High-availability Seamless Redundancy

High-availability Seamless Redundancy

High-availability Seamless Redundancy (HSR) is defined in International Standard IEC 62439-3-2016 clause 5. HSR is similar to Parallel Redundancy Protocol (PRP) but is designed to work in a ring topology. Instead of two parallel independent networks of any topology (LAN-A and LAN-B), HSR defines a ring with traffic in opposite directions. Port-A sends traffic counter clockwise in the ring, and Port-B sends traffic clockwise in the ring.

The HSR packet format is also different from PRP. To allow the switch to determine and discard duplicate packets, additional protocol specific information is sent with the data frame. For PRP, this is sent as part of a trailer called the redundancy control trailer (RCT), whereas for HSR this is sent as part of the header called the HSR header. Both the RCT and HSR header contain a sequence number, which is the primary data used to determine if the received frame is the first instance or a duplicate instance.


Note

HSR is supported on certain SKUs of the Cisco Catalyst IE9300 Rugged Series Switches (see the Guidelines and Limitations section in this guide for supported SKUs). The term switch in this document refers to a Cisco Catalyst IE9300 Rugged Series Switch unless otherwise noted.

In this release, the switch supports only HSR-singly attached node (SAN) and only one HSR instance. In addition, you can create only one HSR or one PRP instance. If you have created a PRP instance, no HSR instance can be created.

The non-switching nodes with two interfaces attached to the HSR ring are referred to as Doubly Attached Nodes implementing HSR (DANHs). Similar to PRP, Singly Attached Nodes (SANs) are attached to the HSR ring through a device called a RedBox (Redundancy Box). The RedBox acts as a DANH for all traffic for which it is the source or the destination. The switch implements RedBox functionality using Gigabit Ethernet port connections to the HSR ring.

The following figure shows an example of an HSR ring as described in IEC 62439-3. In this example, the RedBox is an Cisco Catalyst IE9300 Rugged Series Switch.

Figure 1. Example of HSR Ring Carrying Unicast Traffic


Devices that do not support HSR out of the box (for example, laptops and printers) cannot be attached to the HSR ring directly because all HSR capable devices must be able to process the HSR header on packets received from the ring and add the HSR header to all packets sent into the ring. These nodes are attached to the HSR ring through a RedBox. As shown in the figure above, the RedBox has two ports on the DANH side. Non-HSR SAN devices are attached to the upstream switch ports. The RedBox generates the supervision frames on behalf of these devices so that they are seen as DANH devices on the ring. Because the RedBox emulates these as DANH, they are called Virtual Doubly Attached Nodes (VDAN).

Loop Avoidance

Each node in the HSR ring forwards frames received from one port to the other port of the HSR pair. To avoid loops and use network bandwidth effectively, the RedBox does not transmit frames that are already transmitted in same direction. When a node injects a packet into the ring, the packet is handled as follows to avoid loops:

  • Unicast packet with destination inside the ring: When the unicast packet reaches the destination node, the packet is consumed by the respective node and is not forwarded.

  • Unicast packet with destination not inside the ring: Because this packet does not have a destination node in the ring, it is forwarded by every node in the ring until it reaches the originating node. Because every node has a record of the packet it sent, along with the direction in which it was sent, the originating node detects that packet has completed the loop and drops the packet.

  • Multicast packet: A multicast packet is forwarded by each node because there can be more than one consumer of this packet. For this reason a multicast packet always reaches the originating node. However, every node will check whether it has already forwarded the received packet through its outgoing interface. Once the packet reaches the originating node, the originating node determines that it already forwarded this packet and drops the packet instead of forwarding it again.

HSR RedBox Modes of Operation

The most basic mode of operation is HSR-SAN mode (single RedBox mode). In this mode, the RedBox is used to connect SAN devices to the HSR ring. The Redbox’s responsibility in this mode is to represent SAN devices as VDANs on the ring.


Note

In this release, the switch supports HSR-SAN mode only.

HSR SAN Mode

In HSR-SAN mode, the RedBox inserts the HSR tag on behalf of the host and forwards the ring traffic, except for frames sent by the node itself, duplicate frames, and frames for which the node is the unique destination. In this mode, packets are handled as follows:

  • A source DANH sends a frame passed from its upper layers (C frame), prefixes it with an HSR tag to identify frame duplicates, and sends the frame over each port (A frame and B frame).

