- July 22, 2015
- Posted by: Surender Kumar
- Category: Cisco Routers
Hot Standby Router Protocol
Table of Contents
Hot Standby Router Protocol (HSRP) is a Cisco proprietary layer 3 First Hop Redundancy Protocol used to provide fault tolerant default gateways.
Why HSRP?
Every network device use Default gateway to communicate with the hosts that are not in same subnet. This means when communicating to other LAN or Internet, the device will use default gateway. This makes Default gateway a critical resource. You can imagine the impact if the Router working as default gateway fails. No PC will be able talk to the PCs on different LAN or can not use internet until the default gateway comes back online. The critical nature of Default Gateway brings the concept of layer-3 redundancy protocols like HSRP and VRRP. Virtual Router Redundancy Protocol (VRRP) is just like HSRP with exception that it is open standard and it can also be used on non-Cisco routers.
HSRP Operation
At least two routers are needed for HSRP to work. HSRP group is created and it can have more than two routers sharing same virtual IP and virtual MAC address. The virtual MAC address is 0000.0c07.acxx for version 1 and 0000.0c9f.f0xx for version 2 of HSRP, where xx is the HSRP group number. One router is elected as Active and the other router(s) become Standby. The active router election is done on the basis of highest HSRP priority (default priority is 100). In case of a tie, the router with the highest configured IP address is elected. All the routers in HSRP group keep exchanging hello packets which keep informing about the state of Active member to Standby members. HSRP has a hold timer of 10 seconds which means that Standby router will assume Active router down if it does not receive any hello packet for 10 seconds. Standby router becomes Active when existing active router fails and start forwarding the traffic. Since the new Active router uses the same virtual IP and virtual MAC address, the end devices will not notice any change. This process is completely transparent to end users. A new standby router is also elected at this time if there are more than two routers in a HSRP group.
Note:- HSRP version 1 uses multicast address 224.0.0.2 while HSRP version 2 uses multicast address 224.0.0.102 to send periodic hello packets. HSRPv1 is default HSRP version on Cisco devices. By default, a hello packet is sent between the HSRP standby group devices every 3 seconds, and the standby device becomes active when a hello packet is not received for 10 seconds.
HSRP States
All routers in HSRP group go through all the states mentioned below. However, only one router remains in Active state and one router remain in Standby state. Other routers stay in listen state.
Initial – This is the state at the start. This state indicates that HSRP is not running.
Learn – The router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router still waits to hear from the active router.
Listen – The router knows the virtual IP address, but the router is neither the active router nor the standby router. It listens for hello messages from those routers.
Speak – The router sends periodic hello messages and actively participates in the election of the active and/or standby router. A router cannot enter speak state unless the router has the virtual IP address.
Standby – The router will become Active in case it does not receive hello packets from currently Active router for group. The router sends periodic hello messages.
Active – The router currently forwards packets that are sent to the group virtual MAC address. The router sends periodic hello messages.
HSRP Configuration
Consider the network as shown below:
In the network shown above, we have PC1 and PC2 configured with IP address 10.10.10.1 as default gateway. These PCs can communicate with each other without default gateway but they will use default gateway to reach Internet (8.8.8.8). Let us assume that the connectivity of these PCs to Internet is very critical and they can not expect any downtime.
You can use HSRP in this scenario. Let us configure HSRP on R1 and R2.
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int fa0/1 R1(config-if)#ip address 10.10.10.2 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#standby 1 ip 10.10.10.1 R1(config-if)# *Jul 22 11:54:59.731: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Speak -> Standby *Jul 22 11:55:00.231: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Active R1(config-if)#standby 1 priority 110 R1(config-if)#standby 1 preempt R1(config-if)#standby version 2 R1(config-if)#end R1#
Let us discuss the above commands in detail.
I have configured IP address 10.10.10.2/24 on interface connected to LAN (SW1). This IP can be any unused IP address from same subnet as LAN. Then the standby 1 ip 10.10.10.1 command is used to create an HSRP group 1 and assign the virtual IP 10.10.10.1 to group. Remember that all the HSRP group members will use same virtual IP address but different IP address at physical interface to prevent duplicate addresses. The standby 1 priority 110 command is used to increase the priority of R1 because by default all Cisco routers have priority of 100. The standby 1 preempt command is used to tell the router R1 that if you see any router with lower priority working as Active, R1 can overthrow the other router and become Active router in HSRP group. The standby version 2 is used to change the HSRP version to 2 (default is 1).
You can verify the HSRP status using show standby command.
