Introduction
Within this 3 part series we will be looking at 3 types of FHRP (First Hop Redundancy Protocol) on Cisco IOS - HSRP, VRRP and GLBP. We will look into the features that they each provide and also how to configure them. We will begin by exploring HSRP.
So first - What is a First Hop Redundancy Protocol?
"An FHRP (First Hop Redundancy Protocol) provides high availability to the default gateway upon a given segment."
What is HSRP?
HSRP is a Cisco proprietary FHRP, which uses groups, that contain active and standby routers to create a virtual gateway IP. If a router fails the standby router is promoted to active and takes ownership of the virtual gateway IP.
HSRP Components/Features
Below details some further components and features of HSRP:
- Active Router Election - A priority is used (default is 100). The router with the highest priority is elected the active router.
- Hello Messages - Hellos are sent every 3 seconds by the active router to let the standby router know it is still available.
- Holdtime - The amount of time the standby router does not receive a Hello message, and therefore the standby will take the role of the active router. The hold time must at least 3 x the Hello interval.
- Preempt - Ensures the demoted active router, resumes its role of active, once the device has come back up.
- Interface Tracking - Allows an interface to be tracked, and in the event of failure, decrement the priority value.
- Enhanced Object Tracking - Allows the priority values to be reduced in the event of a network condition, such as a route no longer being present in the routing table.
- HSRP v2 - v2 is used if sub-second timers are required and/or IPv6.
- Virtual MAC Addresses - The following virtual MAC is used,
- HSRP v1- 10000.0c07.ac0a (0a = HSRP group in HEX)
- HSRP v2 - 0000.0c9f.f00a (00a = HSRP group in HEX)
- Multicast - Hello messages are sent to the following multicast groups,
- HSRP v1- 224.0.0.2 (all routers)
- HSRP v2 - 224.0.0.102
Design Points
There are some design points to HSRP that should be observed when configuring HSRP,
- Multiple VLANs - If multiple VLANs are being used, and there are multiple standby groups, Make your first router active for a subset of the VLANs, and the second router active for the rest. This will allow traffic to be distributed across both routers more equally.
- STP - Make the Layer 3 device acting as a VLANs active HSRP router, the STP root bridge for the VLAN.
Configuration
We will now provide the steps and commands required to configure HSRP. This will include, configuring the HSRP initial setup, its timers, interface tracking, object tracking and authentication.
Belows shows the topology we will configure HSRP against. Furthermore, our VIP will be 10.0.128.10.
Figure 1 - HSRP topology.
Initial Setup
First, we will configure the HSRP standby group, assign the VIP along with assign a higher priority on R1.
R1
R1(config)# interface gi0/2
R1(config-if)# standby 10 ip 10.0.128.10
R1(config-if)# standby 10 priority 110
R1(config-if)# standby 10 preempt
R2
R2(config)# int gi0/2
R2(config-if)# standby 10 ip 10.0.128.10
R2(config-if)# standby 10 preempt
Verification
To verify we look for the preemption flag and also that the state is showing as active.
R1# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/2 10 110 P Active local 10.0.128.2 10.0.128.10
Timers
Next, we will update the timers so that failure detection time is reduced. This is based on a 200 millisecond Hello and a 900-millisecond Holdtime.
####R1/R2
R1/2(config)#int gi0/2
R1/2(config-if)#standby 10 timers msec 200 msec 900
Verification
R1# show standby
GigabitEthernet0/2 - Group 10 (version 2)
State is Active
5 state changes, last state change 00:06:44
Virtual IP address is 10.0.128.10
Active virtual MAC address is 0000.0c9f.f00a
Local virtual MAC address is 0000.0c9f.f00a (v2 default)
*Hello time 200 msec, hold time 900 msec*
Next hello sent in 0.096 secs
Preemption enabled
Active router is local
Standby router is 10.0.128.2, priority 100 (expires in 0.960 sec)
Priority 110 (configured 110)
Group name is "hsrp-Gi0/2-10" (default)
Track IP
We will now configure track IP and assign a weight of 20 to gi0/1. In the event of gi0/1 going down, 20 will be deducted from the priority.
R1
R1(config)# track 1 interface gi0/1 line-protocol
R1(config-track)# int gi0/2
R1(config-if)# standby 10 track 1 decrement 20
Verification
R1#sh track 1
Track 1
Interface GigabitEthernet0/1 line-protocol
Line protocol is Up
3 changes, last change 1d15h
Tracked by:
HSRP GigabitEthernet0/2 10
Enhanced Object Tracking
Next, we will configure enhanced object tracking to decrement the priority by 20, in the event of an IP route not being reachable, due to the route not being present within the RIB.
R1
R1(config)# track 2 ip route 2.2.2.0/24 reachability
R1(config-track)# int gi0/2
R1(config-if)# standby 10 track 2 decrement 20
Verification
R1# show track 2
Track 2
IP route 2.2.2.0 255.255.255.0 reachability
Reachability is Down (no ip route)
1 change, last change 00:03:03
First-hop interface is unknown
Tracked by:
HSRP GigabitEthernet0/2 10
Authentication
Finally, for HSRP, we will configure authentication. Our authentication is will be based on a string that is MD5 hashed, and then sent to the other node, where is checked against the authentication configured.
R1/R2
R1/2(config)# int gi0/2
R1/2(config-if)# standby 10 authentication md5 key-string HSRPPW
Verification
R2# show standby
GigabitEthernet0/2 - Group 10 (version 2)
State is Active
5 state changes, last state change 00:03:00
Virtual IP address is 10.0.128.10
Active virtual MAC address is 0000.0c9f.f00a
Local virtual MAC address is 0000.0c9f.f00a (v2 default)
Hello time 200 msec, hold time 900 msec
Next hello sent in 0.080 secs
Authentication MD5, key-string
Preemption enabled
Active router is local
Standby router is 10.0.128.1, priority 90 (expires in 0.896 sec)
Priority 100 (default 100)
Group name is "hsrp-Gi0/2-10" (default)