  • A destination DANH receives two identical frames from each port within a certain interval. The destination DANH removes the HSR tag of the first frame before passing it to its upper layers and discards any duplicate.

  • Each node in the HSR ring forwards frames received from one port to the other port of the HSR pair. A node will not forward frames received on one port to the other under the following conditions:

    • The received frame returns to the originating node in the ring.

    • The frame is a unicast frame with a destination MAC address of a node upstream of the receiving node.

    • The node had already sent the same frame in the same direction. This rule prevents a frame from spinning in the ring in an infinite loop.

CDP and LLDP for HSR

HSR supports the Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP). CDP and LLDP are Layer 2 neighbor discovery protocols. Both CDP and LLDP can provide information about nodes directly connected to the device. They also provide additional information such as the local and remote interface and device names.

When CDP or LLDP is enabled, you can use the CDP or LLDP information to find the adjacent nodes on an HSR ring and their status. You can then use the neighbor information from each node to determine the complete HSR network topology and debug and locate ring faults.

CDP and LLDP are configured on physical interfaces only.

For more information, see Configuring an HSR Ring and Verifying Configuration.

Guidelines and Limitations

  • HSR-SAN is supported only on the following Cisco Catalyst IE9300 Rugged Series Switches:

    • IE-9320-26S2C-E and IE-9320-26S2C-A

    • IE-9320-22S2C4X-E and IE-9320-22S2C4X-A

  • HSR-SAN (Single RedBox mode) is the only HSR mode supported in this release.

  • HSR is supported only in a standalone deployment; there is no support for HSR for stacked switches.

  • Only one HSR instance is supported. Note that the switch supports only one HSR or one PRP instance, so if a PRP instance has been created, no HSR instance can be created.

  • HSR ring 1 can only be configured as a pair of ports: Gi1/0/21 and Gi1/0/22 or Gi1/0/23 and Gi1/0/24. Using these port pairs, you can configure 1 HSR ring.

  • The HSR feature requires the Network Essentials license.

  • The HSR feature is not enabled by default and you must explicitly configure the HSR rings.

  • HSR is disabled automatically if the required firmware image is not available on the system.

  • Once a port is part of a ring, the media-type, speed, and duplex settings of the port cannot be changed. We recommend that you apply those settings before configuring ring membership.

  • If mode of HSR interfaces is changed from access to trunk mode or vice-versa after configuring the ring,we recommended that you flap the HSR ring.

  • The recommended maximum number of nodes in the node table is 512. Nodes are all the DANH and VDAN devices that can be connected to the ring at same time. This number is not an absolute limit, but higher numbers of entries may increase the number of duplicate packets received by the end devices.

  • The maximum number of nodes in the HSR ring is 50.

  • HSR ring ports can only be configured in L2 mode.

  • HSR is supported on following port types:

    • 100 mbps, Full Duplex. Half duplex is not supported.

    • 1000 mbps, Full Duplex. Half duplex is not supported.

    • HSR is not supported on the uplink ports.

  • Both ports of one ring must be of same speed and type (that is, both can be SFPs or both can be copper)

  • The following protocols and features are mutually exclusive with HSR on the same port:

    • PRP

    • EtherChannels

    • Link Aggregation Control Protocol (LACP)

    • Port Aggregation Protocol (PAgP)

    • Resilient Ethernet Protocol (REP)

  • MACsec, HSR, and PRP are not allowed together.

  • PTP over HSR is not supported.

  • HSR supports an MTU size of up to 1998 bytes of Ethernet payload.

  • STP is not supported on the HSR ring. By default, all modes of Spanning Tree Protocol (STP) will be disabled on the ring ports.

  • Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) are not supported on HSR. That is, SPAN and RSPAN should not be used to monitor the traffic on an HSR ring. In addition, traffic that has been monitored using RSPAN should not be transferred over an HSR ring.

  • It is important for all interfaces in an HSR ring to have the same speed and duplex settings. It is recommended to apply those settings before configuring ring membership.

  • Once a port is part of ring, the port cannot be shut down.

    For example, if Gi1/0/23 and Gi1/0/24 are part of an HSR ring and you try to shut down Gi1/0/23 or Gi1/0/24, the operation will not be permitted: 

    Switch(config)# interface range gi1/0/23-24
Switch(config-if-range)#shutdown
 %Interface GigabitEthernet1/0/23 is configured in a HSR ring shutdown not permitted!
Switch(config-if-range)#

    You can perform a shutdown of the HSR ring. For example:

    Switch# conf t
Switch(config)#int hs1
Switch(config-if-range)#shut

  • VLAN configuration such as trunk and access mode must be the same on both the ports participating in the ring. For example, if Gi1/0/24 and Gi1/0/23 in an HSR ring are in trunk mode and you attempt to change the mode of one port to access, the ports in the ring will not be bundled: 

    Switch(config)# interface range gi1/0/23-24
Switch(config-if-range)# switchport mode  access
Jul 27 22:00:27.809 IST: %EC-5-CANNOT_BUNDLE2: Gi1/0/23 is not compatible with Gi1/0/24 and will be suspended (trunk mode of Gi1/0/23 is access, Gi1/0/24 is dynamic)

  • After an interface is added in the HSR ring, only the primary interface counters are updated. You should not need to configure and check the status of individual physical interfaces after they are added to the HSR ring.

  • As soon as you configure an HSR ring on two ports of a switch, MAC flaps will be observed on other switches where the HSR configuration is yet to be applied. We recommend that you shut down the newly created HSR ring on the switch before configuring the ring on all switches, and then re-enable them one by one as shown below. For example, if there are four switches in the ring, disable the HSR ring interfaces on each switch: 

    Switch1(config)# interface range gi1/0/21-22
Switch1(config-if-range)# shutdown
Switch1(config-if-range)# hsr-ring 1
Creating a HSR-ring interface hs1
Switch1(config-if-range)# int hs1
Switch1(config-if-range)# shutdown
Switch1(config-if-range)# end

    After all four switches are configured with the ring, re-enable the HSR ports on each switch:

    Switch1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)# interface range gi1/0/21-22
Switch1(config-if-range)# int hs1
Switch1(config-if-range)# no shutdown
Switch1(config-if-range)# end
Switch1#

    This prevents interim MAC flapping during HSR ring configuration in member switches.

Default Settings

Table 1. HSR Ring Parameters

Parameter

Description

Range

Default Value

entryForgetTime

Time for clearing an inactive entry from duplicate discard table.

0-65535

400 ms

fpgamode-DualUplinkEnhancement

Set FPGA register for source mac filtering.

enable or disable

enable

nodeForgetTime

Time to clear an inactive entry from the node table.

0-65535

6000 ms

nodeRebootInterval

Time after which the RedBox must start sending supervision frames after bootup.

0-65535

500 ms

pauseFrameTime

Time interval between HSR pause frames.

0-65535

 25 ms

proxyNodeTableForgetTime

Time to clear an inactive entry from the proxy node table or vdan table.

0-65535

6000 ms

supervisionFrameLifeCheckInterval

Life check interval value for supervision frames.

0-65535

2000 ms

supervisionFrameOption

mac-da

The last bytes of the destination MAC address of supervision frames (01:15:4E:00:01:00). The last 00 is replaced by the value of this parameter.

1-255 MAC DA last eight bits option value

No default

vlan-cfi

Enable Canonical Format Indicator (CFI) for the VLAN tagged frame.

enable or disable

disable

vlan-cos

Class of Service (COS) value to be set in the VLAN tag of the Supervision frame.

0-7

0

vlan-id

The VLAN tag of the supervision frame.

0-4095

0

vlan-tagged

Set VLAN tagging option.

enable or disable

disable

supervisionFrameRedboxMacaddress

The RedBox MAC address in the supervision frames.

48-bit RedBox MAC address

The interface HSR ring MAC address

supervisionFrameTime

Time interval between supervision frames.

0-65535

3 ms

Configure an HSR Ring

Follow these steps to configure an HSR ring:

Before you begin

  • Read and understand the Guidelines and Limitations section of this chapter.

  • Ensure that the member interfaces of a HSR ring are not participating in any redundancy protocols such as FlexLinks, EtherChannel, REP, and so on before configuring a HSR ring.

