You want a backup router to take over the MAC and IP addresses of a primary router if the primary fails.
Figure 22.1 represents a typical network design for use with HSRP on an Ethernet type LAN segment (including Fast Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet). There are two routers, called Router1 and Router2. They have IP addresses 172.22.1.3 and 172.22.1.2, respectively. When both routers are available, we want Router1 to handle all of the traffic, using the virtual IP address 172.22.1.1.
Configure the first router as follows:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface FastEthernet 0/1 Router1(config-if)#ip address 172.22.1.3 255.255.255.0 Router1(config-if)#standby 1 ip 172.22.1.1 Router1(config-if)#standby 1 priority 120 Router1(config-if)#exit Router1(config)#end Router1#
The second router's configuration is similar, except that the interface has a different real IP address and a lower HSRP priority level:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#interface FastEthernet 1/0 Router2(config-if)#ip address 172.22.1.2 255.255.255.0 Router2(config-if)#standby 1 ip 172.22.1.1 Router2(config-if)#standby 1 priority 110 Router2(config-if)#exit Router2(config)#end Router2#
In this example, we use the first address of the subnet, 172.22.1.1, as the virtual HSRP address, and consequently the default gateway for the segment. This is a relatively common practice and a good rule of thumb because it makes troubleshooting easier. Whatever segment you are looking at, you always know that the first address in the range is the default gateway.
For HSRP configurations, we recommend using the next two addresses as the physical addresses 172.22.1.2 and 172.22.1.3, in the example. This way, when you are looking at a problem, you always know exactly what the physical router addresses should be, so you can PING them, or log in and check their configurations.
In fact, you can use physical addresses that are from a different IP subnet than the virtual address. However, we don't recommend this because, once again, it can make troubleshooting problems extremely difficult, particularly if the HSRP configuration is broken so that neither router has the right virtual address.
You can also use HSRP with secondary IP addresses. However, we don't recommend using secondary IP addresses unless it is unavoidable. With modern VLAN-based network designs, secondary IP addresses on a LAN segment should be used only for temporary measures like when you are making addressing changes on your network. To configure a secondary HSRP address, use the secondary keyword:
Router2(config-if)#standby 1 ip 172.22.2.1 secondary
The number 1 following all of the standby commands in this recipe is a group number. You can leave this out, in which case the router will assume group 0. The group number is necessary if you have more than one pair of HSRP routers on the same segment. However, if a router runs HSRP on more than one interface, many administrators also find that it helps with troubleshooting if they configure different group numbers for each interface. This is particularly true if the different segments appear as different VLANs in the same switch. Since the default virtual MAC address depends only on group number, it can cause problems for some switches to see the same MAC address on two different VLANs.
You must configure all of the routers that share the same virtual IP address with the same group number. For Ethernet type interfaces, group numbers can have any value between 0 and 255, while for Token Ring interfaces you can use group numbers 0, 1, or 2 unless you include the use-bia command, which we discuss in Recipe 22.7.
The standby priority command, which appears in both routers, is optional. Priority values can be any value between 0 and 255. If you don't configure a priority, the router will use a default value of 100. We changed the priority on both routers for clarity. However, we highly recommend giving at least one of the routers a nondefault priority. If both routers have the same priority, they must elect an active router. RFC 2281, which documents the HSRP protocol, stipulates that the interface with the higher physical IP address will win this election if two routers become active simultaneously. However, in practice, one router almost always comes up first and wins.
Usually you will want to give one of the routers a higher priority so that it is active by default. This way, you force a particular router to be active, which can help with troubleshooting.
When a router becomes active, it broadcasts a gratuitous ARP packet with the HSRP virtual MAC address to the affected LAN segment. If the segment uses an Ethernet switch, this allows the switch to change the location of the virtual MAC address so that packets go to the new router instead of the one that is no longer active. End devices don't actually need this gratuitous ARP if the routers use the default HSRP MAC address. However, if the routers use the Burned-In Address (BIA), as in Recipe 22.7, the gratuitous ARP is critical for updating the ARP caches of end devices to point to the new router.
