Explore how tracking can be employed with preemption to allow the Hot Standby Routing Protocol (HSRP) group members to react to failed interfaces for optimal routing. Learn how HSRP is activated on the network, and the specialized MAC addresses used to facilitate functionality. Observe how HSRP is capable of doing limited load balancing. Discover how Virtual Router Redundancy Protocol (VRRP) can be used in place of HSRP in a mixed vendor environment.
- [Instructor] HSRP gateway routers will often have redundant links back to the core of a network. If a single redundant link fails, traffic may be completely unaffected, though in some cases it may severely impact the overall performance of traffic. HSRP gives an administrator the ability to take link states into consideration, using the track command. If a tracked interface goes down, the router will decrement its own HSRP priority by 10 by default. Each subsequent failed interface will continue to decrement the priority by 10.
If tracking is combined with preemption, then a router can effectively remove itself from the active or standby state due to failed interfaces. As interfaces return, the priority will be adjusted back up accordingly. The command for associating a tracked interface with HSRP is standby group track. The default decrement value is 10, though it can be user adjusted. Now for the real meat of HSRP. Each router participating in the HSRP group will have a unique IP address assigned to the interface participating in HSRP.
All IPs must be in the same subnet. These IPs are used for routing protocols and management. Each router also has the same common gateway address known as the HSRP address, or sometimes standby address. The HSRP address is sourced from the active router, which means if the active fails, the standby will transition to active and start responding to ARP requests for the HSRP address. The HSRP address is configured with standby group IP, the IP address.
The HSRP address must also be in the same subnet as the physical interface IP. The secondary keyword is used for secondary IP redundancy. HSRP utilizes a specially crafted MAC address for the HSRP address. It is always in the form of 0000.0c07.acxx with the xx being group ID in hex form. HSRP can also do a limited form of load balancing on a single interface utilizing multiple HSRP groups per interface.
In essence, two HSRP groups are configured per interface. For this example, I'll use HSRP goup one and HSRP group two. Group one will utilize a gateway address of 192.168.10.11, while group two will utilize a gateway address of 192.168.10.12. On router A, priority for group one is higher, making it active for group one, while on router E, priority for group two is higher, making it active for group two.
At this point, I've now got two HSRP gateway addresses with one active on each router. If I configure half my host to utilize 192.168.10.11, and the other half to use .12 as their gateways, then traffic will split between the two routers. If either router were to fail, the remaining router should assume active responsibilities for the other group, thereby maintaining redundancy. Honestly, this is a lot of work and complexity, when it's generally easy enough to just purchase routers with adequately sized interfaces, or you use another upcoming protocol like GLBP.
My preferred way to verify HSRP is with the show standby command, though I most often use show standby brief. This will supply the interface it is running on, group ID, current priority, preemption status, state, which router is active, which is standby, and what the virtual IP for the group is. If the brief keyword is omitted, far more detail is provided, like timers and MAC addresses. Though HSRP is a solid option, it is Cisco propriety.
The standards-based alternative is virtual router redundancy protocol, or RFC 2338. VRRP only slightly differs from HSRP. The active router is known as the master, and all others are in the backup state. Group numbers range from zero to 255. Priorities range from one to 254, with a default of 100, and the highest priority is master. The virtual MAC is 0000.5e00.01xx, which xx being the group number in hex.
The VRRP advertisements default to one second, and backup routers can learn the advertisement interval from the master. Advertisements are sent using IP protocol 112, and multicast address 22.214.171.124. In VRRP, preemption is enabled by default instead of being optionally enabled as in HSRP. VRRP commands are the same as HSRP with the exception that they start with vrrp instead of hsrp.
One addition is a vrrp group timers learn which allows VRRP the ability to learn timers from the master. Displaying commands are generally the same with my preferred method being show vrrp brief. This displays virtually the same information as show standby brief. VRRP can be a solid alternative to HSRP, and is what I always implement in a mixed vendor environment. Be sure to add it to your network toolbox.
- Gateway redundancy
- HSRP basic and advanced configuration
- Switch security
- Port security: 802.1X
- Flood control and admin security
- VLAN security
- Centralizing user management