Difference between revisions of "HSRP"

From Teknologisk videncenter
Jump to: navigation, search
m (Configuring load balancing with HSRP)
m (Purpose of HSRP)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
HSRP or Hot Standby Router Protocol is a protocol defined by Cisco and now described in [http://www.ietf.org/rfc/rfc2281.txt rfc2281]. HSRP is a Cisco-proprietary protocol.
+
__NOTOC__
 +
HSRP or Hot Standby Router Protocol is a protocol defined by Cisco and now described in [http://www.ietf.org/rfc/rfc2281.txt rfc2281]. HSRP is a Cisco-proprietary protocol.  
 +
 
 +
= Purpose of HSRP  =
  
= Purpose of HSRP =
 
 
The purpose of HSRP is to ensure network connectivity in case of Router or access circuit failure, by having ''one standby'' Router waiting to take over from the failing ''active'' Router.  
 
The purpose of HSRP is to ensure network connectivity in case of Router or access circuit failure, by having ''one standby'' Router waiting to take over from the failing ''active'' Router.  
*There can be only one ''active'' Router
 
*There can be only one ''standby'' Router
 
*There can more routers in ''Speak'' state waiting to be ''standby'' Router.
 
  
= Other high availability Router protocols =
+
*There can be only one ''active'' Router
*GLBP [[Gateway Load Balancing Protocol]]
+
*There can be only one ''standby'' Router
*VRRP [[Virtual Router Redundancy Protocol]]
+
*There can more routers in ''Listen'' state waiting to be ''standby'' Router.
 +
 
 +
= Other high availability Router protocols =
 +
 
 +
*GLBP [[Gateway Load Balancing Protocol]]  
 +
*VRRP [[Virtual Router Redundancy Protocol]]  
 +
*IPv6 HSRP [[HSRP IPv6 Cisco IOS]]
 +
 
 
{|
 
{|
 
|-
 
|-
|valign="top"|
+
| valign="top" |  
 +
= How does HSRP work  =
 +
 
 +
HSRP works by two or more Routers agreeing upon which Router serves the ''virtual Router''.
 +
 
 +
== HSRP Protocol  ==
  
= How does HSRP work =
 
HSRP works by two or more Routers agreeing upon which Router serves the ''virtual Router''.
 
== HSRP Protocol ==
 
 
HSRP runs on top of UDP, and uses port number 1985. Packets are sent to multicast address 224.0.0.2 with TTL 1.  
 
HSRP runs on top of UDP, and uses port number 1985. Packets are sent to multicast address 224.0.0.2 with TTL 1.  
== The Virtual Router ==
 
The Virtual Router is a MAC-address and a IP Address the ''active'' Router serves beside its configured IP address. If the ''active'' Router fails the ''standby'' Router becomes the Virtual Router by serving the virtual MAC-address and IP Address. If there are any Routers in ''speak'' state they will compete to be the new ''standby'' Router.
 
  
== HSRP example ==
+
== The Virtual Router  ==
In picture 1 three Routers R1,R2 and R3 are setup in a HSRP Group. The Virtual IP address 10.0.0.1 and virtual MAC-Address 00-10-0C-07-AC-0A are served by the active Router R1. R1 continuesly transmits hello packets to the standby Routers.<br/>
+
 
If the Active Router fails the ''standby'' Router will become the active Router and start serving the Virtual IP address 10.0.0.1 and the virtual MAC-address 00-10-0C-07-AC-0A. The Router in ''speak'' state will become the new ''standby'' Router.
+
The Virtual Router is a MAC-address and a IP Address the ''active'' Router serves beside its configured IP address. If the ''active'' Router fails the ''standby'' Router becomes the Virtual Router by serving the virtual MAC-address and IP Address. If there are any Routers in ''speak'' state they will compete to be the new ''standby'' Router.
<br/><br/>
+
 
There are no load balancing between the Routers.
+
If more than two Routers participate in a HSRP group the remaining Routers will be in Listen State. (See [https://tools.ietf.org/html/rfc2281#section-5.3 RFC 2281 Section 5.3]) There can be an arbitrary number of Routers in a HSRP group. (See [https://tools.ietf.org/html/rfc2281#section-1 RFC 2281 section 1])
|
+
 
