|
|
This chapter describes how to configure redundancy on the Catalyst 6000 family Multilayer Switch Feature Card (MSFC) using the Hot Standby Routing Protocol (HSRP).
This chapter contains these sections:
To configure Layer 3 redundancy, you must have at least one of the following configurations:
These sections provide an overview of MSFC redundancy:
In a single Catalyst 6000 family chassis, you can have redundant supervisor engines, each with an MSFC. You can configure HSRP on the MSFCs to provide automatic routing backup for your network. HSRP is compatible with IPX and AppleTalk. If one MSFC fails, HSRP allows one MSFC (router) to assume the function automatically of the other. Combined with the high availability feature of supervisor engine software release 5.4(1), this configuration provides an added level of redundancy for your network.
You must configure both MSFCs identically. Table 3-1 summarizes the identical requirements and the exceptions for Layer 3 redundancy for a single switch chassis.
| Identical Requirements--- Global and Interface Levels | |
| Exceptions---Interface Level |
|
| Exceptions---Global Level |
|
In a redundant supervisor engine and dual MSFC configuration, one supervisor engine is fully operational (active) and the other supervisor engine is in standby mode; however, both MSFCs are operational (in terms of programming the Layer 3 cache in the PFC on the active supervisor engine) and act as independent routers. Only the PFC on the active supervisor engine switches the packets using Multilayer Switching (MLS).
Both MSFCs are operational from a routing protocol peering perspective. For example, if you have two MSFCs in a single Catalyst 6000 family switch chassis, each configured with interface VLAN 10 and VLAN 21, the MSFCs are peered to each other over these VLANs. Combined with a dual chassis and dual MSFC design for the same VLANs, each MSFC has 6 peers: its peer in the same chassis as well as the two MSFCs in the second chassis (3 in VLAN 10 and 3 in VLAN 21). See Figure 3-1.
Although the MSFCs (from a peering perspective) act as independent routers, the two MSFCs in the chassis operate at the same time, have the same interfaces, and run the same routing protocols.
If you combine the high availability feature on the supervisor engines with HSRP on the MSFCs, you have the following Layer 2 and Layer 3 redundancy mechanisms:
The Layer 3 entries programmed by the failed MSFC on the active supervisor engine are used until they are gracefully aged out and replaced by the Layer 3 entries populated by the newly active MSFC. This graceful aging occurs over a four-minute period, and allows the newly active MSFC to repopulate the MLS entries using its XTAG value, while concurrently hardware-switching flows yet to be aged. In addition, this process prevents a newly active MSFC from being overwhelmed with initial flow traffic.
For same-chassis Layer 3 redundancy to function as expected, the configuration on each MSFC must be the same (see Table 3-1).
If you use IOS ACLs on the MSFC, you must configure the ACLs on both MSFCs identically, globally and at the interface level. Only the designated MSFC (the MSFC to come online first, or the MSFC that has been online the longest) programs the ACL ASIC. The active supervisor engine's PFC multilayer switches packets after consulting with its ACL ASIC to determine whether a packet is forwarded or not, depending on the IOS ACL configured. If a designated MSFC fails, the new designated MSFC must reprogram the ACL ASIC for static ACLs. For consistent results, both MSFCs must have identical static ACL configurations.
Figure 3-2 shows a typical access and distribution layer building block with multiple VLANs in an access layer switch. Because there is no Layer 2 loop, HSRP is used for convergence and load sharing. Switches S1 and S2 have a supervisor engine with an MSFC in slot 1 (Sup1/MSFC-1) and in slot 2 (Sup2/MSFC-2). Sup1 is active and Sup2 is in standby mode in both switches. High availability is enabled on the supervisor engines. The supervisor engines automatically perform image and configuration synchronization; you must manually synchronize the images and configurations on the MSFCs.
In Figure 3-2, you should configure redundancy and load sharing as follows:
Load sharing is achieved by having the even-numbered VLANs routed by Switch S1 and the odd-numbered VLANs by Switch S2. In a complete switch failure, the remaining switch would service both even and odd VLANs.
