Gateway Redundancy Protocols (HSRP) ~ Sysnet Notes

Gateway Redundancy Protocols (HSRP)

Normally we use a single gateway to reach the Internet.But if something goes wrong in that gateway we will be completely isolated from internet.This lack of redundancy may be unacceptable on business-critical systems that require maximum up time.

To overcome this issue single point failure and provide redundancy Cisco devices support three protocols that provide redundancy:

Hot Standby Router Protocol (HSRP)
Virtual Router Redundancy Protocol (VRRP)
Gateway Load Balancing Protocol (GLBP)

Hot Standby Router Protocol (HSRP)

HSRP is a Cisco proprietary protocol that provides a virtual gateway which allowes to connect multiple routers or multilayer switches instead of single gateway. This is accomplished by assigning a virtual IP address to all routers participating in HSRP. All routers are assigned to a single HSRP group (numbered 0-255).

HSRP routers are elected to specific roles:
• Active Router – the router currently serving as the gateway.
• Standby Router – the backup router to the Active Router.
• Listening Router – all other routers participating in HSRP.

Only one Active and one Standby router are allowed per HSRP group. HSRP routers regularly send Hello packets (by default, every 3 seconds) to ensure all routers are functioning. If the current Active Router fails, the Standby Router is made active, and a new Standby is elected.

The HSRP priority can range from 0 – 255.Default priority is 100. The router with the highest (a higher value is better) priority is elected the Active Router; the router with the second highest priority becomes the Standby Router. If all priorities are equal, whichever router has the highest IP Address on its HSRP interface is elected the Active Router.

HSRP States
In HSRP election,router or multilayer switch will progress through several states before settling into a role,They are

• Disabled – the interfaces is not configured for HSRP, or is administratively shut down.
• Init – this is the starting state when an interface is first brought up.
• Learn – the router is waiting to hear hellos from the Active Router, to learn the configured Virtual Address.
• Listen – the router has learned the Virtual IP address, but was not elected the Active or Standby Router.
• Speak – the router is currently participating in an Active Router election, and is sending Hello packets.
• Standby – the router is acting as a backup to the Active Router. Standby routers monitor and send hellos to the Active Router.
• Active – the router is currently accepting and forwarding user traffic, using the Virtual IP address. The Active Router actively exchanges hellos with the Standby Router.

By default, HSRP Hello packets are sent every 3 seconds.

Routers in a listening state will only listen for and not periodically send hello packets. While the HSRP is fully converged, only the Active and Standby Routers will send hellos. Routers will also send out hellos when Speaking, or electing the Active and Standby routers.

When electing the Active and Standby routers, the routers will enter a Speaking state. HSRP hellos are used to complete the election process.

Thus, the three states which send out hello packets as follows:
• Speak
• Standby
• Active

HSRP Configuration :
Router#config t
Router(config)#Interface fa 0/0
Router(config-if)#Standby <group number> IP <virtual ip>
Router(config-if)#Standby <group number> priority <priority value>
Router(config-if)#Standby <group number> preempt

HSRP preempt command
Case 1
By default,When active router goes down,standby router will becomes active router.But when downed active router comes up,current active router(previous standby router) will not change to standby status.Using preempt command in both router will solve this problem.

Case 2
if a new router is added to the HSRP group, and it has the best priority, it will not automatically assume the role of the Active router. In fact, the first router to be powered on will become the Active router, even if it has the lowest priority.To force the highest-priority router to assume the role of Active router we use "Standby <group number> preempt" command which is used above.By using this command ,this switch to force itself as the Active router, if it has the highest priority.

HSRP Timers
By default, Hello packets are sent every 3 seconds in HSRP.We can change it by following command
Switch(config-if)# standby 1 timers 4 12
The standby 1 timers command configures the two HSRP timers. The first setting 4 sets the Hello timer to 4 seconds. The second setting 12 sets the holddown timer to 12 seconds.

In general, the holddown timer should be three times the Hello timer (the default holddown time is 10 seconds). HSRP Hello packets are sent to the multicast address 224.0.0.2 over UDP port 1985.

HSRP Virtual MAC Address:
The HSRP group is also assigned a virtual MAC address. By default, a reserved MAC address is used:
0000.0c07.acxx
…where xx is the HSRP group number in hexadecimal. For example, if the HSRP Group number was 8, the resulting virtual MAC address would be:
0000.0c07.ac08

HSRP Authentication:
Authentication can be configured for HSRP. All HSRP routers in the group must be configured with the same authentication string.

To specify a clear-text authentication string:
Switch(config-if)#standby 1 authentication CISCO

To specify an MD5-hashed authentication string:
Switch(config-if)#standby 1 authentication md5 key-string 7 CISCO

HSRP interface tracking:
Syntax:
Router(config)#Interface fa 0/1
Router(config-if)#standby <group number> track <interface name> <value to decrement>

Note :
Track <interface name> - Here we want to provide the interface need to be tracked.
<Value of decrement> - How much priority has to be decreased.Range is from <1-255>.By default decreased priority is 10

HSRP interface tracking is used to track other end of the router where HSRP is enabled.In normal case HSSP enabled router don't know whether other end is shut down or broken

For example
In a working environment if something happen to the other end of active HSRP router,that router must change status to standby,else there wont be communication to the outside world.But by default this wont happpen and HSRP router send hello packet like normal without noticicng the other end.

So to get rid of this we need to enable HSRP interface tracking.By enabling this we can tell HSRP active router to monitor other end of the interface.if other interface state goes down,HSRP active will decrease its own priority to some value we set (by default its 10).Usually less value will be than the priority of standby router.So something heppen to active HSRP router it will decrease priority and standby router will be active one.

Show commands for HSRP
#Show standby
#show standby brief

Lets look at a example

Configuration
Switch1(config)# int fa0/10
Switch1(config-if)# no switchport
Switch1(config-if)# ip address 192.168.1.5 255.255.255.0
Switch1(config-if)# standby 1 priority 50
Switch1(config-if)# standby 1 preempt
Switch1(config-if)# standby 1 ip 192.168.1.1
Switch1(config-if)# standby 1 authentication CISCO

Switch2(config)# int fa0/10
Switch2(config-if)# no switchport
Switch2(config-if)# ip address 192.168.1.6 255.255.255.0
Switch2(config-if)# standby 1 priority 75
Switch2(config-if)# standby 1 preempt
Switch2(config-if)# standby 1 ip 192.168.1.1
Switch2(config-if)# standby 1 authentication CISCO
Switch2(config-if)# standby 1 track fa0/12 50

Explanation :

The no switchport command specifies that interface fa0/10 is a Layer-3 (routed) port.
Both switches are assigned a unique ip address to their local interfaces
Enabled HSRP by "standby" command in both routers. "1" is the HSRP group number(need to be same on both switches).we set priority 50 in switch one and priority 75 in switch2.As we know switch2 is in active mode.
Enabled preempt
Set virtual IP address.Both need to be same on each switch
Enabled authentication in both switch
Enabled tracking on switch2

Sysnet Notes

Gateway Redundancy Protocols (HSRP)

3 comments:

Popular Posts

Labels

Total Pageviews