HSRP
HSRP
HSRP
Normally we use a single gateway to reach the Internet. But if something goes
wrong in that gateway we will be completely isolated from internet. This lack of
redundancy may be unacceptable on business-critical systems that require
maximum up time.
To overcome this issue single point failure and provide redundancy Cisco devices
support three protocols that provide redundancy:
Hot Standby Router Protocol (HSRP)
Virtual Router Redundancy Protocol (VRRP)
Gateway Load Balancing Protocol (GLBP)
Hot Standby Router Protocol (HSRP)
HSRP is a Cisco proprietary protocol that provides a virtual gateway which
allowes to connect multiple routers or multilayer switches instead of single
gateway. This is accomplished by assigning a virtual IP address to all routers
participating in HSRP. All routers are assigned to a single HSRP group (numbered
0-255).
HSRP routers are elected to specific roles:
• Active Router – the router currently serving as the gateway.
• Standby Router – the backup router to the Active Router.
• Listening Router – all other routers participating in HSRP.
Only one Active and one Standby router are allowed per HSRP group. HSRP
routers regularly send Hello packets (by default, every 3 seconds) to ensure all
routers are functioning. If the current Active Router fails, the Standby Router is
made active, and a new Standby is elected.
The HSRP priority can range from 0 – 255.Default priority is 100. The router with
the highest (a higher value is better) priority is elected the Active Router; the router
with the second highest priority becomes the Standby Router. If all priorities are
equal, whichever router has the highest IP Address on its HSRP interface is elected
the Active Router.
HSRP States
In HSRP election,router or multilayer switch will progress through several states
before settling into a role,They are
• Disabled – the interfaces is not configured for HSRP, or is administratively shut
down.
• Init – this is the starting state when an interface is first brought up.
• Learn – the router is waiting to hear hellos from the Active Router, to learn the
configured Virtual Address.
• Listen – the router has learned the Virtual IP address, but was not elected the
Active or Standby Router.
• Speak – the router is currently participating in an Active Router election, and is
sending Hello packets.
• Standby – the router is acting as a backup to the Active Router. Standby routers
monitor and send hellos to the Active Router.
• Active – the router is currently accepting and forwarding user traffic, using the
Virtual IP address. The Active Router actively exchanges hellos with the Standby
Router.
By default, HSRP Hello packets are sent every 3 seconds.
Routers in a listening state will only listen for and not periodically send hello
packets. While the HSRP is fully converged, only the Active and Standby Routers
will send hellos. Routers will also send out hellos when Speaking, or electing the
Active and Standby routers.
When electing the Active and Standby routers, the routers will enter a Speaking
state. HSRP hellos are used to complete the election process.
Thus, the three states which send out hello packets as follows:
• Speak
• Standby
• Active
HSRP Configuration :
Router#config t
Router(config)#Interface fa 0/0
Router(config-if)#Standby <group number> IP <virtual ip>
Router(config-if)#Standby <group number> priority <priority value>
Router(config-if)#Standby <group number> preempt
HSRP preempt command
Case 1
By default,When active router goes down,standby router will becomes active
router.But when downed active router comes up,current active router(previous
standby router) will not change to standby status.Using preempt command in both
router will solve this problem.
Case 2
if a new router is added to the HSRP group, and it has the best priority, it will not
automatically assume the role of the Active router. In fact, the first router to be
powered on will become the Active router, even if it has the lowest priority.To
force the highest-priority router to assume the role of Active router we use
"Standby <group number> preempt" command which is used above.By using
this command ,this switch to force itself as the Active router, if it has the highest
priority.
HSRP Timers
By default, Hello packets are sent every 3 seconds in HSRP.We can change it by
following command
Switch(config-if)# standby 1 timers 4 12
The standby 1 timers command configures the two HSRP timers. The first setting
4 sets the Hello timer to 4 seconds. The second setting 12 sets the holddown timer
to 12 seconds.
In general, the holddown timer should be three times the Hello timer (the default
holddown time is 10 seconds). HSRP Hello packets are sent to the multicast
address 224.0.0.2 over UDP port 1985.
HSRP Virtual MAC Address:
The HSRP group is also assigned a virtual MAC address. By default, a reserved
MAC address is used:
0000.0c07.acxx
…where xx is the HSRP group number in hexadecimal. For example, if the HSRP
Group number was 8, the resulting virtual MAC address would be:
0000.0c07.ac08
HSRP Authentication:
Authentication can be configured for HSRP. All HSRP routers in the group must
be configured with the same authentication string.
To specify a clear-text authentication string:
Switch(config-if)#standby 1 authentication CISCO
To specify an MD5-hashed authentication string:
Switch(config-if)#standby 1 authentication md5 key-string 7 CISCO
HSRP interface tracking:
Syntax:
Router(config)#Interface fa 0/1
Router(config-if)#standby <group number> track <interface name> <value to
decrement>
Note :
Track <interface name> - Here we want to provide the interface need to be
tracked.
<Value of decrement> - How much priority has to be decreased.Range is from
<1-255>.By default decreased priority is 10
HSRP interface tracking is used to track other end of the router where HSRP is
enabled.In normal case HSSP enabled router don't know whether other end is shut
down or broken
For example
In a working environment if something happen to the other end of active HSRP
router,that router must change status to standby,else there wont be communication
to the outside world.But by default this wont happpen and HSRP router send hello
packet like normal without noticicng the other end.
So to get rid of this we need to enable HSRP interface tracking.By enabling this we
can tell HSRP active router to monitor other end of the interface.if other interface
state goes down,HSRP active will decrease its own priority to some value we set
(by default its 10).Usually less value will be than the priority of standby router.So
something heppen to active HSRP router it will decrease priority and standby
router will be active one.
Show commands for HSRP
#Show standby
#show standby brief
Lets look at a example
Configuration
Switch1(config)# int fa0/10
Switch1(config-if)# no switchport
Switch1(config-if)# ip address 192.168.1.5 255.255.255.0
Switch1(config-if)# standby 1 priority 50
Switch1(config-if)# standby 1 preempt
Switch1(config-if)# standby 1 ip 192.168.1.1
Switch1(config-if)# standby 1 authentication CISCO
Switch2(config)# int fa0/10
Switch2(config-if)# no switchport
Switch2(config-if)# ip address 192.168.1.6 255.255.255.0
Switch2(config-if)# standby 1 priority 75
Switch2(config-if)# standby 1 preempt
Switch2(config-if)# standby 1 ip 192.168.1.1
Switch2(config-if)# standby 1 authentication CISCO
Switch2(config-if)# standby 1 track fa0/12 50
Explanation :
The no switchport command specifies that interface fa0/10 is a Layer-3
(routed) port.
Both switches are assigned a unique ip address to their local interfaces
Enabled HSRP by "standby" command in both routers. "1" is the HSRP
group number(need to be same on both switches).we set priority 50 in
switch one and priority 75 in switch2.As we know switch2 is in active
mode.
Enabled preempt
Set virtual IP address.Both need to be same on each switch
Enabled authentication in both switch
Enabled tracking on switch2