You can achieve further load sharing by using MSFC-2 in Switch S1 as the primary HSRP router for VLAN 12 and MSFC-2 as the primary HSRP router in Switch S2 for VLAN 23 (see Figure 3-3).
Only the active HSRP router for a VLAN will respond with the HSRP MAC address for ARP requests to the HSRP IP address. The active HSRP router will in turn ARP for the end stations' MAC address and populate its ARP cache. By using both MSFCs in a single chassis to share HSRP duties for even VLANs, you can share the control plane ARP traffic. In an MSFC failure, only the ARP entries on the affected VLAN would need to be relearned.
The tradeoff for this level of redundancy and load sharing is the added complexity of keeping track of the even and odd VLANs on the MSFCs within a Catalyst 6000 family switch chassis.
MLS entries are created for packets arriving at the HSRP MAC addresses as well as those arriving with the router's real MAC addresses. HSRP is used for unicast traffic first hop redundancy; for traffic received via another router attached to VLAN 10, for example, the actual MAC address of Sup1/MSFC-1 is used.
The five examples in this section describe possible failure scenarios within a single chassis with dual supervisor engines and dual MSFCs (see Figure 3-4) when you enable high availability. The designated MSFC refers to the MSFC that is used to program the ACL ASIC for static ACLs.
This sequence occurs when the designated MSFC-1 fails:
1. MLS entries for MSFC-1 gracefully age out of the Sup1 Layer-3 cache, while MSFC-2 takes temporary ownership of these MLS entries using its XTAG value.
2. MLS entries for MSFC-2 are not affected.
3. MSFC-2 removes all dynamic and reflexive ACLs programmed in hardware by MSFC-1.
4. MSFC-2 reprograms the static ACLs in the Sup1 ACL ASIC because it is now the designated MSFC.
This sequence occurs when the nondesignated MSFC-2 fails:
1. MLS entries for MSFC-2 gracefully age out of the Sup1 Layer 3 cache, while MSFC-1 takes temporary ownership of these MLS entries using its XTAG value.
2. MLS entries from MSFC-1 are not affected.
3. MSFC-1 removes all dynamic and reflexive ACLs programmed in hardware by MSFC-2.
4. MSFC-1 remains the designated MSFC.
This sequence occurs when the active supervisor engine (Sup1) fails:
1. Because the Layer 3 state is maintained, MLS entries of MSFC-1 gracefully age out of the Sup2 Layer 3 cache while MSFC-2 takes temporary ownership of these MLS entries using its XTAG value.
2. The standby supervisor engine maintains the Layer 2 state so there is no Layer 2 convergence time.
3. MSFC-2 removes all dynamic and reflexive ACLs programmed in hardware by MSFC-1.
4. MSFC-2 reprograms the static ACLs in the Sup2 ACL ASIC. MSFC-2 is now the designated MSFC.
This sequence occurs when the standby supervisor engine (Sup2) fails:
1. MLS entries for MSFC-2 gracefully age out of the Sup1 Layer 3 cache while MSFC-1 takes temporary ownership of these MLS entries using its XTAG value.
2. MLS entries from MSFC-1 are not affected.
3. MSFC-1 removes all dynamic and reflexive ACLs programmed in hardware by MSFC-2. MSFC-1 remains the designated MSFC.
This sequence occurs when the previously failed supervisor engine (Sup2) comes online:
1. Sup1 continues to be the active supervisor engine.
2. Sup2 synchronizes its image and configuration with Sup1 (unless high availability versioning is enabled).
3. MSFC-2 (on Sup2) comes up. If the HSRP preempt for VLAN 21 is configured, then MSFC-2 will become HSRP active. The MLS entries for MSFC-1 will be purged and then relearned via MSFC-2.
4. MSFC-1 remains the designated MSFC for static ACLs.
You can configure one or more HSRP groups on MSFC VLAN interfaces to provide automatic routing backup for your network. Each VLAN interface in an HSRP group shares a virtual IP address and MAC address. You can configure end stations and other devices to use the HSRP address as the default gateway so that if one router interface fails, service is not interrupted to those devices.
The interface with the highest HSRP priority is the active interface for that HSRP group.
