In the technical world, we often use several words to describe a particular feature; for example, words like Redundancy, Fault-tolerance, and High-availability, all refer to some sort of failover of backup. Although these words could mean different things (we often use them interchangeably), we are not concerned with the definitions for this article. In this article, we will be highlighting and configuring Cisco technologies that provide “back-up” or “standby” features. There are several such technologies but we will only focus on three (3): Hot Standby Router Protocol (HSRP), Service Level Agreements (SLA) monitor, and Server Load Balancing (SLB).
Hot Standby Router Protocol (HSRP)
HSRP is a Cisco proprietary protocol for establishing a fault-tolerant default gateway. It works in an Active-Standby configuration (i.e. HSRP is not meant for load balancing) such that the standby device can take over when the active device becomes unavailable. So why would we need HSRP? Let’s look at the IP configuration of my laptop as an example.
Notice that I have a default gateway that I can use to reach other devices that are not in my subnet. It means if I want to connect to 192.168.2.10 for example, since that IP address is outside my subnet (192.168.0.0/24), I will forward the traffic to my default gateway who will handle the request on my behalf.
Now what happens when there are two devices that are acting as default gateways on the network to which I am connected? The point of having two of such devices could be to provide redundancy or load balancing. Since my end device can have only one default gateway set, it means that if the one that is currently set becomes unavailable, then, I’d have to manually change my default gateway to the second one. Let’s see this in action.
I have set up the connectivity on the network above and I can ping the 184.108.40.206/32 IP address from both ISP routers as shown below.
I have also set up the laptop to use ISP-A Router as its gateway to reach the 220.127.116.11/32 network so I can ping and get a reply.
Now, I will run a continuous ping from the laptop to that IP address and then shut down the ISP-A Router interface connecting to the LAN (i.e. 192.168.5.0/24). Since the gateway to reach that address will be down, the ping will fail after I have shut it down.
The request started timing out after I shut down that interface. I will change the gateway to ISP-B Router’s IP address now and we will see what happens.
As you can see from the above, it timed out until I made the changes. This is the challenge we have with redundancy on a network such as this. Redundancy will not really be beneficial if it still involves some manual process. Imagine if this change had to be done on 500 systems on the entire network. You wouldn’t want to be the administrator of a network such as that. (Note that we may not have this challenge on devices such as routers and switches that can run dynamic routing protocols where a failed link can be detected automatically.)
This is where protocols like HSRP come to our rescue. HSRP provides a virtual IP address that can be used to represent a group of routers. This virtual IP address is what is specified as the (default) gateway on the end devices. In our example above, instead of using either 192.168.5.10 (ISP-A) or 192.168.5.20 (ISP-B) as the gateway to 18.104.22.168/32, we can use a virtual IP address of 192.168.5.15. Traffic to this virtual IP address is sent to the active HSRP router. The standby router(s) does not receive traffic for that HSRP group until they become active.
Configuring HSRP using Default Settings
We will see how HSRP works between routers later, but for now, let’s do the basic configuration which involves setting the virtual IP address. This is done using the standby ip <ip address> interface level command. This is the only command required to enable HSRP even though there are other options like HSRP group, priority, pre-emption, and authentication. If you don’t specify a group, the default HSRP group is ‘0’.
Little trick: When configuring HSRP, the default priority is 100 (as we will see shortly). When the default is used, the router with the highest IP address will be selected as the active router. In our scenario, 192.168.5.20 (ISP-B) is higher than 192.168.5.10 (ISP-A); so when I turned HSRP on, ISP-B Router became the active router even though that’s not what I wanted. To make ISP-A Router the active router without altering the priority, I removed the HSRP configuration in ISP-B and then configured HSRP on the ISP-A Router and made sure it became active first before putting the HSRP configuration back on ISP-B.
The messages below appear on the console of the routers:
We will look at the HSRP configurations shortly but let’s see what happens when we ping from the laptop to 22.214.171.124/32. (If you are configuring along, remember to change your default gateway or gateway for 126.96.36.199/32 to point to the just configured IP address of 192.168.5.15).
Another trick: I figure I’d tell you what I’m doing behind the scenes. Since I’m using a virtual network adapter for this configuration, I don’t want to alter my main network adapter that connects me to the Internet. In this case, I can manually add network routes to my computer using the route add command on a Windows system. Just remember to remove them when done using route delete.
From the above, I have set the gateway for 188.8.131.52/32 to use the virtual IP address. So I will run my endless ping again, and somewhere in between I will shut down the interface Fa0/0 of ISP-A Router and we will see what happens.
I will show you all that happened on the routers in a moment. Before that, I want to explain the figure above. I ran a ping to the 184.108.40.206/32 IP address and as you can see, there were replies. Even though the laptop thinks it is sending the traffic through 192.168.5.15, it is actually sending the traffic to the active HSRP router (ISP-A in our case). After some time, there was a ‘Request timed out’ message. That was when I shut down the interface of ISP-A. However, a very short while later, I began to get replies again.