R1#show standby FastEthernet0/1 - Group 1 (version 2) State is Active 5 state changes, last state change 00:36:12 Virtual IP address is 10.10.10.1 Active virtual MAC address is 0000.0c9f.f001 Local virtual MAC address is 0000.0c9f.f001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.068 secs Preemption enabled Active router is local Standby router is unknown Priority 110 (configured 110) IP redundancy name is "hsrp-Fa0/1-1" (default)
Did you notice Standby router is unknown? This is because we have not yet configured any other router is HSRP group 1. Now, lets go to R2 and configure it.
R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#int fa0/0 R2(config-if)#ip address 10.10.10.3 255.255.255.0 R2(config-if)#no shut R2(config-if)#standby 1 ip 10.10.10.1 R2(config-if)#standby 1 preempt R2(config-if)#standby version 2 R2(config-if)# *Jul 22 12:35:49.823: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby R2(config-if)#end R2#
Now take a look at the configuration,
R2#show standby FastEthernet0/0 - Group 1 (version 2) State is Standby 1 state change, last state change 00:03:05 Virtual IP address is 10.10.10.1 Active virtual MAC address is 0000.0c9f.f001 Local virtual MAC address is 0000.0c9f.f001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.404 secs Preemption enabled Active router is 10.10.10.2, priority 110 (expires in 9.728 sec) Standby router is local Priority 100 (default 100) IP redundancy name is "hsrp-Fa0/0-1" (default) R2#
The R2 is elected to be Standby member until R1 goes down.
HSRP Verification
Let us now verify if HSRP is working. I will go to one of PCs and run a ping to 8.8.8.8.
PC1>ping 8.8.8.8 8.8.8.8 icmp_seq=1 timeout 84 bytes from 8.8.8.8 icmp_seq=2 ttl=254 time=16.263 ms 84 bytes from 8.8.8.8 icmp_seq=3 ttl=254 time=25.240 ms 84 bytes from 8.8.8.8 icmp_seq=4 ttl=254 time=25.299 ms 84 bytes from 8.8.8.8 icmp_seq=5 ttl=254 time=15.248 ms PC1>show arp 00:00:0c:9f:f0:01 10.10.10.1 expires in 111 seconds PC1>
Notice that PC1 will see only virtual MAC and virtual IP of HSRP group instead of physical IP address configured on routers.
To verify that HSRP is actually switching the members from Standby to Active, I will run continue ping to 8.8.8.8 from PC1 and then I will shutdown the interface fa0/1 on R1 which is connected to LAN. This will stop Standby router R2 to receive hello packets from current Active member (R1). So, it will change its state to Active.
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int fa0/1 R1(config-if)#shut R1(config-if)# *Jul 22 13:29:33.655: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Active -> Init R1(config-if)#end
The HSRP state of R1 changed from Active to Init and now the Router R2 will become Active.
R2#show standby FastEthernet0/0 - Group 1 (version 2) State is Active 2 state changes, last state change 00:32:00 Virtual IP address is 10.10.10.1 Active virtual MAC address is 0000.0c9f.f001 Local virtual MAC address is 0000.0c9f.f001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.312 secs Preemption enabled Active router is local Standby router is unknown Priority 100 (default 100) IP redundancy name is "hsrp-Fa0/0-1" (default)
The PC1 will not notice any change, and it will still have connectivity to 8.8.8.8.
PC1>ping 8.8.8.8 -t 84 bytes from 8.8.8.8 icmp_seq=1 ttl=254 time=12.131 ms 84 bytes from 8.8.8.8 icmp_seq=2 ttl=254 time=11.319 ms 84 bytes from 8.8.8.8 icmp_seq=3 ttl=254 time=11.242 ms 84 bytes from 8.8.8.8 icmp_seq=4 ttl=254 time=12.234 ms 84 bytes from 8.8.8.8 icmp_seq=5 ttl=254 time=12.294 ms 84 bytes from 8.8.8.8 icmp_seq=6 ttl=254 time=13.204 ms 84 bytes from 8.8.8.8 icmp_seq=7 ttl=254 time=12.213 ms 84 bytes from 8.8.8.8 icmp_seq=8 ttl=254 time=12.180 ms 84 bytes from 8.8.8.8 icmp_seq=9 ttl=254 time=35.178 ms 8.8.8.8 icmp_seq=10 timeout 8.8.8.8 icmp_seq=11 timeout 8.8.8.8 icmp_seq=12 timeout 84 bytes from 8.8.8.8 icmp_seq=13 ttl=254 time=12.272 ms 84 bytes from 8.8.8.8 icmp_seq=14 ttl=254 time=14.120 ms 84 bytes from 8.8.8.8 icmp_seq=15 ttl=254 time=15.960 ms 84 bytes from 8.8.8.8 icmp_seq=16 ttl=254 time=11.258 ms 84 bytes from 8.8.8.8 icmp_seq=17 ttl=254 time=12.023 ms 84 bytes from 8.8.8.8 icmp_seq=18 ttl=254 time=14.258 ms 84 bytes from 8.8.8.8 icmp_seq=19 ttl=254 time=13.276 ms
PC1 lost 3 packets and again returns the connectivity to destination. You can tweak the HSRP timers so that the another router becomes Active more quickly but I would personally not recommend doing this. If you tweak the timers, you can have problems when there is link flapping.
