Implementing HSRP
The Hot Standby Router Protocol (HSRP) is an IP routing redundancy protocol designed to allow for transparent failover at the first-hop IP router. HSRP provides high network availability, because it routes IP traffic from hosts on networks without relying on the availability of any single router. HSRP is used in a group of routers for selecting an active router and a standby router. An active router is the router of choice for routing packets; a standby router is a router that takes over the routing duties when an active router fails, or when preset conditions are met.
For more information on HSRP and related concepts, see Understanding HSRP
Implementing HSRP involves:
-
Enabling HSRP for IPv4 or IPv6
Activates HSRP on the configured interface.
-
Configuring HSRP group attributes
Configures other Hot Standby group attributes that affect how the local router participates in HSRP.
-
Configuring the HSRP activation delay
Delays the startup of the state machine when an interface comes up, giving the network time to settle and avoiding unnecessary state changes early after the link comes up.
-
Enabling HSRP support for ICMP redirect messages
By default, HSRP filtering of ICMP redirect messages is enabled on routers running HSRP. This procedure reenables this feature on your router if it is disabled.
-
Enabling Multiple Group Optimization (MGO) for HSRP
(Optional) Provides a solution for reducing control traffic in a deployment consisting of many subinterfaces. Some customizations include:
-
Configuring an HSRP session name
-
Configuring a slave follow
Instructs the slave group to inherit its state from a specified group.
-
Configuring primary and secondary virtual IPv4 addresses
-
Configuring primary and secondary virtual IPv4 addresses for the slave group
-
Configuring a slave virtual mac address for the slave group
-
Restrictions
-
Upto 64 HSRP sessions are permitted on Cisco NCS 5001 and NCS 5002 routers (including Virtual Router Redundancy Protocol [VRRP] sessions, if any).
-
Upto 16 HSRP sessions are permitted on Cisco NCS 5011 routers (including Virtual Router Redundancy Protocol [VRRP] sessions, if any).
-
HSRP version 2 authentication is not supported.
For more information on HSRP and related concepts, see Understanding HSRP
Enabling HSRP
Configuration Example
The hsrp ipv4 command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the virtual address is learned from the active router. For HSRP to elect a designated router, at least one router in the Hot Standby group must have been configured with, or learned, the designated address. Configuring the designated address on the active router always overrides a designated address that is currently in use.
Router#configure
Router(config)#router hsrp
router(config-hsrp)#interface TenGigE 0/0/0/2
router(config-hsrp-if)#address-family ipv4
router(config-hsrp-if-ipv4)#hsrp 1 version 1
/* The version keyword is available only if IPv4 address-family is selected. By default, version is set to 2 for IPv6 address families. */
router(config-hsrp-gp)#address learn
router(config-hsrp-gp)#commit
Running Configuration
Router#show running-config router hsrp
router hsrp
interface TenGigE 0/0/0/2
address-family ipv4
hsrp 1 version 1
address learn
!
Verification
Router#show hsrp detail
TenGigE0/0/0/2 - IPv4 Group 1 (version 1)
Local state is Active, priority 100
Hellotime 3000 msec holdtime 10000 msec
Minimum delay 1 sec, reload delay 5 sec
Hot standby IP address is 10.0.0.10 configured
Active router is local
Standby router is unknown expired
Standby virtual mac address is 0000.0c07.ac01, state is active
4 state changes, last state change 1w1d
State change history:
May 10 12:34:35.461 UTC Init -> Listen Virtual IP configured
May 10 12:34:45.461 UTC Listen -> Speak Active timer expired
May 10 12:34:55.461 UTC Speak -> Standby Standby timer expired
May 10 12:34:55.462 UTC Standby -> Active Active timer expired
Last coup sent: Never
Last coup received: Never
Last resign sent: Never
Last resign received: Never
Enabling HSRP for IPv6
Configuration Example
Router#configure
Router(config)#router hsrp
router(config-hsrp)#interface TenGigE 0/0/0/2
router(config-hsrp-if)#address-family ipv6
router(config-hsrp-if-ipv4)#hsrp 1
/* The version keyword is available only if IPv4 address-family is selected. By default, version is set to 2 for IPv6 address families. */
router(config-hsrp-gp)#address linklocal autoconfig
/* The virtual linklocal address must not match any other virtual linklocal address that is already configured for a different group.