By default, the router will send gratuitous ARP packets every 10 seconds. You can adjust this interval with the standby mac-refresh command, which takes an argument between 0 and 255 seconds. Many switches will remove an entry from their MAC tables if they don't see at least one packet every 5 minutes (300 seconds). However, sometimes random errors mean that a packet is not received properly. So we don't recommend using a value greater than 150 seconds here:
Router2(config-if)#standby mac-refresh 30
If you don't want the router to send these packets at all, you can specify a value of 0. Note that this command does not specify a group. If you change this value, it changes for all groups on the interface.
You can use the show standby command to see the status of HSRP on a router:
Router1#show standby FastEthernet0/1 - Group 1 Local state is Active, priority 120 Hellotime 3 sec, holdtime 10 sec Next hello sent in 0.424 Virtual IP address is 172.22.1.1 configured Active router is local Standby router is 172.22.1.2 expires in 7.456 Virtual mac address is 0000.0c07.ac01 5 state changes, last state change 12:40:42 Router1#
In this example, you can see that this router is the active router, so the other must either be in a standby or an unavailable state. If this router were in the standby state, the line that currently says "Active router is local" would show the physical IP address of the active router. In this case, the following line shows the IP address of the standby router. The fact that the standby router is listed with an expiry time means that it is available. If the other router became unavailable for any reason, this line would be replaced by one saying "Standby router is unknown expired." This makes it very easy to see the state of both routers at once.
This command also shows other useful information, such as how frequently the router sends HSRP Hello packets (every three seconds). The "holdtime" shows how long the routers will wait before switching states10 seconds, in this case. The output also shows the virtual MAC address that HSRP is using, and that this router has an HSRP priority of 120.
You can also configure a particular shared MAC address if you don't want to use the default or the BIA:
Router1(config-if)#standby 1 mac-address 0000.0c07.ad01
When you use this option, you should configure the same MAC address on both routers. By default, when you configure a particular standby group, the router will always select the same MAC address. This is useful because it means that two routers will always agree on the MAC address that they will be sharing. But it can also cause confusion for a LAN switch that sees the same MAC address on two different VLANs. This could happen, for example, if you have two routers using HSRP group number 1 on one VLAN and two different routers using the same group number on a different VLAN. If you encounter problems, you can use the standby mac-address command to ensure that the HSRP MAC addresses are globally unique.
The recipe example shows two routers for simplicity. You could add more routers to the same HSRP group by simply specifying another unique real IP address and a lower HSRP priority, as follows:
Router3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router3(config)#interface FastEthernet 1/0 Router3(config-if)#ip address 172.22.1.4 255.255.255.0 Router3(config-if)#standby 1 ip 172.22.1.1 Router3(config-if)#standby 1 priority 100 Router3(config-if)#exit Router3(config)#end Router3#
However, we stress that there is questionable benefit to using more than two routers in a full redundancy configuration. The reason has to do with simple probability. The probability of one router failing is relatively small, but it can happen. Cisco quotes typical Mean Time Between Failure (MTBF) values for its routers between 15 and 20 years. Assuming that it takes a full day to repair a broken router, this means that you should expect to need a backup about 0.018 percent of the time. This is a very small number, but if you have a lot of routers, the probability of having a critical failure somewhere in your network can become rather large.
Now if you have a backup router that uses HSRP to automatically and transparently take over all routing functions for this segment, then you will only have a critical outage if both routers fail simultaneously. The probability of this happening is the square of the probability of one router failing, or roughly 3x10-6 percent. The effective aggregate MTBF has gone from 15 years to about 80 thousand years.
So the advantage to using a backup router should be obvious. If you then added another backup router to this network segment, the probability of failure becomes about 6x10-10 percent, for an effective MTBF of over 400 million years. Very few networks actually need that sort of reliability.
In fact, all of these statistical arguments assume that the failure of one router is completely uncorrelated with the failure of the backup. This is not the case if both devices run from the same circuit breaker, for example. So, if you do find that you frequently suffer from multiple simultaneous failures, you should probably figure out why the failures are correlated. Simply adding another router might not help the situation at all.
And, of course, there are other reasons why routers become unavailable. In many networks, the most compelling reason for using HSRP is that it makes routine maintenance possible without disrupting production traffic. This is particularly important in networks that must be available at all times. You might even decide to use three HSRP routers on a segment to ensure that you still have full redundancy even when you take one of the routers down for maintenance.