I will now enable debugging of HSRP events on router R2 and then I will enable the interface on R1 (which I had disabled earlier to demonstrate the changeover of R2 from Standby to Active).
R2#debug standby events
HSRP Events debugging is on
R2#
R1(config)#int fa0/1 R1(config-if)#no shut R1(config-if)# *Jul 22 14:14:30.439: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Listen -> Active R1(config-if)#
Now look at the debug messages of R2 given below:
R2# *Jul 22 14:16:03.863: HSRP: Fa0/0 API arp proto filter, 0000.0c9f.f001 is active vMAC for grp 1 - filter *Jul 22 14:16:03.867: HSRP: Fa0/0 API arp proto filter, 0000.0c9f.f001 is active vMAC for grp 1 - filter *Jul 22 14:16:03.867: HSRP: Fa0/0 Grp 1 Active: j/Coup rcvd from higher pri router (110/10.10.10.2) *Jul 22 14:16:03.871: HSRP: Fa0/0 Grp 1 Active router is 10.10.10.2, was local *Jul 22 14:16:03.871: HSRP: Fa0/0 Grp 1 Active -> Speak *Jul 22 14:16:03.871: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak *Jul 22 14:16:03.875: HSRP: Fa0/0 Grp 1 Redundancy "hsrp-Fa0/0-1" state Active -> Speak *Jul 22 14:16:13.871: HSRP: Fa0/0 Grp 1 Speak: d/Standby timer expired (unknown) *Jul 22 14:16:13.871: HSRP: Fa0/0 Grp 1 Standby router is local *Jul 22 14:16:13.871: HSRP: Fa0/0 Grp 1 Speak -> Standby *Jul 22 14:16:13.871: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby R2# *Jul 22 14:16:13.875: HSRP: Fa0/0 Grp 1 Redundancy "hsrp-Fa0/0-1" state Speak -> Standby R2#
Now, the State of R2 becomes Standby because preempt command is configured on router R1 and R1 also has higher priority. So, R1 taken over R2 and forced it to become Standby.
This seems good. But what happens when the link between R1 (or R2) and Internet goes down? The Routers will still exchange HSRP hello packets and HSRP changeover will never happen but the traffic of PCs will be dropped.
The good news is that we can track the other interface on router so that if other interface goes down, the router will decrement its priority by certain number.
R1(config)#int fa0/1 R1(config-if)#standby 1 ? authentication Authentication ip Enable HSRP and set the virtual IP address mac-address Virtual MAC address name Redundancy name string preempt Overthrow lower priority Active routers priority Priority level timers Hello and hold timers track Priority tracking R1(config-if)#standby 1 track ? <1-500> Tracked object number Async Async interface BVI Bridge-Group Virtual Interface CDMA-Ix CDMA Ix interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Lex Lex interface Loopback Loopback interface MFR Multilink Frame Relay bundle interface Multilink Multilink-group interface Port-channel Ethernet Channel of interfaces Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual-PPP Virtual PPP interface Virtual-TokenRing Virtual TokenRing XTagATM Extended Tag ATM interface R1(config-if)#standby 1 track FastEthernet 0/0 ? <1-255> Decrement value <cr> R1(config-if)#standby 1 track FastEthernet 0/0 20 R1(config-if)#exit R1(config)#int fa0/0 R1(config-if)#shut R1(config-if)# *Jul 22 15:20:49.570: HSRP: Fa0/1 Grp 1 Track 1 object changed, state Up -> Down *Jul 22 15:20:49.570: HSRP: Fa0/1 Grp 1 Priority 110 -> 90
The standby 1 track FastEthernet 0/0 20 command will start tracking the status of interface, and if the interface goes down, the router will decrement the priority by 20 and this will lower the R1’s priority than that of R2. The R2 will then become Active and start forwarding traffic.
This concludes our HSRP Configuration section. In the next section we will look into Virtual Router Redundancy Protocol.
1 Comment
Comments are closed.
Excellent information. Thanks