Table Of Contents
Configuring Stateful Inter-Chassis Redundancy
Finding Feature Information
Contents
Overview of Stateful Inter-Chassis Redundancy
How Stateful Inter-Chassis Redundancy Works
Associations with Firewalls and NAT
Supported Topologies
Configuring Stateful Inter-Chassis Redundancy
Configuring the Control Interface Protocol
Configuring a Redundancy Group
Configuring NAT with Stateful Inter-Chassis Redundancy
Managing and Monitoring Stateful Inter-Chassis Redundancy
Configuration Example for Stateful Inter-Chassis Redundancy
Redundancy Group Configuration
Redundant Traffic Interface Configuration
Where to Go Next
Additional References
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Feature Information for Stateful Inter-Chassis Redundancy
Configuring Stateful Inter-Chassis Redundancy
First Published: July 30, 2010
This chapter contains information about and instructions for configuring Stateful Inter-Chassis Redundancy.
Finding Feature Information
For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Stateful Inter-Chassis Redundancy" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Overview of Stateful Inter-Chassis Redundancy
•Configuring Stateful Inter-Chassis Redundancy
•Configuring NAT with Stateful Inter-Chassis Redundancy
•Managing and Monitoring Stateful Inter-Chassis Redundancy
•Configuration Example for Stateful Inter-Chassis Redundancy
•Where to Go Next
•Additional References
•Feature Information for Stateful Inter-Chassis Redundancy
Overview of Stateful Inter-Chassis Redundancy
The Stateful Inter-Chassis Redundancy feature enables you to configure pairs of routers to act a backups for each other. This feature can be configure to determine which member of the group is the active router based an a number of failover conditions. When a failover occurs, the standby router, seamlessly takes over and starts performing traffic forwarding services as a well as maintaining a dynamic routing table.
How Stateful Inter-Chassis Redundancy Works
You can configure pairs of routers to act as hot standbys for each other. This redundancy is configured on an interface basis. The determination of which interface is the active interface is based on the relative state of the two interfaces and the quality of the connection. The redundancy is on an application level. and does not require a complete physical failure of the interface or router for a switchover of the application to occur. When a swithover occurs, the application activity seamlessly continues to run to the redundant interface.
Pairs of redundant interfaces are known as redundancy groups. Figure 1 shows how the redundancy group is configured for a pair of routers that each have one outgoing interface. Figure 2 shows how two redundancy groups is configured for a pair of routers that each have two outgoing interface.
Note that in both cases, the redundant routers are joined by a configurable control link and a data synchronization link. The control link is used to communicate the status the router to each other. The data synchronization link is used to transfer stateful information from NAT and the firewall and to synchronize the stateful database for these applications.
Also, in both cases, the pairs of redundant interfaces are configured with the same unique ID number known as the Redundant Interface Identifier (RII).
Figure 1
Figure 2
The status of Redundancy Group members is determined through the use of hello messages, sent over the control link. If either router does not respond to a hello message within a configurable amount of time, it is considered that a failure has occurred, and a switch over is initiated. To detect a failure in milliseconds, the control links runs the failover protocol integrated with the Bidirectional Forwarding Detection (BFD) protocol. You can configure the following parameters for the hello messages:
•Active timer
•Standby timer
•Hellotime — The interval at which hello messages are sent
•Holdtime — The amount of time before the active or the standby is declared to be down
.The hellotime defaults to 3 seconds to align with HSRP, and the holdtime defaults to 10 seconds. You can also configure these timers in either seconds or milliseconds.
To determine which pairs of interfaces are affected by the switch over, you must configure a unique ID number for each pair of redundant interfaces. This ID number is known as the Redundant Interface Identifier (RII) associated with this interface.
A switch over to the standby router can also occur under other circumstances. Another factor that can cause a switch over is a priority setting that is configurable for each router. The router with the highest priority setting will be the active router. If a fault occurs on either the active or standby router, the priority of the router is decremented by a configurable amount known as the weight. If redundancy preemption is enabled and the priority of the active router falls below the priority of the standby router, a switch over occurs and the standby router becomes the active router. By default, preemption is disabled. To enable it, you must set the preemption attribute for the Redundancy Group. You can also configure each interface to decrement a specified amount from the priority when the L1 state of the interface goes down. This amount overrides the default amount configured for the Redundancy Group.
Each failure event that causes a modification of a redundancy group's priority generates a syslog entry that contains a timestamp, the redundancy group that was affected, previous priority, new priority, and a description of the failure event cause.
Another situation that will cause a switch over to occur is when the priority of a router or interface falls below a configurable threshold level.
In summary, a switch over to the standby router occurs under the following circumstances:
•Power loss or reload occurs on the active router (this includes crashes).
•The run-time priority of the active router goes down below that of the standby router.
•The run-time priority of the active router goes down below that of the threshold configured.
