HSRP Tuning Example
Today I will discuss about HSRP Tuning. As you see in the article “HSRP (Hot Standby Router Protocol)”, it is quite simple configure Hot Standby Router Protocol. [boxads]
Some cases require a custom configuration, using priority, track, preempt etc…and these are:
- The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. If you do not use the standby preempt command in the configuration for a router, that router cannot become the active router.
- The standby priority interface configuration command sets the router’s HSRP priority (the default priority is 100).
- The standby timers interface configuration command sets the interval in seconds between hello messages (called the hello time) to five seconds and sets the duration in seconds that a router waits before it declares the active router to be down (called the hold time) to eight seconds. (The defaults are three and 10 seconds, respectively.) If you decide to modify the default values, you must configure each router to use the same hello time and hold time.
- The standby track command allows you to specify another interface on the router for the HSRP process to monitor in order to alter the HSRP priority for a given group. If the line protocol of the specified interface goes down, the HSRP priority is reduced. This means that another HSRP router with higher priority can become the active router if that router has standby preempt enabled.
- The standby authentication interface configuration command establishes an authentication string whose value is an unencrypted eight-character string that is incorporated in each HSRP multicast message. This command is optional. If you choose to use it, each HSRP-configured router in the group should use the same string so that each router can authenticate the source of the HSRP messages that it receives.
Suppose to have this physical configuration:
HSRP Tuning Example:
Partial configuration of L3-switch-1:
L3-Switsh-1#
ip routing
interface FastEthernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan101
ip address 172.16.101.2 255.255.255.0
standby 1 ip 172.16.101.1
standby 1 priority 150
standby 1 preempt
standby 1 track FastEthernet0/3 55
standby 1 authentication C3s_101
no shutdown
interface Vlan102
ip address 172.16.102.2 255.255.255.0
standby 2 ip 172.16.102.1
standby 2 preempt
standby 2 track FastEthernet0/3
standby 2 authentication C3s_102
no shutdown
interface Vlan103
ip address 172.16.103.2 255.255.255.0
standby 3 ip 172.16.103.1
standby 3 priority 150
standby 3 preempt
standby 3 track FastEthernet0/3 50
standby 3 authentication C3s_103
no shutdown
[bodyads]
HSRP Tuning Example:
Partial configuration of L3-Switsh-2:
L3-Switsh-2#
ip routing
interface FastEthernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan101
ip address 172.16.101.3 255.255.255.0
standby 1 ip 172.16.101.1
standby 1 preempt
standby 1 track FastEthernet0/3
standby 1 authentication C3s_101
no shutdown
interface Vlan102
ip address 172.16.102.3 255.255.255.0
standby 2 ip 172.16.102.1
standby 2 priority 150
standby 2 preempt
standby 2 track FastEthernet0/3 60
standby 2 authentication C3s_102
no shutdown
interface Vlan103
ip address 172.16.103.3 255.255.255.0
standby 3 ip 172.16.103.1
standby 3 preempt
standby 3 track FastEthernet0/3
standby 3 authentication C3s_103
no shutdown
The commands
switchport trunk encapsulation dot1q
switchport mode trunk
enable the dot1q trunk between the switches.
The command
ip routing
enable the routing on the layer3 switches.
L3-Switsh-1Â is the primary device for VLAN 101 and VLAN 103 and the backup device for VLAN 102; L3-Switsh-2 is the primary device for VLAN 102 and the backup device for VLAN101 and VLAN 103. This type of configuration permits to balance the network load.
If there is a failure of FastEthernet 0/3 on the primary device, the backup device will be the new primary device, unless FastEthernet 0/3 on the backup device has also failed or the FastEthernet0/3 on the primary device will active again. This behavior is drawn below.
If L3-Switsh-1 FastEthernet0/3 is down, the L3-Switsh-2 will be the active router for VLAN 101 and VLAN 103.
If the L3-Switsh-1 FastEthernet0/3 and L3-Switsh-2 FastEthernet0/3 are down, the active router for VLAN 101 and VLAN 103 will be L3-Switsh-1. [adsense]
Now look at this HSRP Tuning configuration :
L3-Switsh-1 | L3-Switsh-2 | |
interface Vlan103 | interface Vlan103 | |
ip address 172.16.103.2 255.255.255.0 | ip address 172.16.103.3 255.255.255.0 | |
standby 3 ip 172.16.103.1 | 1 | standby 3 ip 172.16.103.1 |
standby 3 priority 150 | 2 | |
standby 3 preempt | 3 | standby 3 preempt |
standby 3 track FastEthernet0/3 50 | 4 | standby 3 track FastEthernet0/3 |
standby 3 authentication C3s_103 | 5 | standby 3 authentication C3s_103 |
In this HSRP Tuning instance:
- the standby ip address is 172.16.103.1
- the HSRP prefers the router with higher priority and, if it is equal, it prefers the higher IP address. L3-Switsh-1 is the active router because it has a priority of 150 while L3-Switsh-2 has default priority of 100.
- both switches have preempt to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group.
- Interface tracking enables the priority of a standby group router to be automatically adjusted based on the availability of that router’s interfaces. When a tracked interface becomes unavailable, the HSRP priority of the router is decreased. When properly configured, the HSRP tracking feature ensures that a router with an unavailable key interface relinquishes the active router role. If the L3-Switsh-1 FastEthernet0/3 is down, the HSRP priority is decremented of 50 and so the priority will be 100 (150-50). Both router will be a HSRP priority of 100 and then the L3-Switsh-2 will be the active router because it has the higher ip address. If the L3-Switsh-2 FastEthernet 0/3 will be down, the priority of L3-Switsh-2 will be decremented of 10 (default value) and so the priority will be 90 (100-10). Then the active router will be L3-Switsh-1 again!
- the authentication key is C3s_103 and it is sent in clear text. Remember that from the IOS release 12.3(2)T it is possible send the hashed key using MD5.
Similar behavior is applied to VLAN 101 and VLAN 102.