%HSRP% Archives %%page%%

Tag Archive for 'HSRP'

CCIE Command Memorizer

Published

on September 12, 2008

. 2 Comments

About a two weeks ago David Bombal from Configure Terminal contacted me about doing a write up for CCIE Command Memorizer. As a current CCNP student there is obviously some of the CCIE content that still goes over my head but most of the stuff I am fairly okay with. David didn’t seem to mind that I wasn’t a CCIE as yet and I sure didn’t mind giving CCIE Command Memorizer a spin so below are my thoughts and feelings.

During my initial research on the CCIE Command Memorizer I found that CCIE Command Memorizer was geared towards the CCIE Routing and Switching (R&S) Lab. When I received the application Monday two weeks ago my initial impression was that it covers without many frills and spills in an effective and efficient manner the commands in a Do-It-Yourself fill in the blanks task to objective orientated format. There is no round-about, search for things “what now” moments; everything is straight and to the point. Another bonus is that the download isn’t enormous either.

The CCIE Command Memorizer application itself is written in an e-book format, which works for the content and in that format. If like myself you like using the keyboard when you get going on command line (IOW dislike moving between the mouse+keyboard) some of the shortcuts might feel “off” and take a bit to get use to. Take heart that once you get going it all starts flowing like second nature.

My feelings on how the CCIE Command Memorizer would fit into my studies it that as a study tool / study aid as it helps you practice commands anywhere at any time as long as you have your notebook handy (face it as a CCNP I realize I am a Geeks and my notebook goes on holiday with me so this pretty much means anywhere). My current situation with a LAB is that I am busy getting racks, cabling, and other kit together to put a LAB up, the actual LAB is non-existent. In my situation the CCIE Command Memorizer is my stop-gap for actual “command” time practice as I don’t really have kit and at times no block time to zero in on a specific Technology Area and do some quick revision work with a specific focus only on that technology. This is different from the LAB where you need to setup and configure peripheral services and technologies to get to the meat close to the bone, CCIE Command Memorizer lets you focus ONLY on those parts to give you practice on those parts.

In my opinion students that would find the CCIE Command Memorizer useful would be individuals who have problems with instant recall of information when under stress or duress (people with classic test condition issues that forget as they walk through the door when in normal day-to-day they are Uber networkers) and students who need to drill things to remember (repetition, repetition, repetition) information to get it to pass from short term into long term memory (this one would be me). Most other students may also find it handy to bridge the book theory and lab practical (where you just went through the theory to quickly go over the practical again to cement the knowledge just a bit more).

From my perspective as a CCNP student the CCIE Command Memorizer shares most (if not all) of the content material with the CCNP that I cared to check up on. In the two weeks I have been working through EIGRP and OSPF (notes to follow shortly) for the BSCI. Everything I covered in theory the CCIE Command Memorizer covered + some more.

To close off for those who want a one-size-fits-all study solution don’t mistake the CCIE Command Memorizer for something it wasn’t built to be. The CCIE Command Memorizer is a STUDY TOOL / STUDY AID and not a “Complete Blended Solution” or All-In-One (aio) Product like the guys from IP Expert offer. This will mean that you will probably either attend classes from a Cisco Learning Partner and/or do labs at home or through a Rack Rental Company and/or also have Cisco Press books that will ADD TO THE VALUE the CCIE Command Memorizer.

In summation I suggest taking a serious look at the CCIE Command Memorizer and how to integrate it into your study plans. Taking all things into consideration I would seriously recommend the CCIE Command Memorizer even to current CCNP level students. The value add is easy to find and it helps to have something that you can take along as you travel that does command line study effectively without the need to spend hours on “setting up other things” before you get to play with advanced topics.

Planning Voice on a Data Network

Published

Deon Botha

on May 21, 2008

in BCMSN, Certification, Cisco Systems and VoIP

. 0 Comments

There are numerous benefits to packet switched telephony:

