Load-Balancing with HSRP

Problem

You want to load-balance your traffic between two (or more) HSRP routers.

Solution

You can configure HSRP so that both routers are always in use if they are available. This allows you to use your network resources more efficiently, but it is slightly more complicated to configure.

Configure the first router as follows, with two HSRP groups:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip address 172.22.1.3 255.255.255.0
Router1(config-if)#standby 1 ip 172.22.1.1
Router1(config-if)#standby 1 priority 120
Router1(config-if)#standby 1 preempt
Router1(config-if)#standby 2 ip 172.22.1.2
Router1(config-if)#standby 2 priority 110
Router1(config-if)#standby 2 preempt
Router1(config-if)#exit
Router1(config)#end
Router1#

Then, on the second router, you create the same two HSRP groups, but change the priority levels from those of the first router so that Router1 is active for group 1 and Router2 is active for group 2:

Router2#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet1/0
Router2(config-if)#ip address 172.22.1.4 255.255.255.0
Router2(config-if)#standby 1 ip 172.22.1.1
Router2(config-if)#standby 1 priority 110
Router2(config-if)#standby 1 preempt
Router2(config-if)#standby 2 ip 172.22.1.2
Router2(config-if)#standby 2 priority 120
Router2(config-if)#standby 2 preempt
Router2(config-if)#exit
Router2(config)#end
Router2#

This ensures that both router back up one another simultaneously. You must then configure half of your end devices on this segment to use the address 172.22.1.1 for their default gateway, and the other half to use 172.22.1.2.

Discussion

By default, when you use HSRP on a LAN segment, all of the traffic goes through whichever router is currently active. This means that the second router and its links are generally idle. If this is a remote site, and both routers have WAN links, then you will need to pay for an expensive WAN connection that is almost always unused. So this recipe shows you a way to use both routers.

This method only affects the outgoing traffic from the workstations to the routers and out to the WAN. If you want to balance the traffic going from the WAN to the LAN as well, you will need to look at your routing protocol, which determines which WAN connection is the best path to this LAN segment.

The recipe is actually very simple. It just creates two separate HSRP groups on the same segment. When everything is working normally, Router1 is the active router for one of the groups and Router2 is active for the other. Then, if either of these routers fails, the other takes over and becomes the active router for both groups.

This feature uses Multigroup HSRP (MHSRP). Not all routers support MHSRP. In particular, it does not work on Cisco 1600, 2500, 4000, or 5200/5300 devices. For Token Ring LANs, you can use MHSRP, but there are only three available HSRP groups for Token Rings. Other LAN media, such as Ethernet, FDDI, ATM, and various VLAN encapsulations (including LANE, ISL, 802.10, 802.1Q, and EtherChannel) will support 256 groups. Note that you can actually configure more HSRP groups for Token Ring if you use the use-bia option. But this means that every group will use the same MAC address. We will discuss this option and its benefits and restrictions in Recipe 22.7.

Once you have configured the routers this way so that they both back one another up, you need to configure the end devices. Half of these devices need to have a default gateway address of 172.22.1.1, and the other half must use 172.22.1.2. Deciding which devices use which address is the key to balancing the load between your routers. If you configure all of your busiest devices to use the same address, and consequently the same router, then you won't have a very well-balanced network load. This is also where the administration starts to become a little bit more complicated because you must decide which gateway each new device will use.

Of course, in a situation where both routers support two or more LAN segments, you could simply make one router primary for one segment and the other one primary for the other segment, instead of configuring two HSRP groups on the same interface. This is considerably simpler to administer, and it works well in larger networks.

The show standby command output includes information about both groups. For the first router in the example, you get the following output:

Router1#show standby
FastEthernet0/1 - Group 1
 Local state is Active, priority 120, may preempt
 Hellotime 3 sec, holdtime 10 sec
 Next hello sent in 1.184
 Virtual IP address is 172.22.1.1 configured
 Active router is local
 Standby router is 172.22.1.4 expires in 9.164
 Virtual mac address is 0000.0c07.ac01
 17 state changes, last state change 01:14:06
FastEthernet0/1 - Group 2
 Local state is Standby, priority 110, may preempt
 Hellotime 3 sec, holdtime 10 sec
 Next hello sent in 2.394
 Virtual IP address is 172.22.1.2 configured
 Active router is 172.22.1.4, priority 120 expires in 8.892
 Standby router is local
 4 state changes, last state change 00:32:22
Router1#

You can see that this router is active for group 1 and in standby for group 2. The same command on the second router shows the converse:

Router2#show standby
FastEthernet1/0 - Group 1
 Local state is Standby, priority 110, may preempt
 Hellotime 3 sec, holdtime 10 sec
 Next hello sent in 0.274
 Virtual IP address is 172.22.1.1 configured
 Active router is 172.22.1.3, priority 120 expires in 9.312
 Standby router is local
 4 state changes, last state change 01:23:46
 IP redundancy name is "hsrp-Fa1/0-1" (default)
FastEthernet1/0 - Group 2
 Local state is Active, priority 120, may preempt
 Hellotime 3 sec, holdtime 10 sec
 Next hello sent in 2.536
 Virtual IP address is 172.22.1.2 configured
 Active router is local
 Standby router is 172.22.1.3 expires in 8.936
 Virtual mac address is 0000.0c07.ac02
 1 state changes, last state change 01:21:49
Router2#

Cisco has recently developed a new solution to this same problem, called Gateway Load-Balancing Protocol (GLBP), which allows you to load-balance between several HSRP routers without having to reconfigure the end devieces. Please refer to Recipe 22.14 for more information on this technique.

See Also

Recipe 22.1; Recipe 22.2; Recipe 22.14


Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net