[[Image:HSRP1.png|thumb|500px|float|Picture 1: HSRP group with Router R1 active and Router R2 and R3 as standby Routers]]
+
== HSRP example ==
 +
 
 +
In picture 1 three Routers R1,R2 and R3 are setup in a HSRP Group. The Virtual IP address 10.0.0.1 and virtual MAC-Address 00-10-0C-07-AC-0A are served by the active Router R1. R1 continuesly transmits hello packets to the standby Routers.<br> If the Active Router fails the ''standby'' Router will become the active Router and start serving the Virtual IP address 10.0.0.1 and the virtual MAC-address 00-10-0C-07-AC-0A. The Router in ''speak'' state will become the new ''standby'' Router. <br><br> There are no load balancing between the Routers.  
 +
 
 +
|  
 +
[[Image:HSRP1.png|thumb|500px]]  
 +
 
 
|}
 
|}
  
== Configuration of R1, R2 and R3 ==
+
== Configuration of R1, R2 and R3 ==
+
 
 
{|
 
{|
|
+
|-
<pre>
+
| <pre>hostname R1
hostname R1
 
 
!
 
!
 
interface FastEthernet1/0   
 
interface FastEthernet1/0   
Line 43: Line 54:
 
   standby 10 timers 2 6
 
   standby 10 timers 2 6
 
   standby 10 ip 10.0.0.1
 
   standby 10 ip 10.0.0.1
</pre>
+
</pre>  
|  
+
| <pre>hostname R2
<pre>
 
hostname R2
 
 
!
 
!
 
interface FastEthernet1/0  
 
interface FastEthernet1/0  
Line 54: Line 63:
 
   standby 10 timers 2 6
 
   standby 10 timers 2 6
 
   standby 10 ip 10.0.0.1
 
   standby 10 ip 10.0.0.1
</pre>
+
</pre>  
|  
+
| <pre>hostname R3
<pre>
 
hostname R3
 
 
!
 
!
 
interface FastEthernet1/0  
 
interface FastEthernet1/0  
Line 68: Line 75:
 
|}
 
|}
  
== HSRP Group number ==
+
== HSRP Group number ==
All the Routers in a HSRP Group must use the same Group number. In the example the Routers uses Group number 10. The group number ranges from 0 - 255. (Default is 0)
+
 
== The virtual MAC-address ==
+
All the Routers in a HSRP Group must use the same Group number. In the example the Routers uses Group number 10. The group number ranges from 0 - 255. (Default is 0)  
The virtual MAC-address is divided into three fields. In the example 00-10-0C-07-AC-0A
+
 
*00-10-0C is the vendor code. (Cisco for example)
+
== The virtual MAC-address ==
*07-AC is a well-known HSRP code
+
 
 +
The virtual MAC-address is divided into three fields. In the example 00-10-0C-07-AC-0A  
 +
 
 +
*00-10-0C is the vendor code. (Cisco for example)  
 +
*07-AC is a well-known HSRP code  
 
*0A is the HSRP group number 10 decimal is 0A hexadecimal
 
*0A is the HSRP group number 10 decimal is 0A hexadecimal
== Priority ==
+
 
The priority are used to decide which Router should be the active Router and in which order the standby Routers will take over. The priority field can range from 0 - 255. (Default is 100)<br/>
+
== Priority ==
If more Routers has the same priority the Router with the highest configured IP address will become the active Router.
+
 
== Preempt ==
+
The priority are used to decide which Router should be the active Router and in which order the standby Routers will take over. The priority field can range from 0 - 255. (Default is 100)<br> If more Routers has the same priority the Router with the highest configured IP address will become the active Router.  
If a Router with a higher priority becomes operative in the HSRP group, the active Router will continue to be active regardless of the new Router having a higher priority. To have the new Router with the higher priority to take over operation as the active Router use the ''preempt'' statement.
+
 
== Hello timers ==
+
== Preempt ==
HSRP Routers sends hello packets at regular intervals to each other.
+
 