To configure HSRP on an MSFC VLAN interface, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Step 1 Enable HSRP and specify the HSRP IP address. If you do not specify a group-number, group 0 is used.1 | Router(config-if)# standby [group-number] ip [ip-address] |
Step 2 Specify the priority for the HSRP interface. Increase the priority of at least one interface in the HSRP group (the default is 100). The interface with the highest priority becomes active for that HSRP group. | Router(config-if)# standby [group-number] priority priority |
Step 3 Configure the interface to preempt the current active HSRP interface and become active if the interface priority is higher than the priority of the current active interface. | Router(config-if)# standby [group-number] preempt [delay delay] |
Step 4 (Optional) Set the HSRP hello timer and holdtime timer for the interface. The default values are 3 (hello) and 10 (holdtime). All interfaces in the HSRP group should use the same timer values. | Router(config-if)# standby [group-number] timers hellotime holdtime |
Step 5 (Optional) Specify a clear-text HSRP authentication string for the interface. All interfaces in the HSRP group should use the same authentication string. | Router(config-if)# standby [group-number] authentication string |
| 1To assist in troubleshooting, configure the group number to match the VLAN number. |
This example shows how to configure an interface as part of HSRP group 100:
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface vlan100 Router(config-if)# standby 100 ip 172.20.100.10 Router(config-if)# standby 100 priority 110 Router(config-if)# standby 100 preempt Router(config-if)# standby 100 timers 5 15 Router(config-if)# standby 100 authentication Secret Router(config-if)# ^Z Router#
This section describes three configuration options for achieving redundancy:
Router# show fm featuresDesignated MSFC: 1 Non-designated MSFC:2
Redundancy Status: designated
In the example in Figure 3-5, the high availability feature cannot be configured on the supervisor engines, but HSRP can be configured on the MSFCs.
This example shows how to configure HSRP on the MSFC in switch S1:
Console> (enable) switch console 15 Trying Router-15... Connected to Router-15. Type ^C^C^C to switch back... Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface vlan10 Router(config-if)# standby 10 ip 172.20.100.10 Router(config-if)# standby 10 priority 110 Router(config-if)# standby 10 preempt Router(config-if)# standby 10 timers 5 15 Router(config-if)# standby 10 authentication Secret Router(config-if)# interface vlan21 Router(config-if)# standby 21 ip 192.20.100.21 Router(config-if)# standby 21 priority 109 Router(config-if)# standby 21 preempt Router(config-if)# standby 21 timers 5 15 Router(config-if)# standby 21 authentication Secret Router(config-if)# ^Z Router# ^C^C^C
This example shows how to configure HSRP on the MSFC in switch S2:
Console> (enable) switch console 15 Trying Router-15... Connected to Router-15. Type ^C^C^C to switch back... Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface vlan10 Router(config-if)# standby 10 ip 172.20.100.10 Router(config-if)# standby 10 priority 109 Router(config-if)# standby 10 preempt Router(config-if)# standby 10 timers 5 15 Router(config-if)# standby 10 authentication Secret Router(config-if)# interface vlan21 Router(config-if)# standby 21 ip 192.20.100.21 Router(config-if)# standby 21 priority 110 Router(config-if)# standby 21 preempt Router(config-if)# standby 21 timers 5 15 Router(config-if)# standby 21 authentication Secret Router(config-if)# ^Z Router# ^C^C^C
In the example in Figure 3-6, the high availability feature is configured on the supervisor engines, and HSRP is configured on the MSFCs.
