HSRP (Hot Standby Routing Protocol)


HSRP concept :

 – HSRP provide redundancy for gateway router, when the active router goes down or one of its critical connections, another router can replace it.

– Using HSRP on an interface automatically disable ICMP redirect.

– Routers participating in the HSRP architecture exchanges information about routers statuses in hello messages every “hello time” (3 seconds by default).

– The router with the highest standby priority will be selected as the active router and will handle traffic related with the virtual ip and MAC.

– If the active router stop sending hello messages for 3* hello time (10 seconds by default) the router with next highest priority will become active.

– The virtual MAC address is generated automatically using the vendor code and the HSRP group.

– With MHSRP a router can be active for one group and standby for another group:

– A router (layer3 switch) can be active for one VLAN and standby for another VLAN.

– These features can be used to provide load balancing of traffic between routers.

 

Figure1: HSRP status transitions

  • Not only inbound interface status (up/down) participates in the HSRP process, but other critical interfaces too like outbound.
  • If outbound interface goes down the priority of the router is decreased by a configured number (priority) to let specific routers in the group or in the VLAN to become active.

 

Figure 2: Topology


CONFIGURATION

R2:

interface FastEthernet1/0

ip address 192.168.40.2 255.255.255.0

standby 40 ip 192.168.40.1

standby 40 preempt

standby 40 track Ethernet0/0 60

R3:

interface FastEthernet1/0

ip address 192.168.40.3 255.255.255.0

standby 40 ip 192.168.40.1

standby 40 priority 50 

 

Figure 3: Topology as seen by hosts in the access layer

 


 

Verification

R3:

R3#sh standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0
40
50
Standby
192.168.40.2
local
192.168.40.1

R3#sh standby

FastEthernet1/0Group 40


State is Standby

4 state changes, last state change 00:23:58


Virtual IP address is 192.168.40.1


Active virtual MAC address is 0000.0c07.ac28


Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.216 secs


Preemption disabled


Active router is 192.168.40.2, priority 100 (expires in 7.192 sec)


Standby router is local


Priority 50 (configured 50)

IP redundancy name is “hsrp-Fa1/0-40” (default)

R3# 

R2:

R2#sh standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0
40
100
P
Active
local
192.168.40.3
192.168.40.1

R2#sh standby

FastEthernet1/0Group 40


State is Active

1 state change, last state change 00:26:03


Virtual IP address is 192.168.40.1


Active virtual MAC address is 0000.0c07.ac28


Local
virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.196 secs


Preemption enabled


Active router is local


Standby router is 192.168.40.3, priority 50 (expires in 7.252 sec)


Priority 100 (default 100)


Track interface Ethernet0/0 state Up decrement 60

IP redundancy name is “hsrp-Fa1/0-40” (default)

R2# 

 Client host:

C:\>ipconfig

 

Windows IP Configuration

 

 

Ethernet adapter Gig:

 

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.40.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0


Default Gateway . . . . . . . . . : 192.168.40.1

C:\> 

The host in the LAN in configured with the HSRP virtual IP address as the default gateway, let’s ping it and see what MAC address is assigned to it:

C:\>ping 192.168.40.1

 

Pinging 192.168.40.1 with 32 bytes of data:

 

Reply from 192.168.40.1: bytes=32 time=71ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=36ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

 

Ping statistics for 192.168.40.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 71ms, Average = 46ms

 

C:\>arp -a

 

Interface: 192.168.40.104 — 0x3

Internet Address Physical Address Type


192.168.40.1
00-00-0c-07-ac-28
dynamic

 

C:\> 

Note that the default gateway MAC address matches the one of the virtual gateway from the previous routers outputs about HSRP information.

00-00-0c-07-ac is assigned by default and 28 in hexadecimal is the representation of the group 40 in decimal.

With trace route from the host you can note the path taken by the traffic to reach the host 10.10.10.1

C:\>tracert 10.10.10.1

 

Tracing route to 10.10.10.1 over a maximum of 30 hops

 

1 36 ms 32 ms 42 ms 192.168.40.2

2 51 ms 74 ms 77 ms 192.168.12.1

3 125 ms 62 ms 61 ms 10.10.10.1

 

Trace complete.

