Chat with us, powered by LiveChat

Be careful when you use STP and HSRP together!

In the networks, we don’t have only single protocol. There are always many protocols and their interaction/synchronization is important. Otherwise, blackholes, routing or switching loops can occur or at least suboptimal routing/forwarding can be a problem.

 

I explain this topic in Self Paced CCIE Enterprise Training in great detail.

 

In the networks, all protocols interact with each other. Whenever you add, replace or change the protocol, as a network designer you should consider the overall impact. Throughout the book many interactions will be shown and the best practices will be shown to find an optimal design.

First interaction is between layer 2 protocols and the gateway protocols. Spanning tree and the HSRP interaction is explained in the below example.

One important factor to take into account when tuning HRSP is its preemptive behavior.

Preemption causes the primary HSRP peer to re-assume the primary role when it comes back online after a failure or maintenance event.

Preemption is the desired behavior because the STP/RSTP root should be the same device as the HSRP primary for a given subnet or VLAN. If HSRP and STP/RSTP are not synchronized, the interconnection between the distribution switches can become a transit link, and traffic takes a multi- hop L2 path to its default gateway.

 

page38image16507632

In the topology above, Spanning Tree root, First Hop Redundancy (HSRP, VRRP) functionality is on the same device. If there is a network services devices such as Firewall, active firewall context should be also

on the same device.

Imagine, left distribution switch (STP Root, FHRP Active) device fails in the above topology. Right distribution device become STP root and the FHRP active.

When the failed left distribution device comes back, since by default STP is preemptive, left distribution device become STP root again.

But if HSRP is used in the above topology as First Hop Redundancy Protocol, since HSRP preemption is not enabled by default, right distribution device stays as HSRP active. By the way, preemption, by default is enabled with VRRP!

 

When the Spanning tree root and the HSRP active functionality is on the different devices for the same Vlan, traffic has to pass through the Inter distribution link. Which mean, when the access switches send the packet, networktraffic goes through first, left distribution switch and then right distribution switch on the above topology, because the right distribution switch is the default gateway.

 

HSRP preemption needs to be aware of switch boot time and connectivity to the rest of the network. It is possible for HSRP neighbor relationships to form and preemption to occur before the primary switch has L3 connectivity to the core. If this happens, traffic can be dropped until full connectivity is established.

 

The recommended best practice is to measure the system boot time, and set the HSRP preempt delay statement to a greater than this value.

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by WishList Member - Membership Software