•The Redundancy Group on the active router is reloaded manually using the command redundancy application reload group rg-number
•Two consecutive hello messages missed on any monitored interface forces the interface into testing mode. When this occurs, both units first verify the link status on the interface and then both units execute the following tests:
–Network activity test
–ARP test
–Broadcast ping test
Associations with Firewalls and NAT
Firewalls will use the association of the redundancy group with a traffic interface.
NAT will associate the redundancy group with a mapping ID.
Supported Topologies
Only the LAN-LAN topology shown in Figure 3 is supported.
Note Asymetric routing is not suported.
Figure 3 shows this topology. When a dedicated appliance based Firewall solution is used, traffic is often directed to the correct firewall by configuring static routing in the upstream or downstream routers to an appropriate Virtual IP address. As well as supporting this routing configuration, the ASR should also be able to participate in dynamic routing with upstream or downstream routers. The dynamic routing configuration to be supported on LAN facing interfaces must not introduce a dependency on routing protocol convergence, otherwise fast failover requirements will not be met.
Figure 3
Configuring Stateful Inter-Chassis Redundancy
Use the following tasks to configure Stateful Inter-Chassis Redundancy:
•Configuring the Control Interface Protocol
•Configuring a Redundancy Group
Configuring the Control Interface Protocol
The configuration for the control interface protocol consists of the following elements:
•Protocol instance
•Group name
•hello time
•hold time
•authentication information
•Use of BFD
For more information n these elements. see the "Overview of Stateful Inter-Chassis Redundancy" section.
SUMMARY STEPS
1. enable
2. configure terminal
3. redundancy
4. mode none
5. application redundancy
6. protocol {1 | 2)
7. name instance-name
8. timers [msec] hello num [msec] holdtime num
9. authentication {text sting | md5 key-string [0 | 7] key | md5 key-chain key-chain-name}
10. bfd
11. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
redundancy
Example:
Router(config)# redundancy
|
Enters redundancy configuration mode.
|
Step 4
|
mode none
Example:
Router(config-red)# mode none
|
Sets the redundancy mode to none, which is required for this feature.
|
Step 5
|
application redundancy
Example:
Router(config-red)# application redundancy
|
Enters application redundancy configuration mode.
|
Step 6
|
protocol num
Example:
Router(config-red-app)# protocol 4
|
Specifies the protocol instance that will be attached to a control interface. The range for num is 1 to 8.
|
Step 7
|
name instance-name
Example:
Router(config-red-app-pro1)# name blgd-8
|
Specifies an optional alias for the protocol instance.
|
Step 8
|
timers hellotime [msec] num holdtime [msec]
num
Example:
Router(config-red-app-pro1)# timers hellotime 4
holdtime 6
|
Specifies the interval between hello messages are sent and the time before a router is declared to be down. The default for the hellotime is 3 seconds and 10 seconds for the holdtime. Use the msec keyword.to configure the timers in milliseconds. The range for the hellotime is 1-254 seconds or 50-1000 milliseconds. The range for the holdtime is 6-255 seconds or 750-3000 milliseconds
|
Step 9
|
authentication {text sting | md5 key-string [0 |
7] key | md5 key-chain key-chain-name}
Example:
Router(config-red-app-pro1)# authentication
text password
|
Specifies the authentication information. The options are:
•text string — Use clear text authentication.
•md5 key-string [0 | 7] key — Use MD5 key authentication. The key argument can be up to 64 characters in length (at least 16 characters is recommended). Specifying 0 means the key will be unencrypted (the default). Specifying 7 means the key will be encrypted.
•md5 key-chain key-chain-name — Use MD5 key-chain authentication.
|
Step 10
|
bfd
Example:
Router(config-red-app-pro1)# bfd
|
Enables the integration of the failover protocol running on the control interface with the Bidirectional Forwarding Detection (BFD) protocol to achieve failure detection in milliseconds. BFD is enabled by default.
|
Step 11
|
end
Example:
Router(config-red-app-pro1)# end
|
Exits the current configuration mode and returns to privileged EXEC mode.
|
Configuring a Redundancy Group
Redundancy groups consists of the following configuration elements:
•Group instance
•Group name
•fail-over priority
•fail-over threshold
•Faults (objects) that will decrement the priority
•Amount the priority that will be decremented for each object
•Initialization delay timer
•Interface that will be used as the control interface
•Interface that will be used as the data interface
•Interface associated with the Redundancy Group (RG)
•Redundant Interface Identifier (RII) number of the RG interface
For more information n these elements. see the "Overview of Stateful Inter-Chassis Redundancy" section.
