CCIE Practical Studies, Volume I

 <  Free Open Study  >  

HSRP Overview and Configuration

HSRP uses the exchange of multicast messages to communicate a configured priority with other routers in the same standby group . The priority defines which router will be the primary and which router(s) will be secondary in the group. The default priority is 100; the router with the highest priority will be the primary for the group. If the priorities are the same, the first router up becomes the primary. Any prioritization is then based on the IP address. If a new router (at the same priority) joins, it doesn't bump the current primary router, even if its IP address is higher; however, it can bump the current standby router.

If priorities are different, a new router joining with a higher priority becomes active, even if preemption is not configured; however, if the router is already up and its priority changes (because of tracking or reconfiguration), it won't bump the primary without preemption configured.

HSRP uses three types of multicast messages to exchange standby group information:

  • Hello ” The hello message contains the sending router's priority and state information. Hellos are exchanged every three seconds. If a router fails to send a hello in a specified amount of time, the receiving router, if priority dictates, becomes the primary router for the group.

  • Coup ” When a secondary router becomes the primary router, it sends a coup message to the routers in the group.

  • Resign ” When the primary router is about to shut down, or when it has received a hello message with a higher priority than its own, it forfeits the primary position with a resign message.

To configure HSRP, use the following guidelines:

Step 1. Pick a virtual address to use for the HSRP address. This address must be in the same address space that is assigned to the LAN interface where you want to run HSRP. This is also referred to as the standby IP address. Each router in the standby group must define the virtual IP address using the standby group_number ip a.b.c.d command.

The standby group number is a unique number that identifies 1 to 255 standby groups on Ethernet and FDDI, and 0 to 2 different groups on Token Ring. If you do not specify a group, standby group 0 is used.

If you are configuring HSRP on VLAN trunks, each VLAN or Ethernet subinterface must be in a different standby group.

Step 2. Decide which router is to be the primary router. Configure a priority of at least 101 on this router. Also add the preempt command to make this router eligible for the primary router election. Step 2 can be accomplished with the standby group_number preempt and standby group_number priority 1-255 commands:

- The preempt command enables the router to become the primary if it has the highest priority in the group.

- The priority command assigns a priority to the router. The default priority is 100, and the router with the highest priority becomes the primary router, or active router.

Step 3. Configure tracking, authentication, and timers on the primary router using the following commands:

- standby group_number track interface_name [ cost ]

- When HSRP tracks an interface, it tells the HSRP process to decrement 10 from the priority if the interface goes down. This command can force the HSRP group to switch its primary and secondary routers based on whether an interface is active. The default cost is 10 and can be modified.

- standby group_number authentication character_string

This command establishes authentication messages to be included in the HSRP multicast. This ensures that only authorized routers can become part of the HSRP group. The string must match all routers in the HSRP group.

- standby group_number timers hello_interval_seconds holddown_timer_seconds

The timers argument sets the interval between hello messages and the hold-down timer. The hold-down timer specifies how long the router waits before it declares the active router to be down. The defaults for these timers are 3 and 10 seconds, respectively. These timers must match among all routers in the group.

- standby group_number mac-address H.H.H

This command allows for the static entry of a MAC address. This can be useful for management or in filtering the HSRP addresses from downstream devices.

Step 4. Configure the other routers in the standby group as secondary routers by using a priority of 99 or less.

Step 5. Configure preempt, tracking, authentication, and timers on the secondary routers.

NOTE

HSRP requires a routing protocol that converges rapidly , such as EIGRP or OSPF, to transport packets without interruption. HSRP is designed to reroute packets upon router or link failure without any retransmissions or drops occurring. For this to happen, the router must be capable of converging quickly during a failure.

Configuring HSRP Between Routers

Using Figure 16-1 as an example, you will configure HSRP between the routers caladan and giedi prime. In this scenario, multiple IP clients reside on the Ethernet segment of 172.16.1.0/24. All the TCP/IP clients need access to arakasarakas for access to the Internet; caladan and giedi prime have access to arakas through the Frame Relay network. To exchange routing information, all routers are running EIGRP as the routing process.

HSRP will provide the IP clients with uninterrupted access to arakas. To accomplish this, caladan is selected as the primary router, and giedi prime is the secondary router. You will use 172.16.1.1 as the virtual IP address between the two routers. Because the ultimate destination of the clients is arakas, you should track on the serial interfaces. By tracking on the serial interface, you can force giedi prime to become the primary if the link to arakas fails.

NOTE

When tracking is used, two potential situations can cause giedi prime to become the primary router. One is a loss of the connection to caladan, such as physical loss to the Ethernet port on caladan. The second situation involves the loss of physical connectivity between arakas and caladan, causing the serial interface on caladan to drop.