 

C:\> 

the traffic transparently took R2 as the default gateway because it is the active router in the HSRP group 40.

 

TESTING

In this second part let’s simulate two types of failure:

– R2 failure, by completely shutting down R2.

– R2 upstream interface e0/0.

 

1- R2 failure, by completely shutting down R2

 

To see how HSRP works we enabled “debug standby events” along with a non-stop ping from the LAN host.

C:\>ping -t 192.168.40.1

 

Pinging 192.168.40.1 with 32 bytes of data:

 

Reply from 192.168.40.1: bytes=32 time=39ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=20ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Request timed out.

Request timed out.

Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=62ms TTL=255

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=16ms TTL=255

 

Ping statistics for 192.168.40.1:

Packets: Sent = 13, Received = 11, Lost = 2 (15% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 63ms, Average = 42ms

Control-C

^C

C:\> 

Note that the two lines of request timeout correspond to the default standby timeout of 10 seconds with the convergence time of the routing protocol in place.

Now we can verify the new path taken:

C:\>tracert 10.10.10.1

 

Tracing route to 10.10.10.1 over a maximum of 30 hops

 

1 19 ms 46 ms 35 ms 192.168.40.3

2 51 ms 73 ms 62 ms 192.168.13.1

3 406 ms 79 ms 60 ms 10.10.10.1

 

Trace complete.

 

C:\> 

Even though the default gateway IP and MAC addresses are still the same, the Traffic path to 10.10.10.1 now has changed and niow forwarded through R3.

C:\>arp -a

 

Interface: 192.168.40.104 — 0x3

Internet Address Physical Address Type


192.168.40.1
00-00-0c-07-ac-28
dynamic

 

Interface: 192.168.45.104 — 0x5

Internet Address Physical Address Type

192.168.45.1 00-0e-a6-49-ea-ba dynamic

 

C:\> 

here is the result of debugging:

Mar 1 00:03:21.320: %SYS-5-CONFIG_I: Configured from console by admin on console

Mar 1 00:03:57.763: HSRP: Fa1/0 Grp 40 Standby: c/Active timer expired (192.168.40.2)

!!!!First the holddown timer of 3x3sec expired!!!!

Mar 1 00:03:57.767: HSRP: Fa1/0 Grp 40 Active router is local, was
192.168.40.2

Mar 1 00:03:57.771: HSRP: Fa1/0 Grp 40 Standby router is unknown, was
local

Mar 1 00:03:57.771: HSRP: Fa1/0 Grp 40 Standby -> Active

Mar 1 00:03:57.775: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Standby -> Active

Mar 1 00:03:57.779: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Standby -> Active

Mar 1 00:04:00.787: HSRP: Fa1/0 Grp 40 Redundancy group hsrp-Fa1/0-40 state Active -> Active

Mar 1 00:04:03.623: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.40.2 (FastEthernet1/0) is down: holding time expired

Mar 1 00:04:03.791: HSRP: Fa1/0 Grp 40 Redundancy group hsrp-Fa1/0-40 state Active -> Active

 The interface F1/0 immediately take over and change from standby to active:

R3:

R3#sh standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0
40
50
Active
local
unknown
192.168.40.1

R3#sh standby

FastEthernet1/0 – Group 40


State is Active

2 state changes, last state change 00:10:10


Virtual IP address is 192.168.40.1


Active virtual MAC address is 0000.0c07.ac28


Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.684 secs

Preemption disabled


Active router is local


Standby router is unknown


Priority 50 (configured 50)

IP redundancy name is “hsrp-Fa1/0-40” (default)

R3# 

Finally R2 is back to production:

C:\>ping -t 192.168.40.1

 

Pinging 192.168.40.1 with 32 bytes of data:

 

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=33ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=98ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=28ms TTL=255

Reply from 192.168.40.1: bytes=32 time=29ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=16ms TTL=255

Request timed out.