SUMMARY STEPS
1. enable
2. configure terminal
3. redundancy
4. application redundancy
5. group {1 | 2}
6. name group-name
7. priority num failover-threshold num
8. track object-number [decrement num | shutdown]
9. preempt
10. timers delay seconds [reload seconds]
11. control interface-name protocol instance
12. data interface-name
13. end
14. configure terminal
15. interface interface-name
16. redundancy group-num ip address exclusive [decrement num]
17. redundancy rii num
18. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
redundancy
Example:
Router(config)# redundancy
|
Enters redundancy configuration mode.
|
Step 4
|
application redundancy
Example:
Router(config-red)# application redundancy
|
Enters application redundancy configuration mode.
|
Step 5
|
group {1 | 2}
Example:
Router(config-red-app)# group 1
|
Specifies the redundancy group instance.
|
Step 6
|
name group-name
Example:
Router(config-red-app-grp1)# name blgd-8
|
Specifies an optional alias for the protocol instance.
|
Step 7
|
priority num failover-threshold num
Example:
Router(config-red-app-grp1)# priority 120
failover-threshold 80
|
Specifies the initial priority and failover threshold for the redundancy group.
|
Step 8
|
track object-number [decrement num| shutdown]
Example:
Router(config-red-app-grp1)# track 44 decrement
20
|
Specifies the amount the priority of a redundancy group will be decremented if an event occurs. The options are:
•object-number — ID number of the event type. For a complete description of the objects, refer to the CISCO-RTTMON-MIB.my file, available from the Cisco MIB website.
•decrement num — amount that the priority will be decremented. The range is 1 to 255.
•decrement shutdown — Shutdown the router instead decrement the priority when the event occurs.
You can track multiple objects that will influence the priority of the redundancy group.
|
Step 9
|
preempt
Example:
Router(config-red-app-grp1)# preempt
|
Enables preemption on the group and enables the standby router to preempt the active router regardless of which priority is higher.
|
Step 10
|
timers delay seconds [reload seconds]
Example:
Router(config-red-app-grp1)# timers delay 10
reload 20
|
Specifies the amount of time RG will delay role negotiations that start after a fault occurs or the system is reloaded. You can configure a different delay for reloads.
|
Step 11
|
control interface-name protocol instance
Example:
Router(config-red-app-grp1)# control
GigabitEthernet 0/0/1 protocol 1
|
Specifies which control interface will be used by the Redundancy Group. This interface is also associated with a instance of the control interface protocol.
|
Step 12
|
data interface-name
Example:
Router(config-red-app-grp1)# data
GigabitEthernet 0/0/1
|
Specifies which data interface will be used by the Redundancy Group.
|
Step 13
|
end
Example:
Router(config-red-app-grp1)# end
|
Exits the current configuration mode and returns to privileged EXEC mode.
|
Step 14
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 15
|
interface interface-name
Example:
Router(config)#interface GigabitEthernet 2
|
Selects an interface to associate with the Redundancy Group.
|
Step 16
|
redundancy group-num ip address exclusive
[decrement num]
Example:
Router(config-if)# redundancy 1 ip 10.10.1.1
exclusive decrement 20
|
Associates the interface with the Redundancy Group identified by group-num. The other options are:
•ip address — IP address of the interface.
•exclusive — The interface is not shared with another Redundancy Group (RG).
•[decrement num] — Amount decremented from the priority when the L1 state of the interface goes down. This overrides the default amount for the RG.
|
Step 17
|
redundancy rii num
Example:
Router(config-if)# redundancy rii 40
|
Specifies a number for the Redundant Interface Identifier (RII) associated with this interface. The range for the number is 1 to 65535. This number must match the RII of the other interface in the Redundancy Group.
|
Step 18
|
end
Example:
Router(config-if)# end
|
Exits the current configuration mode and returns to privileged EXEC mode.
|
Configuring NAT with Stateful Inter-Chassis Redundancy
You must use a mapping ID to associate NAT with the redundancy group
SUMMARY STEPS
1. enable
2. config terminal
3. ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
4. ip nat inside source {list {access-list-number | access-list-name} | route-map name} pool name [mapping-id map-id | overload | reversible | vrf name] [match-in-vrf] [oer]
5. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ip nat pool name start-ip end-ip {netmask
netmask | prefix-length prefix-length}
Example:
Router(config)# ip nat pool VPN-18 10.10.0.0
10.10.255.255 netmask 255.255.0.0
|
Defines a pool of IP addresses for Network Address Translation (NAT).
|
Step 4
|
ip nat inside source {list {access-list-number
| access-list-name} | route-map name} pool name
[mapping-id map-id | overload | reversible |
vrf name] [match-in-vrf] [oer]
Example:
Router(config)# ip nat inside source list
VPN-18 pool VPN-18 mapping-id 152
|
Enables Network Address Translation (NAT) of the inside source address. You must use a mapping ID to associate NAT with the redundancy group.
|
Step 5
|
end
Example:
Router(config)# end
|
Exits the current configuration mode and returns to privileged EXEC mode.
|
Managing and Monitoring Stateful Inter-Chassis Redundancy
Use the following commands to manage and monitor Stateful Inter-Chassis Redundancy.
