which could end up in the switch blocking all inbound traffic (including HSRP from routers) for up to 50 seconds (depending on which STP flavour you run, timers used and direct/indirect failure), which ends up in both routers becoming HSRP active, and there you go the problem; easy fix for this enable portfast (trunk if the ports are trunk) on the switch ports towards the routers.

    Regards,

    Cristian.

  • ssg14ssg14 ✭✭ ✭✭

    Hi Christian,

     

    Portfast silenced the issue and working fine at the moment.

    Thanks again for your help.

     

     

    Cheers
    Sam

     

  • Good explaination Cristian,

     

    My little input here:

    Usually, preempt and priority values are not configured on Standby routers as they are not needed there.

    Thanks

     

  • IT really depends on the design, you may need also the standby to preeempt, which could also mean to have a different priority than the default (like if you have tracking on both routers). In this specific example, none of those are used, so yes, if you configure it or not on the standby it doesn't make a difference.

Sign In or Register to comment.