HSRP の Src Mac は Active = VMAC、Standby = Real MAC で Hello する
CML2 上の Cisco IOS で試したところ、HSRP v1 で Hello パケットの交換を行う際、送信元 MAC アドレスは以下になっていました。
| HSRP State |
Src MAC Address |
| Active |
HSRP VMAC を利用する |
| Standby |
Real MAC を利用する |
検証構成
CML2 上に以下の構成を作成して検証を行いました。
CML2 用のトポロジーは下記にアップロードしてあります。
検証環境の MAC アドレス
HSRP を構成している IOSvL2 の MAC アドレス一覧は以下の通りです。
| Interface |
IOSvL2-1 |
IOSvL2-2 |
| GigabitEthernet0/0 |
5254.0014.89fe |
5254.0017.b51e |
| GigabitEthernet0/1 |
5254.0007.df55 |
5254.0006.4a86 |
| GigabitEthernet0/2 |
5254.0017.e149 |
5254.0013.1be9 |
| GigabitEthernet0/3 |
5254.0004.e87a |
5254.0003.f510 |
| Vlan10 |
5254.0014.800a |
5254.0017.800a |
| Vlan10 (HSRP v1) |
0000.0c07.ac0a |
(左と同じ) |
| Vlan20 |
5254.0014.8014 |
5254.0017.8014 |
| Vlan20 (HSRP v1) |
0000.0c07.ac14 |
(左と同じ) |
HSRP の設定
HSRP は以下を設定しました。
IOSvL2-1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | interface Vlan10
ip address 10.0.10.251 255.255.255.0
standby 10 ip 10.0.10.254
standby 10 timers 1 3
standby 10 priority 110
standby 10 preempt
no shutdown
!
interface Vlan20
ip address 10.0.20.251 255.255.255.0
standby 20 ip 10.0.20.254
standby 20 timers 1 3
standby 20 priority 110
standby 20 preempt
!
end
|
IOSvL2-2
1
2
3
4
5
6
7
8
9
10
11
12 | interface Vlan10
ip address 10.0.10.252 255.255.255.0
standby 10 ip 10.0.10.254
standby 10 timers 1 3
no shutdown
!
interface Vlan20
ip address 10.0.20.252 255.255.255.0
standby 20 ip 10.0.20.254
standby 20 timers 1 3
!
end
|
状態確認
HSRP の状態は以下でした。
IOSvL2-1
show standby brief
| IOSvL2-1# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 110 P Active local 10.0.10.252 10.0.10.254
Vl20 20 110 P Active local 10.0.20.252 10.0.20.254
|
show standby
1
2
3
4
5
6
7
8
9
10
11
12
13
14 | IOSvL2-1# show standby Vlan 10
Vlan10 - Group 10
State is Active
2 state changes, last state change 00:03:19
Virtual IP address is 10.0.10.254
Active virtual MAC address is 0000.0c07.ac0a (MAC In Use)
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.624 secs
Preemption enabled
Active router is local
Standby router is 10.0.10.252, priority 100 (expires in 3.120 sec)
Priority 110 (configured 110)
Group name is "hsrp-Vl10-10" (default)
|
show interfaces
1
2
3
4
5
6
7
8
9
10
11
12
13 | IOSvL2-1# show interfaces | include line protocol|Hardware
GigabitEthernet0/0 is up, line protocol is up (connected)
Hardware is iGbE, address is 5254.0014.89fe (bia 5254.0014.89fe)
GigabitEthernet0/1 is up, line protocol is up (connected)
Hardware is iGbE, address is 5254.0007.df55 (bia 5254.0007.df55)
GigabitEthernet0/2 is up, line protocol is up (connected)
Hardware is iGbE, address is 5254.0017.e149 (bia 5254.0017.e149)
GigabitEthernet0/3 is up, line protocol is up (connected)
Hardware is iGbE, address is 5254.0004.e87a (bia 5254.0004.e87a)
Vlan10 is up, line protocol is up
Hardware is Ethernet SVI, address is 5254.0014.800a (bia 5254.0014.800a)
Vlan20 is up, line protocol is up
Hardware is Ethernet SVI, address is 5254.0014.8014 (bia 5254.0014.8014)
|
IOSvL2-2
show standby brief
| IOSvL2-2# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 Standby 10.0.10.251 local 10.0.10.254
Vl20 20 100 Standby 10.0.20.251 local 10.0.20.254
|
show standby
1
2
3
4
5
6
7
8
9
10
11
12
13
14 | IOSvL2-2# show standby Vlan 10
Vlan10 - Group 10
State is Standby
1 state change, last state change 00:03:07
Virtual IP address is 10.0.10.254
Active virtual MAC address is 0000.0c07.ac0a (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.592 secs
Preemption disabled
Active router is 10.0.10.251, priority 110 (expires in 3.232 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl10-10" (default)
|
show interfaces
1
2
3
4
5
6
7
8
9
10
11
12
13 | IOSvL2-2# show interfaces | include line protocol|Hardware
GigabitEthernet0/0 is up, line protocol is up (connected)
Hardware is iGbE, address is 5254.0017.b51e (bia 5254.0017.b51e)
GigabitEthernet0/1 is up, line protocol is up (connected)
Hardware is iGbE, address is 5254.0006.4a86 (bia 5254.0006.4a86)
GigabitEthernet0/2 is up, line protocol is up (connected)
Hardware is iGbE, address is 5254.0013.1be9 (bia 5254.0013.1be9)
GigabitEthernet0/3 is up, line protocol is up (connected)
Hardware is iGbE, address is 5254.0003.f510 (bia 5254.0003.f510)
Vlan10 is up, line protocol is up
Hardware is Ethernet SVI, address is 5254.0017.800a (bia 5254.0017.800a)
Vlan20 is up, line protocol is up
