MHSRP (Multiple HSRP) and Load Sharing
August 27, 2008 7 Comments
HSRP provides router redundancy by making one router active and the other one standby, the latter will be used when the active cannot afford traffic forwarding; however, this doesn’t allow optimal utilization of network infrastructure resources.
Multiple HSRP groups allow the use a router as standby for one group and active for another group and vice versa: the active router for one group will be the standby for the other group.
In this lab (Figure1) R2 an R3 are used for HSRP redundancy, both routers are connected to the switch SW (through trunk interfaces) that connects both VLAN10 (R10) and VLAN20 (R20) devices.
Using DHCP service, hosts within each VLAN learn the corresponding default gateway: 192.168.20.1 and 192.168.10.1 for VLAN10 (192.168.20.0/24) and VLAN20 (192.168.10.0/24) respectively. Depending on the size and the complexity of the network, this task require a particular attention to coordinate between DHCP administration and HSRP tasks like adding or deleting VLANs or change in virtual IP address.
This lab is structured as follow:
– HSRP CONFIGURATION
– Verification.
-TESTING
– R3 failure.
– R2 upstream interface failure.
– R2 upstream interface back from failure
Figure1 Topology:
HSRP Configuration
R2:
interface FastEthernet1/0.10 standby preempt standby 10 ip 192.168.10.1 standby 10 timers msec 500 1 standby 10 priority 50 standby 10 preempt delay minimum 60 standby 10 track Ethernet0/0 60 interface FastEthernet1/0.20 standby preempt standby 20 ip 192.168.20.1 standby 20 timers msec 500 1 standby 20 preempt delay minimum 60 standby 20 track Ethernet0/0 60 |
R3:
interface FastEthernet1/0.10 standby preempt standby 10 ip 192.168.10.1 standby 10 timers msec 500 1 standby 10 preempt delay minimum 60 standby 10 track Ethernet0/0 60 interface FastEthernet1/0.20 standby preempt standby 20 ip 192.168.20.1 standby 20 timers msec 500 1 standby 20 priority 50 standby 20 preempt delay minimum 60 standby 20 track Ethernet0/0 60 |
R2 will be the active gateway for VLAN 20 (default priority=100) and the standby gateway for VLAN 10 (configured priority of 50).
R3 will be the active gateway for VLAN 10 (default priority=100) and the standby gateway for VLAN 20 (configured priority of 50).
For both VLANs preempt timer is set to 60 sec to give the switch (distribution/access layer) the time for STP convergence, so the layer2 path will match layer3 path.
HSRP Hello polling time is set to 500 ms and the holdtime to 1sec
Verification:
R2:
R2#sh standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa1/0.10 10 50 P Standby Fa1/0.20 20 100 P Active R2# |
R3:
R3(config)#do sh standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa1/0.10 10 100 P Active Fa1/0.20 20 50 P Standby R3(config)# |
R10:
R10#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1 1 192.168.10.3 32 msec 28 msec 2 192.168.13.1 88 msec 104 msec 112 msec 3 10.10.10.1 120 msec 120 msec R10#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.2 1 cc01.1744.0010 ARPA FastEthernet0/0 Internet 192.168.10.1 1 0000.0c07.ac0a ARPA FastEthernet0/0 Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0 R10# |
VLAN10 traffic takes the path through R3 as transparently decided by HSRP.
R20:
R20#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1 1 192.168.20.2 64 msec 44 msec 2 192.168.12.1 136 msec 56 msec 44 msec 3 10.10.10.1 164 msec 52 msec R20#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0 Internet 192.168.20.1 0 0000.0c07.ac14 ARPA FastEthernet0/0 Internet 192.168.20.3 0 cc02.1084.0010 ARPA FastEthernet0/0 R20# |
VLAN20 traffic takes the path through R2 as transparently decided by HSRP.
Figure2: the logical topology as seen by clients
TESTING
R3 failure
The first test is to shutdown R3 router and enable “debug standby events”
R2:
Aug 26 03:51:34.808: %SYS-5-CONFIG_I: Configured from console by admin on console Aug 26 03:51:46.944: HSRP: Fa1/0.20 Grp 20 Standby router is unknown, was 192.168.20.3 Aug 26 03:51:46.948: HSRP: Fa1/0.10 Grp 10 Standby: c/Active timer expired (192.168.10.3) Aug 26 03:51:46.952: HSRP: Fa1/0.10 Grp 10 Active router is local, was 192.168.10.3 Aug 26 03:51:46.952: HSRP: Fa1/0.10 Grp 10 Standby router is unknown, was local Aug 26 03:51:46.956: HSRP: Fa1/0.10 Grp 10 Standby -> Active Aug 26 03:51:46.960: %HSRP-6-STATECHANGE: FastEthernet1/0.10 Grp 10 state Standby -> Active Aug 26 03:51:46.964: HSRP: Fa1/0.10 Grp 10 Redundancy “hsrp-Fa1/0.10-10” state Standby -> Active Aug 26 03:51:49.972: HSRP: Fa1/0.10 Grp 10 Redundancy group hsrp-Fa1/0.10-10 state Active -> Active Aug 26 03:51:52.976: HSRP: Fa1/0.10 Grp 10 Redundancy group hsrp-Fa1/0.10-10 state Active -> Active |
After 1 second (holdtime timer expired) R2 consider R3 down and become the Active router for VLAN10.