First, you will configure caladan. To do so, you need to add a standby group to the E0 interface. You already know that caladan is going to be the primary, so you will need a priority greater than 100; for this example, use 105. You also want to track on the serial interface. The default tracking cost is 10, so if the caladan router looses its serial link, it will have an HSRP cost of 95. Make note of this value because you need to configure the priority of giedi prime to be greater then 95 but less then 105. Example 16-1 demonstrates the configuration of caladan.

Example 16-1 Configuring HSRP on the Primary Router

caladan(config)# interface ethernet 0 caladan(config-if)# standby 1 ip 172.16.1.1 caladan(config-if)# standby 1 priority 105 caladan(config-if)# standby 1 preempt caladan(config-if) #standby 1 track s0

When a member of an HSRP group goes from the standby state to the active state, the following message is generated:

01:10:14: %STANDBY-6-STATECHANGE: Standby: 1: Ethernet0 state Speak -> Standby 01:10:14: %STANDBY-6-STATECHANGE: Standby: 1: Ethernet0 state Standby -> Active

To configure giedi_prime, you must set the standby group to be the same as caladan, which is standby group 1. You also must use the same virtual IP address as caladan. The use of the preempt argument will allow giedi prime to become the primary router, if that router's priority exceeds caladan's. Perhaps the most important command is the priority command. On the primary router, you have a priority of 105 and tracking on the serial interface. The priority of the primary router, caladan, will be 95 if it loses its serial interface. Therefore, the priority of the secondary, giedi_prime, needs to be greater then 95. In this example, you will use 101. A value of 101 also provides the router with a higher priority than any new routers that might be added to the network with a default priority of 100.

Example 16-2 demonstrates the configuration of giedi prime.

Example 16-2 Configuring HSRP on the Secondary Route

giedi_prime(config)# interface ethernet 0 giedi_prime(config-if)# standby 1 ip 172.16.1.1 giedi_prime(config-if)# standby 1 priority 101 giedi_prime(config-if)# standby 1 preempt giedi_prime(config-if)# standby 1 track s0

To verify the functionality of HSRP, use the show standby command. This command shows which router is primary, tells whether it can preempt, and gives the virtual IP and MAC addresses used in that group. Example 16-3 illustrates the show standby command on caladan, the primary router, and giedi prime, the secondary router.

Example 16-3 show standby Command Output for the Primary and Secondary Routers

caladan# show standby Ethernet0 - Group 1 Local state is Active, priority 105, may preempt Active=Primary router Hellotime 3 holdtime 10 Next hello sent in 00:00:02.496 Hot standby IP address is 172.16.1.1 configured Virtual IP address Active router is local Standby router is 172.16.1.3 expired Standby virtual mac address is 0000.0c07.ac01 Tracking interface states for 1 interface, 1 up: Up Serial0 caladan# _______________________________________________________________ giedi_prime# show standby Ethernet0 - Group 1 Hellotime 3 holdtime 10 Next hello sent in 00:00:02.540 Hot standby IP address is 172.16.1.1 configured Active router is 172.16.1.2 expires in 00:00:09 Standby router is local Tracking interface states for 1 interface, 1 up: Up Serial0 giedi_prime#

To add authentication, simply add the standby 1 authentication password command under the Ethernet interface. Be sure that all routers in the group are authenticating. Example 16-4 shows the configurations in their entirety.

Example 16-4 caladan

hostname caladan ! <<<text omitted>>> ! interface Ethernet0 ip address 172.16.1.2 255.255.255.0 no ip redirects this is added by the router when standby is enabled no ip directed-broadcast standby 1 priority 105 standby 1 preempt standby authentication cisco cisco is the password and is case sensitive standby 1 ip 172.16.1.1 standby 1 track Serial0 ! interface Serial0 ip address 172.16.10.2 255.255.255.0 no ip directed-broadcast encapsulation frame-relay no ip mroute-cache no fair-queue frame-relay map ip 172.16.10.1 21 broadcast frame-relay map ip 172.16.10.3 21 broadcast ! router eigrp 2001 network 172.16.0.0 ! ________________________________________________________________ hostname giedi_prime ! <<<text omitted>>> ! interface Ethernet0 ip address 172.16.1.3 255.255.255.0 no ip redirects delay 1000000 influence EIGRP, to not load-share standby 1 priority 101 standby 1 preempt standby authentication cisco cisco is the password and is case sensitive standby 1 ip 172.16.1.1 standby 1 track Serial0 ! interface Serial0 ip address 172.16.10.3 255.255.255.0 encapsulation frame-relay no fair-queue frame-relay map ip 172.16.10.1 31 broadcast frame-relay map ip 172.16.10.2 31 broadcast ! router eigrp 2001 network 172.16.0.0 !

 <  Free Open Study  >  

Категории