SUMMARY STEPS
1. enable
2. redundancy application reload group group [peer | self]
3. show redundancy application group {group-id | all}
4. show redundancy application transport {group-id | all}
5. show redundancy application protocol {group-id | all}
6. show redundancy application faults {group-id | all}
7. show redundancy application if-mgr {group-id | all}
8. show redundancy application control-interface [interface-name]
9. show redundancy application data-interface [interface-name]
10. show monitor event-trace rg_infra [all]
11. debug redundancy application group [all | transport | protocol | faults | if-mgr] [event | error | ....]
12. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
redundancy application reload group num [peer
| self]
Example:
Router# redundancy application reload group 2
self
|
Forces the active RG to reload and the standby RG. to become the active RG. You must enter this command on the active RG.
|
Step 3
|
show redundancy application group {group-id |
all}
Example:
Router# show redundancy application group 2
|
Shows summary information for the specified group or for all groups.
|
Step 4
|
show redundancy application transport {group-id
| all}
Example:
Router# show redundancy application transport 2
|
Shows transport information for the specified group or for all groups.
|
Step 5
|
show redundancy application protocol {group-id |
all}
Example:
Router# show redundancy application protocol 2
|
Shows protocol information for the specified group or for all groups.
|
Step 6
|
show redundancy application faults {group-id |
all}
Example:
Router# show redundancy application faults 2
|
Shows information about faults for the specified group or for all groups.
|
Step 7
|
show redundancy application if-mgr {group-id |
all}
Example:
Router# show redundancy application if-mgr 2
|
Shows information about the if-mgr for the specified group or for all groups.
|
Step 8
|
show redundancy application control-interface
{interface-name}
Example:
Router# show redundancy application
control-interface IF-2
|
Shows interface information associated with redundancy groups for the specified control interface.
|
Step 9
|
show redundancy application data-interface
[interface-name]
Example:
Router# show redundancy application group
data-interface IF-2
|
Shows interface information associated with redundancy groups for the specified data interface.
|
Step 10
|
show monitor event-trace rg_infra [all]
Example:
Router# show monitor event-trace rg_infra
|
Shows event trace information associated with redundancy groups.
|
Step 11
|
debug redundancy application group [all |
transport | protocol | faults | if-mgr] [event
| error | ...]
Example:
Router# debug redundancy application group all
|
Enables debug logging of the specified type of information associated with redundancy groups.
|
Step 12
|
end
Example:
Router# end
|
Exits the current configuration mode and returns to privileged EXEC mode.
|
Configuration Example for Stateful Inter-Chassis Redundancy
Redundancy Group Configuration
control GigabitEthernet0/1/0 protocol 1
data GigabitEthernet0/1/2
control GigabitEthernet0/1/1 protocol 2
data GigabitEthernet0/1/3
Redundant Traffic Interface Configuration
This configuration also includes the commands for NAT:
interface GigabitEthernet0/1/5
ip address 12.1.1.2 255.0.0.0
redundancy group 1 ip 12.1.1.200 exclusive decrement 10
interface GigabitEthernet0/1/6
ip address 11.1.1.2 255.0.0.0
redundancy group 1 ip 11.1.1.100 exclusive decrement 10
Where to Go Next
For more information about configuring objects, consult the Cisco IOS IPSLA Configuration Guide.
Additional References
The following sections provide references related to NAT and Firewalls.
Related Documents
Related Topic
|
Document Title
|
IP addressing commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples
|
Cisco IOS IP Addressing Services Command Reference
|
Fundamental principles of IP addressing and IP routing
|
IP Routing Primer ISBN 1578701082
|
Standards
Standard
|
Title
|
No new or modified standards are supported, and support for existing standards has not been modified
|
—
|
MIBs
MIB
|
MIBs Link
|
No new or modified MIBs are supported, and support for existing MIBs has not been modified
|
—
|
RFCs
Technical Assistance
Description
|
Link
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
|
http://www.cisco.com/techsupport
|
Feature Information for Stateful Inter-Chassis Redundancy
Table 1 lists the features in this module and provides links to specific configuration information.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS XE software release that introduced support for a given feature in a given Cisco IOS XE software release train. Unless noted otherwise, subsequent releases of that Cisco IOS XE software release train also support that feature.
Table 1 Feature Information for Stateful Inter-Chassis Redundancy
Feature Name
|
Releases
|
Feature Information
|
NAT Stateful Inter-Chassis Redundancy
|
Cisco IOS XE
Release 3.1S
|
This feature enables you to configure pairs of routers to act a backups for each other.
|
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2007-2009 Cisco Systems, Inc. All rights reserved.
Feedback