Now, let’s see how it happened.
There are 6 states of HSRP: Initial, Learn, Listen, Speak, Standby, and Active. Once I shut down the interface, the HSRP state went from Active to Init. It means it lost its Active state. Let’s go over to ISP-B Router and see what happened.
ISP-B Router immediately changed from being the standby router to the active router. It means all traffic sent to the virtual IP address 192.168.5.15 was now in fact being sent to 192.168.5.20.
That’s all cool and stuff but how does it really work? We know that on networks, everything is down to MAC addresses (after bits 0 and 1 of course). HSRP does not only assign a virtual IP address – it also uses a virtual MAC address. This is the reason nothing has to change on the end devices because irrespective of which router is the active, the MAC address remains the same. We can view the ARP table on the laptop.
192.168.5.10 is the IP address of ISP-A Router and it has a MAC address of CC00.2728.0000 while ISP-B Router, which has an IP address of 192.168.5.20, has a MAC address of CC01.2728.0000. Now notice the MAC address of the virtual IP address: 0000.0C07.AC00. The format of the HSRP MAC address is 0000.0C07.ACxy where xy is the HSRP group number in hexadecimal. Since our HSRP group is 0 (default), the value is 00. This means that you can have group numbers between 0 (00) and 255 (FF). However, this is only applicable for HSRP version 1. In version 2, you can have group numbers between 0 and 4095. Consequently, HSRP version 2 using a new MAC address range of 0000.0C9F.F000 to 0000.0C9F.FFFF.
How did ISP-B Router know to become the active router? HSRP routers communicate by multicast of UDP-based hello messages. When the standby router does not receive hello messages from the active router for a certain period, it assumes the router has failed and it transitions to active state (no coup here). HSRP uses port number 1985 and packets are sent to multicast address 220.127.116.11 (All routers).
Default HSRP Parameters
Now that we have seen how HSRP works, let’s view the default parameters and options for HSRP using the show standby command.
First we notice the interface and the HSRP group. Since we configured HSRP using the default settings, the group is 0. Next we see the HSRP state of this router. It is currently in Standby state meaning ISP-B should be Active. The virtual IP and MAC addresses follow. You will then notice the hello and hold times. We will also notice that pre-emption is disabled and that the Active router is ISP-B Router while the standby router is “local”. Lastly, we see the priority of the router and also the group name (which is currently in the default format).
HSRP Priority and Pre-emption
Let’s talk about these two concepts for a moment. Priority means exactly what it sounds like: the router with a higher priority has preference of becoming the active router when HSRP is configured. Remember that by default, active status is based on the highest IP address; therefore, if we were to configure ISP-A Router with a priority of 110 (the default is 100), it means that router will be preferred as the active router when HSRP begins.
But what happens if that higher priority router goes down and comes back up? This is what pre-emption is about. Pre-emption means that a router can resume its active status when it comes back up (if it has a higher priority than the currently active router by using a Coup message *no jokes*).
Configuring HSRP using Non-Default Settings
Now that we have seen how HSRP works and its different options, let’s make some changes to our HSRP configuration by setting a name, assigning a higher priority to ISP-A Router and changing the group number. We will configure pre-emption later.
Because we have configured ISP-A Router with a higher priority, it immediately became the active router. We can view the configuration on ISP-A Router.
The virtual MAC address has also changed to reflect the new group number. Keep in mind that you can manually specify a virtual MAC address for HSRP if you don’t want to use the default. Also notice that the priority and the group name have been configured.
Now, let’s shut down interface Fa0/0 of ISP-A Router and bring it back up.
After I shut it down, HSRP went from Active to Init. After I brought it back up, it became the Standby router. This means that even though it has a higher priority, it doesn’t automatically become the active router after recovering from a failure. This is done using pre-emption as we will see below.
Once I added the pre-empt command, it immediately took over and became the active router. I just want to show you that ISP-A executes a coup when it comes back online 😀 Debug standby packets and shut/no shut on ISP-A Router’s Fa0/0 interface and you will get a message such as the one below:
This brings us to the end of the first part of this mini-series on redundancy technologies on Cisco devices. This article was not intended to be an exhaustive write-up about HSRP; it was to inform you of a means by which we can achieve redundancy on a network. In the next article, we will look at another technology – SLA monitor – which is useful for tracking links and installing a backup route into the routing table when the active route becomes unavailable.
I hope you have found this article informative, and if you have any questions or comments, do not hesitate to add it in the comments section.
Reference and Further Reading
First Hop Redundancy Protocols Configuration Guide, Cisco IOS Release 12.4T: Configuring HSRP: http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4t/fhp-hsrp.html
Hot Standby Router Protocol (HSRP): Frequently Asked Questions: “If there is no priority configured for a standby group, what determines which router is active?”- http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml#q4
Cisco Hot Standby Router Protocol (HSRP): http://www.ietf.org/rfc/rfc2281.txt
Hot Standby Router Protocol: http://en.wikipedia.org/wiki/Hot_Standby_Router_Protocol