Hot Standby Routing Protocol (HSRP)

In this book, several examples dealt with creating backup links for use in case some other link fails. But routers themselves failso how do you implement backup routers? You might think that this shouldn't be a problem: after all, if you have two routers connecting your site to the external world, and one fails, your own routing protocols should eventually route around the failure. However, it's not that simple. If the individual hosts on your network aren't running some sort of routing protocol (such as RIP) or router discovery protocol (such as IRDP), they'll never find out about the failure. And in most cases, you don't want to be running a routing protocol on individual hosts; you want to set up each host with a simple default route and leave it at that. Furthermore, when a router fails, it can take some time for a protocol such as RIP to converge on a new route.

That's the overall picture. More concretely, the top illustration in Figure 13-1 shows a larger network comprising two smaller networks. There are two routers, both connected to the external gateway. Let's assume that you want to configure the hosts on Network 1 and Network 2 with static default routes. To which router should these default routes point? All the hosts on both networks can reach either router, but each host can have only one default route. What happens if the router a particular host is using fails? How does that host find out about the other router, aside from an administrator manually changing its default route?

The elegant solution is HSRP. The second part of Figure 13-1 shows a new router, Router 3. Router 3 is a virtual router, meaning that there's no such physical piece of equipment: it's an illusion created by the use of HSRP on Router 1 and Router 2. However, although Router 3 is an illusion, it has a unique IP address and a unique MAC address that is configured between Router 1 and Router 2.

Configuring HSRP is as simple as using the standby command on the appropriate interfaces. In the following configuration, we apply the standby command to the ethernet1 interfaces of both routers. Router 1 has the standby preempt command, which tells the routers that Router 1 should be the active router for the standby group, but only when Router 1 has the higher priority. We ensure it has a higher priority by setting the value explicitly to 120 with the priority command. If Router 1 goes down, Router 2 becomes the standby router and takes over the routing duties for our virtual Router 3. If Router 1 comes back up, it will automatically take over because it has the higher priority and the preempt command in its configuration. The standby ip command provides the IP address for the virtual router.

Figure 13-1. HSRP layout

Here's the configuration for Router 1:

 interface ethernet1
 ! A real IP address is still required for this interface
 ip address 10.10.28.1 255.255.255.0
 standby preempt
 standby priority 120
 ! The IP address for the virtual 
 Router3 is 10.10.28.3
 standby ip 10.10.28.3

Here's the configuration for Router 2:

 interface ethernet1
 ! A real IP address is still required for this interface
 ip address 10.10.28.2 255.255.255.0
 ! The IP address for the virtual Router3 is 10.10.28.3
 standby ip 10.10.28.3

With this configuration, all the nodes in Networks 1 and 2 can use 10.10.28.3 as their default gateway address. This is the IP address for the virtual router, Router 3; hosts on the two networks can communicate with Router 3 as if it were a real device. Initially, Router 1 acts as Router 3 and handles packets sent to the virtual router's address. If Router 1 fails, Router 2 takes over immediately. The switchover happens so quickly that the network devices never know that anything has happened; they can continue to use Router 3 as their default router.

It's worth mentioning that the routers adopt a common virtual MAC address as well as a virtual IP address. You don't have to configure the virtual MAC address; the routers do this for you. A virtual MAC address ensures that the ARP caches remain valid when HSRP switches over to another router.

13.2.1. Tracking Another Interface

With the HSRP TRack command, we can tell our HSRP process to watch another interface and decrement our priority if the other interface goes down. This feature would be useful in our examples to track the interface on each router going to the gateway router. Let's assume that Router 1 and Router 2 both use serial0 to connect to the gateway router as shown in Figure 13-1. All we need to do to our previous configuration is add the track command.

Here's the configuration for Router 1:

 interface ethernet1
 ip address 10.10.28.1 255.255.255.0
 standby preempt
 standby priority 120
 standby track serial0
 standby ip 10.10.28.3

And here's the configuration for Router 2:

 interface ethernet1
 ip address 10.10.28.2 255.255.255.0
 standby track serial0
 standby ip 10.10.28.3

 

13.2.2. Naming Our HSRP Configuration

We can also assign a name to our HSRP configuration. As we will see later in the NAT configuration, we'll use this for stateful NAT. The command is simply standby name followed by the name you would like to use.

 interface ethernet1
 standby name hsrpname1

 

13.2.3. Multiple-Group Hot Standby Routing

HSRP allows you to create multiple virtual routers, each supported by a number of physical routers, by using the concept of router groups in the standby commands. Multiple standby groups are supported only by newer router models and high-end routers. The 2500-series routers do not support this function (Lance Ethernet chipset).

