Cisco HSRP

This post contains short notes about HSRP protocol.

Quick Notes:

  1. HSRP – Hot Standby Router Protocol
  2. Fault-tolerant for default gateway
  3. Version 1 and version 2
  4. Cisco proprietary
  5. Active router and Standby router
  6. Active router has assigned virtual gateway IP address and virtual MAC address
  7. You can configure up to 32 HSRP instances (identified by HSRP group).
  8. You configure HSRP instance (group) for each VLAN on the interface (because every VLAN needs the different gateway).
  9. You can implement simple load balancing – for example configure Router1 as Active router (higher priority) for VLAN 1 and configure the Router2 as the Active router for VLAN2.
  10. If you configure HSRP on the Layer 3 switch then consider also your STP configuration – the HSRP Active switch is recommended also to be STP root.- It forwards traffic [as default gateway] and it’s efficient if all that Switch ports are  NOT blocked by STP. You can read more: http://packetpushers.net/ccnp-studies-configuring-hsrp-part-two/
  11. Becoming Active Router rules:
    1. If there is no Active router in the HSRP group the election process takes place. The router with highest priority wins.
    2. If there is already Active router in the HSRP group then the router with highest priority becomes the new Active router only if it was configured with preempt option.
    3. Example – you have two routers. The current Active router restarts – it will become the Active Router again only if it has the highest priority in the HSRP group and if it was configured with Preemp option.
  12. Tracking option – usually you have the two routers. The Standby router becomes the Active router if the current Active router goes down (no power, device failure). The track option allows you to track the state of the other interface (ex: interface to ISP). If the tracked interface fails then the current router priority is lowered by the configured value.
  13. Tracking interface failure – the interface is assumed down if its state is “link protocol down” which means Layer 1 or Layer 2 is down (physical problem, ppp authentication problem, etc.).
  14. There is a trick which allows you to track Layer 3 (ping the specified IP address). You can use IP SLA technology, ex: http://ciscodreamer.blogspot.com/2009/09/ip-sla-with-hsrp.html.
  15. HSRP uses multicast address.
  16. HSRP version comparision:
    HSRP Version UDP port IP Address Virtual MAC address
    (XX is the HSRP group ID in hex)
    V1 – IPv4 1985 224.0.0.2 (all routers) 00:00:0c:07:ac:xx
    V2 – IPv4 1985 224.0.0.102 (HSRP) 00:00:0c:9f:fx:xx
    V2 – IPv4 2029 ff02::66 00:05:73:a0:0x:xx
  17. Timers – hellotime (by default 3s) and holdtime (be default 10s). Holdtime is time before the active or standby router is declared to be down.
  18. HSRP is a state machine consisting of these five states: Initial, Listen, Speak, Standby, Active. It is useful to know these states to understand log messages.

Configuration

Let’s assume we have two routers (Primary and Secondary) connected via Switch. Both of them are connected to the Internet. The Primary router has faster internet connection – that is why we prefer it to be HSRP Active router.

Primary router configuration:

Primary(config)# interface gigabitEthernet 0/1
Primary(config-if)# standby 1 ip 192.168.1.1
Primary(config-if)# standby 1 version 2
Primary(config-if)# standby 1 timers 1 4 // quick failover (default values are 3s and 10s)
Primary(config-if)# standby 1 priority 110
Primary(config-if)# standby 1 preempt delay minimum 60 // re-take the Active role after one minute (allow the routing convergence, etc.)
Primary(config-if)# standby 1 track fa0/24 15
Primary(config-if)# standby 1 authentication myPassword // shared password

Secondary router configuration:

Secondary(config)# interface gigabitEthernet 0/1
Secondary(config-if)# standby 1 ip 192.168.1.1
Secondary(config-if)# standby 1 version 2
Secondary(config-if)# standby 1 timers 1 4 // the timers should be the same on both routers
Secondary(config-if)# standby 1 priority 105
Secondary(config-if)# standby 1 preempt delay minimum 60 // re-take the Active role after one minute (allow the routing convergence, etc.)
Secondary(config-if)# standby 1 track fa0/24 15
Secondary(config-if)# standby 1 authentication myPassword

Note that the Router 2 is also configured for preempt. It’s very important. If the tracked interface on Router1 fails then priority of the Router1 is lower than priority of the Router2 and in this case the Router2 should become Active router – that is why preempt is configured.

Verification

Common Log messages you can see on the router’s console

%HSRP-6-STATECHANGE: GigabitEthernet0/1 Grp 1 state Speak -> Standby // the router has started and took the Standby role
%HSRP-6-STATECHANGE: GigabitEthernet0/1 Grp 1 state Standby -> Active // the router takes the Active role
%HSRP-6-STATECHANGE: GigabitEthernet0/1 Grp 1 state Speak -> Standby // the router takes the Stamdby role

From privileged EXEC mode, use this command to display HSRP settings:

# show standby [interface-id [group]] [brief] [detail]

You can display HSRP information for the whole switch, for a specific interface, for an HSRP group, or for an HSRP group on an interface. You can also specify whether to display a concise overview of HSRP information or detailed HSRP information.

For example (entries are self-explanatory):

Primary# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gig0/1 1 110 P Active local 192.168.1.12 192.168.1.1

Primary# show standby
GigabitEthernet0/1 – Group 1 (version 2)
State is Active
8 state changes, last state change 00:02:10
Virtual IP address is 192.168.1.1
Active virtual MAC address is 0000.0C9F.F001
Local virtual MAC address is 0000.0C9F.F001 (v2 default)
Hello time 1 sec, hold time 4 sec
Next hello sent in 0.483 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.12, priority 110 (expires in 3 sec)
Priority 110 (configured 110)
Track interface GigabitEthernet0/2 state Up decrement 10
Group name is hsrp-Gig0/1-1 (default)

Debug

The debug enables you to determine if the HSRP router in question receives and transmits HSRP hello packets at specific intervals. If the router does not receive hello packets, you can infer that either the peer does not transmit the hello packets or the network drops the packets.

Router_1# debug standby
 
HSRP debugging is on
 
Router_1#
4d01h: SB1: Vlan1 Hello out 10.1.1.1 Active pri 100 ip 10.1.1.254
4d01h: SB1: Vlan1 Hello in 10.1.1.2 Standby pri 100 ip 10.1.1.254
4d01h: SB2: Vlan2 Hello in 10.2.1.2 Standby pri 100 ip 10.2.1.254
4d01h: SB2: Vlan2 Hello out 10.2.1.1 Active pri 100 ip 10.2.1.254

Sources

  1. Cisco documentation: http://www.cisco.com/(…)
  2. Blog with HSRP explanation: http://packetpushers.net/(…)
  3. Packet tracer exercise: http://www.danscourses.com/(…)
  4. IP SLA technology: http://ciscodreamer.blogspot.com/(…)

Leave a Reply

Your email address will not be published. Required fields are marked *