Contents
- Implementing HSRP
- Prerequisites for Implementing HSRP
- Restrictions for Implementing HSRP
- Information About Implementing HSRP
- HSRP Overview
- HSRP Groups
- HSRP and ARP
- Preemption
- ICMP Redirect Messages
- How to Implement HSRP
- Enabling HSRP
- Configuring HSRP Group Attributes
- Configuring the HSRP Activation Delay
- Enabling HSRP Support for ICMP Redirect Messages
- BFD for HSRP
- Advantages of BFD
- BFD Process
- Configuring BFD
- Enabling BFD
- Modifying BFD timers (minimum interval)
- Modifying BFD timers (multiplier)
- Hot Restartability for HSRP
- Configuration Examples for HSRP Implementation on Software
- Configuring an HSRP Group: Example
- Configuring a Router for Multiple HSRP Groups: Example
- Additional References
Implementing HSRP
The Hot Standby Router Protocol (HSRP) is an IP routing redundancy protocol designed to allow for transparent failover at the first-hop IP router. HSRP provides high network availability, because it routes IP traffic from hosts on networks without relying on the availability of any single router. HSRP is used in a group of routers for selecting an active router and a standby router. (An active router is the router of choice for routing packets; a standby router is a router that takes over the routing duties when an active router fails, or when preset conditions are met.)
- Prerequisites for Implementing HSRP
- Restrictions for Implementing HSRP
- Information About Implementing HSRP
- How to Implement HSRP
- BFD for HSRP
- Hot Restartability for HSRP
- Configuration Examples for HSRP Implementation on Software
- Additional References
Restrictions for Implementing HSRP
HSRP is supported on Ethernet interfaces, Ethernet sub-interfaces and Ethernet link bundles.
Information About Implementing HSRP
To implement HSRP on Cisco IOS XR software software, you need to understand the following concepts:
HSRP Overview
HSRP is useful for hosts that do not support a router discovery protocol (such as Internet Control Message Protocol [ICMP] Router Discovery Protocol [IRDP]) and cannot switch to a new router when their selected router reloads or loses power. Because existing TCP sessions can survive the failover, this protocol also provides a more transparent recovery for hosts that dynamically choose a next hop for routing IP traffic.
When HSRP is configured on a network segment, it provides a virtual MAC address and an IP address that is shared among a group of routers running HSRP. The address of this HSRP group is referred to as the virtual IP address. One of these devices is selected by the protocol to be the active router. The active router receives and routes packets destined for the MAC address of the group. For n routers running HSRP, n + 1 IP and MAC addresses are assigned.
HSRP detects when the designated active router fails, at which point a selected standby router assumes control of the MAC and IP addresses of the HSRP group. A new standby router is also selected at that time.
Devices that are running HSRP send and receive multicast User Datagram Protocol (UDP) based hello packets to detect router failure and to designate active and standby routers.
HSRP Groups
An HSRP group consists of two or more routers running HSRP that are configured to provide hot standby services for one another. HSRP uses a priority scheme to determine which HSRP-configured router is to be the default active router. To configure a router as the active router, you assign it a priority that is higher than the priority of all the other HSRP-configured routers. The default priority is 100, so if you configure just one router to have a higher priority, that router will be the default active router.
HSRP works by the exchange of multicast messages that advertise priority among the HSRP group. When the active router fails to send a hello message within a configurable period of time, the standby router with the highest priority becomes the active router. The transition of packet-forwarding functions between routers is completely transparent to all hosts on the network.
Figure 1 shows routers configured as members of a single HSRP group.
All hosts on the network are configured to use the IP address of the virtual router (in this case, 1.0.0.3) as the default gateway.
A single router interface can also be configured to belong to more than one HSRP group. Figure 2shows routers configured as members of multiple HSRP groups.
In Figure 2, the Ethernet interface 0 of Router A belongs to group 1. Ethernet interface 0 of Router B belongs to groups 1, 2, and 3. The Ethernet interface 0 of Router C belongs to group 2, and the Ethernet interface 0 of Router D belongs to group 3. When you establish groups, you might want to align them along departmental organizations. In this case, group 1 might support the Engineering Department, group 2 might support the Manufacturing Department, and group 3 might support the Finance Department.
Router B is configured as the active router for groups 1 and 2 and as the standby router for group 3. Router D is configured as the active router for group 3. If Router D fails for any reason, Router B assumes the packet-transfer functions of Router D and maintains the ability of users in the Finance Department to access data on other subnets.