Our previous example didn't specify a group number, meaning that both routers were in the default group (group 0). In this example, we'll use three physical routers to create three virtual routers, using three router groups. Here's how we'll organize the routers:

 

Router 1

Active for group 1 and standby for group 3

 

Router 2

Active for group 2 and standby for group 3

 

Router 3

Active for group 3 and standby for group 1 and group 2

The virtual router for group 1 has the address 10.10.1.11; group 2 has the address 10.10.1.12; and group 3 has the address 10.10.1.13.

Here's the configuration for Router 1:

 interface ethernet1
 ip address 10.10.1.1 255.255.255.0
 standby 1 priority 120
 standby 1 preempt
 standby 1 ip 10.10.1.11
 standby 3 ip 10.10.1.13

Here's the configuration for Router 2:

 interface ethernet1
 ip address 10.10.1.2 255.255.255.0
 standby 2 priority 120
 standby 2 preempt
 standby 2 ip 10.10.1.12
 standby 3 ip 10.10.1.13

And here's the configuration for Router 3:

 interface ethernet1
 ip address 10.10.1.3 255.255.255.0
 standby 3 priority 120
 standby 3 preempt
 standby 3 ip 10.10.1.13
 standby 1 ip 10.10.1.11
 standby 2 ip 10.10.1.12

HSRP groups help your switches behave reasonably as different routers are enabled. Remember that the router automatically generates a virtual MAC address for each HSRP router. If you have your HSRP routers connected to a single switch (or multiple switches VLANed together), the switch will see the same MAC address on different ports as the HSRP routers become active. With HSRP groups, the routers use a unique MAC address for each HSRP group. So, if you do have your HSRP routers plugged into a single switch, you can use multiple HSRP groups to enforce the use of different MAC addresses on different ports, which keeps switches happy.

13.2.4. Load Sharing with Hot Standby

You can use HSRP for a form of load sharing . Think back to Figure 13-1. In this network, we gave all the hosts a default route to the virtual router (10.10.28.3) and configured Router 1 to act as the virtual router unless it failed. This is clearly inefficient, since most of the time Router 2 was doing nothing: all the traffic flowed through Router 1, and Router 2 just waited for Router 1 to break.

In this example, we configure the networks so that Network 1 uses Router 1 as its default route, and Network 2 uses Router 2. To do so, we create two virtual routers, each with its own IP address. Each physical router is the primary router for one of the virtual routers and the backup for the other. With this configuration, Network 1 can use the virtual Router 1 (10.10.28.3) for its default route, and Network 2 can use the virtual Router 2 (10.10.28.4). In this way, they both carry traffic until one of the routers goes down, and then the other router takes over all the traffic.

Here's the configuration for Router 1:

 interface ethernet1
 ip address 10.10.28.1 255.255.255.0
 standby 1 preempt
 standby 1 priority 120
 standby 1 ip 10.10.28.3
 standby 2 ip 10.10.28.4

Here's the configuration for Router 2:

 interface ethernet 1
 ip address 10.10.28.2 255.255.255.0
 standby 2 preempt
 standby 2 priority 120
 standby 2 ip 10.10.28.4
 standby 1 ip 10.10.28.3

Devices within Network 1 use 10.10.28.3 as their default router, and devices within Network 2 use 10.10.28.4 as their default router. This configuration provides a primitive form of load sharing across the two networks. If either router goes down, the other takes over.

13.2.5. HSRP show Commands

The command show standby displays all the HSRP information that the router knows about. In this configuration, we can see that HSRP is configured only on Ethernet0:

 Router1#show standby
 Ethernet0 - Group 0
 Local state is Active, priority 120, may preempt
 Hellotime 3 holdtime 10
 Next hello sent in 00:00:02.564
 Hot standby IP address is 192.168.1.3 configured
 Active router is local
 Standby router is unknown expires in 00:00:04
 Standby virtual mac address is 0000.0c07.ac00


Getting Started

IOS Images and Configuration Files

Basic Router Configuration

Line Commands

Interface Commands

Networking Technologies

Access Lists

IP Routing Topics

Interior Routing Protocols

Border Gateway Protocol

Quality of Service

Dial-on-Demand Routing

Specialized Networking Topics

Switches and VLANs

Router Security

Troubleshooting and Logging

Quick Reference

Appendix A Network Basics

Index



Cisco IOS in a Nutshell
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
ISBN: 0596008694
EAN: 2147483647
Year: 2006
Pages: 1031
Authors: James Boney

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net