CCNP ENCOR 350-401, Cisco Systems, Networking

HSRP (Hot Standby Routing Protocol)

In this article, we shall try to make an understanding about cisco proprietary redundancy routing protocol call HSRP ( Hot Standby Routing...

· >
hot-standby-routing-protocol

In this article, we shall try to make an understanding about cisco proprietary redundancy routing protocol call HSRP ( Hot Standby Routing Protocol). In our another article, we learnt about open source redundancy protocol which is VRRP (Virtual Redundancy Routing Protocol). So for the purpose of better understanding we shall use cisco packet tracer to build small lab for HSRP.

In this lab we used two multilayer switch connected to Subnet 192.168.1.0/24 in VLAN 1 where we have a host connected. Further these switches are connected to a router.

Lets take a look at basic configuration of the topology.

SW1

hostname SW1
!
interface g1/0/1
no switchport
ip address 192.168.1.1 255.255.255.0
!
interface g1/0/2
no switchport
ip address 192.168.11.1 255.255.255.0
!

end

SW2

hostname SW2
!
interface g1/0/1
no switchport
ip address 192.168.1.2 255.255.255.0
!
interface g1/0/2
no switchport
ip address 192.168.23.2 255.255.255.0
!
end

So, next we shall enable HSRP (Hot Standby Routing Protocol) on both multilayer switches. “Standby” is the command to configure HSRP, next type the group number followed by virtual IP or gateway. In this case 192.168.1.254 will be our virtual gateway and “10” is our group. make sure to match the group number on both switches.

SW1 & SW2

(config)#interface g1/0/1
(config-if)#standby 10 ip 192.168.1.254

Once you configure HSRP, one device will be active and other device will become standby. Now virtual gateway must be reachable from host devices. Following messages appear on console of active HSRP router

%HSRP-6-STATECHANGE: GigabitEthernet1/0/1 Grp 10 state Speak -> Standby

%HSRP-6-STATECHANGE: GigabitEthernet1/0/1 Grp 10 state Standby -> Active

On Standby HSRP following message appears.

%HSRP-6-STATECHANGE: GigabitEthernet1/0/1 Grp 10 state Speak -> Standby

On host machine, we find following ARP resolutions, output is appended for your understanding.

Now the question arises how does the host devices finds the MAC of the virtual gateway using ARP, which is 0000.0C07.AC0A. The answer to this question is HSRP uses 0000.0C07.ACXX as MAC address to be resolved against the virtual gateway where XX is the group number. Now that in mind which switch is responsible to handle ARP requests or forwarding packets, you can find this information by using “show standby” command to get the active router information.

Active router is responsible to handle ARP requests and forward packets from them. It will also send hello messages to standby routers after every 3 seconds by default and standby router shall be listening to active HSRP router. If Standby router don’t see hello messages for 10 seconds which is default hold time for standby router to take over the active role. Now if previously active router again joins the HSRP group it will still be in standby mode as by default preemption is disabled in HSRP.

HSRP States

There are five state a HSRP router goes through while HSRP is enabled on it and it joins a HSRP group.

Initial

This is the _rst state when HSRP starts. You’ll see this just after you con_gured HSRP or when the interface just got enabled.

Listen

The router knows the virtual IP address and will listen for hello messages from other HSRP routers.

Speak

The router will send hello messages and will join the election to see which router will become active or standby.

Standby

The router didn’t become the active router but will keep sending hello messages. If the active router fails it will take over.

Active

The router will actively forward packets from clients and sends hello messages.

Active Gateway Election

I have disabled gig1/0/1 interface on both switches and then enabled them to see the active / standby role change, Current output is appended.

