Overview HSRP basic

Goal: Visualize the effect of HSRP election and link failover procesa. Including HSRP states, timers. Topology: A LAN includes a host, a switch, and two routers. Routers act as redundant gateway. Steps: 1) At init, R1 and R2 both think they are Active. After receiving HSRP packet (Hello), R2 changs to Speak. 2) When Standby timer timeout, R2 becoems Standby. 3) H1 ping H2. It succeeds. Ping is switched to the Active router R1. 4) R1's interface shutdown. H1 ping H2 again and fails. 5) When R2's Active timer expires. It elects itself as Active. 6) H1 ping H2 again and succeeds.

HSRP in a nutshell
- R1 and R2 are routers running HSRP to form a virtual gateway router with address (192.168.1.1, MAC.virt). - HSRP elects one router as the virtual gateway (Active) by comparing priority between R1 and R2. - Switch S1 connects to routers and hosts. When receiving a packet from a host, S1 lookup its MAC table for MAC.virt and forwards the packet to the Active router. - HSRP uses timers to control state changes. When a router's Standby timer expires, it becomes Standby. When a router's Active timer expires, it becomes Active.

Elect an Active router (priority)

- After power on, R2 sends a HSRP packet to declare: I am Active. My priority is 100. Switch S1 adds an entry (MAC.virt, F0/2) when receiving R2's HSRP packet. - R1 does the same when powered on. It declares: I am Active. My priority is 105. Switch S1 updates it virtual MAC entry to (MAC.virt, F0/1) when receiving R1's HSRP packet. - When R2 receives R1's HSRP packet, it withdraws itself from election and enters Speak state. since its proiority is smaller than R1. - When R1 receives R2's HSRP packet, it elects itself as Active since its proiority is hugher than R12.

R2: Standby timeout > Standby

When R2's Standby timer expires, R2 becoems Standby and foods a HSRP packet. When R1 receives this HSRP packet, it learns that R2 is Standby and updates its HSRP status.

R1 link down
When H1 receives echo from H2, it sends the second ping.. At tick 30, R22;s E0/0 is donw. R1 becomes offline. Its HSRP Status table refllects the following changes: Actvie router: from (Active, local) to (Init, unknown).

Standby router: from R2 to unknown. At tick 33, R1 recevies ping forwarded by S1. R1 drops ping. At this time, R2 is unaware of the Active router's problem. R2 is still in Standby state.

R2: Active timeout > Active

When R2's active timer expires, it becomes Active and floods a HSRP packet. When S1 receives this pakcet, it updates its MAC table. The virtual MAC entry is changed to (MAC.virt, F0/2.)

Ping succeeds. Gateway is up

H1 ping H2 for the third time. When S1 receives ping from H1, it switches ping to R2 according to its MAC table. When R2 then forwards ping to H2. As far as H1 is concerned, gateway works fine. H1 does not know that R1 is down. This is demonstrates the capability of hot standby protocol: When the gateway router (R1) is down, the backup router (R2) the can take over in seconds. The traffic flow disruption is minimum.

How to configure simple HSRP

Saturday, 30 January 2010 11:28 | Written by Administrator | | |

The purpose of this short tutorial is to show you how to configure a simple redundant HSRP link between two Cisco routers. For the purposes of the article the hardware used was two Cisco 7200 (12.4(23b)) routers.
Initial setup

I am starting from the point where I already have two working routers that can ping each other. R1 has an IP address of 192.168.1.252 and R2 has an IP address of 192.168.2.253. R1 can ping R2 and vice versa. These two routers connect to a switch, the switch also has a PC connected with IP address 192.168.1.1 and a gateway with address of 192.168.1.254. This is our base starting point, see diagram below.

The purpose of this exercise is to create the PC's gateway address, 192.168.1.254, as a virtual address on the address, two routers, so if one router goes down, the other will take over the gateway address and the PC will not lose connectivity. We have setup a test 100.100.100.1 destination address for testing purposes. It is beyond the scope of this tutorial to explain how anything in the green circle on the diagram is configured.
Configuring the interfaces on R1 and R2

The interface f0/0 on R1 and R2 have an extremely simple initial configuration, on R1 we have -:
interface FastEthernet0/0 ip address 192.168.1.252 255.255.255.0 duplex full

And on R2 we have -:
interface FastEthernet0/0 ip address 192.168.1.253 255.255.255.0 duplex full

To get HSRP up and running only requires one simple command on each router, on R1 and R2 we need to add the following to get HSRP, in it's most basic form, up and running -:
interface FastEthernet0/0 standby ip 192.168.1.254

That's it, the routers are now configured for HSRP, wasn't that easy?
Confirm HSRP is working correctly

We really should check to see what HSRP is doing and if it is working properly, so on R1 run the command sh standby f0/0 and examine the output.
FastEthernet0/0 - Group 0 State is Active 5 state changes, last state change 00:00:15 Virtual IP address is 192.168.1.254 Active virtual MAC address is 0000.0c07.ac00 Local virtual MAC address is 0000.0c07.ac00 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.000 secs Preemption disabled Active router is local Standby router is 192.168.1.253, priority 100 (expires in 8.648 sec) Priority 100 (default 100) IP redundancy name is "hsrp-Fa0/0-0" (default)

From the output we can see that the 'Active Router' is local (e.g. R1 itself) and the 'Standby Router' is 192.168.2.153 (R2). Now if we shut down interface F0/0 on R1, we can simulate what happens in the event of a link failure. So do that now and examine the output of the sh standby f0/0 on R2.