*Hello packets are sent default every 3 second (Hello interval)
+
If a Router with a higher priority becomes operative in the HSRP group, the active Router will continue to be active regardless of the new Router having a higher priority. To have the new Router with the higher priority to take over operation as the active Router use the ''preempt'' statement.  
*''Holdtime'' is default 10 seconds. (Time should be at least three times hello interval)
+
 
*''Hello interval'' and ''holdtime'' could be learned by a ''standby'' Router from the ''active'' Router.  
+
== Hello timers ==
= Tracking access Interfaces =
+
 
It is important to track the access interfaces.See Picture 2 below. Under normal operations where both WANS between the buildings are operational the ''active'' router routes packets between the buildings. If the WAN connected to the ''active'' Router fails the active Router should withdraw as ''active'' Router and let the ''standby'' Router take over. See Picture 3. Thats called ''tracking interfaces'''
+
HSRP Routers sends hello packets at regular intervals to each other.  
 +
 
 +
*Hello packets are sent default every 3 second (Hello interval)  
 +
*''Holdtime'' is default 10 seconds. (Time should be at least three times hello interval)  
 +
*''Hello interval'' and ''holdtime'' could be learned by a ''standby'' Router from the ''active'' Router.
 +
 
 +
= Tracking access Interfaces =
 +
 
 +
It is important to track the access interfaces.See Picture 2 below. Under normal operations where both WANS between the buildings are operational the ''active'' router routes packets between the buildings. If the WAN connected to the ''active'' Router fails the active Router should withdraw as ''active'' Router and let the ''standby'' Router take over. See Picture 3. Thats called ''tracking interfaces'''  
 +
 
 +
Enhanced tracking possible on some platforms. See links below.
 +
 
 +
[[Image:Hsrp access line 1.png|thumb|left|400px]]
 +
 
 
{|
 
{|
[[Image:Hsrp access line 1.png|thumb|left|400px|Picture 2: Normal operation]]
+
|-
|
+
|  
[[Image:Hsrp access line 2.png|thumb|left|400px|Picture 3: New active Router based on tracking WAN]]
+
[[Image:Hsrp access line 2.png|thumb|left|400px]]  
 +
 
 
|}
 
|}
= Configuring load balancing with HSRP =
+
 
 +
= Configuring load balancing with HSRP =
 +
 
 
In the example below R1 will Route packets from VLAN 11 and VLAN 13 and R2 will Route packets from VLAN 10 and VLAN 12. If one of the routers fail, the other will take over. Interface tracking is configured as well. In the example below 20 will be substracted from priority if tracked interfaces fail.  
 
In the example below R1 will Route packets from VLAN 11 and VLAN 13 and R2 will Route packets from VLAN 10 and VLAN 12. If one of the routers fail, the other will take over. Interface tracking is configured as well. In the example below 20 will be substracted from priority if tracked interfaces fail.  
 +
 
{|
 
{|
|
+
|-
<pre>
+
| <pre>hostname R1
hostname R1
 
 
!
 
!
 
interface FastEthernet0/0.10
 
interface FastEthernet0/0.10
 
  encapsulation dot1Q 10
 
  encapsulation dot1Q 10
 
  ip address 172.16.10.10 255.255.255.0
 
  ip address 172.16.10.10 255.255.255.0
no snmp trap link-status
 
 
  standby 10 ip 172.16.10.1
 
  standby 10 ip 172.16.10.1
 
  standby 10 preempt
 
  standby 10 preempt
Line 111: Line 137:
 
  encapsulation dot1Q 11
 
  encapsulation dot1Q 11
 
  ip address 172.16.11.10 255.255.255.0
 
  ip address 172.16.11.10 255.255.255.0
no snmp trap link-status
 
 
  standby 11 ip 172.16.11.1
 
  standby 11 ip 172.16.11.1
 
  standby 11 preempt
 
  standby 11 preempt
Line 120: Line 145:
 
