Load-Balancing with HSRP
Problem
You want to load-balance your traffic between two (or more) HSRP routers.
Solution
You can configure HSRP so that both routers are always in use if they are available. This allows you to use your network resources more efficiently, but it is slightly more complicated to configure.
Configure the first router as follows, with two HSRP groups:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface FastEthernet0/1 Router1(config-if)#ip address 172.22.1.3 255.255.255.0 Router1(config-if)#standby 1 ip 172.22.1.1 Router1(config-if)#standby 1 priority 120 Router1(config-if)#standby 1 preempt Router1(config-if)#standby 2 ip 172.22.1.2 Router1(config-if)#standby 2 priority 110 Router1(config-if)#standby 2 preempt Router1(config-if)#exit Router1(config)#end Router1#
Then, on the second router, you create the same two HSRP groups, but change the priority levels from those of the first router so that Router1 is active for group 1 and Router2 is active for group 2:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#interface FastEthernet1/0 Router2(config-if)#ip address 172.22.1.4 255.255.255.0 Router2(config-if)#standby 1 ip 172.22.1.1 Router2(config-if)#standby 1 priority 110 Router2(config-if)#standby 1 preempt Router2(config-if)#standby 2 ip 172.22.1.2 Router2(config-if)#standby 2 priority 120 Router2(config-if)#standby 2 preempt Router2(config-if)#exit Router2(config)#end Router2#
This ensures that both router back up one another simultaneously. You must then configure half of your end devices on this segment to use the address 172.22.1.1 for their default gateway, and the other half to use 172.22.1.2.
Discussion
By default, when you use HSRP on a LAN segment, all of the traffic goes through whichever router is currently active. This means that the second router and its links are generally idle. If this is a remote site, and both routers have WAN links, then you will need to pay for an expensive WAN connection that is almost always unused. So this recipe shows you a way to use both routers.
This method only affects the outgoing traffic from the workstations to the routers and out to the WAN. If you want to balance the traffic going from the WAN to the LAN as well, you will need to look at your routing protocol, which determines which WAN connection is the best path to this LAN segment.
The recipe is actually very simple. It just creates two separate HSRP groups on the same segment. When everything is working normally, Router1 is the active router for one of the groups and Router2 is active for the other. Then, if either of these routers fails, the other takes over and becomes the active router for both groups.
This feature uses Multigroup HSRP (MHSRP). Not all routers support MHSRP. In particular, it does not work on Cisco 1600, 2500, 4000, or 5200/5300 devices. For Token Ring LANs, you can use MHSRP, but there are only three available HSRP groups for Token Rings. Other LAN media, such as Ethernet, FDDI, ATM, and various VLAN encapsulations (including LANE, ISL, 802.10, 802.1Q, and EtherChannel) will support 256 groups. Note that you can actually configure more HSRP groups for Token Ring if you use the use-bia option. But this means that every group will use the same MAC address. We will discuss this option and its benefits and restrictions in Recipe 22.7.
Once you have configured the routers this way so that they both back one another up, you need to configure the end devices. Half of these devices need to have a default gateway address of 172.22.1.1, and the other half must use 172.22.1.2. Deciding which devices use which address is the key to balancing the load between your routers. If you configure all of your busiest devices to use the same address, and consequently the same router, then you won't have a very well-balanced network load. This is also where the administration starts to become a little bit more complicated because you must decide which gateway each new device will use.
Of course, in a situation where both routers support two or more LAN segments, you could simply make one router primary for one segment and the other one primary for the other segment, instead of configuring two HSRP groups on the same interface. This is considerably simpler to administer, and it works well in larger networks.
The show standby command output includes information about both groups. For the first router in the example, you get the following output:
Router1#show standby FastEthernet0/1 - Group 1 Local state is Active, priority 120, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 1.184 Virtual IP address is 172.22.1.1 configured Active router is local Standby router is 172.22.1.4 expires in 9.164 Virtual mac address is 0000.0c07.ac01 17 state changes, last state change 01:14:06 FastEthernet0/1 - Group 2 Local state is Standby, priority 110, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.394 Virtual IP address is 172.22.1.2 configured Active router is 172.22.1.4, priority 120 expires in 8.892 Standby router is local 4 state changes, last state change 00:32:22 Router1#
You can see that this router is active for group 1 and in standby for group 2. The same command on the second router shows the converse:
Router2#show standby FastEthernet1/0 - Group 1 Local state is Standby, priority 110, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 0.274 Virtual IP address is 172.22.1.1 configured Active router is 172.22.1.3, priority 120 expires in 9.312 Standby router is local 4 state changes, last state change 01:23:46 IP redundancy name is "hsrp-Fa1/0-1" (default) FastEthernet1/0 - Group 2 Local state is Active, priority 120, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.536 Virtual IP address is 172.22.1.2 configured Active router is local Standby router is 172.22.1.3 expires in 8.936 Virtual mac address is 0000.0c07.ac02 1 state changes, last state change 01:21:49 Router2#
Cisco has recently developed a new solution to this same problem, called Gateway Load-Balancing Protocol (GLBP), which allows you to load-balance between several HSRP routers without having to reconfigure the end devieces. Please refer to Recipe 22.14 for more information on this technique.
See Also
Recipe 22.1; Recipe 22.2; Recipe 22.14