When you run the Hot Standby Router Protocol (HSRP) between two routers connected via a LAN switch, you may observe instability in HSRP. This often happens during a network disruption or an active router transition, such as an HSRP router with a higher priority and preempt configured being added to the LAN. This document explains why this instability occurs and how you can avoid it.
There are no specific requirements for this document.
This document is not restricted to specific software and hardware versions.
For more information on document conventions, refer to Cisco Technical Tips Conventions.
In this section, you are presented with the information to configure the features described in this document.
This document uses the network setup shown in the diagram below.
This document uses these configurations:
interface FastEthernet1/0 ip address 10.144.220.3 255.255.252.0 standby priority 120 standby preempt standby ip 10.144.220.1
interface FastEthernet3/0 ip address 10.144.220.2 255.255.252.0 standby priority 110 standby preempt standby ip 10.144.220.1
There is currently no verification procedure available for this configuration.
This section provides information you can use to troubleshoot your configuration.
Note: Before you use debug commands, refer to Important Information on Debug Commands.
In the above diagram, when Router A is added to the network, you can observe the Router B HSRP state flapping from Active to Standby. Running debug standby on Router B yields the following output:
RouterB# debug standby *Mar 1 02:55:56: SB0:FastEthernet3/0 Hello out 10.144.220.2 Active pri 110 hel 3 hol 10 ip 10.144.220.1 *Mar 1 02:56:08: SB0:FastEthernet3/0 Hello in 10.144.220.3 Active pri 120 hel 3 hol 10 ip 10.144.220.1 *Mar 1 02:56:08: SB0: FastEthernet3/0 state Active -> Speak *Mar 1 02:56:08: SB0:FastEthernet3/0 Resign out 10.144.220.2 Speak pri 110 hel 3 hol 10 ip 10.144.220.1 *Mar 1 02:56:08: SB0:FastEthernet3/0 Hello out 10.144.220.2 Speak pri 110 hel 3 hol 10 ip 10.144.220.1 *Mar 1 02:56:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3/0, changed state to down *Mar 1 02:56:11: SB0: FastEthernet3/0 state Speak -> Init *Mar 1 02:56:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3/0, changed state to up *Mar 1 02:56:13: SB0: FastEthernet3/0 state Init -> Listen *Mar 1 02:56:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3/0, changed state to down *Mar 1 02:56:14: SB0: FastEthernet3/0 state Listen -> Init *Mar 1 02:56:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3/0, changed state to up *Mar 1 02:56:20: SB0: FastEthernet3/0 state Init -> Listen *Mar 1 02:56:30: SB0: FastEthernet3/0 state Listen -> Speak *Mar 1 02:56:40: SB0: FastEthernet3/0 state Speak -> Standby *Mar 1 02:56:41: SB0: FastEthernet3/0 state Standby -> Active *Mar 1 02:56:41: SB: FastEthernet3/0 Adding 0000.0c07.ac00 to address filter *Mar 1 02:56:41: SB0:FastEthernet3/0 Hello out 10.144.220.2 Active pri 110 hel 3 hol 10 ip 10.144.220.1 *Mar 1 02:56:44: SB0:FastEthernet3/0 Hello in 10.144.220.3 Active pri 120 hel 3 hol 10 ip 10.144.220.1 *Mar 1 02:56:44: SB0: FastEthernet3/0 state Active -> Speak
From the output above, it is clear that the HSRP state of Router B is continuously changing from Active to Speaking to Standby to Active, and so on.
The HSRP process uses multicast address 188.8.131.52 to communicate hello packets with the other HSRP routers. If connectivity is lost, or an HSRP router with higher priority is added to a network, the HSRP states can start flapping as shown above. When running HSRP on certain router platforms (see Note below) and a higher priority router is added to the network, the HSRP state of the lower priority router changes from Active to Speaking, and a link-state change occurs. The port of the switch detects this link-state change and a spanning tree protocol transition takes place. The port takes approximately 30 seconds to go through the listening, learning, and forwarding stages. This time period exceeds the default timeouts of the HSRP hello processes, so that the lower priority router, after reaching the Standby state, becomes Active because no hello packets were received from the Active router.
Since the routers do not see each other's HSRP hello packets, they both become active. When the switch ports transition to the Learning state it is possible that the switch sees the same virtual MAC address out of two different ports.
Note: Physical link-state changes caused by HSRP state changes occur specifically on the network module-Fast Ethernet (NM-FE) interfaces on Cisco 2600, Cisco 3600 and Cisco 7200 series routers. This behavior no longer occurs in Cisco IOS® Software release 12.1(3) and higher.
Perform one of the following tasks in order to workaround the problem described above.
Configure the switch with the set spantree portfast enable, which allows the switch to bypass the spantree states and go straight into the Forwarding state.
If the router is configured to bridge packets on this interface/port, then this workaround cannot be used, because the immediate forwarding on such a link could make the network prone to a forwarding loop outage.
Note: This restriction is also true for switch ports that are connected to other switches or bridges.
Change the HSRP timers so that the spanning tree forward delay (default of 15 seconds) is less than half the HSRP holdtime (default of 10 seconds).
We suggest an HSRP holdtime of 40 seconds.
Note: Increasing the HSRP holdtime makes HSRP slower in detecting that the Active router is down and making the Standby router active.
Ensure that there are no packet storms on the network (IPX is prone to packet storms).
Configure the standby use-bia command, which forces the HSRP active router to use the burned-in address.
This accomplishes two things. Since HSRP no longer needs to change (or add) a unicast MAC address to the MAC address filter list, the Ethernet interface does not get reset. It also keeps the switch from learning the same address on two different ports. Refer to What is the standby use-bia Command and How Does It Work? for more information.
Note: Using the standby use-bia command has the following disadvantages:
When a router becomes Active the virtual IP address is moved to a different MAC address. The newly Active router sends a gratuitous Address Resolution Protocol (ARP) response, but not all host implementations handle the gratuitous ARP correctly.
Proxy ARP breaks when standby use-bia is configured. A standby router can not cover for the lost proxy ARP database of the failed router.
Due to internal limitations, the standby use-bia command is not supported on the Multilayer Switch Feature Card 2 (MSFC2). For more information, refer to the Configuration Guidelines and Restrictions section of Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.