Our Cisco Instructor Keith Edwards discusses the concepts of Spanning Tree and FHRP (First Hop Redundancy Protocol) and how they relate to each other. While most courses teach FHRPs and Spanning Tree in separate lessons, Keith discusses the two together in an easy-to-follow video of what you may be missing out on if no one ever made the correlation between the two for you.
I wanted to do a presentation today about when we talk about IT and teach classes like CCNA, one of those little things that I think gets left out it’s a matter of putting a couple of things together and so that’s what I’m going do. I want to put together a conversation about spanning tree and first hop redundancy protocols because in most CCNA type classes they might talk to you about spanning tree and then later they might talk to you about first hop redundancy protocols but I have noticed and some of my fellow instructors have noticed that frequently they would not have put those two things together and it’s pretty important in terms of design and understanding to put these two together so that’s what we’re going so to review. The basics just a little bit in layer two we talked about using a redundancy protocol to avoid loops right because if we had as you see in this switch environment three switches they’re all connected together and what we can have happen in a situation like that is when a broadcast and unknown unicast or a multicast message gets transmitted the switches may send it over and over amongst each other back and forth because these are a send it out all of my ports type of messaging and therefore you might wind up with what’s a loop right. It would go around so much and so much type of traffic could affect it that you might eventually lose the utilization of the equipment as the bandwidth and CPU get overloaded. We don’t want that to happen. We want everybody to continue to have services but we do like redundancy but we don’t like loops so we like something that’s going to automatically fail over but not causal. What loop do we use? We use good old-fashioned spanning-tree and actually there’s lots of spanning trees so you don’t even have to use an old-fashioned one comparatively speaking but the idea is with spanning tree we can have a design that gives us redundancy but it automatically heals so in a normal spanning tree setup. Maybe we have these three switches and you see there’s a couple of routers and some PCs connected to those switches and so what will happen is spanning tree will automatically calculate the root bridge and then it’ll calculate the best path for the other switches to get to the root bridge and then it’ll block redundant paths in order to avoid a loop. The great thing about this is if something happens to my primary path to the root bridge spanning tree we’ll realize it and automatically unblock my backup port. So that’s one of the beautiful parts about spanning tree is it automatically heals. It does its job in terms of giving me redundancy no loops and auto healing so this is a great thing about spanning tree. Now first hop redundancy protocols have a similar job in terms of stopping there from being a failure. So the idea with this is instead of having redundant paths in my layer 2 environment I have redundant paths out of my layer 2 environment so what I have here is two routers either one connect as the default gateway either one can act as the default gateway. Wonderful thing that means that during most of the time in this case switch 1 is talking as its default gateway using this router on the left router A as the active router A is in active mode router B is in standby mode. So this is a wonderful thing all the people in this switched environment or in this layer 2 environment when they want to talk to each other they can talk to each other via layer 2 anytime somebody in this layer 2 environment wants to talk to somebody who was in their layer 2 environment when they try to send something for example to the IP address of somebody who’s in their own subnet while their IP stack recognizes all the addresses within their subnet and then finds out the layer 2 address of that device within its own subnet and when caused a layer 2 conversation with whoever is on the of their subnet. However when you need to talk off of your subnet what are you going do? Well similar the PC or the host will again based on the destination IP address in the IP stack of the host recognize that a destination is off of its subnet. So what it’s going to do is try to have that layer 2 conversation with its default gateway so it’s going to send traffic off of its subnet via the default gateway. Well not the IP address of the default gateway the MAC address of the default gateway. So what he would do is the PC if he realizes he has to send something to his default gateway and he did not know the MAC address of his default gateway he would ARP for it. He would use address resolution protocol to find out the MAC address of his default gateway and then all the things destined for in this particular case you see this server is off of his subnet. He would send everything at layer 2 to the MAC address of his default gateway. Part of the secret sauce of first hop redundancy protocols like VRRP and HSRP is that they establish instead of using the physical MAC of one of the routers they establish a virtual MAC address and then the person who is active assumes that there’s a go MAC address. Okay so now I have that physical MAC address as active whenever the PC wants to send something off of its subnet it sends it to the VMAC or the virtual MAC address of the default gateway. Okay now it is true that each of these devices would have a physical IP address but they would share the virtual IP address of the redundancy group so something we would do in HSRP very typically we would give this device the address of 10.1.1.2 and this device the address of 10.1.1.3 but the virtual IP address for the redundancy group would be 10.1.1.1 one there are some variations with VRRP that we won’t go into but generally speaking this is the concept so what we’ve got going here is that in this case the first router is the active router and the second router is the standby router that means I currently am handling all traffic destined for the VMAC and incidentally also for the default gateway’s IP address so if somebody out here were trying to we’re going to try to ping 10.1.1.1 it would go to here not to here okay so how does this work in terms of recovery contention let’s say for example that everybody’s talking to the default gateway from all of the hosts use the virtual MAC address of the default gateway right so everybody’s talking to that VMAC and then something happens something happens where the primary that was before went offline briefly or lost connectivity briefly and what happened was exactly what’s supposed to happen router B here took control of the VMAC and