MHSRP (Multiple HSRP) and Load Sharing


HSRP provides router redundancy by making one router active and the other one standby, the latter will be used when the active cannot afford traffic forwarding; however, this doesn’t allow optimal utilization of network infrastructure resources.

Multiple HSRP groups allow the use a router as standby for one group and active for another group and vice versa: the active router for one group will be the standby for the other group.

In this lab (Figure1) R2 an R3 are used for HSRP redundancy, both routers are connected to the switch SW (through trunk interfaces) that connects both VLAN10 (R10) and VLAN20 (R20) devices.

Using DHCP service, hosts within each VLAN learn the corresponding default gateway: 192.168.20.1 and 192.168.10.1 for VLAN10 (192.168.20.0/24) and VLAN20 (192.168.10.0/24) respectively. Depending on the size and the complexity of the network, this task require a particular attention to coordinate between DHCP administration and HSRP tasks like adding or deleting VLANs or change in virtual IP address.

This lab is structured as follow:

– HSRP CONFIGURATION

– Verification.

-TESTING

– R3 failure.

– R2 upstream interface failure.

– R2 upstream interface back from failure

Figure1 Topology:


HSRP Configuration

R2:

interface FastEthernet1/0.10
standby preempt

standby 10 ip 192.168.10.1

standby 10 timers msec 500 1

standby 10 priority 50

standby 10 preempt delay minimum 60

standby 10 track Ethernet0/0 60

interface FastEthernet1/0.20

standby preempt

standby 20 ip 192.168.20.1

standby 20 timers msec 500 1

standby 20 preempt delay minimum 60

standby 20 track Ethernet0/0 60

R3:

interface FastEthernet1/0.10
standby preempt

standby 10 ip 192.168.10.1

standby 10 timers msec 500 1

standby 10 preempt delay minimum 60

standby 10 track Ethernet0/0 60

interface FastEthernet1/0.20

standby preempt

standby 20 ip 192.168.20.1

standby 20 timers msec 500 1

standby 20 priority 50

standby 20 preempt delay minimum 60

standby 20 track Ethernet0/0 60

R2 will be the active gateway for VLAN 20 (default priority=100) and the standby gateway for VLAN 10 (configured priority of 50).

R3 will be the active gateway for VLAN 10 (default priority=100) and the standby gateway for VLAN 20 (configured priority of 50).

For both VLANs preempt timer is set to 60 sec to give the switch (distribution/access layer) the time for STP convergence, so the layer2 path will match layer3 path.

HSRP Hello polling time is set to 500 ms and the holdtime to 1sec

Verification:

R2:

R2#sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 50 P Standby
192.168.10.3
local
192.168.10.1

Fa1/0.20 20 100 P Active
local
192.168.20.3
192.168.20.1

R2#

R3:

R3(config)#do sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 100 P Active
local
192.168.10.2
192.168.10.1

Fa1/0.20 20 50 P Standby
192.168.20.2
local
192.168.20.1

R3(config)#

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.3 32 msec 28 msec

2 192.168.13.1 88 msec 104 msec 112 msec

3 10.10.10.1 120 msec 120 msec

R10#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 1 cc01.1744.0010 ARPA FastEthernet0/0

Internet 192.168.10.1 1 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0

R10#

VLAN10 traffic takes the path through R3 as transparently decided by HSRP.

R20:

R20#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.2 64 msec 44 msec

2 192.168.12.1 136 msec 56 msec 44 msec

3 10.10.10.1 164 msec 52 msec

R20#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 0 0000.0c07.ac14 ARPA FastEthernet0/0

Internet 192.168.20.3 0 cc02.1084.0010 ARPA FastEthernet0/0

R20#

VLAN20 traffic takes the path through R2 as transparently decided by HSRP.

Figure2: the logical topology as seen by clients

TESTING

R3 failure

The first test is to shutdown R3 router and enable “debug standby events”

R2:

Aug 26 03:51:34.808: %SYS-5-CONFIG_I: Configured from console by admin on console
Aug 26 03:51:46.944: HSRP: Fa1/0.20 Grp 20 Standby router is unknown, was 192.168.20.3

Aug 26 03:51:46.948: HSRP: Fa1/0.10 Grp 10 Standby: c/Active timer expired (192.168.10.3)

Aug 26 03:51:46.952: HSRP: Fa1/0.10 Grp 10 Active router is local, was 192.168.10.3

Aug 26 03:51:46.952: HSRP: Fa1/0.10 Grp 10 Standby router is unknown, was local

Aug 26 03:51:46.956: HSRP: Fa1/0.10 Grp 10 Standby -> Active

Aug 26 03:51:46.960: %HSRP-6-STATECHANGE: FastEthernet1/0.10 Grp 10 state Standby -> Active

Aug 26 03:51:46.964: HSRP: Fa1/0.10 Grp 10 Redundancy “hsrp-Fa1/0.10-10” state Standby -> Active

Aug 26 03:51:49.972: HSRP: Fa1/0.10 Grp 10 Redundancy group hsrp-Fa1/0.10-10 state Active -> Active

Aug 26 03:51:52.976: HSRP: Fa1/0.10 Grp 10 Redundancy group hsrp-Fa1/0.10-10 state Active -> Active

After 1 second (holdtime timer expired) R2 consider R3 down and become the Active router for VLAN10.

