If you’ve been working with Cisco gear for any period of time you likely know what HSRP is. HSRP is the Cisco proprietary FHRP (first hop redundancy protocol). It allows 2 or more layer 3 devices to host a virtual IP address. One of the devices will become the master and be the actual host that’s responding to traffic that comes to the virtual IP. The other(s) will be a backup and will start answering for the virtual IP if the primary dies or stops responding. Lets dig into a basic example and then look at some of the other options that can be used with HSRP…
In this example, we have a single subnet that has 4 servers connected to it. To get off of the subnet, each server is using 192.168.0.1 as it’s default gateway. The .1 address is the virtual HSRP address. The physical routers have .2 and .3 as their physical interface IP addresses. Let’s see what the basic HSRP configuration will look like on routers 1 and 2…
Router 1 Interface Configuration
interface FastEthernet0/0
ip address 192.168.0.3 255.255.255.0
duplex auto
speed auto
standby 5 ip 192.168.0.1
end
Router 2 Interface Configuration
interface FastEthernet0/0
ip address 192.168.0.4 255.255.255.0
duplex auto
speed auto
standby 5 ip 192.168.0.1
end
For a basic configuration, that’s literally all you need. You’ll note that the configuration doesn’t even use the word HSRP. HSRP is really called ‘standby’ in IOS. If you’ve worked in any recent NXOS, you’ll notice that they actually started calling it HSRP rather than standby. At any rate, let’s take a look at the ARP table on one of the hosts…
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.1 0 0000.0c07.ac05 ARPA FastEthernet0/0
Internet 192.168.0.40 – 001d.704c.0dac ARPA FastEthernet0/0
Note the MAC address being used for the virtual IP address. The MAC will always be the same on any HSRP virtual IP except for the last two digits. Those represent the group number defined, which in our case was 5.
There are a couple of common configuration items that are present in most HSRP configuration. For instance, you generally configure a HSRP priority for each group member. This makes the decision between active and standby more deterministic. The highest priority router will be the active router. In our case we don’t have priorities defined so HSRP picks the router with the highest IP address to be the active router. Let’s give router 3 a priority of 90 and router 4 a priority of 80 and see what happens.
Router1#show standby
FastEthernet0/0 – Group 5
State is Standby
7 state changes, last state change 00:00:39
Virtual IP address is 192.168.0.1
Active virtual MAC address is 0000.0c07.ac05
Local virtual MAC address is 0000.0c07.ac05 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.432 secs
Preemption disabled
Active router is 192.168.0.3, priority 80 (expires in 8.432 sec)
Standby router is local
Priority 90 (configured 90)
Group name is “hsrp-Fa0/0-5” (default)
Router1#
Router2#show standby
FastEthernet0/0 – Group 5
State is Active
7 state changes, last state change 00:01:10
Virtual IP address is 192.168.0.1
Active virtual MAC address is 0000.0c07.ac05
Local virtual MAC address is 0000.0c07.ac05 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.240 secs
Preemption disabled
Active router is local
Standby router is 192.168.0.4, priority 90 (expires in 11.376 sec)
Priority 80 (configured 80)
Group name is “hsrp-Fa0/0-5” (default)
Router2#
Despite router 1 having a higher priority it is still listed as the standby router. This is because we haven’t told the routers that they can preempt each other. At this point, they know that router 1 should be active, but they won’t failover just for the sake of priority. To make them failover based on priority we need to configure each interface to preempt. This is done with the ‘standby 5 preempt’ command. Once applied on each router interface we can see the change occur…
Router1(config)#int fa0/0
Router1(config-if)#standby 5 preempt
*Jan 3 01:01:07.607: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 5 state Standby –> Active
HSRP communicates using hello packets. Hellos’ are sent to the multicast address of 224.0.0.2 on UDP port 1985. By default hellos are sent every 3 seconds. Only the active and standby routers will send out hello packets. Any additional routers ,besides the active and standby router, will be in a listen state and only listen to hellos. Listening routers do not generate their own hellos.