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=3ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=20ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

 

Ping statistics for 192.168.40.1:

Packets: Sent = 94, Received = 93, Lost = 1 (1% loss),

Approximate round trip times in milli-seconds:

Minimum = 3ms, Maximum = 98ms, Average = 35ms

Control-C

^C

C:\> 

 

C:\>tracert 10.10.10.1

 

Tracing route to 10.10.10.1 over a maximum of 30 hops

 

1 24 ms 13 ms 48 ms 192.168.40.2

2 47 ms 62 ms 81 ms 192.168.12.1

3 114 ms 57 ms 62 ms 10.10.10.1

 

Trace complete.

 

C:\> 

Note that the network took less than the first time to converge and change the path trough R2 again because there is no timers, only hello exchanged and the decision is immediately taken to give the active state back to R2, this is confirmed by the following debug output from R3:

Mar 1 00:17:55.918: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.40.2 (FastEthernet1/0) is up: new adjacency

Mar 1 00:18:12.870: HSRP: Fa1/0 Grp 40 Active: j/Coup rcvd from higher pri router (100/192.168.40.2)

Mar 1 00:18:12.874: HSRP: Fa1/0 Grp 40 Active router is 192.168.40.2, was local

Mar 1 00:18:12.878: HSRP: Fa1/0 Grp 40 Active -> Speak

Mar 1 00:18:12.878: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Active -> Speak

Mar 1 00:18:12.882: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Active -> Speak

Mar 1 00:18:12.898: HSRP: Fa1/0 API MAC address update

Mar 1 00:18:22.874: HSRP: Fa1/0 Grp 40 Speak: d/Standby timer expired (unknown)

Mar 1 00:18:22.878: HSRP: Fa1/0 Grp 40 Standby router is local

Mar 1 00:18:22.878: HSRP: Fa1/0 Grp 40 Speak -> Standby

Mar 1 00:18:22.878: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Speak -> Standby

R3# 

After receiving hello from R2 telling that it has better priority R3 switch to the “Active” state to actively participate in the election, and the result is to go back to standby state.

2- R2 upstream interface e0/0.

First we shutdown the outgoing interface on R2 and inspect the behavior of HSRP:

R2:

R2(config-if)#int e0/0

R2(config-if)#sh

R2(config-if)#

Mar 1 00:19:43.280: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (Ethernet0/0) is down: interface down

Mar 1 00:19:45.180: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down

Mar 1 00:19:46.180: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down

Mar 1 00:20:43.641: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Active -> Speak

R3:

Aug 23 14:07:35.410: %SYS-5-CONFIG_I: Configured from console by admin on console

Aug 23 14:07:54.297: HSRP: Fa1/0 Grp 40 Standby: h/Hello rcvd from lower pri Active router (40/192.168.40.2)

Aug 23 14:07:54.301: HSRP: Fa1/0 Grp 40 Starting minimum preempt delay (60 secs)

Aug 23 14:08:54.341: HSRP: Fa1/0 Grp 40 Minimum preempt delay expired

Aug 23 14:08:54.345: HSRP: Fa1/0 Grp 40 Active router is local, was 192.168.40.2

Aug 23 14:08:54.349: HSRP: Fa1/0 Grp 40 Standby router is unknown, was local

Aug 23 14:08:54.353: HSRP: Fa1/0 Grp 40 Standby -> Active

Aug 23 14:08:54.353: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Standby -> Active

Aug 23 14:08:54.357: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Standby -> Active

Aug 23 14:08:54.457: HSRP: Fa1/0 Grp 40 Active: i/Resign rcvd (40/192.168.40.2)

Aug 23 14:08:55.424: HSRP: Fa1/0 Grp 40 Standby router is 192.168.40.2

Aug 23 14:08:57.459: HSRP: Fa1/0 Grp 40 Redundancy group hsrp-Fa1/0-40 state Active -> Active

Aug 23 14:09:00.462: HSRP: Fa1/0 Grp 40 Redundancy group hsrp-Fa1/0-40 state Active -> Active

