Cisco 数据中心之 HSRP, vPC 以及 vPC Peer-Gateway 介绍

How HSRP Works

Hot Standby Routing Protocol is a well-known feature of Cisco IOS. The goal of HSRP is to provide a resilient default-gateway to hosts on a LAN. This is accomplished by configuring two or more routers to share the same IP address and MAC address. Hosts on the LAN are configured with a single default-gateway (either statically or via DHCP ).

Upon sending its first packet to another subnet, the host ARP s for the MAC address of the default gateway. It receives an ARP reply with the virtual MAC of the HSRP group. The IP packet is encapsulated in an Ethernet frame with a destination MAC address of the default gateway. If the primary router fails, HSRP keepalives are lost, and the standby HSRP router takes over the virtual IP address and MAC address. The host does not need to know that anything has changed.

In the diagram above, the user (10.1.1.100) is configured with a default-gateway of 10.1.1.1. When the user sends its first packet to 10.5.5.5, it ARPs for 10.1.1.1. In my example, Router A is the HSRP primary router, so it sends an ARP reply with the virtual MAC address of 0000.0c07.AC05. The User PC then encapsulates the IP packet

(destination IP=10.5.5.5) in an Ethernet frame with a destination MAC address of 0000.0c07.AC05. Router A accepts the frame and routes the packet.

The above paragraphs tell the story of packets coming from the

HSRP-enabled LAN. But what happens to reply packets coming from

10.5.5.5 to 10.1.1.100? The answer is simple, and intuitive if you follow step-by-step. First, the Server creates an IP packet with a destination of 10.1.1.100. It encapsulates it in an Ethernet frame and forwards it to its default gateway (for this example, let’s say it is Router A). Router A strips the Ethernet framing and determines the next hop is on the local subnet 10.1.1.0/24. It encapsulates the packet in an Ethernet frame with a MAC address of 0021.6a98.1952. The source MAC address is the physical MAC address of Router A

(0024.F71E.3343). Router A does not use the virtual MAC address for packets it routes onto the local subnet.

So What is vPC ?

Now that we’ve covered HSRP, let’s talk about Virtual P ort Channeling ( vPC ). vPC allows two NX-OS devices to share a

port-channel. Attached devices believe that they are connected to a single device via an etherchannel bundle. This is great because it eliminates spanning-tree blocking along parallel paths.

To allow this to work, the paired NX-OS devices use two vpc-specific communication channels. The first is a vpc peer-keepalive

message. This heartbeat lets one switch detect when the other has gone off-line, to prevent traffic from being dropped during a failure. These are lightweight hello packets.

The second communication channel is the vpc peer-link . This is a high-speed connection between the two NX-OS switches that is used to stitch together the two sides of the port-channel. If a frame arrives on switch A, but is destined for a host on switch B, it is forwarded across the peer-link for delivery. All things being equal, it is undesirable to forward frames across a vpc peer-link. It is much better for the frame to be sent to the correct switch in the first place. Of course, there’s no way for the attached device to know which path is more appropriate.