SW1#show standby
GigabitEthernet1/0/1 – Group 10
State is Standby
13 state changes, last state change 00:54:45
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0C07.AC0A
Local virtual MAC address is 0000.0C07.AC0A (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.628 secs
Preemption disabled
Active router is 192.168.1.2, priority 100 (expires in 9 sec)
MAC address is 0000.0C07.AC0A
Standby router is local
Priority 100 (default 100)
Group name is hsrp-Gig1/0/1-10 (default)

SW2

SW2#show standby
GigabitEthernet1/0/1 – Group 10
State is Active
10 state changes, last state change 00:54:06
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0C07.AC0A
Local virtual MAC address is 0000.0C07.AC0A (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.954 secs
Preemption disabled
Active router is local
Standby router is 192.168.1.1, priority 100 (expires in 8 sec)
Priority 100 (default 100)
Group name is hsrp-Gig1/0/1-10 (default)

Why does the SW2 assumed active role instead on SW1?

By default it is the priority which decides Active or standby role in HSRP, if priority is same highest IP address will be the tie breaker. So SW2 became the Active HSRP router. So what if decide to make SW1 as active HSRP router, we can do so by changing the priority of SW1 to higher than SW2.

SW1(config)#interface g1/0/1
SW1(config-if)#standby 10 priority 150

Now after switch priority has been increased to 150, it will now assume HSRP active role after some time. SW1 & SW2 status after change of HSRP role is appended.

SW1

HSRP (Hot Standby Routing Protocol

SW2

HSRP (Hot Standby Routing Protocol

Preemption

When we enable preemption the switch with the highest priority (or IP address in case
the priority is the same) will always become the new active device. Means if SW1 has higher priority and it goes down due to any reason, SW2 shall assume Active role of HSRP. Once SW1 restores and rejoins HSRP group it will preempt to resume the active HSRP role from the SW2 as preemption is enabled on it.

SW1 & SW2
(config)#interface g1/0/1
(config-if)#standby 10 preempt

Authentication

HSRP also supports authentication. You can choose between plaintext or MD5 authentication. Lets configure HSRP authentication in our topology so that messages sent between the switches are authenticated. This adds layer of security to prevent someone to join our HSRP group.

SW1 & SW2
(config)#interface g1/0/1
(config-if)#standby 1 authentication md5 key-string SECRET_KEY

HSRP Timers

By default HSRP has pretty slow hold time of 10 seconds, which means if SW2 is our standby router and it will not take active HSRP role till 10 seconds. SO we shall have 10 seconds of downtime due to this slow timer. So lets fix it in our topplogy.

SW1 & SW2
(config-if)#standby 10 timers ?
<1-254> Hello interval in seconds

So we can adjust the hello message time to 1 seconds and hold timer to 3 seconds by using standby timers command as follows:

SW1(config-if)#standby 10 timers 1 3

lets do the same on SW2.

SW2(config-if)#standby 10 timers 1 3

HSRP Version 1 and 2

There are two versions of HSRP and depending on the device model you may have the option to use HSRP version 2 by using standby version 2 command.

SW1 & SW2
(config-if)#standby version 2

HSRP Object Tracking

HSRP can track interfaces or objects and decrement priority if an interface or object fails. Interface tracking enables the priority of a standby group router to be automatically adjusted, based on the availability of the router interfaces.

In our topology, SW1 is HSRP Active router. Now Assume that connectivity between SW1 and R1 got down, PCs on LAN 192.168.1.0/24 shall not be able to reach R1. We can configure HSRP to track to interface status and change HSRP priority of SW2 to take active HSRP role from SW1.

HSRP offers a feature called interface tracking. We can select an interface to track and if it fails we will give it a penalty. This way your priority will decrease and another device can become the active router.

Hot Standby routing protocol

But object tracking shall only check status of interface, interface might be UP but connectivity might be down due to absence of route or anything. In that case object tracking does not work, workable solution can be the use of IP SLA which provides end-to-end connectivity check.

So that it for now, in this article we discussed HSRP Hot Standby Routing Protocol in detail. I Hope this has been informative for you and should you have any questions suggestions, you can comment them below.

close

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Leave a Reply