There are two timers associated with HSRP. The hello timer which defaults to 3 seconds and the hold-down timer which defaults to 10 seconds. The hold-down timer is generally 3 times the hello timer. If the standby router does not hear a hello from the active router by the end of the hold-down timer it will assume the active role. We can see this happen in the debugs…
As you can see, at the top of the screen the standby router is sending and receiving hellos. It receives it’s last hello from the active router at 1:15:30. At 1:15 42 the hold timer expires on the standby router and it moves to make itself the HSRP active router.
The last part of the HSRP configuration I want to cover is interface tracking. HSRP can be told to monitor an interface and decrement it’s own HSRP priority based on the tracked interface. This can become extremely important. Take into account a scenario like this…
Imagine that routers 1 and 2 have their own independent WAN links going to different carriers. Imagine that router 1 is the HSRP active but experiences a WAN link failure. Despite the fact that it can no longer forward traffic out of the site, it’ still has the HSRP active role since it’s still exchanging hellos on it’s internal interfaces. This is where tracked interfaces come in handy. Let’s look at a tracked interface configuration in action…
Router1 configuration
interface FastEthernet0/0
ip address 192.168.0.3 255.255.255.0
standby 0 preempt
standby 5 ip 192.168.0.1
standby 5 preempt
standby 5 track 1 decrement 20
duplex auto
speed auto
end
Notice that we have the ‘standby 5 track 1 decrement 20’ command. This was actually generated by adding the ‘standby 5 track fastEthernet 0/1 20’ command. Notice that it changed the interface into a ‘1’ in the running configuration. Take a look at the output of the ‘show track’ command…
Router2#show track
Track 1 (via HSRP)
Interface FastEthernet0/1 line-protocol
Line protocol is Down (hw line state down)
2 changes, last change 00:00:24
Tracked by:
HSRP FastEthernet0/0 5
Notice that it created a tracked object (object 1). So if we unplug interface fastethernet0/1 we should see the decrement and failover occur…
*Jan 3 03:54:23.819: %TRACKING-5-STATE: 1 interface Fa0/1 line-protocol Up->Down
*Jan 3 03:54:24.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Jan 3 03:54:25.199: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 5 state Active -> Speak
*Jan 3 03:54:35.903: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 5 state Speak –> Standby
There are of course other ways to handle the tracking as well. Do to the fact that interfaces don’t always physically go down when they fail I prefer to use the IP SLA route to track the interfaces. In this way, we can track connectivity to an IP address and when the monitor fails we can decrement the priority. The configuration looks like this…
Note I’m running 15.x code on these routers. The config syntax is slightly different in earlier versions.
ip sla 1
icmp-echo 74.12.35.1
frequency 5
ip sla schedule 1 life forever start-time now
track 50 ip sla 1
interface FastEthernet0/0
ip address 192.168.0.3 255.255.255.0
standby 0 preempt
standby 5 ip 192.168.0.1
standby 5 preempt
standby 5 track 50 decrement 20
duplex auto
speed auto
A quick look at some commands to verify that the monitor is working as expected…
Router1#show ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
ID Type Destination Stats Return Last
(ms) Code Run
———————————————————————–
*1 icmp-echo 74.12.35.1 RTT=1 OK 3 seconds ago
Router1#show track
Track 50
IP SLA 1 state
State is Up
3 changes, last change 00:01:49
Latest operation return code: OK
Latest RTT (millisecs) 1
Tracked by:
HSRP FastEthernet0/0 5
Router1#
As you can see, the monitor is succeeding and the tracked object is returning a status of OK. Now let’s test an indirect failure…
*Jan 3 04:52:06.990: %TRACKING-5-STATE: 50 ip sla 1 state Up->Down
*Jan 3 04:52:09.738: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 5 state Active -> Speak
*Jan 3 04:52:19.998: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 5 state Speak -> Standby
Router1#
Router1#show int fa0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 001d.704c.0dad (bia 001d.704c.0dad)
Internet address is 74.12.35.2/29
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
As you can see, the router picked up on the SLA failing and kicked into standby mode. Note that the interface still shows as up/up though.
That’s it for HSRP. In the next couple of posts we’ll cover VRRP and GLBP.
Hi,
I have a question about HSRP cable connection in the following scenario.
A PC with Teaming function for redundancy, with each port connected to different switches, how does these switches will be connected to HSRP configured Router.
Regards
Ahmad Al-Marhoun