R2#sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 50 P Active
local
unknown
192.168.10.1

Fa1/0.20 20 100 P Active local unknown 192.168.20.1

R2#

Because the only router available in the HSRP group 10 is R2 the local, there is no “standby” router.

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.2 84 msec 28 msec 24 msec


2 192.168.12.1 124 msec 48 msec *

3 10.10.10.1 156 msec 116 msec 80 msec

R10#

R10#

R10#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 10 cc01.1744.0010 ARPA FastEthernet0/0

Internet 192.168.10.1 4 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0

R10#

Though, the virtual IP and MAC are the same from the client standpoint, the path taken has transparently changed, now it is forwarded through R2.

R20:

R20#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.2 96 msec 60 msec 60 msec

2 192.168.12.1 120 msec 96 msec 144 msec

3 10.10.10.1 92 msec 120 msec 116 msec

R20#

R20#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 6 0000.0c07.ac14 ARPA FastEthernet0/0

Internet 192.168.20.3 5 cc02.1084.0010 ARPA FastEthernet0/0

R20#

Nothing has changed for VLAN20 where it is still forwarded through the active gateway R2.

R3 back from failure

Now R3 is back to live and because preempt is configured it will try to get back its status of “Active” and send hello message to the actual active router with its priority.

R2:

Aug 26 04:01:39.688: HSRP: Fa1/0.10 Grp 10 Standby router is 192.168.10.3
Aug 26 04:01:39.700: HSRP: Fa1/0.20 Grp 20 Standby router is 192.168.20.3

Aug 26 04:02:38.183: HSRP: Fa1/0.10 Grp 10 Active: j/Coup rcvd from higher pri router (100/192.168.10.3)

Aug 26 04:02:38.187: HSRP: Fa1/0.10 Grp 10 Active router is 192.168.10.3, was local

Aug 26 04:02:38.191: HSRP: Fa1/0.10 Grp 10 Standby router is unknown, was 192.168.10.3

Aug 26 04:02:38.191: HSRP: Fa1/0.10 Grp 10 Active -> Speak

Aug 26 04:02:38.191: %HSRP-6-STATECHANGE: FastEthernet1/0.10 Grp 10 state Active -> Speak

Aug 26 04:02:38.191: HSRP: Fa1/0.10 Grp 10 Redundancy “hsrp-Fa1/0.10-10” state Active -> Speak

Aug 26 04:02:38.207: HSRP: Fa1/0.10 API MAC address update

Aug 26 04:02:38.207: HSRP: Fa1/0.20 API MAC address update

Aug 26 04:02:39.187: HSRP: Fa1/0.10 Grp 10 Speak: d/Standby timer expired (unknown)

Aug 26 04:02:39.187: HSRP: Fa1/0.10 Grp 10 Standby router is local

Aug 26 04:02:39.191: HSRP: Fa1/0.10 Grp 10 Speak -> Standby

Aug 26 04:02:39.195: HSRP: Fa1/0.10 Grp 10 Redundancy “hsrp-Fa1/0.10-10” state Speak -> Standby

R2#

R2#sh stand brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 50 P Standby
192.168.10.3
local
192.168.10.1

Fa1/0.20 20 100 P Active local 192.168.20.3 192.168.20.1

R2#

After preempt timer expiration, R3 took back the active role by winning the election with its priority of 100 as against 50 for R2.

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.3 48 msec 12 msec

2 192.168.13.1 104 msec 104 msec 128 msec

3 10.10.10.1 168 msec 56 msec 96 msec

R10#

Now VLAN traffic is back to his initial path through R3.

R2 upstream interface failure:

In this a failure of R2 upstream interface f0/0 is simulated by shutting it down.

R2:

R2(config-if)#do sh stand brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 0 P Standby 192.168.10.3 local 192.168.10.1

Fa1/0.20 20 40 P Standby
192.168.20.3
local 192.168.20.1

R2(config-if)#

After the “penality” given to R2 (priority-60) the standby router will win the election with its priority 50 and become active for VLAN20 too.

R3:

R3#sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 100 P Active
local
192.168.10.2 192.168.10.1

Fa1/0.20 20 50 P Active
local
192.168.20.2 192.168.20.1

R3#

R3 now the gateway for both VLAN10 and VLAN20.

