When R1 is the active router, all the traffic from the hosts Host 1, 2, 3 to the servers is routed through R1. R2 is the standby router and tracks the R2 serial 1 interface state. When R2 becomes the active router, all the traffic from the hosts to the servers is routed through R2. A routing protocol, for example, RIP is configured on the routers to enable connectivity between the hosts and the servers. Here is the configuration for each router: Router 1 Cisco interface Ethernet0 ip address The default is
|Published (Last):||6 June 2005|
|PDF File Size:||14.52 Mb|
|ePub File Size:||16.27 Mb|
|Price:||Free* [*Free Regsitration Required]|
Because existing TCP sessions can survive the failover, this protocol also provides a more transparent recovery for hosts that dynamically choose a next hop for routing IP traffic.
One of these devices is selected by the protocol to be the active device. The active device receives and routes packets destined for the MAC address of the group.
A new standby device is also selected at that time. To configure a device as the active device, you assign it a priority that is higher than the priority of all the other HSRP-configured devices. The default priority is , so if you configure just one device to have a higher priority, that device will be the default active device. Devices that are running HSRP send and receive multicast UDP-based hello messages to detect device failure and to designate active and standby devices. When the active device fails to send a hello message within a configurable period of time, the standby device with the highest priority becomes the active device.
The transition of packet forwarding functions between devices is completely transparent to all hosts on the network. You can configure multiple Hot Standby groups on an interface, thereby making fuller use of redundant devices and load sharing. The figure below shows a network configured for HSRP. By sharing a virtual MAC address and IP address, two or more devices can act as a single virtual router. The virtual device does not physically exist but represents the common default gateway for devices that are configured to provide backup to each other.
Instead, you configure them with the IP address virtual IP address of the virtual device as their default gateway. If the active device fails to send a hello message within the configurable period of time, the standby device takes over and responds to the virtual addresses and becomes the active device, assuming the active device duties. Figure 1. HSRP version 2 advertises and learns millisecond timer values.
This change ensures stability of the HSRP groups in all cases. In HSRP version 1, group numbers are restricted to the range from 0 to HSRP version 2 expands the group number range from 0 to HSRP version 2 provides improved management and troubleshooting. The HSRP version 2 packet format includes a 6-byte identifier field that is used to uniquely identify the sender of the message.
Typically, this field is populated with the interface MAC address. The multicast address Version 1 is the default version of HSRP. F to The increased group number range does not imply that an interface can, or should, support that many HSRP groups. The expanded group number range was changed to allow the group number to match the VLAN number on subinterfaces.
The packet format uses a type-length-value TLV format. They are recommended for timers running on services that work realtime and scale. In the case of HSRP, a given device may have up to operational groups configured. In order to distribute the load on the device and network, the HSRP timers use a jitter.
For example, for a hold time set to 15 seconds, the actual hold time may take 18 seconds. Preemption Preemption allows a standby device to delay becoming active for a configurable amount of time. All groups on the interface—performed in interface configuration mode and applies to all groups on the interface. All groups on all interfaces—performed in global configuration mode and applies to all groups on all interfaces.
HSRP may appear to not function on some larger hardware platforms where there can be a delay in an interface receiving packets. In general, we recommend that all HSRP devices have the following configuration: standby delay minimum 30 reload 60 The standby delay minimum reload interface configuration command delays HSRP groups from initializing for the specified time after the interface comes up.
This is a different command than the standby preempt delay interface configuration command, which enables HSRP preemption delay. Priority is determined first by the configured priority value, and then by the IP address. In case of ties, the primary IP addresses are compared, and the higher IP address has priority. In each case, a higher value is of greater priority. If you do not use the standby preempt interface configuration command in the configuration for a router, that router will not become the active router, even if its priority is higher than all other routers.
A standby router with equal priority but a higher IP address will not preempt the active router. When a router first comes up, it does not have a complete routing table. You can set a preemption delay that allows preemption to be delayed for a configurable time period.
This delay period allows the router to populate its routing table before becoming the active router. If preemption is not enabled, then a router may appear to preempt the active router if it does not receive any Hello messages from the active router. How Object Tracking Affects the Priority of an HSRP Device The priority of a device can change dynamically if it has been configured for object tracking and the object that is being tracked goes down.
The tracking process periodically polls the tracked objects and notes any change of value. The changes in the tracked object are communicated to HSRP, either immediately or after a specified delay.
The object values are reported as either up or down. Examples of objects that can be tracked are the line protocol state of an interface or the reachability of an IP route. If the specified object goes down, the HSRP priority is reduced.
The HSRP device with the higher priority can become the active device if it has the standby preempt command configured. These packets are sent to the destination IP multicast address In this case, specify the virtual MAC address by using the standby mac-address command in the group; the virtual IP address is unimportant for these protocols.