  encapsulation dot1Q 12
 
  encapsulation dot1Q 12
 
  ip address 172.16.12.10 255.255.255.0
 
  ip address 172.16.12.10 255.255.255.0
no snmp trap link-status
 
 
  standby 12 ip 172.16.12.1
 
  standby 12 ip 172.16.12.1
 
  standby 12 preempt
 
  standby 12 preempt
Line 129: Line 153:
 
  encapsulation dot1Q 13
 
  encapsulation dot1Q 13
 
  ip address 172.16.13.10 255.255.255.0
 
  ip address 172.16.13.10 255.255.255.0
no snmp trap link-status
 
 
  standby 13 ip 172.16.13.1
 
  standby 13 ip 172.16.13.1
 
  standby 13 priority 110
 
  standby 13 priority 110
 
  standby 13 preempt
 
  standby 13 preempt
 
  standby 13 track Serial0/0 20
 
  standby 13 track Serial0/0 20
</pre>
+
</pre>  
|
+
|  
[[Image:HSRP load balancing.png|450px|thumb|Picture 4: Configuring Load balancing using VLAN's]]
+
[[Image:HSRP load balancing.png|thumb|450px]]  
|
+
 
<pre>
+
| <pre>hostname R2
hostname R2
 
 
!
 
!
 
interface FastEthernet0/0.10
 
interface FastEthernet0/0.10
 
  encapsulation dot1Q 10
 
  encapsulation dot1Q 10
 
  ip address 172.16.10.20 255.255.255.0
 
  ip address 172.16.10.20 255.255.255.0
no snmp trap link-status
 
 
  standby 10 ip 172.16.10.1
 
  standby 10 ip 172.16.10.1
 
  standby 10 preempt
 
  standby 10 preempt
Line 153: Line 174:
 
  encapsulation dot1Q 11
 
  encapsulation dot1Q 11
 
  ip address 172.16.11.20 255.255.255.0
 
  ip address 172.16.11.20 255.255.255.0
no snmp trap link-status
 
 
  standby 11 ip 172.16.11.1
 
  standby 11 ip 172.16.11.1
 
  standby 11 preempt
 
  standby 11 preempt
Line 162: Line 182:
 
  encapsulation dot1Q 12
 
  encapsulation dot1Q 12
 
  ip address 172.16.12.20 255.255.255.0
 
  ip address 172.16.12.20 255.255.255.0
no snmp trap link-status
 
 
  standby 12 ip 172.16.12.1
 
  standby 12 ip 172.16.12.1
 
  standby 12 preempt
 
  standby 12 preempt
Line 171: Line 190:
 
  encapsulation dot1Q 13
 
  encapsulation dot1Q 13
 
  ip address 172.16.13.20 255.255.255.0
 
  ip address 172.16.13.20 255.255.255.0
no snmp trap link-status
 
 
  standby 13 ip 172.16.13.1
 
  standby 13 ip 172.16.13.1
 
  standby 13 priority 100
 
  standby 13 priority 100
Line 177: Line 195:
 
  standby 13 track Serial0/0 20
 
  standby 13 track Serial0/0 20
 
</pre>
 
</pre>
=Debugging HSRP=
 
*Recommend use '''debug standby terse'''
 
 
|}
 
|}
[[Category:Cisco]][[Category:CCNP]][[Category:IOS]][[Category:Network]][[Category:CCNP3]][[Category:IOS]]
+
 
 +
= Debugging HSRP =
 +
 
 +
*Recommend use '''debug standby terse
 +
 
 +
 
 +
= Note  =
 +
 
 +
HSRP version 0 Brugere en opcode som ikke er beskrevet i RFC 2281, Nemlig opcode 3
 +
 
 +
<br>
 +
 
 +
Her er et indlæg fra et forum om det:
 +
 
 +
Here are some clippings from it. Cisco seems to have added this <br>opcode as part of the feature "HSRP Support for ICMP Redirects":
 +
 
 +
'''Passive HSRP Router Advertisements (opcode = 3)'''
 +
 
 +
<br> Passive HSRP routers send out HSRP advertisement messages both periodically, and when entering or leaving the passive state. Thus, all HSRP routers can determine the HSRP group state of any HSRP router on the&nbsp;network. These advertisements inform other HSRP routers on the network of the HSRP interface state:
 +
 