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.3 80 msec 36 msec 32 msec

2 192.168.13.1 104 msec 40 msec 108 msec

3 10.10.10.1 184 msec 104 msec 112 msec

R10#

R10#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.1 2 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0

R10#

Note the difference between the two consecutive outputs of “trace route” command, in the first, the switch SW did not updated its ARP table and still forward VLAN 10 traffic to R2 and only the routing table is redirecting it to R3. In the second output the switch has received “Gratuitous ARP” carrying the new ARP information, so to forward VLAN 10 traffic directly to the new gateway R3.

R20:

R20#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 *

192.168.20.3 48 msec 28 msec

2 192.168.13.1 60 msec 88 msec 92 msec

3 10.10.10.1 92 msec 100 msec 124 msec

R20#

R20#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 2 0000.0c07.ac14 ARPA FastEthernet0/0

Internet 192.168.20.3 0 cc02.1084.0010 ARPA FastEthernet0/0

R20#

VLAN20 takes its usual path through R3.

R2 upstream interface back from failure:

R2 f0/0 is now back to live.

R2:

R2(config-if)#do sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 50 P Standby
192.168.10.3
local 192.168.10.1

Fa1/0.20 20 100 P Active
local
192.168.20.3 192.168.20.1

R2(config-if)#

R2 is again the active gateway for VLAN 20

R3:

R3#sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 100 P Active local
192.168.10.2 192.168.10.1

Fa1/0.20 20 50 P Standby
192.168.20.2
local 192.168.20.1

R3#

R3 is back to the standby state for VLAN 20

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.3 64 msec 44 msec 48 msec

2 192.168.13.1 200 msec 88 msec 96 msec

3 10.10.10.1 140 msec 92 msec 104 msec

R10#

R10#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 42 cc01.1744.0010 ARPA FastEthernet0/0

Internet 192.168.10.3 20 cc02.1084.0010 ARPA FastEthernet0/0

Internet 192.168.10.1 2 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0

R10#

No changes in the VLAN 10 path.

R20:

R20#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.2 128 msec 88 msec 20 msec

2 192.168.12.1 40 msec 60 msec 96 msec

3 10.10.10.1 56 msec 120 msec 108 msec

R20#

VLAN20 is now taking the initial path through R2

R20#sh arpProtocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 4 0000.0c07.ac14 ARPA FastEthernet0/0

Internet 192.168.20.3 13 cc02.1084.0010 ARPA FastEthernet0/0

R20#

Note that from the first time HSRP has been configured and throughout all undertaken tests the gateway IP address and the MAC are the same in all VLAN client nodes, independently of who is the active or the standby router.

Gateway virtual IP 192.168.20.1

Gateway virtual MAC 0000.0c07.ac14

***

HSRP can also be deployed on Layer3 switches Virtual (SVI) or routed interfaces, for instance R3 can easily be replaced by a layer3 switch as depicted by figure2:

Figure2: using Layer3 SVI and routed interfaces

And the configuration would be as follow:

MLS:

interface FastEthernet0/1
no switchport

ip address 192.168.13.3 255.255.255.0

!

interface FastEthernet0/3

switchport trunk allowed all

switchport mode trunk

no ip address

!

interface Vlan10

ip address 192.168.10.3 255.255.255.0

standby 10 ip 192.168.10.1

standby 10 timers msec 500 1

standby 10 preempt delay minimum 60

!

interface Vlan20

ip address 192.168.20.3 255.255.255.0

standby preempt

standby 20 ip 192.168.20.1

standby 20 timers msec 500 1

standby 20 priority 50

standby 20 preempt delay minimum 60

In fact, multiple HSRP doesn’t provide a perfect load balancing, it will depend on the bandwidth produced by each VLANs, rather it provides a separate VLAN-based redundancy.

Advertisements

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

6 Responses to MHSRP (Multiple HSRP) and Load Sharing

  1. Nestor Bautista says:

    Very good, but would like to know how to configure DHCP server relay feature. Which is better to use “ip dhcp server ” or “ip dhcp server “.
    Thank you.

  2. Hemant says:

    Hi,

    Is this MHSRP implementation ? I think not may be I am wrong but you should also check once again.MHSRP is when you use multiple group under same interface.

    http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13781-7.html

  3. ANony says:

    ip helper-address command can be used for dhcp server configuration.
    All the requests of the particular vlan will pick up the ip address from the Vlan which is configured in DHCP server..

  4. Isaac says:

    All this is very nice and works very well BUT – when host on vlan 20 try to contact host on vlan 10 and you have enabled firewalling on your router then you have an issue. Router 1 will always send trafic to his own link while the host on vlan 10 will send to MLS router and you will have an asymetric routing issue.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: