13.6 Notes on using GSRP

<Structure of this section>

(1) About coexistence with other functions

(a) Coexistence with Layer 2 Switch Function

See "Configuration Guide: Coexistence of Vol.1" "22.3 Layer 2 Switch Function and Other Functions".

(b) Coexistence with Layer 2 authentication

[5.2.1 See Coexistence of Layer 2 Authentication with Other Functions.

(c) Coexistence with High Reliability Functions by Redundant Configuration

The following tables show the high-reliability features of redundant configurations that are limited to coexist with GSRP.

Table 13-6 Limited Features of Coexistence with GSRP
Functionality	Restrictions
VRRP	Cannot be used
Uplink Redundancy	Cannot be used

(2) When using the port reset function

When you install a transmitter between a port configured with port resetting on a GSRP switch and a neighboring switch, the neighboring switch might not be able to directly detect a link-down port on the GSRP switch.

When you use port resetting, design the network so that neighboring switches can directly detect link-down ports on GSRP switches.

Also, if the port resetting function is activated while some of the physical ports that belong to the channel group are inactive, the corresponding physical ports become active.

(3) When using the port reset function in a load balancing configuration

When multiple VLAN groups share a physical port and port resetting is configured for that port, communication might be disconnected when the master switch enters the backup state in a VLAN group. This problem occurs because the port link goes down even though the switch is still operating as the master in another VLAN group. If you want to avoid this kind of temporarily disconnected communication, design the network so that multiple VLAN groups do not share a physical port.

The port that temporarily goes down because of port resetting is treated as an active port during the selection of the master and backup switches. This kind of port does not affect the selection of the master and backup switches in the VLAN group that is running in the master state.

(4) About VLAN configuration when using GSRP

When you use GSRP, GSRP controls all VLANs. Therefore, the VLAN ports that do not belong to any VLAN group are blocked. If you want to control only the VLANs that belong to VLAN groups, use the GSRP VLAN group-only control functionality.

(5) About GSRP VLAN group-only control function

When you perform either of the following operations while the GSRP VLAN group-only control functionality is configured, all VLANs temporarily go down. In this case, the VLAN ports are blocked.

Use the gsrp configuration command to specify a GSRP group ID.
Executing the restart gsrp operation command

(6) Direct link failure detection function

If a transmitter that is installed on a direct link between Switches fails, the backup Switch might assume that a failure has occurred on the master Switch even when the master is operating normally. In such cases, the backup Switch might automatically become the master, with the result that two Switches simultaneously act as the master. The same problem might occur when either of two direct links is disconnected. To prevent the problem, before you specify direct-down in the no-neighbor-to-master configuration command, create three or more direct links so that at least two direct links are available to send and receive GSRP Advertise frames. You can create the redundant direct links by using link aggregation or multiple normal ports. The effect is the same.

When Layer 3 redundancy switching requires a VLAN on direct links to continue communication with the upstream network, use link aggregation to assign the redundant direct links.

(7) About building networking when using GSRP

A network using GSRP is basically a loop configuration. To prevent frames from looping, take the following steps when you create a GSRP network:

When you configure Switches as GSRP Switches, disable the ports on the Switches beforehand by specifying shutdown. After configuring the GSRP switches, wait until the state transition of the GSRP switches is complete and then start operation.
Start one of the two Switches that make up a GSRP group, configure the Switch, and make sure that its state changes to the backup state. Next, start the other Switch and configure it.
When the GSRP VLAN group-only control functionality has been configured, the VLANs that do not belong to any VLAN group are up. If you want to place a VLAN in a VLAN group, disable the VLAN beforehand, wait until the status of the VLAN group is determined, and then enable the VLAN. If you want to delete a VLAN from a VLAN group, disable the VLAN beforehand to prevent looping.

(8) About Changing VLAN Configuration During GSRP Use

GSRP uses the number of active ports as a condition for selecting the master and backup switches. The number of active ports refers to the number of ports assigned to the VLANs that belong to a VLAN group. The number of active ports changes when you add a port to a VLAN or change the network configuration. In these cases, the same change is normally applied to both the master and backup switches. However, if the number of active ports for the backup switch temporarily exceeds that of the master switch while the change is applied, the master and backup switches are switched over.

To prevent the switchover, take the following steps when you change the ports assigned to VLANs:

Lock the current master by setting priority level as the highest-priority condition for selecting the master and backup switches (selection-pattern configuration command).You can lock the current master because the GSRP switch with higher priority is the master. Next, change the ports that are to be assigned to the VLANs.
If you need to perform a major change that requires changes to the cabling or a restart of switches, use backup locking to force one GSRP switch into the backup state. Next, make the other GSRP switch the master for all VLAN groups, and then change the ports assigned to the VLANs.

(9) Relaying GSRP Control Frames in GSRP unaware

When all the neighboring switches of a GSRP switch are GSRP-unaware, GSRP control frames are flooded. As a result, the GSRP control frames might be forwarded to locations in the topology that does not require such frames. To prevent the unnecessary forwarding of control frames, also correctly configure GSRP-managed VLANs on GSRP-unaware switches.

(10) Relaying GSRP Flush request Frames

GSRP-aware switches flood GSRP Flush request frames. Because GSRP switches do not flood GSRP Flush request frames, you cannot have GSRP switches forward GSRP Flush request frames in a multi-stage configuration of GSRP groups.

(11) Remote control of the Switch when using GSRP

If you want to use telnet or SNMP to remotely manage the Switches that use GSRP, configure the following:

Ports that are not under GSRP control
Use the GSRP VLAN group-only control functionality to configure the VLAN interfaces of VLANs that do not belong to any VLAN group.

(12) About ports not subject to GSRP control

The ports that are specified as ports not under GSRP control can always be used to send and receive traffic regardless of whether the switch is the master or the backup. Therefore, the IP interface of the VLANs that contain such ports is up. Use caution in a network configuration that expects the IP interface to go down, such as when Layer 3 redundancy switching is used.

(13) Interoperability

GSRP is a special feature deployed only on Switches. GSRP cannot communicate with ESRP (Extreme Standby Router Protocol) employed on LAN switches manufactured by Extreme Networks or VSRP (Virtual Switch Redundant Protocol) employed on LAN switches manufactured by Brocade Communications Systems.

(14) CPU overload

If the CPU is overloaded, the GSRP Advertise frames sent and received by the Switches might be dropped or their processing might be delayed, causing output of timeout messages and state transitions. If CPU overload is frequent, specify a longer sending interval and retention time for GSRP Advertise frames.

(15) About Learning Virtual MAC Addresses

When you use Layer 3 redundancy switching, the MAC address of the default gateway for which GSRP is providing redundancy is a virtual MAC address. Conversely, the source MAC addresses in forwarded IP packets or frames that are voluntarily sent by the Switch are not virtual MAC addresses. Instead, a source MAC address is the MAC address of a switch or a VLAN.

GSRP periodically sends frames for virtual MAC address learning to the devices that use a GSRP switch as the default gateway to allow them to learn the virtual MAC address of the default gateway. Frames for virtual MAC address learning are non-IP unicast frames with virtual MAC addresses as the source MAC addresses.

Design the network so that all the devices receive GSRP control frames when they use a GSRP switch as the default gateway. If GSRP control frames are filtered out by a firewall, the devices will not be able to learn virtual MAC addresses, resulting in flooded GRSP control frames that might affect network operation.