Cisco IOS: First Hop Redundancy Protocols (Part 1) - HSRP

Cisco IOS: First Hop Redundancy Protocols (Part 1) - HSRP

Introduction

Within this 3 part series we will be looking at 3 types of FHRP (First Hop Redundancy Protocol) on Cisco IOS - HSRP, VRRP and GLBP. We will look into the features that they each provide and also how to configure them. We will begin by exploring HSRP.

So first - What is a First Hop Redundancy Protocol?

"An FHRP (First Hop Redundancy Protocol) provides high availability to the default gateway upon a given segment."

What is HSRP?

HSRP is a Cisco proprietary FHRP, which uses groups, that contain active and standby routers to create a virtual gateway IP. If a router fails the standby router is promoted to active and takes ownership of the virtual gateway IP.

HSRP Components/Features

Below details some further components and features of HSRP:

  • Active Router Election - A priority is used (default is 100). The router with the highest priority is elected the active router.
  • Hello Messages - Hellos are sent every 3 seconds by the active router to let the standby router know it is still available.
  • Holdtime - The amount of time the standby router does not receive a Hello message, and therefore the standby will take the role of the active router. The hold time must at least 3 x the Hello interval.
  • Preempt - Ensures the demoted active router, resumes its role of active, once the device has come back up.
  • Interface Tracking - Allows an interface to be tracked, and in the event of failure, decrement the priority value.
  • Enhanced Object Tracking - Allows the priority values to be reduced in the event of a network condition, such as a route no longer being present in the routing table.
  • HSRP v2 - v2 is used if sub-second timers are required and/or IPv6.
  • Virtual MAC Addresses - The following virtual MAC is used,
    • HSRP v1- 10000.0c07.ac0a (0a = HSRP group in HEX)
    • HSRP v2 - 0000.0c9f.f00a (00a = HSRP group in HEX)
  • Multicast - Hello messages are sent to the following multicast groups,
    • HSRP v1- 224.0.0.2 (all routers)
    • HSRP v2 - 224.0.0.102

Design Points

There are some design points to HSRP that should be observed when configuring HSRP,

  • Multiple VLANs - If multiple VLANs are being used, and there are multiple standby groups, Make your first router active for a subset of the VLANs, and the second router active for the rest. This will allow traffic to be distributed across both routers more equally.
  • STP - Make the Layer 3 device acting as a VLANs active HSRP router, the STP root bridge for the VLAN.

Configuration

We will now provide the steps and commands required to configure HSRP. This will include, configuring the HSRP initial setup, its timers, interface tracking, object tracking and authentication.

Belows shows the topology we will configure HSRP against. Furthermore, our VIP will be 10.0.128.10.

HSRP-article-1
Figure 1 - HSRP topology.

Initial Setup

First, we will configure the HSRP standby group, assign the VIP along with assign a higher priority on R1.

R1

R1(config)# interface gi0/2
R1(config-if)# standby 10 ip 10.0.128.10
R1(config-if)# standby 10 priority 110
R1(config-if)# standby 10 preempt

R2

R2(config)# int gi0/2 
R2(config-if)# standby 10 ip 10.0.128.10
R2(config-if)# standby 10 preempt

Verification

To verify we look for the preemption flag and also that the state is showing as active.

R1# show standby brief 
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/2       10   110 P Active  local           10.0.128.2      10.0.128.10

Timers

Next, we will update the timers so that failure detection time is reduced. This is based on a 200 millisecond Hello and a 900-millisecond Holdtime.

####R1/R2
R1/2(config)#int gi0/2
R1/2(config-if)#standby 10 timers msec 200 msec 900

Verification

R1# show standby 
GigabitEthernet0/2 - Group 10 (version 2)
  State is Active
    5 state changes, last state change 00:06:44
  Virtual IP address is 10.0.128.10
  Active virtual MAC address is 0000.0c9f.f00a
    Local virtual MAC address is 0000.0c9f.f00a (v2 default)
  *Hello time 200 msec, hold time 900 msec*
    Next hello sent in 0.096 secs
  Preemption enabled
  Active router is local
  Standby router is 10.0.128.2, priority 100 (expires in 0.960 sec)
  Priority 110 (configured 110)
  Group name is "hsrp-Gi0/2-10" (default)

Track IP

We will now configure track IP and assign a weight of 20 to gi0/1. In the event of gi0/1 going down, 20 will be deducted from the priority.

R1

R1(config)# track 1 interface gi0/1 line-protocol 
R1(config-track)# int gi0/2                             
R1(config-if)# standby 10 track 1 decrement 20

Verification

R1#sh track 1 
Track 1
  Interface GigabitEthernet0/1 line-protocol
  Line protocol is Up
    3 changes, last change 1d15h
  Tracked by:
    HSRP GigabitEthernet0/2 10

Enhanced Object Tracking

Next, we will configure enhanced object tracking to decrement the priority by 20, in the event of an IP route not being reachable, due to the route not being present within the RIB.

R1

R1(config)# track 2 ip route 2.2.2.0/24 reachability 
R1(config-track)# int gi0/2
R1(config-if)# standby 10 track 2 decrement 20

Verification

R1# show track 2   
Track 2
  IP route 2.2.2.0 255.255.255.0 reachability
  Reachability is Down (no ip route)
    1 change, last change 00:03:03
  First-hop interface is unknown
  Tracked by:
    HSRP GigabitEthernet0/2 10

Authentication

Finally, for HSRP, we will configure authentication. Our authentication is will be based on a string that is MD5 hashed, and then sent to the other node, where is checked against the authentication configured.

R1/R2

R1/2(config)# int gi0/2
R1/2(config-if)# standby 10 authentication md5 key-string HSRPPW

Verification

R2# show standby
GigabitEthernet0/2 - Group 10 (version 2)
  State is Active
    5 state changes, last state change 00:03:00
  Virtual IP address is 10.0.128.10
  Active virtual MAC address is 0000.0c9f.f00a
    Local virtual MAC address is 0000.0c9f.f00a (v2 default)
  Hello time 200 msec, hold time 900 msec
    Next hello sent in 0.080 secs
  Authentication MD5, key-string
  Preemption enabled
  Active router is local
  Standby router is 10.0.128.1, priority 90 (expires in 0.896 sec)
  Priority 100 (default 100)
  Group name is "hsrp-Gi0/2-10" (default)

Subscribe to our newsletter and stay updated.

Don't miss anything. Get all the latest posts delivered straight to your inbox.
Great! Check your inbox and click the link to confirm your subscription.
Error! Please enter a valid email address!