Hot Standby Router Protocol

HSRP allows networks with more than one gateway to provide redundancy in case of interface or router failure on any given router.

HSRP allows router redundancy in a network. It is a Cisco proprietary solution that existed before the IETF defined the Virtual Router Redundancy Protocol (VRRP). To illustrate HSRP, Figure 1-12 displays a six-router network with clients on segments on Ethernet networks, Sydney and San Jose.

Cisco exams typically test Cisco proprietary protocols more heavily than industry-standard protocols, such as VRRP. At the time of this writing, Cisco.com does not list VRRP as an objective that will be tested.

HSRP failover can be applied to VPN routers (Cisco IOS 12.2 and later) through the use of HSRP. Remote VPN gateways connect to the local VPN router through the standby address that belongs to the active device in the HSRP group. This ensures that statically configured VPN tunnels have some form of redundancy if a router or interfaces fails.

Cisco.com provides more details on IPSec VPN failure and HSRP at the following URL:

http://cisco.com/en/US/products/sw/iosswrel/ps5012/ products_feature_guide09186a0080116d4c.html

Figure 1-12 HSRP Example

Network Sydney

Router A #

interface Ethernet 0

ip address 131.100.2.2 255.255.255.0

standby priority 110

standby preempt standby authentication cisco standby ip 131.108.2.100

standby track Serial0

Router C #

interface Ethernet 0

ip address 131.108.1.2 255.225.255.0

standby priority 110

standby preempt standby authentication cisco standby ip 131.108.1.100

standby track Serial0

IP Address 131.108.2.1/24

IP Address 131.108.2.1/24

Gateway Address 131.108.2.100/24

131.108.2.2/24

Router A

Serial 0

Router B

Serial 0

131.108.1.2/24

Router C

Standby IP add 131.108.2.100 Standby IP add 131.108.1.100

Router F

Router E

Router D

131.108.2.3/24

Serial 0

Serial 0

131.108.1.3/24

Network San Jose

IP Address 131.108.1.1/24

IP Address 131.108.1.1/24

Gateway Address 131.108.1.100/24

Router F #

interface Ethernet 0

ip address 131.100.2.3 255.255.255.0

standby authentication cisco standby ip 131.108.2.100

standby priority 100

Router D #

interface Ethernet 0

ip address 131.108.1.3 255.255.255.0

standby authentication cisco standby ip 131.108.1.100

standby priority 100

Router E

PCs are typically configured with only one gateway address. (Windows 2000/XP clients can take more than one, but this still leaves a problem in that all devices must be configured for multiple gateways; the most scalable solution is to configure a single gateway on all devices and allow an intelligent network to provide redundancy where only a few devices require configuration.) Assume that PC1 is configured with a gateway address of 131.108.1.100. Two routers on the Ethernet share the segment labeled San Jose network. To take advantage of the two routers, HSRP allows only Routers C and D to bid for a virtual IP address, and if any one router (Router C or D, in this example) fails, the operational router assumes the HSRP gateway address. Host devices typically have only a brief 100- to 200-ms interruption when a network failure occurs.

To illustrate how HSRP provides default gateway support, refer to Figure 1-12, which shows a network with two local routers configured with an Ethernet interface address of 131.108.1.2/24 for

Router C and 131.108.1.3/24 for Router D. Notice that both routers share a common Ethernet network. Assume that PC1 has been configured with a default gateway pointing to Router C. If Router C goes down or the Ethernet interface becomes faulty, all the devices must be manually reconfigured to use the second default gateway (Router D, 131.108.1.3/24). HSRP enables the network administrator to elect one of the two routers to act as the default gateway. If the elected router goes down, the second router assumes the IP default gateway. The Cisco IOS command standby track interface-of-wan under the Ethernet interface allows the router to monitor the WAN link. If the WAN link continuously fails past a threshold, the HSRP default router decreases its priority to allow a more reliable WAN connection to provide a gateway. For example, in Figure 1-12, if the link between Routers C and B fails past a threshold, Router D can be configured to assume the HSRP address to provide a faster connection to the IP backbone network.

