Design and deployment of HSRP in a LAN environment
Folks, welcome back! In this session we would take a look at HSRP. HSRP or Hot Standby Routing Protocol was primarily designed for providing layer two redundancy for default gateways (DG) failures on LAN segments. Understandably, for most networks out there if the default gateway is lost (may be by a router crash or by a interface disconnect or …) LAN looses the ability to communicate with the external networks, HSRP offers some layer 2/3 redundancy for such failures by providing a virtual IP and a virtual MAC address and binding interfaces on two or more routers to the same virtual IP address (VIP).Any one router can be active at a time. A router that is chosen to be active would attend to the requests that come in for the VIP, should the active router go inaccessible the standby router/s assumes the role of servicing the requests for the VIP. Note that to benefit from HSRP, default gateways on the PC’s should be configured with the VIP instead of interface addresses of the routers.
With that in mind let’s actually design a network that does this for us. Our goal here is to create a HSRP group with R3 as an active router and R2 as a standby router. We would further set the VIP to 192.168.1.100 and R3 to preempt (give it the capability to assume the active role should it go inaccessible and come back up). Further we would like to set a tracking on the interface between R3 and R4, so that if the serial interface goes down, R3 loses its active status to R2 (note that if the serial interface goes down its useless to keep R3 active as it has no way to route the packets to the core) . Also should R3 regain the serial interface it should switch back to active, we would use preempt statement to do that. Refer to the diagram mentioned below for further details.
Let’s begin by configuring R2 (refer to the snapshot mentioned below). Note that the VIP in this case is 192.168.1.100 and R2 is given a priority of 101, also note that the preempt keyword enables R2 to kick the active router off and assume its role, should the priority of R2 increase to a better value.
Let’s move on to R3. The configuration is almost the same on R3 except for increasing the priority to 255 (thereby making it an active router in the group) and adding a statement to indicate that serial 1/0 to be a tracking interface, with a priority negation of 155. In essence whenever serial 1/0 goes down; a priority of 155 is subtracted from 255 bringing the priority value to 100, thereby making R2 as the active router (remember R2’s priority value is 101). Again note that due to the preempt statement in the config, should the serial 1/0 come back on R3, it again returns to its original active state.
Once that’s done, we see that the HSRP groups come up.
Also note that that R2 and R3 exchange the HSRP hello’s between each other once every 3 seconds by default. A debug log on R3 below shows hello packets coming into R3 from R2 announcing that it’s in standby mode and a hello packet leaving R3 announcing that it’s active.
Taking a look at the arp table on router R1 mentioned below, note that the VIP now has a separate MAC address of 0000.0c07.ac0a, which is different from the individual BIA’s of the routers R2 and R3. Note that the 0x0a on the last octet corresponds to the decimal 10, the HSRP group number that we created.
Now that we are familiar with the inner workings of HSRP, let’s see it in action. As a first test, I would unplug the Ethernet cable on R3. As soon as this happens the router resigns itself of active role and goes into an Init state because it detects the change in the eth interface.
R2 does not know what happened until the next few seconds until its hello/dead timers get expired, as soon as that happens it assumes an active role. Debug logs on R2 are mentioned below.
Note that the virtual MAC address remains unchanged during the switch; hence R1 need not change its arp cache. That’s the advantage of using a Virtual mac, rather than router’s BIA. A router reboot or any other connectivity loss also results in a similar outcome as above (not shown).As soon as I plug the Ethernet cable back, R3 leaps back to active status (not shown).
As a last section, let’s take a look at tracking interface in action. To illustrate this, let’s unplug the serial cable from R3, note that as soon the serial 1/0 is unplugged from R3, its priority value changes to 100, which is one less than R2’s priority and hence it loses its active status
Mentioned below is a debug log of R3 stepping down.
Mentioned here is a debug log of R2 stepping up to be an active router.
Note that as soon as the tracking interface is connected back, priority value of R3 surges back to 255 and it becomes active again (not shown).
That concludes this article on HSRP. Thanks for reading on and stay tuned for more in coming days.