R2#sh standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa1/0.10 10 50 P Active Fa1/0.20 20 100 P Active local unknown 192.168.20.1 R2# |
Because the only router available in the HSRP group 10 is R2 the local, there is no “standby” router.
R10:
R10#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1 1 192.168.10.2 84 msec 28 msec 24 msec
3 10.10.10.1 156 msec 116 msec 80 msec R10# R10# R10#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.2 10 cc01.1744.0010 ARPA FastEthernet0/0 Internet 192.168.10.1 4 0000.0c07.ac0a ARPA FastEthernet0/0 Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0 R10# |
Though, the virtual IP and MAC are the same from the client standpoint, the path taken has transparently changed, now it is forwarded through R2.
R20:
R20#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1 1 192.168.20.2 96 msec 60 msec 60 msec 2 192.168.12.1 120 msec 96 msec 144 msec 3 10.10.10.1 92 msec 120 msec 116 msec R20# R20#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0 Internet 192.168.20.1 6 0000.0c07.ac14 ARPA FastEthernet0/0 Internet 192.168.20.3 5 cc02.1084.0010 ARPA FastEthernet0/0 R20# |
Nothing has changed for VLAN20 where it is still forwarded through the active gateway R2.
R3 back from failure
Now R3 is back to live and because preempt is configured it will try to get back its status of “Active” and send hello message to the actual active router with its priority.
R2:
Aug 26 04:01:39.688: HSRP: Fa1/0.10 Grp 10 Standby router is 192.168.10.3 Aug 26 04:01:39.700: HSRP: Fa1/0.20 Grp 20 Standby router is 192.168.20.3 Aug 26 04:02:38.183: HSRP: Fa1/0.10 Grp 10 Active: j/Coup rcvd from higher pri router (100/192.168.10.3) Aug 26 04:02:38.187: HSRP: Fa1/0.10 Grp 10 Active router is 192.168.10.3, was local Aug 26 04:02:38.191: HSRP: Fa1/0.10 Grp 10 Standby router is unknown, was 192.168.10.3 Aug 26 04:02:38.191: HSRP: Fa1/0.10 Grp 10 Active -> Speak Aug 26 04:02:38.191: %HSRP-6-STATECHANGE: FastEthernet1/0.10 Grp 10 state Active -> Speak Aug 26 04:02:38.191: HSRP: Fa1/0.10 Grp 10 Redundancy “hsrp-Fa1/0.10-10” state Active -> Speak Aug 26 04:02:38.207: HSRP: Fa1/0.10 API MAC address update Aug 26 04:02:38.207: HSRP: Fa1/0.20 API MAC address update Aug 26 04:02:39.187: HSRP: Fa1/0.10 Grp 10 Speak: d/Standby timer expired (unknown) Aug 26 04:02:39.187: HSRP: Fa1/0.10 Grp 10 Standby router is local Aug 26 04:02:39.191: HSRP: Fa1/0.10 Grp 10 Speak -> Standby Aug 26 04:02:39.195: HSRP: Fa1/0.10 Grp 10 Redundancy “hsrp-Fa1/0.10-10” state Speak -> Standby |
R2#
R2#sh stand brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa1/0.10 10 50 P Standby Fa1/0.20 20 100 P Active local 192.168.20.3 192.168.20.1 R2# |
After preempt timer expiration, R3 took back the active role by winning the election with its priority of 100 as against 50 for R2.
R10:
R10#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1 1 192.168.10.3 48 msec 12 msec 2 192.168.13.1 104 msec 104 msec 128 msec 3 10.10.10.1 168 msec 56 msec 96 msec R10# |
Now VLAN traffic is back to his initial path through R3.
R2 upstream interface failure:
In this a failure of R2 upstream interface f0/0 is simulated by shutting it down.
R2:
R2(config-if)#do sh stand brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa1/0.10 10 0 P Standby 192.168.10.3 local 192.168.10.1 Fa1/0.20 20 40 P Standby R2(config-if)# |
After the “penality” given to R2 (priority-60) the standby router will win the election with its priority 50 and become active for VLAN20 too.
R3:
R3#sh standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa1/0.10 10 100 P Active Fa1/0.20 20 50 P Active R3# |
R3 now the gateway for both VLAN10 and VLAN20.
R10:
R10#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1 1 192.168.10.3 80 msec 36 msec 32 msec 2 192.168.13.1 104 msec 40 msec 108 msec 3 10.10.10.1 184 msec 104 msec 112 msec R10# R10#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.1 2 0000.0c07.ac0a ARPA FastEthernet0/0 Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0 R10# |
Note the difference between the two consecutive outputs of “trace route” command, in the first, the switch SW did not updated its ARP table and still forward VLAN 10 traffic to R2 and only the routing table is redirecting it to R3. In the second output the switch has received “Gratuitous ARP” carrying the new ARP information, so to forward VLAN 10 traffic directly to the new gateway R3.
