Wednesday, December 23, 2009

Layer 3 Redundancy

Specifying a default gateway leads to a single point of failure. Proxy Address Resolution Protocol (ARP) is one method for hosts to dynamically discover gateways, but it has issues in a highly-available environment. With Proxy ARP:
  • Hosts ARP for all destinations, even remote.
  • Router responds with its MAC.
  • Problem: Slow failover because ARP entries take minutes to timeout.
Instead of making the host responsible for choosing a new gateway, Layer 3 redundancy protocols allow two or more routers to support a shared MAC address. If the primary router is lost, the backup router assumes control of traffic forwarded to that MAC. This section refers to routers, but includes those Layer 3 switches that can also implement Layer 3 redundancy.


Hot Standby Router Protocol (HSRP)

HSRP is a Cisco proprietary protocol.

With HSRP, two or more devices support a virtual router with a fictitious MAC address and unique IP address. Hosts use this IP address as their default gateway, and the MAC address for the Layer 2 header. The virtual router’s MAC address is 0000.0c07.ACxx, where xx is the HSRP group. Multiple groups (virtual routers) are allowed.

The Active router forwards traffic. The Standby is backup. The standby monitors periodic hellos (multicast to 224.0.0.2, UDP port 1985) to detect a failure of the active router. On failure, the standby device starts answering messages sent to the IP and MAC addresses of the virtual router.

The active router is chosen because it has the highest HSRP priority (default priority is 100). In case of a tie, the router with the highest configured IP address wins the election. A new router with a higher priority does not cause an election unless it is configured to preempt— that is, take over from a lower priority router. Configuring a router to preempt also insures that the highest priority router regains its active status if it goes down but then comes back online again.

Interface tracking reduces the active router’s priority if a specified circuit is down. This allows the standby router to take over even though the active router is still up.


HSRP States

HSRP devices move between these states:
  • Initial—HSRP is not running.
  • Learn—The router does not know the virtual IP address and is waiting to hear from the active router.
  • Listen—The router knows the IP and MAC of the virtual router, but it is not the active or standby router.
  • Speak—Router sends periodic HSRP hellos and participates in the election of the active router.
  • Standby—Router monitors hellos from active router and assumes responsibility if active router fails.
  • Active—Router forwards packets on behalf of the virtual router.

Configuring HSRP

To begin configuring HSRP, use the standby group-number ip virtual-IP-address command in interface configuration mode. Routers in the same HSRP group must belong to the same subnet/virtual LAN (VLAN.) Give this command under the interface connecting to that subnet or VLAN. For instance, use the following to configure the router as a member of HSRP group 39 with virtual router IP address 10.0.0.1:


Tune HSRP with four options: Priority, Preempt, Timers, and Interface Tracking.

Manually select the active router by configuring its priority higher than the default of 100:

Along with configuring priority, configure preempt to allow a router to take over if the active router has lower priority, as shown in the following commands. This helps lead to a predictable data path through the network. The second command shown delays preemption until the router or switch has fully booted, and the routing protocol has converged. Time how long it takes to boot and add 50 percent to get the delay value in seconds:


Speed convergence by changing the hello and hold timers. The following sets the hello interval to 2 seconds and the hold time to 7 seconds. They can be set between 1–255 seconds (the default hello is 3 seconds and hold time is 10 seconds):

Tracking an interface can trigger an election if the active router is still up, but a critical interface (such as the one to the Internet) is down. In the following, if serial 1/0/0 is down, the router’s HSRP priority is decremented by 100:

Multiple HSRP standby groups can be configured, and the same router can be active for some groups and standby for others by adjusting priorities. You can have a maximum of 255 groups. When using Layer 3 switches, configure the same switch as the primary HSRP router and the Spanning Tree root.

To view the HSRP status, use the show standby interface interface command, or show standby brief. To monitor HSRP activity, use the debug standby command.

1 comment:

  1. The Registration plate shall bear nine characters, laser branded into the reflective sheeting and would act as a permanent consecutive identification number. The hot stamping film shall bear a verification inscription.

    ReplyDelete