now he’s processing all the data for the VMAC okay in unmodified HSRP or VRRP even after router A comes back up router B maintains possession as the active and of the VMAC okay in unadulterated HSRP then router b would maintain possession of the VMAC now that’s different for VRRP because VRRP will cause the person who is the active before depending on the settings to take over again with these settings it would cause router a to take over again automatically and I’ll tell you why in a minute. But with HSRP router B would take over when router A goes away and it would just stay the active router processing all track traffic for the VMAC. Okay in this other scenario it’s a little bit more like VRRP. In this scenario we have turned on the command preempt in router A. What this means is we have also changed router a so that his priority is higher than the priority of router B and so we’ve said priority 101 and we’ve set preempt. Now preempt is automatically turned on in VRRP but not HSRP. In VRRP we would have the same scenario we spoke of on the previous slide. If the priority were identical on both devices but if the priority of this device were higher than the priority, the other device VRRP has preempt turned on automatically or by default HSRP does not but if I want router a here to be the active router in the first hop redundancy protocol at all times I have to do the configuration to make sure that’s going to happen. So setting the priority higher and making sure that preempt is turning that turndown would cause router A to always be the active router for the default gateway and the VMAC whenever he’s up and healthy. Okay now we talked about spanning tree and we talked about first hop redundancy protocols. Let’s put it together. So spanning tree when it comes up it will select a root bridge. Now all of the switches in this environment are trying to figure out the optimal path to the root bridge and the redundant paths will be blocked. So in this very simple scenario switch 2 has been elected as the root bridge. Now you can change this from using kind of a willy-nilly everybody’s created equal except MAC addresses and the MAC address being used as the tiebreaker you can influence spanning tree to decide who is the root bridge. But let’s just say in this case that we have the election has caused switch 2 to be the root bridge switch 1 having a connection directly to switch 2 would say that’s my best path to switch 2 and make that his designated port and switch 2 would refer to the port going to him as a root port same for switch 3 his best path is directly to switch 2 and so this redundant path in order to stop spanning tree loops would spanning tree would block this port and so normal traffic would not be sent out of that port again it’s beautiful because there is no single point of failure right in that particular case just in terms of everybody just getting to switch 2. I have redundant paths to switch 2 and it automatically heals. If this path should go down then this path will Auto spanning tree will automatically open this up and traffic from switch 1 could go through switch 3 to switch 2 so it ensures kind of continuity of services in the event of a failure and it is an automatic recovery mechanism. Now let’s put this together with the first top redundancy protocol. So in this case I have the router on the left as the active router and the router on the right as the standby router. But as it happens in this election, the spanning tree protocol has made switch 3 the root bridge. Now let’s put this together. Anybody who wants to go off of this subnet has to go through the router on the left but in this case spanning tree would send all traffic from switch one through switch 3. Why? Because this is the root bridge and spanning tree calculated the best path to the root bridge not to the HSRP active. So instead of having traffic go directly to switch 2 that’s blocked as is the path to switch 4 so what we’d wind up with is sub-optimal pathing to get to the default gateway. Traffic from switch 1 would go through switch 3 and then switch 2 get to the MAC address of the default gateway which is living here on the router on the left so I’d rather have the switch that’s connected to the active FHRP router. I would rather have that be the route. So in this case if switch 2 is the route and the router on the left is the active router, my spanning tree calculation caused switch 1 to have a direct path to switch 2 and switch 3 has a direct path to switch 2. Switch 4 had no direct path and anytime to switch 2 so he would inevitably have to go either through switch 3 or switch 1 and we just drew it going through switch 3. But his most optimal path is going to go through and adjacent switch before he gets the switch 2 so in this case the traffic leaving PC one to go to the default gateway has a much more optimal path and it can go from switch 2 directly to the default gateway. Now we have a much better path to get to the default gateway. But what about if I have an FHRP changeover? What if the router on the right becomes active and the router on the left becomes standby? Now switch 2 is still the route so switch one’s traffic would not be able to go as direct all of a sudden we’d have another sub optimal path. The traffic from switch one would have to go through switch 2 to get to switch 3 which is connected to the active router. What we can do is optimize this by optimizing both spanning tree and the first hop redundancy protocol so that the root bridge is the one that’s connected to the router that is going to be the FHRP active most of the time. How do we do that? We turn on preemption in the router that we want to be active and we give it a higher priority than the standby. That way any time that router is alive, it will be the default gateway. So that is optimization. That means that for the majority of the time this will be the spanning tree root so the layer two environment would have used pathing automatically that optimizes its path to switch 2 and switch 2 is connected directly to the FHRP active most of the time in the event that the standby router takes over once in a while because of a problem with the active right with the router on the left. Let’s say the router on the right takes over then yes there would be optimal pathing temporarily as traffic goes from switch 2 to switch 3 to get to that default gateway but that would self heal as soon as the router on the left comes back up again. It will take over the active role and our optimal layer 2 pathing will be optimized once more automatically. Ok so setting these two things to work together is what this little presentation is about. So setting your first hop redundancy protocol in conjunction with your spanning tree optimizing both of them is what’s going to give you the best pathing in your layer 2 network in order to get out of your layer 2 network to your default gateway.