The virtual linklocal address must not match the interface linklocal IPv6 address.
If you use the autoconfig keyword, the linklocal address is calculated using the EUI-64 format. */
router(config-hsrp-gp)#address global 2001:DB8:A:B::1
router(config-hsrp-gp)#commit
Running Configuration
Router#show running-config router hsrp
router hsrp
interface TenGigE 0/0/0/2
address-family ipv6
hsrp 1
address linklocal autoconfig
address global 2001:DB8:A:B::1
!
Verification
Router#show hsrp detail
TenGigE0/0/0/2 - IPv6 Group 1 (version 2)
Local state is Active, priority 100
Hellotime 3000 msec holdtime 10000 msec
Minimum delay 1 sec, reload delay 5 sec
Hot standby IP address is fe80::205:73ff:fea0:1 configured
Active router is local
Standby router is unknown expired
Standby virtual mac address is 0005.73a0.0001, state is active
4 state changes, last state change 1w1d
State change history:
May 10 12:34:16.360 UTC Init -> Listen Delay timer expired
May 10 12:34:26.360 UTC Listen -> Speak Active timer expired
May 10 12:34:36.360 UTC Speak -> Standby Standby timer expired
May 10 12:34:36.360 UTC Standby -> Active Active timer expired
Last coup sent: Never
Last coup received: Never
Last resign sent: Never
Last resign received: Never
Configuring HSRP Group Attributes
Configuration Example
Configures Hot Standby group attributes that affect how the local router participates in HSRP.
Router#configure
Router(config)#router hsrp
router(config-hsrp)#interface TenGigE 0/0/0/2
router(config-hsrp-if)#hsrp use-bia
/* (Optional) Configures the HSRP to use the burned-in address of the interface as its virtual MAC address,
instead of the preassigned MAC address or the functional address. */
router(config-hsrp-if)#address-family ipv4
router(config-hsrp-if-ipv4)#hsrp 1 version 1
router(config-hsrp-gp)#priority 100
router(config-hsrp-gp)#track TenGigE 0/0/0/3
/* (Optional) Configures an interface so that the Hot Standby priority changes on the basis of the availability of other interfaces. */
router(config-hsrp-gp)#preempt
/* (Optional) Configures HSRP preemption and preemption delay. */
router(config-hsrp-gp)#authentication company1
/* company1 is the authentication string for HSRP */
router(config-hsrp-gp)#mac-address 4000.1000.1060
/* (Optional) Specifies a virtual MAC address for the HSRP. */
router(config-hsrp-gp)#commit
Running Configuration
Router#show running-config router hsrp
router hsrp
interface TenGigE 0/0/0/2
hsrp use-bia
address-family ipv4
hsrp 1 version 1
priority 100
track TenGigE 0/0/0/3
preempt
authentication company1
mac-address 4000.1000.1060
!
Verification
Router#show hsrp detail
TenGigE0/0/0/2 - IPv4 Group 1 (version 1)
Local state is Active, priority 90, may preempt, use bia
Hellotime 3000 msec holdtime 10000 msec
Minimum delay 2 sec, reload delay 10 sec
Hot standby IP address is 10.0.0.10 configured
Active router is local
Standby router is unknown expired
Standby virtual mac address is c472.95a6.4eb6 configured, state is stored
Authentication text, string "company1"
4 state changes, last state change 1w1d
State change history:
May 10 12:34:35.461 UTC Init -> Listen Virtual IP configured
May 10 12:34:45.461 UTC Listen -> Speak Active timer expired
May 10 12:34:55.461 UTC Speak -> Standby Standby timer expired
May 10 12:34:55.462 UTC Standby -> Active Active timer expired
Last coup sent: Never
Last coup received: Never
Last resign sent: Never
Last resign received: Never
Tracking states for 1 object, 0 up:
Up TenGigE0/0/0/3 Priority decrement: 10
Configuring the HSRP Activation Delay
Configuration Example
Delays the startup of the state machine when an interface comes up. This give the network time to settle and avoids unnecessary state changes early after the link comes up.