Note
A different virtual MAC address (VMAC) is required for each sub interface. VMAC is determined from the group ID. Therefore, a unique group ID is required for each sub interface configured, unless the VMAC is configured explicitly.
HSRP and ARP
When a router in an HSRP group goes active, it sends a number of ARP responses containing its virtual IP address and the virtual MAC address. These ARP responses help switches and learning bridges update their port-to-MAC maps. These ARP responses also provide routers configured to use the burned-in address of the interface as its virtual MAC address (instead of the preassigned MAC address or the functional address) with a means to update the ARP entries for the virtual IP address. Unlike the gratuitous ARP responses sent to identify the interface IP address when an interface comes up, the HSRP router ARP response packet carries the virtual MAC address in the packet header. The ARP data fields for IP address and media address contain the virtual IP and virtual MAC addresses.
Preemption
The HSRP preemption feature enables the router with highest priority to immediately become the active router. Priority is determined first by the priority value that you configure, and then by the IP address. In each case, a higher value is of greater priority.
When a higher-priority router preempts a lower-priority router, it sends a coup message. When a lower-priority active router receives a coup message or hello message from a higher-priority active router, it changes to the speak state and sends a resign message.
ICMP Redirect Messages
Internet Control Message Protocol (ICMP) is a network layer Internet protocol that provides message packets to report errors and other information relevant to IP processing. ICMP provides many diagnostic functions and can send and redirect error packets to the host. When running HSRP, it is important to prevent hosts from discovering the interface (or real) MAC addresses of routers in the HSRP group. If a host is redirected by ICMP to the real MAC address of a router, and that router later fails, then packets from the host are lost.
ICMP redirect messages are automatically enabled on interfaces configured with HSRP. This functionality works by filtering outgoing ICMP redirect messages through HSRP, where the next-hop IP address may be changed to an HSRP virtual IP address.
To support ICMP redirects, redirect messages are filtered through HSRP, where the next-hop IP address is changed to an HSRP virtual address. When HSRP redirects are turned on, ICMP interfaces with HSRP do this filtering. HSRP keeps track of all HSRP routers by sending advertisements and maintaining a real IP address to virtual IP address mapping to perform the redirect filtering.
How to Implement HSRP
This section contains instructions for the following tasks:
- Enabling HSRP
- Configuring HSRP Group Attributes
- Configuring the HSRP Activation Delay
- Enabling HSRP Support for ICMP Redirect Messages
Enabling HSRP
SUMMARY STEPSThe hsrp ipv4 command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the virtual address is learned from the active router. For HSRP to elect a designated router, at least one router in the Hot Standby group must have been configured with, or learned, the designated address. Configuring the designated address on the active router always overrides a designated address that is currently in use.
3. interface type interface-path-id
4. hsrp [group-number] ipv4 [ip-address [secondary]]
5. Use one of the following commands:
DETAILED STEPSConfiguring HSRP Group Attributes
SUMMARY STEPSTo configure other Hot Standby group attributes that affect how the local router participates in HSRP, use the following procedure in interface configuration mode as needed:
3. interface type interface-path-id
4. hsrp [group-number] priority priority
5. hsrp [group-number] track type instance [priority-decrement]
6. hsrp [group-number] preempt [delay seconds]
7. hsrp [group-number] authentication string
9. hsrp [group-number] mac-address address
10. Use one of the following commands:
DETAILED STEPSConfiguring the HSRP Activation Delay
SUMMARY STEPSThe activation delay for HSRP is designed to delay the startup of the state machine when an interface comes up. This give the network time to settle and avoids unnecessary state changes early after the link comes up.
3. interface type interface-path-id
4. hsrp [group-number] ipv4 [ip-address [secondary]]
6. Use one of the following commands:
DETAILED STEPSEnabling HSRP Support for ICMP Redirect Messages
SUMMARY STEPSBy default, HSRP filtering of ICMP redirect messages is enabled on routers running HSRP.
To configure the reenabling of this feature on your router if it is disabled, use the hsrp redirects command in interface configuration mode.