When HSRP runs on a multiple-ring, source-routed bridging environment and the HSRP devices reside on different rings, configuring the standby use-bia command can prevent confusion about the routing information field RFI. The standby use-bia command is used for an interface and the standby mac-address command is used for an HSRP group. The timers time hello messages. By default, these timers are set to three and ten seconds respectively, which means that a hello packet is sent between the HSRP standby group devices every three seconds.
The standby device becomes active when a hello packet is not received for ten seconds. Devices for which timer values are not configured can learn timer values from the active or standby device. The timers configured on the active device always override any other timer settings. All devices in a Hot Standby group should use the same timer values. You can lower these timer settings to speed up the failover or preemption, but, to avoid increased CPU usage and unnecessary standby state flapping, do not set the hello timer below one second or the hold timer below four seconds.
For HSRP version 1, nonactive devices learn timer values from the active device, unless millisecond timer values are being used. If millisecond timer values are being used, all devices must be configured with the millisecond timer values. This rule applies if either the hello time or the hold time is specified in milliseconds. This configuration is necessary because the HSRP hello packets advertise the timer values in seconds.
HSRP version 2 does not have this limitation; it advertises the timer values in milliseconds. Refresh packets keep the MAC cache on switches and learning bridges current. Refresh packets are also used for HSRP groups configured as multigroup slaves because these do not send regular Hello messages.
You can change the refresh interval on FDDI rings to a longer or shorter interval, thereby using bandwidth more efficiently. You can prevent the sending of any MAC refresh packets if you do not need them if you have FDDI but do not have a learning bridge or switch. The default authentication type is text authentication. For example, Device A has a priority of and is the active device. If Device A has authentication configured such that the spoof HSRP hello packets are ignored, Device A will remain the active device HSRP packets will be rejected in any of the following cases: The authentication schemes differ on the device and in the incoming packets.
Text authentication strings differ on the device and in the incoming packet. This functionality provides added security and protects against the threat from HSRP-spoofing software. MD5 authentication provides greater security than the alternative plain text authentication scheme.
A keyed hash of an incoming packet is generated and if the hash within the incoming packet does not match the generated hash, the packet is ignored. The key for the MD5 hash can be either given directly in the configuration using a key string or supplied indirectly through a key chain. HSRP packets will be rejected in any of the following cases: The authentication schemes differ on the device and in the incoming packets. MD5 digests differ on the device and in the incoming packet.
Simple load sharing may be achieved by using two HSRP groups and configuring half the hosts with one virtual IP address and half the hosts with the other virtual IP address. These are multicast periodically, or may be solicited by hosts. These RAs stop after a final RA is sent when the group leaves the active state.
Periodic RAs for the interface link-local address stop after a final RA is sent while at least one virtual IPv6 link-local address is configured on the interface. No restrictions occur for the interface IPv6 link-local address other than that mentioned for the RAs.
Other protocols continue to receive and send packets to this address. To configure a router as the active router, you assign it a priority that is higher than the priority of all the other HSRP-configured routers. The default priority is , so if you configure just one router to have a higher priority, that router will be the default active router.
Resign—A device that is the active device sends this message when it is about to shut down or when a device that has a higher priority sends a hello or coup message.
At any time, a device configured with HSRP is in one of the following states: Active—The device is performing packet-transfer functions. Init or Disabled—The device is not yet ready or able to participate in HSRP, possibly because the associated interface is not up.
HSRP groups configured on other devices on the network that are learned via snooping are displayed as being in the Init state. Locally configured groups with an interface that is down or groups without a specified interface IP address appear in the Init state.
Learn—The device has not determined the virtual IP address and has not yet seen an authenticated hello message from the active device.
First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3S
Because existing TCP sessions can survive the failover, this protocol also provides a more transparent recovery for hosts that dynamically choose a next hop for routing IP traffic. One of these devices is selected by the protocol to be the active device. The active device receives and routes packets destined for the MAC address of the group. A new standby device is also selected at that time. To configure a device as the active device, you assign it a priority that is higher than the priority of all the other HSRP-configured devices.
Mise en place du protocole HSRP
For more information on document conventions, refer to the Cisco Technical Tips Conventions. The limitation is due to the hardware design of the PFC. Therefore, it does not depend on the system software being used. Are there any other requirements? You can pick any 16 group IDs in the allowed group ID range However, only 16 group IDs can be used from that range.
How to Use the standby preempt and standby track Commands
Determine the correct source port of the host MAC address. Disconnect the port that should not source the host MAC address. Verify the port channeling configuration. An incorrect port channel configuration can result in the flap of error messages by the host MAC address. This is because of the load-balancing nature of port channeling. Issue these commands in order to gather additional information about the problem: Note: The commands that this section mentions are not documented.