Monday, August 15, 2011

Configuring FHRP - HSRP

In any network, redundancy and high availability should be a top priority especially when it involves mission critical applications. In this blogtorial I am going to walk you through how to configure Hot-Standby Routing Protocol aka. HSRP. HSRP is a one of many First Hop Redundancy Protocol (FHRP). Note that HSRP is Cisco proprietary.

Consider the topology below and let's get started.



Objectives: 
  • Configure HSRP on R1 and R2 with authentication.
  • Enable failover in less than a second. 
  • R1 should be the active router and R2 should be on standby
  • If R1 goes offline, then R2 should take over and when R1 comes back online then R1 should take over. 
Relevant configurations are posted below so let's proceed.

First off, let's get R1 configured with everything we want. 

R1#sh run int gig1/0
interface GigabitEthernet1/0
 ip address 192.168.1.1 255.255.255.0
 negotiation auto

** IP address that should be floating **

 standby 1 ip 192.168.1.254 

** By default HSRP hello time is 3 seconds and hold time is 10 seconds and only the standby router monitors the hello messages. If we miss 3 hello packets then the standby (R2) router will assume the active role. In this configuration I have set the hello time to 200 millisecond and hold time to 3 times the hello-timer (600) for a faster failover. Note that this may add some overhead so configure these according to your environment. ** 

 standby 1 timers msec 200 msec 600 

** By default the HSRP priority is 100 and since we want R1 to assume the active role we will increase the priority to 150 ** 

 standby 1 priority 150

** By default preempt is turned off. Preempt states that if R1 goes down and come back up, then it should wait 30 seconds and then assume the active role. I am delaying the preemption by 30 seconds because I want to give R1 some time to populate its routing table. The delay comes in handy if you are running routing protocols on the router (OSPF/EIGRP/BGP etc). **

 standby 1 preempt delay minimum 30

** Configure authentication. Could be key-chain, key-string and md5 or plain-text. In here we are configuring md5 and key-string **

 standby 1 authentication md5 key-string HSRPRULES
end

Configure DHCP pool to hand out to the clients.

R1#sh run | sec dhcp
ip dhcp pool DHCP_DEFAULT
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.254
   dns-server 192.168.1.254

Now let's get R4 configured. Configuration is pretty much the same with a few minor changes.

R4#sh run int gig1/0
interface GigabitEthernet1/0
 ip address 192.168.1.4 255.255.255.0
 negotiation auto
 standby 1 ip 192.168.1.254
 standby 1 timers msec 200 msec 600
 standby 1 authentication md5 key-string HSRPRULES
end

Now everything should be working as configured. Let's verify.


As you can see R1 shows the Virtual Floating IP. It also shows that preemption is enabled and to delay it by 30 secs. It also shows who has been elected as the standby router (R4) and the active router's priority (150). Also notice that R2 arp cache shows that 192.168.1.254 is 0000.0c07.ac01. 0000.0c07.acXX is a well known HSRP mac address and XX is the HSRP group number in HEX. For example, if you configured 'standby 255 ip 192.168.1.254' then the HSRP group number would be 255 and the virtual mac-address would be 0000.0c07.acff.

Now let's shut off the interface gig1/0 on R1 and see if R2 will take over. 


Notice that soon as I shut the interface down, R2 has taken over the active role and R4 can still ping its default gateway / Virtual Floating IP (192.168.1.254). 

Now let's noshut the interface gig1/0 on R1 and see if R1 automatically assumes the active role.



Notice that as I noshut the interface after about seconds R1 goes from standby -> active role and R4 has assumed the standby role. R2 still has connectivity to the floating IP. 

Many more articles to come so stay tuned and "Join this site" on the right.