R20:
R20#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1 1 * 192.168.20.3 48 msec 28 msec 2 192.168.13.1 60 msec 88 msec 92 msec 3 10.10.10.1 92 msec 100 msec 124 msec R20# R20#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0 Internet 192.168.20.1 2 0000.0c07.ac14 ARPA FastEthernet0/0 Internet 192.168.20.3 0 cc02.1084.0010 ARPA FastEthernet0/0 R20# |
VLAN20 takes its usual path through R3.
R2 upstream interface back from failure:
R2 f0/0 is now back to live.
R2:
R2(config-if)#do sh standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa1/0.10 10 50 P Standby Fa1/0.20 20 100 P Active R2(config-if)# |
R2 is again the active gateway for VLAN 20
R3:
R3#sh standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa1/0.10 10 100 P Active local Fa1/0.20 20 50 P Standby R3# |
R3 is back to the standby state for VLAN 20
R10:
R10#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1 1 192.168.10.3 64 msec 44 msec 48 msec 2 192.168.13.1 200 msec 88 msec 96 msec 3 10.10.10.1 140 msec 92 msec 104 msec R10# R10#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.2 42 cc01.1744.0010 ARPA FastEthernet0/0 Internet 192.168.10.3 20 cc02.1084.0010 ARPA FastEthernet0/0 Internet 192.168.10.1 2 0000.0c07.ac0a ARPA FastEthernet0/0 Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0 R10# |
No changes in the VLAN 10 path.
R20:
R20#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1 1 192.168.20.2 128 msec 88 msec 20 msec 2 192.168.12.1 40 msec 60 msec 96 msec 3 10.10.10.1 56 msec 120 msec 108 msec R20# |
VLAN20 is now taking the initial path through R2
R20#sh arpProtocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0 Internet 192.168.20.1 4 0000.0c07.ac14 ARPA FastEthernet0/0 Internet 192.168.20.3 13 cc02.1084.0010 ARPA FastEthernet0/0 R20# |
Note that from the first time HSRP has been configured and throughout all undertaken tests the gateway IP address and the MAC are the same in all VLAN client nodes, independently of who is the active or the standby router.
Gateway virtual IP 192.168.20.1
Gateway virtual MAC 0000.0c07.ac14
***
HSRP can also be deployed on Layer3 switches Virtual (SVI) or routed interfaces, for instance R3 can easily be replaced by a layer3 switch as depicted by figure2:
Figure2: using Layer3 SVI and routed interfaces
And the configuration would be as follow:
MLS:
interface FastEthernet0/1 no switchport ip address 192.168.13.3 255.255.255.0 ! interface FastEthernet0/3 switchport trunk allowed all switchport mode trunk no ip address ! interface Vlan10 ip address 192.168.10.3 255.255.255.0 standby 10 ip 192.168.10.1 standby 10 timers msec 500 1 standby 10 preempt delay minimum 60 ! interface Vlan20 ip address 192.168.20.3 255.255.255.0 standby preempt standby 20 ip 192.168.20.1 standby 20 timers msec 500 1 standby 20 priority 50 standby 20 preempt delay minimum 60 |
In fact, multiple HSRP doesn’t provide a perfect load balancing, it will depend on the bandwidth produced by each VLANs, rather it provides a separate VLAN-based redundancy. |
Very good, but would like to know how to configure DHCP server relay feature. Which is better to use “ip dhcp server ” or “ip dhcp server “.
Thank you.
Hi Nestor, sorry for the late reply. Can you rephrase your question please. Is it about dhcp server/relay?
GTH!
Hi,
Is this MHSRP implementation ? I think not may be I am wrong but you should also check once again.MHSRP is when you use multiple group under same interface.
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13781-7.html
ip helper-address command can be used for dhcp server configuration.
All the requests of the particular vlan will pick up the ip address from the Vlan which is configured in DHCP server..
All this is very nice and works very well BUT – when host on vlan 20 try to contact host on vlan 10 and you have enabled firewalling on your router then you have an issue. Router 1 will always send trafic to his own link while the host on vlan 10 will send to MLS router and you will have an asymetric routing issue.
Is it possible to configure 2 HSRP groups for a same VLAN/Interface?
Int Gig 0/1
Ip address 10.10.10.1/24
Standby 11 ip 10.10.10.11 ———–>same VLAN/Interface with different HSRP groups
Standby 22 ip 10.10.10.22
To get a possible output as below
#sh standby bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/0/1 11 100 P Standby 10.10.10.1 local 10.10.10.11
Gi0/0/1 22 100 P Standby 10.10.10.1 local 10.10.10.22
This is to explore possibility of creating two ECMP default route on the downstream device. Is there any known issue with approach?