The present invention relates generally to computer network systems using a redundant router group. More particularly, it relates to mechanisms for facilitating DHCP (dynamic host configuration protocol) snooping, and the like, after failure in such a redundancy router group.
FIG. 1 is a diagrammatic representation of an example enterprise system 100. As shown, the enterprise system 100 includes a plurality of access layer switches 104 that are each coupled to one or more end hosts. For instance, access switch 104a is coupled to computer system 102a and IP phone 102b. Typically, each access switch provides layer 2 bridging for a plurality of hosts (not shown for each switch). The access switches 104 are typically coupled to two or more distribution layer routers and switches 106. Each distribution layer router/switch 106 may provide layer 3 routing, as well as layer 2 bridging. These distribution layer routers/switches 106 are together coupled with a core router/switch 108, which may be coupled with a data center 114 and a wide area network, such as the Internet, 110 via an edge router 112.
The individual components on each layer of the enterprise system 100 may be distributed in any suitable manner. For example, a particular company may include an access layer switch on each floor, one distribution switch/router in each building, and a single core router/switch for each campus or enterprise entity. In another application, such as a service provider environment, each access switch may serve a particular neighborhood or block; each distribution router/switch may serve a particular subdivision or city; while the core router/switch serves an entire city or metro area.
To facilitate discussion, an example communication scenario between two hosts via routers without implementation of a redundancy protocol, such as HSRP (Hot Standby Router Protocol) or VRRP (Virtual Router Redundancy Protocol) or GLBP (Gateway Load Balancing Protocol), will first be described. FIG. 2 represents a network segment 200 in which a first host 202a in a first VLAN 1 (virtual local area network) is used to communicate with a second host 202b in a second VLAN 2. A host typically first communicates with its next routing hop or gateway. For example, host 202a may send data first to its gateway, which may be in the form of its distribution router 206a. The host may be aware of its gateway by implementing a routing protocol, such as RIP (routing information protocol). However, use of a routing protocol is typically time consuming (e.g., to build the routing tables via routing discovery mechanisms), complex (e.g., to account for multiple changes in host configuration over time), and resource intensive (e.g., requiring large routing tables). Thus, another way to make a host aware of its gateway is to statically configure the host with a specific gateway's IP address. In the illustrated example, host 202a is statically configured to communicate with IP address “a” of gateway 206a. The host 202a then uses this IP address “a” to send a request to gateway 206a for the corresponding MAC address “A” of gateway 206a. 
The host 202a then uses the obtained MAC address “A” of gateway 206a to send data through its gateway 206a to another host, e.g., host 202b. For instance, traffic being sent from host 202a to host 202b will contain the following header information:
TABLE 1MAC and IP address information for trafficsent from hosts 202a to 202bMAC destinationMAC sourceIP DestinationIP SourceACdc
Unfortunately, if the gateway 206a fails, all of its underlying hosts need to be reconfigured. In the example of FIG. 2, all of the hosts that used default gateway 206a need to be reconfigured to use gateway 206b. This reconfiguration process can require significant amounts of time and temporary disruption in communication between a new gateway and a particular host can occur prior to reconfiguration of the particular host. That is, if host 202a is not reconfigured, its traffic to host 202b will include the MAC address “A” for a failing gateway 206a. 
The router redundancy protocols HSRP, VRRP and GLBP were implemented to overcome such problems with failing gateway routers to thereby minimize traffic disruptions between end hosts. These protocols require each host to be configured with a set of virtual IP and MAC addresses that correspond to the currently active router in its redundant router or gateway group and for the redundancy routers to communicate with each other, for example, via HSRP/VRRP/GLBP messages 207. For example, host 202a may be preconfigured with IP address h and MAC address “H” that both represent the currently active gateway from the redundant router group that includes routers 206a and 206b. Specifically, routers 206a and 206b will establish which one of them will be the active router and such active router takes on the IP and MAC addresses “h” and “H”, respectively. Router 206a may initially serve as the active router for host 202a and be reachable by IP address “h” and MAC address “H”. When router 206a fails, standby router 206b then detects this failure via HSRP/VRRP/GLBP messages 207 (or, rather, lack of lack of messages) and then takes over as active router and is reachable by IP address “h” and MAC address “H”.
Although conventional redundancy protocols work well for most applications, problems may occur under certain applications. For example, the DHCP snooping protocol allows a mobile host to connect with a particular gateway and have its IP address dynamically assigned by a DHCP server. The reason for this is that the host's IP address must fit in with the current gateway's IP subnet addressing scheme. At a high level, when a host first connects to a particular gateway, it requests an IP address be assigned for its particular MAC address. This request is sent by the mobile host to a DHCP Server (not shown) through its gateway and the response from the DHCP Server is returned through the same path.
The gateway router typically maintains the binding between the mobile host's MAC address and dynamically assigned IP address so as to minimize security breaches by another host who is taking over another host's dynamically assigned IP address. The gateway router maintains the bindings for a particular host in a DHCP Snooping database. When traffic comes from a particular MAC address that does not match the corresponding IP address for such binding, the gateway router determines that an attack or breach of security is in progress and does not allow such traffic to pass through the gateway to its destination.
Unfortunately DHCP Snooping currently may not work after a failover scenario. When the active gateway fails, the binding information is lost for its mobile hosts. Thus, security breaches may occur with the new active router since the new active router is not aware of valid MAC and IP address bindings for its hosts. This problem becomes more complex when different active routers handle different VLAN's since each active router is learning different DHCP bindings for its particular VLAN.
In view of the above, there is a need for mechanisms for consistently facilitating DHCP snooping, and other uses of DHCP binding data, in a redundant router group even after failure of an active router. Additionally, it would be desirable to facilitate DHCP snooping in a multiple VLAN environment.