Procedure

Step 1

Enter global configuration mode:

Switch# configure terminal

Step 2

(Optional) Globally enable CDP to provide information about HSR ring nodes: 

Switch(config)# cdp run

Step 3

(Optional) Globally enable LLDP to provide information about HSR ring nodes: 

Switch(config)# lldp run

Step 4

Enter interface configuration mode and disable PTP on the ports to be assigned to the HSR ring:

Switch(config)# interface range gi1/0/21-22
Switch(config-if-range)# no ptp enable

Step 5

(Optional) Enable CDP on the ports to be assigned to the HSR ring:

Switch(config-if-range)#cdp enable

Step 6

(Optional) Enable LLDP on the ports to be assigned to the HSR ring:

Switch(config-if-range)#lldp transmit
Switch(config-if-range)#lldp receive

Step 7

Shut down the ports before configuring the HSR ring:

Switch(config-if-range)# shutdown

Step 8

Create the HSR ring interface and assign the ports to the HSR ring:

Switch(config)# interface range gigabitEthernet 1/0/21-22
Switch(config-if-range)# hsr-ring 1

Step 9

(Optional) If required, configure HSR ring optional parameters. See the Default Settings section for the parameter descriptions, ranges and default values. 


Switch(config-range)# hsr 1 supervisionFrameLifeCheckInterval 10000

Step 10

Turn on the HSR interface:

Switch(config-if-range)# no shutdown
Switch(config-if-range)# end

Example

Switch# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# interface range gigabitEthernet 1/0/21-22
Switch(config-if-range)# no ptp enable
Switch(config-if-range)# shutdown
Switch(config-if-range)# hsr-ring 1
Switch(config-if-range)# hsr-ring 1 supervisionFrameLifeCheckInterval 10000
Switch(config-if-range)# no shutdown
Switch(config-if-range)# end

Clear All Node Table and VDAN Table Dynamic Entries

Procedure

Step 1

To clear all dynamic entries in the node table, enter the following command: clear hsr node-table

Step 2

To clear all dynamic entries in the VDAN table, enter the following command; clear hsr vdan-table

Verifying the Configuration

Command

Purpose

show hsr ring 1 [detail ]

Displays configuration details for the specified HSR ring.

show hsr statistics {egressPacketStatistics | ingressPacketStatistics | nodeTableStatistics | pauseFrameStatistics }

Displays statistics for HSR components.

Note

 

To clear HSR statistics information, enter the command clear hsr statistics .

show hsr node-table

Displays HSR node table.

show hsr vdan-table

Displays HSR Virtual Doubly Attached Node (VDAN) table.

Note

 

The VDAN table and Proxy node table are the same.

show cdp neighbors

Displays CDP neighbor information for an HSR ring.

show lldp neighbors

Displays LLDP neighbor information for an HSR ring.

Configuration Examples

HSR-SAN

This example shows the configuration of an HSR ring (Ring 1) using Gi1/0/23 and Gi1/0/24 ports between four devices.

Figure 2. HSR Ring Configuration with Four Devices 


IE9300-1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
IE9300-1(config)# interface range gi1/0/23-24
IE9300-1(config-if-range)# shutdown
IE9300-1(config-if-range)# hsr-ring 1
IE9300-1(config-if-range)# no shutdown
IE9300-1(config-if-range)# end
IE9300-1#          
IE9300-2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
IE9300-2(config)# interface range gi1/0/23-24
IE9300-2(config-if-range)# shutdown
IE9300-2(config-if-range)# hsr-ring 1
IE9300-2(config-if-range)# no shutdown
IE9300-2(config-if-range)# end
IE9300-2#          
IE9300-3# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
IE9300-3(config)# interface range gi1/0/23-24
IE9300-3(config-if-range)# shutdown
IE9300-3(config-if-range)# hsr-ring 1
IE9300-3(config-if-range)# no shutdown
IE9300-3(config-if-range)# end
IE9300-3#          
IE9300-4# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
IE9300-4(config)# interface range gi1/0/23-24
IE9300-4(config-if-range)# shutdown
IE9300-4(config-if-range)# hsr-ring 1
IE9300-4(config-if-range)# no shutdown
IE9300-4(config-if-range)# end
IE9300-4#          
IE9300-1# sh hsr ring 1 detail
HSR-ring: HS1
------------
 Layer type = L2
 Operation Mode = mode-H
 Ports: 2       Maxports = 2
 Port state = hsr-ring is Inuse
 Protocol = Enabled  Redbox Mode = hsr-san
Ports in the ring:
  1) Port: Gi1/0/23
   Logical slot/port = 1/3      Port state = Inuse
        Protocol = Enabled
  2) Port: Gi1/0/24
   Logical slot/port = 1/4      Port state = Inuse
        Protocol = Enabled