Hardware is Ethernet SVI, address is 5254.0017.8014 (bia 5254.0017.8014)
|
ARP テーブル
端末見立ての IOSv で ARP テーブルを確認すると以下でした。
IOSv-1
| IOSv-1# show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.10.111 - 5254.001f.7774 ARPA GigabitEthernet0/0
Internet 10.0.10.254 14 0000.0c07.ac0a ARPA GigabitEthernet0/0
|
IOSv-2
| IOSv-2# show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.20.222 - 5254.0013.ec8b ARPA GigabitEthernet0/0
Internet 10.0.20.254 39 0000.0c07.ac14 ARPA GigabitEthernet0/0
|
パケットキャプチャ
HSRP Hello パケットをキャプチャしたところ、Src / Dst MAC アドレスは以下になっていました。
|
IOSvL2-1 |
IOSvL2-2 |
| HSRP State |
Active |
Standby |
| Src MAC Address |
0000:0c07:ac0a |
5254:0017:800a |
| Dst MAC Address |
0100:5e00:0002 |
0100:5e00:0002 |
参考に VLAN 10 の MAC アドレスを再掲します。
| Interface |
IOSvL2-1 |
IOSvL2-2 |
| Vlan10 |
5254.0014.800a |
5254.0017.800a |
| Vlan10 (HSRP v1) |
0000.0c07.ac0a |
(左と同じ) |
IOSvL2-1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66 | $ tshark -r hello-hsrp.pcap -V 'ip.src==10.0.10.251'
Frame 1: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Dec 26, 2021 09:31:13.442041000 JST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1640478673.442041000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 62 bytes (496 bits)
Capture Length: 62 bytes (496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:hsrp]
Ethernet II, Src: All-HSRP-routers_0a (00:00:0c:07:ac:0a), Dst: IPv4mcast_02 (01:00:5e:00:00:02)
Destination: IPv4mcast_02 (01:00:5e:00:00:02)
Address: IPv4mcast_02 (01:00:5e:00:00:02)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: All-HSRP-routers_0a (00:00:0c:07:ac:0a)
Address: All-HSRP-routers_0a (00:00:0c:07:ac:0a)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.0.10.251, Dst: 224.0.0.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT)
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 48
Identification: 0x0000 (0)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 1
Protocol: UDP (17)
Header Checksum: 0xc400 [validation disabled]
[Header checksum status: Unverified]
Source Address: 10.0.10.251
Destination Address: 224.0.0.2
User Datagram Protocol, Src Port: 1985, Dst Port: 1985
Source Port: 1985
Destination Port: 1985
Length: 28
Checksum: 0x82fc [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (20 bytes)
Cisco Hot Standby Router Protocol
Version: 0
Op Code: Hello (0)
State: Active (16)
Hellotime: Non-Default (1)
Holdtime: Non-Default (3)
Priority: 110
Group: 10
Reserved: 0
Authentication Data: Default (cisco)
Virtual IP Address: 10.0.10.254
|
IOSvL2-2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66 | $ tshark -r hello-hsrp.pcap -V 'ip.src==10.0.10.252'
Frame 2: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Dec 26, 2021 09:31:14.157333000 JST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1640478674.157333000 seconds
[Time delta from previous captured frame: 0.715292000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.715292000 seconds]
Frame Number: 2
Frame Length: 62 bytes (496 bits)
Capture Length: 62 bytes (496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:hsrp]
Ethernet II, Src: RealtekU_17:80:0a (52:54:00:17:80:0a), Dst: IPv4mcast_02 (01:00:5e:00:00:02)
Destination: IPv4mcast_02 (01:00:5e:00:00:02)
Address: IPv4mcast_02 (01:00:5e:00:00:02)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: RealtekU_17:80:0a (52:54:00:17:80:0a)
Address: RealtekU_17:80:0a (52:54:00:17:80:0a)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.0.10.252, Dst: 224.0.0.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT)
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 48
Identification: 0x0000 (0)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 1
Protocol: UDP (17)
Header Checksum: 0xc3ff [validation disabled]
[Header checksum status: Unverified]
Source Address: 10.0.10.252
Destination Address: 224.0.0.2
User Datagram Protocol, Src Port: 1985, Dst Port: 1985
Source Port: 1985
Destination Port: 1985
Length: 28
Checksum: 0x8b05 [unverified]
[Checksum Status: Unverified]
[Stream index: 1]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (20 bytes)
Cisco Hot Standby Router Protocol
Version: 0
Op Code: Hello (0)
State: Standby (8)
Hellotime: Non-Default (1)
Holdtime: Non-Default (3)
Priority: 100
Group: 10
Reserved: 0
Authentication Data: Default (cisco)
Virtual IP Address: 10.0.10.254
|