 +
<br>
 +
 
 +
'''Dormant''' - interface has no HSRP groups, single advertisements sent once when last group is removed <br>'''Passive''' - interface has at least one non-active group and no active groups, advertisements sent out periodically <br>'''Active''' - interface has at least one active group, single advertisement sent out when first group becomes active
 +
 
 +
=Links=
 +
*[http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/sweot.html#wp1084432 Configuring Enhanced Object Tracking] (3560)
 +
*[https://packetpushers.net/ccnp-studies-configuring-hsrp-part-two/ Configuring HSRP in the distribution layer]
 +
[[Category:Cisco]] [[Category:CCNP]] [[Category:IOS]] [[Category:Network]] [[Category:CCNP3]]

Latest revision as of 11:32, 6 October 2020

HSRP or Hot Standby Router Protocol is a protocol defined by Cisco and now described in rfc2281. HSRP is a Cisco-proprietary protocol.

Purpose of HSRP

The purpose of HSRP is to ensure network connectivity in case of Router or access circuit failure, by having one standby Router waiting to take over from the failing active Router.

  • There can be only one active Router
  • There can be only one standby Router
  • There can more routers in Listen state waiting to be standby Router.

Other high availability Router protocols

How does HSRP work

HSRP works by two or more Routers agreeing upon which Router serves the virtual Router.

HSRP Protocol

HSRP runs on top of UDP, and uses port number 1985. Packets are sent to multicast address 224.0.0.2 with TTL 1.

The Virtual Router

The Virtual Router is a MAC-address and a IP Address the active Router serves beside its configured IP address. If the active Router fails the standby Router becomes the Virtual Router by serving the virtual MAC-address and IP Address. If there are any Routers in speak state they will compete to be the new standby Router.

If more than two Routers participate in a HSRP group the remaining Routers will be in Listen State. (See RFC 2281 Section 5.3) There can be an arbitrary number of Routers in a HSRP group. (See RFC 2281 section 1)

HSRP example

In picture 1 three Routers R1,R2 and R3 are setup in a HSRP Group. The Virtual IP address 10.0.0.1 and virtual MAC-Address 00-10-0C-07-AC-0A are served by the active Router R1. R1 continuesly transmits hello packets to the standby Routers.
If the Active Router fails the standby Router will become the active Router and start serving the Virtual IP address 10.0.0.1 and the virtual MAC-address 00-10-0C-07-AC-0A. The Router in speak state will become the new standby Router.

There are no load balancing between the Routers.

HSRP1.png

Configuration of R1, R2 and R3

hostname R1
!
interface FastEthernet1/0  
  ip address 10.0.0.11 255.0.0.0
  standby 10 priority 130 
  standby 10 preempt 
  standby 10 timers 2 6
  standby 10 ip 10.0.0.1
hostname R2
!
interface FastEthernet1/0 
  ip address 10.0.0.12 255.0.0.0
  standby 10 priority 120 
  standby 10 preempt 
  standby 10 timers 2 6
  standby 10 ip 10.0.0.1
hostname R3
!
interface FastEthernet1/0 
  ip address 10.0.0.13 255.0.0.0
  standby 10 priority 110 
  standby 10 preempt
  standby 10 timers 2 6 
  standby 10 ip 10.0.0.1

HSRP Group number

All the Routers in a HSRP Group must use the same Group number. In the example the Routers uses Group number 10. The group number ranges from 0 - 255. (Default is 0)

The virtual MAC-address

The virtual MAC-address is divided into three fields. In the example 00-10-0C-07-AC-0A

  • 00-10-0C is the vendor code. (Cisco for example)
  • 07-AC is a well-known HSRP code
  • 0A is the HSRP group number 10 decimal is 0A hexadecimal

Priority

The priority are used to decide which Router should be the active Router and in which order the standby Routers will take over. The priority field can range from 0 - 255. (Default is 100)
If more Routers has the same priority the Router with the highest configured IP address will become the active Router.

