On 12/03/15 11:26, Gert Doering wrote:
Hi,
On Thu, Mar 12, 2015 at 11:18:05AM +0000, Phil Mayers wrote:
The main risk is the g-arp being dropped/missed.
That's why one of the previous posters suggested to move the *HSRP* master
to a different IP in between - that way, packets addressed to the
"old default gateway MAC" (HSRP) will still reach someone, while a new
ARP request for the default gateway IP will return the VRRP MAC...
Good point. I didn't absorb that when scanning the thread.
But it still needs to have the "move HSRP to new IP" and "activate VRRP
with gateway IP" quite close together, with the chance for a few packets
lost in between... so "lab it, announce maintenance, then do".
Definitely.
(Insert rant about HSRP v2 being required for IPv6, and then not actually
being permitted to put IPv4 and IPv6 on the same group, so there is *no*
reason to force IPv4 to HSRP v2 in the end - and that one actually hurts
about as much as "move to VRRP" because the old VMAC disappears...)
Makes me pine: back in the day, things like ESRP were super-useful,
combining layer2 loop prevention with an FHRP and preventing asymmetric
return-path routing.
These days, all the cool kids are doing MLAG and dual-active FHRP, but
it would be nice to see some of the warts in the FHRP protocols removed.
In particular there seem to be some odd interactions/limitations with
the vMAC in a bunch of places :o/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