FastEthernet0/0 - Group 0 State is Active 5 state changes, last state change 00:00:24 Virtual IP address is 192.168.1.254 Active virtual MAC address is 0000.0c07.ac00 Local virtual MAC address is 0000.0c07.ac00 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.260 secs Preemption disabled Active router is local Standby router is unknown Priority 100 (default 100) IP redundancy name is "hsrp-Fa0/0-0" (default)

So we now see the R2 is reporting itself as the 'Active Router' and the 'Standby Router' is unknown, which makes sense as the interface on R1 is currently down. From the PC you would have noticed a few dropped pings while R2 took over the virtual IP address, but connectivity would have been restored rather quickly. Congratulations, you now have a fully redundant router set-up for the default gateway on your network! Remember, this is only very basic HSRP functionality, a later tutorial will explore HSRP a little further and investigate some of the more advanced functions available.

HSRP Tutorial
Todays topic is HSRP (Hot Standby Routing Protocol). HSRP is a Cisco proprietary First Hop Redundancy Protocol. It is typically used for redundancy at the first hop from a client segment. It is used with two or more routers in a group who share a virtual IP address. One router is active at a given time and will reply to ARP requests. In this example, we have R1 and R2 in standby group 100 with a virtual IP of 192.168.100.1. This IP will be the default gateway for all hosts in VLAN 100. Here is the topology:

This is a basic topology, both R1 and R2 have connections to the internet. They are running HSRP on their FastEthernet 0/0 interfaces. Heres the basic HSRP config:
R1(config)#interface fa0/0 R1(config-if)#ip address 192.168.100.2 255.255.255.0 R1(config-if)#standby 100 ip 192.168.100.1 R2(config)#interface fa0/0 R2(config-if)#ip address 192.168.100.3 255.255.255.0 R2(config-if)#standby 100 ip 192.168.100.1

Very simple so far. We use the standby [0-255] ip [virtual ip address] command. Lets verify the config:
R1#sh standby FastEthernet0/0 - Group 100 State is Active 2 state changes, last state change 00:20:19 Virtual IP address is 192.168.100.1 Active virtual MAC address is 0000.0c07.ac64 Local virtual MAC address is 0000.0c07.ac64 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.696 secs Preemption disabled Active router is local Standby router is 192.168.100.3, priority 100 (expires in 8.980 sec) Priority 100 (default 100) Group name is "hsrp-Fa0/0-100" (default) R2#sh standby FastEthernet0/0 - Group 100 State is Standby

1 state change, last state change 00:19:40 Virtual IP address is 192.168.100.1 Active virtual MAC address is 0000.0c07.ac64 Local virtual MAC address is 0000.0c07.ac64 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.836 secs Preemption disabled Active router is 192.168.100.2, priority 100 (expires in 9.544 sec) Standby router is local Priority 100 (default 100) Group name is "hsrp-Fa0/0-100" (default)

The main command well use with HSRP is show standby. It gives us quite a bit of information, we see the group number (100), we see that R1 is the active router in the group, we also see information about state changes, the VIP, timers, other useful details, and priority, which well talk about next. HSRP routers use priority to determine which router should be active, the default is 100. Well set R1s priority to 110, forcing it to be the active router. We will also use interface tracking, which tells the router to decrement its priority if the tracked interface goes down. Here well track both routers Fa0/1 interfaces, which connect them to the internet. We will also enable preemption, which will cause the router with the highest priority to become active. Heres the config:
R1(config)#int fa0/0 R1(config-if)#standby 100 priority 110 R1(config-if)#standby 100 preempt R1(config-if)#standby 100 track fa0/1 20 R2(config)#int fa0/0 R2(config-if)#standby 100 preempt R2(config-if)#standby 100 track fa0/1 20

Weve configured R1 to decrement its priority by 20 if its fa0/1 interface goes down, this will cause R2 to become active for the group. Now well test the config:
R1(config)#int fa0/1 R1(config-if)#shut R1(config-if)# *Mar 1 00:38:29.495: %TRACKING-5-STATE: 1 interface Fa0/1 line-protocol Up->Down R1(config-if)# *Mar 1 00:39:51.747: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 100 state Active -> Speak R1(config-if)# *Mar 1 00:40:01.747: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 100 state Speak -> Standby R1(config-if)#^Z R1#sh standby FastEthernet0/0 - Group 100 State is Standby 4 state changes, last state change 00:00:45 Virtual IP address is 192.168.100.1 Active virtual MAC address is 0000.0c07.ac64 Local virtual MAC address is 0000.0c07.ac64 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.568 secs Preemption enabled Active router is 192.168.100.3, priority 100 (expires in 8.556 sec) Standby router is local Priority 90 (configured 110) Track interface FastEthernet0/1 state Down decrement 20 Group name is "hsrp-Fa0/0-100" (default)

It worked as expected. R2 transitioned to active for the group. When we no shut R1s fa0/1 interface, we should see it regain its active status for the group. Lets verify:
R1(config)#int fa0/1 R1(config-if)#no shut R1(config-if)# *Mar 1 00:43:23.251: %TRACKING-5-STATE: 1 interface Fa0/1 line-protocol Down->Up R1(config-if)# *Mar 1 00:43:24.759: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 100 state Standby -> Active R1(config-if)#^Z R1#sh s

*Mar 1 00:44:03.479: %SYS-5-CONFIG_I: Configured from console by console R1#sh standby FastEthernet0/0 - Group 100 State is Active 5 state changes, last state change 00:00:41 Virtual IP address is 192.168.100.1 Active virtual MAC address is 0000.0c07.ac64 Local virtual MAC address is 0000.0c07.ac64 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.360 secs Preemption enabled Active router is local Standby router is 192.168.100.3, priority 100 (expires in 8.376 sec) Priority 110 (configured 110) Track interface FastEthernet0/1 state Up decrement 20 Group name is "hsrp-Fa0/0-100" (default)

No surprise here, its back being the active router for standby group 100.