Networking Basics: How to Configure HSRP with L3 Switching
The quick definition: Hot Standby Router Protocol (HSRP) is a Cisco protocol that provides host devices with redundant connectivity in a network. In other words, it's an automatic backup system. If connectivity fails on the primary router, then it'll immediately failover to a standby router.
What is Hot Standby Router Protocol (HSRP)?
Hot Standby Router Protocol (HSRP) prioritizes a series of routers as the primary and standbys for a group of devices on a subnet. If the primary router fails, the protocol will automatically connect to the router assigned the next-highest priority. Importantly, redundancy is initialized from the router, which means devices don't need to be configured individually.
What are Standby Groups in HSRP?
Your gateways, whether distribution layer switches or routers connecting to the internet, are going to be organized into standby groups. Standby is the keyword in Hot Standby Router Protocol (HSRP). Everything you do in HSRP has the word "standby."
When you configure the virtual IP address, it will be the "standby IP." When you use the #show command to verify, it will be "# show standby." With the debug command, it will be "# debug standby."
Only one of the gateways you configure will be active — and you should think about it as the primary gateway because it's servicing the request for the virtual IP address and MAC address. The other ones will be standby. So, whether you have one backup or five different backups, they'll all be considered standby and there will be one active or one primary.
What are HSRP Hello and Hold Timers?
HSRP uses two types of timers — hello and hold timers — to ensure redundancy among routers. The hello timer sends multicasts, or hello packets that broadcast status and priorities every three seconds. By default, if you don't tune in anything, the active and standby routers will say "hello" to each other once every three seconds. The hold timer tells the standby router when to take over. The standby router becomes active when it hasn't received a hello packet from the primary router in 10 seconds. So, worst case scenario, you've got 10 seconds before a standby router takes over and the timer settings can be lowered.
How Do You Read an HSRP Virtual MAC Address?
Cisco bought a bunch of MAC addresses that they use for their devices. Each section of the HSRP MAC address represents a different piece of information — vendor ID, HSRP version identifier, and standby group number.
First six characters: 0000.0C, Cisco vendor designation
Middle four characters: 07.AC, HSRP version (in this case version one)
Last two characters: xx, standby group number
For the HSRP standby groups, you can use 0 through 255, which means you can have 256 HSRP groups.
How to Set HSRP Standby Group Priorities
HSRP is all about priorities. If your top priority router fails, then HSRP will be looking for the next-highest priority router. That's something you need to set.
First, you'll want to tell your switch that it's part of a standby group:
# standby 1 ip 172.30.70.2
Next, you'll want to set active and standby groups. With this command, you're assigning the primary router. The default HSRP priority is 100, so you'll need to assign the primary router a higher priority than the standby. In this case, we're designating this group as active with a 110 priority:
# standby group 1, priority 110
The switch with the highest priority is active. The standby switches are lower. How much lower is up to you, but it's important to carefully plan increments for something called interface tracking.
What is HSRP Interface Tracking?
HSRP allows multiple router interfaces to act and appear as one virtual router. But, what happens if one of those machines go down, but the HSRP switch is still operating? You need to reduce the priority of the switch.
For instance, take a look at the diagram below. If the HSRP switch (172.30.70.2) is still functioning, but the Fast Ethernet 0/1 connection (VIP: 172.30.80.1) to that switch goes down, then you'll want the system to failover to standby.
Without interface tracking, the system would route around the problem through the standby switch (172.30.70.3) back to the active switch. You don't want that. Instead, interface tracking reduces the priority number of the active router, so it fails over to the second switch while the connection is down.
When configuring interface tracking, you'll need to think about how many priority points to subtract to trigger a failover. Let's look back at the previous scenarios.
The active switch (172.30.70.2) is priority 110.
The standby switch (172.30.70.3) is priority 100.
If FastEthernet 0/1 is critical to your topology and it fails, then you'll need to subtract (or decrement) enough priority points to ensure a failover to the standby switch. In this case, you'll want to subtract at least 20 points.
To configure HSRP interface tracking for FastEthernet 0/1 in Cisco IOS, use these commands:
# standby 1 track fa0/1 20
Should FastEthernet 0/1 (fa0/1) fail, interface tracking will reduce the active switch (172.30.70.2) priority by 20 points. You'll also want to use the preempt commands with the track command.
What is HSRP Preempt?
We also need to emphasize the preempt command with tracking. Preempt should be configured on both the active and the standby switches. With this command, you're telling your switch, "If another switch's priority goes below yours, take over."
If you don't configure preempt, the switches will decide which switches are active and standby at boot time rather than real-time. That's not useful. Instead, preempt ensures the standby switch takes over immediately without requiring a reboot.
One of the dangers of preempting is you could have a rapidly rebooting router. Sometimes, when the hardware is starting to go bad it starts rebooting again and again. If preempt is configured, the standby will keep getting activated again and again and again. Every single time it does that, it's causing an outage. To protect against rapidly rebooting routers, you should add a little delay to your preempt command.
How Long Should I Delay HSRP Preempt?
Cisco recommends taking the router boot time and divide by two. For instance, if your router's boot time is 120 seconds, then the preempt delay would be 60 seconds. That means your switch must be alive and healthy for 60 seconds before it takes over.
You should delay the hand over with HSRP preempt because the router needs a little time to breathe after booting. It still has to converge on OSPF, get all of its routes, and start affording packets.
CBT Nuggets HSRP Courses
With properly configured HSRP, failovers are seamless. Somebody could pull the plug on the primary and no one would notice. Even VoIP conversations would continue with minimal interference — as long HSRP is properly configured.
Tuning HSRP will provide redundancy and resiliency to your system. Use hello timers, interface tracking, and preempts to protect your system from catastrophic failure.
delivered to your inbox.