IOS Configuration: HSRP

IOS Configuration: HSRP
The Basics
HSRP is Cisco's Hot Standby Router Protocol and provides a highly-available virtual IP address for use as
a gateway. This virtual IP address is configured on multiple routers, and a silent election is held to
determine which router should answer for that IP. This elected router, called the active member, begins
answering for that IP address, and, if something should happen to it (like it catches on fire in the rack),
the remaining standby members repeat the election.
Basic Configuration
Enabling HSRP
The basic configuration of HSRP is very simple.
Router(config-if)#standby ip 192.0.2.1
You can also add a group number to the configuration if you want to run more than one instance on the
same interface. If you don't give a group number, the router will assume you are using group 0.
Router(config-if)#standby 1 ip 192.0.2.1
Router(config-if)#standby 150 ip 192.0.2.150
Popular Tweaks
You can skew the election of the active member by configuring a priority on the standby group. The
higher the priority, the more preferred it will be during the election. Valid values are 0 - 255; default is
100.
Router(config-if)#standby 1 priority 110
Even if you change the priority to something high, the router won't take over unless you have
preemption enabled.
Router(config-if)#standby 1 preempt
You can "secure" the HSRP group with a authentication password. However, the password is transmitted
in plain text and can be captured.
Router(config-if)#standby 1 authentication PASSWORD
You can have HSRP track objects and decrement priority if that object were to fail. You can track
interfaces or tracking objects that have already been defined. You can also dictate how much to
decrement the priority; the default decrement value is 10.
To track interface Serial0/0 and decrement the priority by 15 if if fails, you can do this.
Router(config-if)#standby 1 track s0/0 15
To track a track object that you've already defined and decrement 20 if it fails, you can do this.
Router(config-if)#standby 1 track 100 decrement 20
Each standby group has a name that is used to allow technologies like NAT to move around with the
HSRP active member. The default name is a combination of interface name and standby group, but you
can define one that is more meaningful.
Router(config-if)#standby 1 name GATEWAY
Hot Standby Routing Protocol or HSRP, is a Cisco proprietary protocol that allows two or more routers to
work together to represent a single IP address for a particular network. HSRP, as well as Virtual Route
Redundancy Protocol (VRRP) are considered high-availability network services that allow for almost
immediate fail over to a secondary interface when the primary interface becomes unavailable.
HSRP is a fairly simple concept that works by having one router within an HSRP group be selected as the
primary, or active router. That primary will handle all routing requests while the other routers within the
HSRP group simply wait in a standby state. These standby routers remain ready to take on all of the
traffic load if the primary router becomes unavailable. In this scenario, HSRP provides high network
availability since it routes IP traffic without depending on a single router.
To really dig into the Nitty Gritty of HSRP, check out RFC 2281 for full details on the inner workings of
this widely used protocol.
The hosts that use the HSRP address as a gateway never know the actual physical IP or MAC address of
the routers in the group. Only the virtual IP address that was created within the HSRP configuration
along with a virtual MAC address is known to other hosts on the network.
Basic HSRP Configuration
Before we discuss more advanced HSRP concepts, lets create a basic HSRP configuration to get an idea
of how this all works. For this scenario we will use a topology consisting of just two routers. Keep in
mind that one or both of these routers could be multilayer switches such as a 6509 or 3750 as well. But
for this discussion lets just refer them as routers.
R1 and R2 will both be configured to be in standby group 1. The HSRP address will be given an IP address
of 192.168.1.1/24. All hosts on the segment and in the VLAN will use this address as their default
gateway.
R1(config)#interface ethernet0
R1(config-if)#ip address 192.168.1.2
R1(config-if)#standby 1 ip 192.168.1.1


To see the status of HSRP use the command show standby
This is the first command you should run to ensure that HSRP is running and configured properly.

R1#show standby
Ethernet0 - Group 1
Local state is Standby, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.776
Virtual IP address is 192.168.1.1 configured
Active router is 192.168.1.3, priority 100 expires in 9.568
Standby router is local
1 state changes, last state change 00:00:22

R2#show standby
Ethernet0 - Group 1
Local state is Active, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.592
Virtual IP address is 192.168.1.1 configured
Active router is local
Standby router is 192.168.1.2 expires in 8.020
Virtual mac address is 0000.0c07.ac05
2 state changes, last state change 00:02:08

We can see that R2 has been selected as the Active router ("Local state is Active"), the virtual router's IP
is 192.168.1.1, and R1 is the standby router.
Controlling the Active HSRP Router
There are more HSRP values that you'll need to change from time to time to ensure complete control
over your network traffic. For example, what if we wanted R1 to be the Active router instead of R2? To
force a particular router to be the active router in an HSRP group you will need to use the priority
command.
The default priority is 100. The higher priority will determine which router is active. If both routers are
set to the same priority, the first router to come up will be the active router.
Using our example above, this is how the commands would look.
R1(config-if)#standby 1 priority 200 <-- Add this to force R1 to be active

Keeping the Active Router Active
In our scenario above, if R1 fails, R2 will become active. This is perfect! But, if R1 comes back up and
returns to service, R2 will continue to stay active. This may not be a preferred behavior. There are times
when you may always want R1 to be in an active state in the HSRP group. Cisco provides a way for use to
control this by using the Preempt command. Preempt forces a router to be active after recovering from
a failure.
Here again is our two router topology, with the preempt command added.
R1(config-if)#standby 1 priority 200
R1(config-if)#standby 1 preempt <-- Add this to force R1 to return to active state after failure


Advanced HSRP Configuration - Load Balancing
So now you can see how great HSRP is and how it allows us to have high availability between multiple
routers for a single network. But our standby routers aren't doing anything and are just sitting there!
Depending on the model router you are using, this can be a lot money just sitting idle.
To solve this problem, we can configure HSRP to be load balanced between routers. This doesn't help us
with a single HSRP group, but for multiple HSRP groups we can spread the load and have each HSRP
group be active on different routers.
By configuring multiple HSRP groups on a single interface, HSRP load balancing can be achieved.
Here is how we accomplish this.
R1(config-if)#standby 1 preempt
R1(config-if)#standby 1 name nework-one
!
R1(config-if)#standby 2 name nework-two

R2(config-if)#standby 1 name nework-one
!
R2(config-if)#standby 2 preempt
R2(config-if)#standby 2 name nework-two

In this example above, ethernet0 on Router 1 is active for standby group 1 and Router 2 is standby. For
ethernet1, HSRP group 2, Router 2 is active and Router 1 is standby. This allows us to have each router
working for us and forwarding packets to best utilize our investment in our networking equipment.
We've also added the HSRP group name command to help better describe each HSRP group. this can be
a life saver when you have several HSRP groups that you need to track.
One last note on HSRP standby groups. You can have multiple interfaces and networks configured using
the same standby group number if the fail over behavior needed is the same.

IOS Configuration: HSRP

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

IOS Configuration: HSRP

Enviado por

Direitos autorais:

Formatos disponíveis

IOS Configuration: HSRP

Você também pode gostar