Preempt

If a Router with a higher priority becomes operative in the HSRP group, the active Router will continue to be active regardless of the new Router having a higher priority. To have the new Router with the higher priority to take over operation as the active Router use the preempt statement.

Hello timers

HSRP Routers sends hello packets at regular intervals to each other.

  • Hello packets are sent default every 3 second (Hello interval)
  • Holdtime is default 10 seconds. (Time should be at least three times hello interval)
  • Hello interval and holdtime could be learned by a standby Router from the active Router.

Tracking access Interfaces

It is important to track the access interfaces.See Picture 2 below. Under normal operations where both WANS between the buildings are operational the active router routes packets between the buildings. If the WAN connected to the active Router fails the active Router should withdraw as active Router and let the standby Router take over. See Picture 3. Thats called tracking interfaces'

Enhanced tracking possible on some platforms. See links below.

Hsrp access line 1.png
Hsrp access line 2.png

Configuring load balancing with HSRP

In the example below R1 will Route packets from VLAN 11 and VLAN 13 and R2 will Route packets from VLAN 10 and VLAN 12. If one of the routers fail, the other will take over. Interface tracking is configured as well. In the example below 20 will be substracted from priority if tracked interfaces fail.

hostname R1
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 172.16.10.10 255.255.255.0
 standby 10 ip 172.16.10.1
 standby 10 preempt
 standby 10 priority 100
 standby 10 track Serial0/0 20
!
interface FastEthernet0/0.11
 encapsulation dot1Q 11
 ip address 172.16.11.10 255.255.255.0
 standby 11 ip 172.16.11.1
 standby 11 preempt
 standby 11 priority 110
 standby 11 track Serial0/0 20
!
interface FastEthernet0/0.12
 encapsulation dot1Q 12
 ip address 172.16.12.10 255.255.255.0
 standby 12 ip 172.16.12.1
 standby 12 preempt
 standby 12 priority 100
 standby 12 track Serial0/0 20
!
interface FastEthernet0/0.13
 encapsulation dot1Q 13
 ip address 172.16.13.10 255.255.255.0
 standby 13 ip 172.16.13.1
 standby 13 priority 110
 standby 13 preempt
 standby 13 track Serial0/0 20
HSRP load balancing.png
hostname R2
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 172.16.10.20 255.255.255.0
 standby 10 ip 172.16.10.1
 standby 10 preempt
 standby 10 priority 110
 standby 10 track Serial0/0 20
!
interface FastEthernet0/0.11
 encapsulation dot1Q 11
 ip address 172.16.11.20 255.255.255.0
 standby 11 ip 172.16.11.1
 standby 11 preempt
 standby 11 priority 100
 standby 11 track Serial0/0 20
!
interface FastEthernet0/0.12
 encapsulation dot1Q 12
 ip address 172.16.12.20 255.255.255.0
 standby 12 ip 172.16.12.1
 standby 12 preempt
 standby 12 priority 110
 standby 12 track Serial0/0 20
!
interface FastEthernet0/0.13
 encapsulation dot1Q 13
 ip address 172.16.13.20 255.255.255.0
 standby 13 ip 172.16.13.1
 standby 13 priority 100
 standby 13 preempt
 standby 13 track Serial0/0 20

Debugging HSRP

  • Recommend use debug standby terse


Note

HSRP version 0 Brugere en opcode som ikke er beskrevet i RFC 2281, Nemlig opcode 3


Her er et indlæg fra et forum om det:

Here are some clippings from it. Cisco seems to have added this
opcode as part of the feature "HSRP Support for ICMP Redirects":

Passive HSRP Router Advertisements (opcode = 3)


Passive HSRP routers send out HSRP advertisement messages both periodically, and when entering or leaving the passive state. Thus, all HSRP routers can determine the HSRP group state of any HSRP router on the network. These advertisements inform other HSRP routers on the network of the HSRP interface state:


Dormant - interface has no HSRP groups, single advertisements sent once when last group is removed
Passive - interface has at least one non-active group and no active groups, advertisements sent out periodically
Active - interface has at least one active group, single advertisement sent out when first group becomes active

Links