Router#configure
Router(config)#router hsrp
router(config-hsrp)#interface TenGigE 0/0/0/2
router(config-hsrp-if)#hsrp delay minimum 2 reload 10
/* The reload delay is the delay applied after the first interface up event.
The minimum delay is the delay that is applied after any subsequent interface up event (if the interface flaps). */
router(config-hsrp-if)#address-family ipv4
router(config-hsrp-if-ipv4)#hsrp 1 version 1
/* The version keyword is available only if IPv4 address-family is selected. By default, version is set to 2 for IPv6 address families. */
router(config-hsrp-gp)#address learn
router(config-hsrp-gp)#commit
Running Configuration
Router#show running-config router hsrp
router hsrp
interface TenGigE 0/0/0/2
hsrp delay minimum 2 reload 10
address-family ipv4
hsrp 1 version 1
address learn
!
Verification
Router#show hsrp detail
TenGigE0/0/0/0 - IPv4 Group 1 (version 1)
Local state is Active, priority 90, may preempt, use bia
Hellotime 3000 msec holdtime 10000 msec
Minimum delay 2 sec, reload delay 10 sec
Hot standby IP address is 10.0.0.10 configured
Active router is local
Standby router is unknown expired
Standby virtual mac address is c472.95a6.4eb6 configured, state is stored
4 state changes, last state change 1w1d
State change history:
May 10 12:34:35.461 UTC Init -> Listen Virtual IP configured
May 10 12:34:45.461 UTC Listen -> Speak Active timer expired
May 10 12:34:55.461 UTC Speak -> Standby Standby timer expired
May 10 12:34:55.462 UTC Standby -> Active Active timer expired
Last coup sent: Never
Last coup received: Never
Last resign sent: Never
Last resign received: Never
Disabling HSRP Support for ICMP Redirect Messages
Configuration Example
By default, HSRP filtering of Internet Control Message Protocol (ICMP) redirect messages is enabled on routers running HSRP. Use the hsrp redirects disable command in interface configuration mode to disable this feature on your router.
Router#configure
Router(config)#router hsrp
router(config-hsrp)#interface TenGigE 0/0/0/2
router(config-hsrp-if)#hsrp redirects disable
/* To enable ICMP redirect messages, use the 'no hsrp redirects disable' command. */
router(config-hsrp-if)#address-family ipv4
router(config-hsrp-if-ipv4)#hsrp 1 version 1
/* The version keyword is available only if IPv4 address-family is selected. By default, version is set to 2 for IPv6 address families. */
router(config-hsrp-gp)#address learn
router(config-hsrp-gp)#commit
Running Configuration
Router#show running-config router hsrp
router hsrp
interface TenGigE 0/0/0/2
hsrp redirects
address-family ipv4
hsrp 1 version 1
address learn
!
Verification
Router#show hsrp detail
TenGigE0/0/0/2 - IPv4 Group 1 (version 1)
Local state is Active, priority 100
Hellotime 3000 msec holdtime 10000 msec
Minimum delay 1 sec, reload delay 5 sec
Hot standby IP address is 10.0.0.10 configured
Active router is local
Standby router is unknown expired
Standby virtual mac address is 0000.0c07.ac01, state is active
4 state changes, last state change 1w1d
State change history:
May 10 12:34:35.461 UTC Init -> Listen Virtual IP configured
May 10 12:34:45.461 UTC Listen -> Speak Active timer expired
May 10 12:34:55.461 UTC Speak -> Standby Standby timer expired
May 10 12:34:55.462 UTC Standby -> Active Active timer expired
Standby ICMP redirects disabled
Last coup sent: Never
Last coup received: Never
Last resign sent: Never
Last resign received: Never