Ring Parameters:
 Redbox MacAddr: f454.3365.8a84
 Node Forget Time: 60000 ms
 Node Reboot Interval: 500 ms
 Entry Forget Time: 400 ms
 Proxy Node Forget Time: 60000 ms
 Supervision Frame COS option: 0
 Supervision Frame CFI option: 0
 Supervision Frame VLAN Tag option: Disabled
 Supervision Frame MacDa: 0x00
 Supervision Frame VLAN id: 0
 Supervision Frame Time: 3 ms
 Life Check Interval: 2000 ms
 Pause Time: 25 ms

IE9300-2# show hsr ring 1 detail
HSR-ring: HS1
------------
 Layer type = L2
 Operation Mode = mode-H
 Ports: 2       Maxports = 2
 Port state = hsr-ring is Inuse
 Protocol = Enabled  Redbox Mode = hsr-san
Ports in the ring:
  1) Port: Gi1/0/23
   Logical slot/port = 1/3      Port state = Inuse
        Protocol = Enabled
  2) Port: Gi1/0/24
   Logical slot/port = 1/4      Port state = Inuse
        Protocol = Enabled

Ring Parameters:
 Redbox MacAddr: 34c0.f958.ee83
 Node Forget Time: 60000 ms
 Node Reboot Interval: 500 ms
 Entry Forget Time: 400 ms
 Proxy Node Forget Time: 60000 ms
 Supervision Frame COS option: 0
 Supervision Frame CFI option: 0
 Supervision Frame VLAN Tag option: Disabled
 Supervision Frame MacDa: 0x00
 Supervision Frame VLAN id: 0
 Supervision Frame Time: 3 ms
 Life Check Interval: 2000 ms
 Pause Time: 25 ms

IE9300-4# sh hsr ring 1 de
HSR-ring: HS1
------------
 Layer type = L2
 Operation Mode = mode-H
 Ports: 2       Maxports = 2
 Port state = hsr-ring is Inuse
 Protocol = Enabled  Redbox Mode = hsr-san
Ports in the ring:
  1) Port: Gi1/0/23
   Logical slot/port = 1/3      Port state = Inuse
        Protocol = Enabled
  2) Port: Gi1/0/24
   Logical slot/port = 1/4      Port state = Inuse
        Protocol = Enabled

Ring Parameters:
 Redbox MacAddr: f454.3312.5104
 Node Forget Time: 60000 ms
 Node Reboot Interval: 500 ms
 Entry Forget Time: 400 ms
 Proxy Node Forget Time: 60000 ms
 Supervision Frame COS option: 0
 Supervision Frame CFI option: 0
 Supervision Frame VLAN Tag option: Disabled
 Supervision Frame MacDa: 0x00
 Supervision Frame VLAN id: 0
 Supervision Frame Time: 3 ms
 Life Check Interval: 2000 ms
 Pause Time: 25 ms

IE9300-3# sh hsr ring 1 detail
HSR-ring: HS1
------------
 Layer type = L2
 Operation Mode = mode-H
 Ports: 2       Maxports = 2
 Port state = hsr-ring is Inuse
 Protocol = Enabled  Redbox Mode = hsr-san
Ports in the ring:
  1) Port: Gi1/0/23
   Logical slot/port = 1/3      Port state = Inuse
        Protocol = Enabled
  2) Port: Gi1/0/24
   Logical slot/port = 1/4      Port state = Inuse
        Protocol = Enabled

Ring Parameters:
 Redbox MacAddr: f454.335c.4684
 Node Forget Time: 60000 ms
 Node Reboot Interval: 500 ms
 Entry Forget Time: 400 ms
 Proxy Node Forget Time: 60000 ms
 Supervision Frame COS option: 0
 Supervision Frame CFI option: 0
 Supervision Frame VLAN Tag option: Disabled
 Supervision Frame MacDa: 0x00
 Supervision Frame VLAN id: 0
 Supervision Frame Time: 3 ms
 Life Check Interval: 2000 ms
 Pause Time: 25 ms

Feature History

Feature Name

Release

Feature Information

High-Availability Seamless Redundancy (HSR)—HSR-SAN (Single RedBox mode)

Cisco IOS XE 17.13.1

Initial support for Cisco Catalyst IE9300 Rugged Series Switches