.NODE

Using HSRP for Home Agent Redundancy

Problem

You want to set up redundant Home Agents to improve network availability for your Mobile Nodes.

Solution

For this recipe, we must configure two nearly identical Home Agent routers. Here is the configuration of the first one:

RouterHome1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterHome1(config)#interface FastEthernet0/0
RouterHome1(config-if)#ip address 192.168.9.2 255.255.255.0
RouterHome1(config-if)#standby 1 ip 192.168.9.1
RouterHome1(config-if)#standby 1 name HA-GROUP
RouterHome1(config-if)#exit
RouterHome1(config)#router mobile
RouterHome1(config-router)#exit
RouterHome1(config)#router eigrp 99
RouterHome1(config-router)#redistribute mobile
RouterHome1(config-router)#network 192.168.9.0
RouterHome1(config-router)#network 192.168.10.0
RouterHome1(config-router)#default-metric 10000 10 255 1 1500
RouterHome1(config-router)#no auto-summary
RouterHome1(config-router)#exit
RouterHome1(config)#ip mobile home-agent address 192.168.9.1
RouterHome1(config)#ip mobile home-agent redundancy HA-GROUP virtual-network
RouterHome1(config)#ip mobile virtual-network 192.168.10.0 255.255.255.0
RouterHome1(config)#ip mobile host 192.168.10.1 192.168.10.254 virtual-network 192.168.10.0 255.255.255.0
RouterHome1(config)#ip mobile secure home-agent 192.168.9.3 spi 100 key ascii cisco
RouterHome1(config)#ip mobile secure host 192.168.10.110 spi 100 key ascii cookbook
RouterHome1(config)#ip mobile secure host 192.168.10.111 spi 100 key ascii cookbook
RouterHome1(config)#ip mobile secure host 192.168.10.112 spi 100 key ascii cookbook
RouterHome1(config)#ip mobile secure host 192.168.10.113 spi 100 key ascii cookbook
RouterHome1(config)#ip mobile secure host 192.168.10.114 spi 100 key ascii cookbook
RouterHome1(config)#ip mobile secure host 192.168.10.115 spi 100 key ascii cookbook
RouterHome1(config)#end
RouterHome1#

And here is the second Home Agent router:

RouterHome2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterHome2(config)#interface FastEthernet0/0
RouterHome2(config-if)#ip address 192.168.9.3 255.255.255.0
RouterHome2(config-if)#standby 1 ip 192.168.9.1
RouterHome2(config-if)#standby 1 name HA-GROUP
RouterHome2(config-if)#exit
RouterHome2(config)#router mobile
RouterHome2(config-router)#exit
RouterHome2(config)#router eigrp 99
RouterHome2(config-router)#redistribute mobile
RouterHome2(config-router)#network 192.168.9.0
RouterHome2(config-router)#network 192.168.10.0
RouterHome2(config-router)#default-metric 10000 10 255 1 1500
RouterHome2(config-router)#no auto-summary
RouterHome2(config-router)#exit
RouterHome2(config)#ip mobile home-agent address 192.168.9.1
RouterHome2(config)#ip mobile home-agent redundancy HA-GROUP virtual-network
RouterHome2(config)#ip mobile virtual-network 192.168.10.0 255.255.255.0
RouterHome2(config)#ip mobile host 192.168.10.1 192.168.10.254 virtual-network 192.168.10.0 255.255.255.0
RouterHome2(config)#ip mobile secure home-agent 192.168.9.2 spi 100 key ascii cisco
RouterHome2(config)#ip mobile secure host 192.168.10.110 spi 100 key ascii cookbook
RouterHome2(config)#ip mobile secure host 192.168.10.111 spi 100 key ascii cookbook
RouterHome2(config)#ip mobile secure host 192.168.10.112 spi 100 key ascii cookbook
RouterHome2(config)#ip mobile secure host 192.168.10.113 spi 100 key ascii cookbook
RouterHome2(config)#ip mobile secure host 192.168.10.114 spi 100 key ascii cookbook
RouterHome2(config)#ip mobile secure host 192.168.10.115 spi 100 key ascii cookbook
RouterHome2(config)#end
RouterHome2#

The configurations of the Mobile Router and the Foreign Agent router are identical to those seen in previous recipes in this chapter.

Discussion

If you plan to configure a large Mobile IP infrastructure, then a natural design would be to have a centralized Home Agent router by using virtual-networks to support a large pool of Mobile Nodes. In this design, it quickly becomes apparent that the Home Agent router itself is a serious single point of failure for the entire Mobile IP network. Fortunately, Cisco provides a way to make the Home Agent redundant.