R3# 

 

R3#sh standby

FastEthernet1/0 – Group 40


State is Active

29 state changes, last state change 00:00:28

Virtual IP address is 192.168.40.1

Active virtual MAC address is 0000.0c07.ac28

Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 500 msec, hold time 1 sec

Next hello sent in 0.096 secs

Preemption enabled, delay min 60 secs

Active router is local


Standby router is 192.168.40.2, priority 40 (expires in 0.568 sec)


Priority 50 (configured 50)

IP redundancy name is “hsrp-Fa1/0-40” (default)

R3# 

 

C:\>ping -t 192.168.40.1

 

Pinging 192.168.40.1 with 32 bytes of data:

 


Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=16ms TTL=255

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Request timed out.

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=16ms TTL=255


 

Ping statistics for 192.168.40.1:

Packets: Sent = 30, Received = 29, Lost = 1 (3% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 63ms, Average = 33ms

Control-C

^C

C:\> 

Second we activate back the outgoing interface on R2 and inspect the behavior of HSRP:

R2:

R2(config-if)#int e0/0

R2(config-if)#no sh

R2(config-if)#

Mar 1 00:23:56.542: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

Mar 1 00:23:57.542: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up

Mar 1 00:23:57.834: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (Ethernet0/0) is up: new adjacency

Mar 1 00:24:55.263: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Standby -> Active

R3:

Aug 23 14:12:02.005: HSRP: Fa1/0 API arp for proto, 192.168.40.1 is active vIP

Aug 23 14:13:06.062: HSRP: Fa1/0 Grp 40 Active: j/Coup rcvd from higher pri router (100/192.168.40.2)

Aug 23 14:13:06.066: HSRP: Fa1/0 Grp 40 Active router is 192.168.40.2, was local

Aug 23 14:13:06.070: HSRP: Fa1/0 Grp 40 Standby router is unknown, was 192.168.40.2

Aug 23 14:13:06.074: HSRP: Fa1/0 Grp 40 Active -> Speak

Aug 23 14:13:06.074: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Active -> Speak

Aug 23 14:13:06.078: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Active -> Speak

Aug 23 14:13:06.086: HSRP: Fa1/0 API MAC address update

Aug 23 14:13:07.066: HSRP: Fa1/0 Grp 40 Speak: d/Standby timer expired (unknown)

Aug 23 14:13:07.066: HSRP: Fa1/0 Grp 40 Standby router is local

Aug 23 14:13:07.070: HSRP: Fa1/0 Grp 40 Speak -> Standby

Aug 23 14:13:07.074: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Speak -> Standby

R3# 

 

R3#sh standby

FastEthernet1/0 – Group 40


State is Standby

31 state changes, last state change 00:00:23

Virtual IP address is 192.168.40.1

Active virtual MAC address is 0000.0c07.ac28

Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 500 msec, hold time 1 sec

Next hello sent in 0.072 secs

Preemption enabled, delay min 60 secs


Active router is 192.168.40.2, priority 100 (expires in 0.488 sec)


Standby router is local


Priority 50 (configured 50)

IP redundancy name is “hsrp-Fa1/0-40” (default)

R3# 

Figure 4 depicts captured traffic from the LAN between the two routers which shows HSRP traffic (Hello messages) between R2 and R3.

 

Figure 4: HSRP traffic

You can note “gratuitous ARP” packets sent by the virtual router to inform the switch about IP changes.

Advertisements

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

3 Responses to HSRP (Hot Standby Routing Protocol)

  1. Hugo says:

    Hello,

    This is a great posting. I have a question though, when and why did you change the hello and holdtimes on R3?

  2. cciethebeginning says:

    Hi Hugo,
    Your are right, indeed, I manually changed the hello timer value to 500 ms and holdtime to 1 sec before test-2 with the tracked interface, I’ve done it to accelerate the process of failure detection and I didn’t mention it, thank you for the comment!

  3. Raja(Precision Infomatic) says:

    Hi,

    The explanation was very useful thankyou for this…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: