ICND2 200-101

ICND2 200-101

Hot Standby Router Protocol

So with HSRP, short for Hot Standby Router Protocol, we are going to have two routers: one active, one standby. Now we could have more routers participating in the overall HSRP group we're creating but they would have to wait on the sidelines. So our main focus here is just the active and the standby. Now we see here HSRP group. What do we mean by a group when it comes to HSRP?

HSRP Group of Routers

Well, in one subnet we typically have a group of routers and the group of routers are set to forward for the virtual IP address and the virtual MAC address that is coupled with that. So generally speaking, each subnet gets a group. And they have to participate, otherwise they are disjointed. They need to share the same group number to participate. So the active router would be forwarding. The standby router waiting in the wings and it's understanding that because it says, "hey I'm the next best in this group". Now the intricacies of how active and standby take place are quite intriguing, they are really cool but ultimately we have to understand the defaults here. There is a priority number that is associated with each of these routers participating in the group, and it's a hundred (100). Now unlike other technologies that we've seen in this course, higher is preferred, OK? So we have to be mindful of that.

So the device that has the higher priority becomes the active forwarder for our group. If you want a lot of details about how our router is participating in HSRP, we could do this command, show standby. I'll be honest. I like the show standby brief command, cause it shows what I care about. But to me, I'm going to look here and I'm going to see how this router is participating in reference to it's interface.

HSRP Example

R1(config)#interface ethernet 0/1
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#standby 1 ip 10.1.1.100
R1(config-if)#standby 1 priority 200
R1(config-if)#standby 1 preempt

R2(config)#interface ethernet 0/1
R2(config-if)#ip address 10.1.1.2 255.255.255.0
R2(config-if)#standby 1 ip 10.1.1.100
R2(config-if)#standby 1 preempt

R1#show standby
Ethernet0/0 - Group 1
  State is Active
    2 state changes, last state change 00:01:37
  Virtual IP address is 10.1.1.100
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.680 secs
  Preemption enabled
  Active router is local
  Standby router is 10.1.1.2, priority 100 (expires in 10.320 sec)
  Priority 200 (configured 200)
  Group name is "hsrp-Et0/0-1" (default)

R1#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Et0/0       1    200 P Active  local           10.1.1.2        10.1.1.100

Status active, so if you were asked is this the forwarding router? The answer would be, absolutely. You can see the virtual router IP address, which is what your client should be pointing to. By the way, you have to make sure you adjust your DHCP configuration. Because if you create this virtual IP address but you don't point clients to it, that's no good.

You can see the virtual MAC address, which is very interesting. In a deeper discussion, we would teach you about this and hey, I'm going to give you the fly-by right now. First six hexadecimal characters are consistent, then we see 07.ac, which says, this is HSRP. Can you see that 01 at the very end of the virtual MAC address - that is in fact, the group number in hexadecimal. So if you ever had like group 10, if you had group 10 maybe for VLAN 10, it would say 0a, cause that's hexadecimal.

We can see the timers, 3 second hello, 10 second hold-down, that means, in it's default out-of-the box setting it has a convergence time of 10 seconds. And do you remember the administrators, who like to set a second default gateway, and then we criticized it based on the ARP cache? Well, this is vastly superior. We can see, also again it says, active router is local. Standby router is 10.1.1.2 and we need to be able to read that. The priority is 200, and so this is a lot of great output. I mean, it's worth the time reading it from top to bottom.

HSRP interface tracking

Do you remember the priority value? What was it? What was the default?

All right. That's a 100. So the default priority is 100.

Second question. Higher or lower is better for HSRP?

Higher is better.

So I want a mechanism that dynamically adjusts my priority based on a health status if you will. I want to have a lower priority if I'm not healthy, and we're going to measure health based on observation of local interfaces. This is called HSRP interface tracking. So what I do is this. I decrement my priority, which means I subtract some stuff from it. I might start off with 100. I lose an interface. I'm going to drop it by 10. That is in fact the default decrement value. So if I tie multiple interfaces to this, and these could be the interfaces to the core of my network, lose one, decrement by 10. Now I've got a priority of 90. Lose another, priority of 80 and there are even ways of customizing this. But what did I just do? I look at the status of my ports, one port goes down and it's a completely new ball game. The standby router can be configured to take over when it sees that the active router has a lower priority. We need another feature beyond interface tracking: we need preempt. We need the standby router to be comfortable enough to take over the reins. We call that standby preempt, that's in fact the command. So we make HSRP preemptive, which means adjust on the fly. Nonpreemptive says, election only takes place in the beginning.

HSRP Interface Tracking

So we turn on interface tracking to decrement our priority based on specific interfaces, we tie it to the protocol, then we give the standby router the means of taking over with preemption. When we do that we're sending up a pretty robust HSRP configuration that will allow us to have redundant layer three chassis that our clients are indirectly pointed to. And then, a fail over could happen when a chassis fails or even if smaller things, like interfaces are not affecting the HSRP group directly but indirectly affecting it based on changing of the priorities. We can make HSRP controlled and redundant in such a way to handle these and give us tremendously high availability. And you can even go so far as to adjust the timers to be far more aggressive than the defaults. Those are things for another day, but you now have seen a great implementation of HSRP.

HSRP load balancing

Think back to our discussion on groups. We said, one active, one standby for a group. Therefore, all traffic for the group is going to use the same forwarder. So can we load balance? Not for a specific group but we could create multiple groups and provide load balancing. Think of it from a VLAN by VLAN basis. We have VLAN 10 and VLAN 20 in our organization. We could use one router as the active forwarder for all the traffic that is part of VLAN 10 and we could use another router as the active forwarder for VLAN 20 and then what can we do? We can have them as standbys for each other. So if one fails, well then the other one can take on the load of all the VLANs. So yeah, we can do load balancing, but it has to be on a group-by-group, subnet-by-subnet basis. And it's just a matter of us creating the different groups based on the virtual IP addresses and making sure those clients in each of those different subnets have the correct default gateway assigned to them, and traffic can flow like we need it to. So we can take advantage of all the links within our organization and not just have one link 100% saturated.