3. interface type interface-path-id
4. hsrp [group-number] ipv4 [ip-address [secondary]]
6. Use one of the following commands:
DETAILED STEPSBFD for HSRP
Bidirectional Forwarding Detection (BFD) is a network protocol used to detect faults between two forwarding engines. BFD sessions can operate in one of the two modes, namely, asynchronous mode or demand mode. In asynchronous mode, both endpoints periodically send hello packets to each other. If a number of those packets are not received, the session is considered down. In demand mode, it is not mandatory to exchange hello packets; either of the hosts can send hello messages, if needed. Cisco supports the BFD asynchronous mode.
Advantages of BFD
BFD provides failure detection in less than one second.
BFD supports all types of encapsulation.
BFD is not tied to any particular routing protocol, supports almost all routing protocols.
BFD Process
HSRP uses BFD to detect link failure and facilitate fast failover times without excessive control packet overhead.
The HSRP process creates BFD sessions as required. When a BFD session goes down, each Standby group monitoring the session transitions to Active state.
HSRP does not participate in any state elections for 10 seconds after a transition to Active state triggered by a BFD session going down.
Configuring BFD
For HSRP, configuration is applied under the existing HSRP-interface sub-mode, with BFD fast failure configurable per HSRP group and the timers (minimum-interface and multiplier) configurable per interface. BFD fast failure detection is disabled by default.
Enabling BFD
SUMMARY STEPS3. interface type interface-path-id
4. hsrp [group number] bfd fast-detect
5. Use one of the following commands:
DETAILED STEPSModifying BFD timers (minimum interval)
SUMMARY STEPSMinimum interval determines the frequency of sending BFD packets to BFD peers (in milliseconds). The default minimum interval is 15ms.
3. interface type interface-path-id
4. hsrp bfd minimum-interval interval
5. Use one of the following commands:
DETAILED STEPSModifying BFD timers (multiplier)
SUMMARY STEPSMultiplier is the number of consecutive BFD packets which must be missed from a BFD peer before declaring that peer unavailable. The default multiplier is 3.
3. interface type interface-path-id
4. hsrp bfd multiplier multiplier
5. Use one of the following commands:
DETAILED STEPSHot Restartability for HSRP
In the event of failure of a HSRP process in one active group, forced failovers in peer HSRP active router groups should be prevented. Hot restartability supports warm RP failover without incurring forced failovers to peer HSRP routers for active groups.
Configuration Examples for HSRP Implementation on Software
This section provides the following HSRP configuration examples:
Configuring an HSRP Group: Example
The following is an example of enabling HSRP on an interface and configuring HSRP group attributes:
configure router hsrp interface TenGigE 0/2/0/1 hsrp 1 ipv4 1.0.0.5 commit hsrp 1 timers 100 200 hsrp 1 preempt delay 500 hsrp priority 20 hsrp track TenGigE 0/2/0/2 hsrp 1 authentication company0 hsrp use-bia commitConfiguring a Router for Multiple HSRP Groups: Example
The following is an example of configuring a router for multiple HSRP groups:
configure router hsrp interface TenGigE 0/2/0/3 hsrp 1 ipv4 1.0.0.5 hsrp 1 priority 20 hsrp 1 preempt hsrp 1 authentication sclara hsrp 2 ipv4 1.0.0.6 hsrp 2 priority 110 hsrp 2 preempt hsrp 2 authentication mtview hsrp 3 ipv4 1.0.0.7 hsrp 3 preempt hsrp 3 authentication svale commitAdditional References
Related Documents
The following sections provide references related to HSRP
Related Topic
Document Title
QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples
Quality of Service Commands on Cisco IOS XR Modular Quality of Service Command Reference for the Cisco XR 12000 Series Router
Class-based traffic shaping, traffic policing, low-latency queuing, and Modified Deficit Round Robin (MDRR)
Configuring Modular Quality of Service Congestion Management on Cisco IOS XR Modular Quality of Service Configuration Guide for the Cisco XR 12000 Series Router
WRED, RED, and tail drop
Configuring Modular QoS Congestion Avoidance on Cisco IOS XR Modular Quality of Service Configuration Guide for the Cisco XR 12000 Series Router
HSRP commands
HSRP Commands on Cisco IOS XR IP Addresses and Services Command Reference for the Cisco XR 12000 Series Router
master command reference
Cisco IOS XR Commands Master List for the Cisco XR 12000 Series Router
getting started material
Cisco IOS XR Getting Started Guide for the Cisco XR 12000 Series Router
Information about user groups and task IDs
Configuring AAA Services on Cisco IOS XR System Security Configuration Guide for the Cisco XR 12000 Series Router
MIBs
Technical Assistance
Description Link The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.