In this recipe, we modify the Home Agent configuration shown in Recipe 24.2 to allow you to use a pair of dual redundant Home Agent routers. In this example, the two routers are configured in an Active-Standby relationship, so that all traffic uses either one router or the other. Later in this recipe, we will discuss ways to make this an Active-Active relationship instead.

In Recipe 24.2, we configured the Home Agent address on a Loopback interface. The reason for this was simple. Because the tunnels terminate on this address, we wanted to make sure that it was always available. Now, however, we want to be able to flip our tunnels to the backup Home Agent router, which means that we need to put it on a physical interface:

RouterHome1(config)#interface FastEthernet0/0
RouterHome1(config-if)#ip address 192.168.9.2 255.255.255.0
RouterHome1(config-if)#standby 1 ip 192.168.9.1
RouterHome1(config-if)#standby 1 name HA-GROUP

We have configured HSRP on this interface and assigned the group name HA-GROUP to it. The HSRP virtual IP address for this group is the Home Agent address. On the other router, we have configured a different physical IP address, but the same virtual address and HSRP group:

RouterHome2(config)#interface FastEthernet0/0
RouterHome2(config-if)#ip address 192.168.9.3 255.255.255.0
RouterHome2(config-if)#standby 1 ip 192.168.9.1
RouterHome2(config-if)#standby 1 name HA-GROUP

This way, the virtual address is available if this Ethernet interface is available on either router. Please refer to Chapter 22 for more information on HSRP.

The rest of the Home Agent configuration is remarkably similar to what we previously saw in Recipe 24.2. So we will just look at the differences, and there are two:

RouterHome1(config)#ip mobile home-agent redundancy HA-GROUP virtual-network
RouterHome1(config)#ip mobile secure home-agent 192.168.9.3 spi 100 key ascii cisco

These two new commands do two things. The first one associates the HSRP group, HA-GROUP, with the IP Mobility Home Agent and configures it to support a virtual network. The second one configures a security association and authentication key for the relationship between the two redundant Home Agents. This is critical because it is this that allows the two routers to share information about the IP Mobility bindings.

To configure an Active-Active relationship between the two Home Agents, it is necessary to configure two distinct Home Agent addresses. One group of Mobile Nodes will use the first Home Agent address, and another group will use the second address.

First, the interface configuration must be changed to support two HSRP groups with different names and different virtual IP addresses:

RouterHome1(config)#interface FastEthernet0/0
RouterHome1(config-if)#ip address 192.168.9.2 255.255.255.0
RouterHome1(config-if)#standby 1 ip 192.168.9.1
RouterHome1(config-if)#standby 1 priority 110
RouterHome1(config-if)#standby 1 preempt
RouterHome1(config-if)#standby 1 name HA-GROUP
RouterHome1(config-if)#standby 2 ip 192.168.9.5
RouterHome1(config-if)#standby 2 priority 90
RouterHome1(config-if)#standby 2 preempt
RouterHome1(config-if)#standby 2 name HA-GROUP2
RouterHome1(config-if)#exit

Then the second router is the same, but with a different physical address and different HSRP priority values:

RouterHome2(config)#interface FastEthernet0/0
RouterHome2(config-if)#ip address 192.168.9.3 255.255.255.0
RouterHome2(config-if)#standby 1 ip 192.168.9.1
RouterHome2(config-if)#standby 1 priority 90
RouterHome2(config-if)#standby 1 preempt
RouterHome2(config-if)#standby 1 name HA-GROUP
RouterHome2(config-if)#standby 2 ip 192.168.9.5
RouterHome2(config-if)#standby 2 priority 110
RouterHome2(config-if)#standby 2 preempt
RouterHome2(config-if)#standby 2 name HA-GROUP2
RouterHome2(config-if)#exit

We have configured HSRP priorities so that during normal operation, the first router will be active for the first virtual IP address and the second router will be active for the second address. We have also configured the preempt keyword on both groups so that if one of the routers does fail, they will return to the desired Active-Active relationship after it recovers. Please refer to Chapter 22 for more information on this option.

Then we simply have to configure the routers to advertise the second virtual IP address as a Home Agent address:

RouterHome1(config)#ip mobile home-agent redundancy HA-GROUP virtual-network address 192.168.9.1
RouterHome1(config)#ip mobile home-agent redundancy HA-GROUP2 virtual-network address 192.168.9.5

And, finally, we must configure some of our Mobile Nodes to point to the first address and some to point to the second address for their respective Home Agents.

See Also

Recipe 24.2; Recipe 24.3; Recipe 24.4; Chapter 22

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index

show all menu





Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505
Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net