This example shows how to configure HSRP on the MSFC in Switch S1:
Console> (enable) switch console 15 Trying Router-15... Connected to Router-15. Type ^C^C^C to switch back... Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface vlan10 Router(config-if)# standby 10 ip 172.20.100.10 Router(config-if)# standby 10 priority 110 Router(config-if)# standby 10 preempt Router(config-if)# standby 10 timers 5 15 Router(config-if)# standby 10 authentication Secret Router(config-if)# interface vlan21 Router(config-if)# standby 21 ip 192.20.100.21 Router(config-if)# standby 21 priority 109 Router(config-if)# standby 21 preempt Router(config-if)# standby 21 timers 5 15 Router(config-if)# standby 21 authentication Secret Router(config-if)# ^Z Router# ^C^C^C Console> (enable) switch console 16 Trying Router-16... Connected to Router-16. Type ^C^C^C to switch back... Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface vlan10 Router(config-if)# standby 10 ip 172.20.100.10 Router(config-if)# standby 10 priority 109 Router(config-if)# standby 10 preempt Router(config-if)# standby 10 timers 5 15 Router(config-if)# standby 10 authentication Secret Router(config-if)# interface vlan21 Router(config-if)# standby 21 ip 172.20.100.21 Router(config-if)# standby 21 priority 110 Router(config-if)# standby 21 preempt Router(config-if)# standby 21 timers 5 15 Router(config-if)# standby 21 authentication Secret Router(config-if)# ^Z Router# ^C^C^C
Figure 3-7 shows two Catalyst 6000 family switches (S1 and S2), each with a supervisor engine and MSFC in slot 1 (Sup1/MSFC1) and slot 2 (Sup2/MSFC2). Because there is no Layer-2 loop, HSRP is used for convergence and load sharing. In both switches, Sup1 is active, and Sup2 is in standby.
This example shows how to configure HSRP on the MSFC in Switch S1:
Console> (enable) switch console 15 Trying Router-15... Connected to Router-15. Type ^C^C^C to switch back... Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface vlan10 Router(config-if)# standby 10 ip 172.20.100.10 Router(config-if)# standby 10 priority 110 Router(config-if)# standby 10 preempt Router(config-if)# standby 10 timers 5 15 Router(config-if)# standby 10 authentication Secret Router(config-if)# interface vlan21 Router(config-if)# standby 21 ip 172.20.100.21 Router(config-if)# standby 21 priority 108 Router(config-if)# standby 21 preempt Router(config-if)# standby 21 timers 5 15 Router(config-if)# standby 21 authentication Secret Router(config-if)# ^Z Router# ^C^C^C Console> (enable) switch console 16 Trying Router-16... Connected to Router-16. Type ^C^C^C to switch back... Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface vlan10 Router(config-if)# standby 10 ip 172.20.100.10 Router(config-if)# standby 10 priority 109 Router(config-if)# standby 10 preempt Router(config-if)# standby 10 timers 5 15 Router(config-if)# standby 10 authentication Secret Router(config-if)# interface vlan21 Router(config-if)# standby 21 ip 172.20.100.21 Router(config-if)# standby 21 priority 107 Router(config-if)# standby 21 preempt Router(config-if)# standby 21 timers 5 15 Router(config-if)# standby 21 authentication Secret Router(config-if)# ^Z Router# ^C^C^C
This example shows how to configure HSRP on the MSFC in Switch S2:
Console> (enable) switch console 15 Trying Router-15... Connected to Router-15. Type ^C^C^C to switch back... Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface vlan10 Router(config-if)# standby 10 ip 172.20.100.10 Router(config-if)# standby 10 priority 108 Router(config-if)# standby 10 preempt Router(config-if)# standby 10 timers 5 15 Router(config-if)# standby 10 authentication Secret Router(config-if)# interface vlan21 Router(config-if)# standby 21 ip 172.20.100.21 Router(config-if)# standby 21 priority 110 Router(config-if)# standby 21 preempt Router(config-if)# standby 21 timers 5 15 Router(config-if)# standby 21 authentication Secret Router(config-if)# ^Z Router# ^C^C^C Console> (enable) switch console 16 Trying Router-16... Connected to Router-16. Type ^C^C^C to switch back... Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface vlan10 Router(config-if)# standby 10 ip 172.20.100.10 Router(config-if)# standby 10 priority 107 Router(config-if)# standby 10 preempt Router(config-if)# standby 10 timers 5 15 Router(config-if)# standby 10 authentication Secret Router(config-if)# interface vlan21 Router(config-if)# standby 21 ip 172.20.100.21 Router(config-if)# standby 21 priority 109 Router(config-if)# standby 21 preempt Router(config-if)# standby 21 timers 5 15 Router(config-if)# standby 21 authentication Secret Router(config-if)# ^Z Router# ^C^C^C
Posted: Tue May 23 09:28:09 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.