The steps to enable HSRP are as follows:

1. Enable HSRP (required).

2. Configure HSRP group attributes (optional).

3. Change the HSRP MAC refresh interval (optional).

Table 1-5 illustrates the various required and optional commands to enable HSRP. Table 1-5 HSRP Commands

Cisco IOS Command

Purpose

standby [group-number] timers [msec]

hellotime [msec] holdtime

These required commands configure the time between Hello packets and the hold time before other routers declare the active router to be down.

standby [group-number] ip [ip-address [secondary]

or standby [group-number] preempt [delay {minimum delay | reload delay | sync delay}]

The standby ip command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the designated address is learned through the standby function. For HSRP to elect a designated router, at least one router on the cable must have been configured with, or have learned, the designated address. Configuring the designated address on the active router always overrides a designated address that is currently in use. Also note if preempt is not enabled, a router with a higher priority will not become the HSRP active router.

standby [group-number] track type number [interface-priority]

This optional command configures the interface to track other interfaces so that if one of the other interfaces goes down, the device's Hot Standby priority is lowered.

Table 1-5 HSRP Commands (Continued)

Cisco IOS Command

Purpose

standby [group-number] authentication string

Selects an authentication string to be carried in all HSRP messages. An optional authenticator field allows only authenticated routers to offer HSRP.

standby use-bia [scope interface]

Configures HSRP to use the burned-in address of an interface as its virtual MAC address instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring).

Now configure Routers C and D in Figure 1-12 for HSRP, and ensure that Router C is the primary gateway address and that the PC is configured with a gateway address of 131.108.1.100. Router C is configured with a higher priority (standby priority 110 preempt) than the default 100 to ensure that Router C becomes the default gateway for the hosts on the San Jose network; authentication is also enabled between the two gateway routers.

Example 1-5 displays the sample Cisco IOS configuration for Router C.

Example 1-5 HSRP Configuration on Router C

interface Ethernet0 ip address 131.108.1.2 255.255.255.0 standby priority 110 standby preempt standby authentication cisco standby ip 131.108.1.100 standby track Serial0

Example 1-5 displays Router C configured with a virtual IP address of 131.108.1.100 and preempt, which allows Router C to assume the role if a failure occurs. The track command ensures that SerialO, or the WAN link to Router B, is monitored to make sure that a flapping link does not cause bandwidth delays for users, such as PC1. For every tracked interface failure, the priority is reduced by 10 by default. The Cisco IOS default priority is set to 100. In this configuration, two failures must occur for Router D to assume the HSRP address (110 - 10 - 10 = 90 < 100).

Example 1-6 displays the sample Cisco IOS configuration for Router D. Configure Router D with an HSRP priority of 105 so that any two (not one) failures on Router C will mean that Router D priority is higher than Router C. (Router C is set to 110; one failure and then it is set to 110 - 20 = 90 < 100.) Router D is not configured for preempt because Router C is designed to be the active HSRP address when both C and D are operational.

Example 1-6 HSRP Configuration on Router D

interface EthernetO ip address 131.108.1.3 255.255.255.0 standby authentication cisco standby ip 131.108.1.100

To view the status of HSRP, the Cisco IOS command is show standby. Example 1-7 displays the sample output when this command is entered in Router C.

Example 1-7 show standby on Router C

Router-C#show standby

Ethernet0 - Group 0

Local state is Active, priority 110, may preempt

Hellotime 3 sec, holdtime 1(

sec

Next hello sent in 1.458

Virtual IP address is 131.1<

98.1.100 configured

Active router is local

Standby router is 131.108.1

3 expires in 8.428

Virtual mac address is 0000

0c07.ac01

2 state changes, last state

change 02:09:49

IP redundancy name is "hsrp

Et0-1" (default)

Priority tracking 1 interface, 1 up:

Interface Decrement State

Serial0 10 Up

Router C is currently the configured gateway and is tracking Serial 0 for failures; every WAN failure decrements the priority value by 10. If a single failure occurs, the priority on Router C drops to 100 (110 - 10 = 100), the same as Router D. Because Router C still has the preempt option, Router C remains active when it returns. However, if a second failure occurs on Router C, its priority drops another 10 to 90, below the priority of D, so Router D remains as the default gateway until the interface on Router C has fully recovered. After the priority on Router C increments back to 110, Router C assumes the gateway function because preempt is enabled, as displayed in Example 1-7.

Example 1-8 displays the output of the show standby command on Router D when in standby mode.

Example 1-8 show standby on Router D

Router-D#show standby Ethernet - Group 0

Local state is Standby, priority 100,

Hellotime 3 holdtime 10

Next hello sent in 00:00:01.967

Hot standby IP address is 131.108.1.100 configured

Active router is local

Standby router is unknown expired

Standby virtual mac address is 0000.0c07.ac00

2 state changes, last state change 00:03:59

0 0

Post a comment