More efficient use of bandwidth and kit: Traditional telephony networks use a 64-kbps (For argument lets say 1B Channel on a ISDN line) channel for every voice call. Packet telephony shares bandwidth among multiple logical connections and offloads traffic volumes from existing voice switches.
Lower costs for telephony network transmissions: A substantial amount of equipment is needed to combine 64-kbps (ISDN) channels into a high-speed link for transport across a network (Lets say an ISDN PRI). Packet telephony statistically multiplexes voice traffic alongside data traffic. This consolidation represents substantial savings on CAPEX and OPEX.
Consolidated voice and data network expenses: Data networks functioning separately from voice networks become major traffic carriers. The underlying voice networks can be converted to utilize the packet-switched architecture to create a single integrated communications network with a common switching and transmission system. The benefit is CAPEX and OPEX savings.
Increased revenues from new services: Packet telephony enables new integrated services, such as broadcast-quality audio, unified messaging, and real-time voice and data collaboration. These services increase employees productivity and profit margins well above those of basic voice services. In addition, these services enable companies and service providers to differentiate themselves and improve their market position.
Greater innovation in services: Unified communications use the IP infrastructure to consolidate communications methods that were previously independent (Fax, voicemail, email, wireline telephone, cellular phone, and the web). The IP Infrastructure provides users with a common method to access messages and initiate real-time communications – independent of time, location, or device.
Adding to new communications devices acket technology can reach devices that are largely inaccessible to the time-division multiplexing (TDM) infrastructures of today (pcs, wireless devices, household appliances, PDAs). Access to these devices enable companies and service providers to increase the volume of communications they deliver, the breadth of service they offer, and the number of subscribers they serve. Packet technology, therefore, enables companies to market new devices, including videophones, multimedia terminals, and advanced IP Phones.
Flexible new pricing structures: Companies and services providers with packet-switched networks can transform their service and pricing models. Because network bandwidth can be dynamically allocated, network usage no longer needs to be measured in minutes or distance. Dynamic allocation gives service providers the flexibility to meet the needs of their customers in ways that bring them the greatest benefits.

The basic components for voice on a IP network are as follows:

IP Phones: The end-device on desks
Gatekeeper: Provides Connection Admission Control (CAC), bandwidth control and management and address translation.
Gateway: Provides translation between voice over Internet Protocol (VoIP) and non-VoIP networks, such as the public switched telephone network (PSTN). It provides physical access for local analog and digital devices (telephones, fax machines, and PBXs)
Multipoint Control Unit: Provides real-time connectivity for participants in multiple locations to attend the same videoconference or meeting.
Call Agent: Provides call control for IP Phones, CAC, bandwidth control and management, and address translation.
Application Server: Provides services such as voicemail, unified messaging, and Cisco CallManager Attendant Console.
Videoconference Station: Provides access for end-users participation in videoconferencing. This station has a video camera and a microphone. The user can view video streams and hear the audio that originates from the remote user station.

There are other components not listed here like voice applications, interactive voice response (IVR) systems, and softphones that meet the specific needs of enterprise.

Voice and Data Traffic Characteristics

Voice traffic has extremely stringent QoS requirements (because it is extremely delay sensitive). Voice traffic generates a smooth demand on bandwidth and has minimal impact on other traffic (60 – 120 bytes), as long as voice traffic is managed. Because of the resulting time sensitive nature User Datagram Protocol (UDP) is used to package voice packets; TCP retransmit capabilities have no value (because if it needs to be retransmitted then there is delay in the actual conversation occuring NOW).

For voice quality, delay should be no more than 150ms (one-way) and less than 1% packet loss. A typical voice call requires 17 – 106 kbps of guaranteed priority bandwidth, plus additional 150bps per call for voice-control traffic. Multiplying this out for the maximum calls expected during busiest times the overall bandwidth requirements for voice traffic can be calculated.

Because Data traffic is not as delay sensitive and can tolearate high drop rates the restransmit capabilities of TCP has become important, as a result many applications use by default TCP.

In networks, important business critical applications are ussually easy to identify. Most applications can be identified based on TCP or UDP port numbers (HTTP, HTTPS, FTP, TELNET, SQL, ETC). Some application use dynamic port numbers that, to some extent, make classification more difficult. Cisco IOS software supports network-based application recognition (NBAR), which can be used to recognize dynamic port applications.

VoIP Call Flow

As I mentioned in a previous post (see HSRP Accross Trunk Links) and some other places its best practice to setup voice and data on separate VLANs (I did in my own network). This is done so that QoS can be applied to prioritize the VoIP traffic as it traverses the network. If this is not done then voice and data traffic contend for available traffic without consideration for other devices (one or the other is going to suffer).

A major component of designing a successful IP Telephony network is bandwidth provisioning. The bandwidth requirement is calculated by adding the total required bandwidth for voice, video and data together; the sum should not be more than 75% of the link total.

For a traffic perspective IP Telephony consists of two types of traffic:

Voice Carrier Stream consists of Real-Time Transport Protocol (RTP) packets that contain actual voice samples.
Call Control Signaling that contains packets belonging to one of several protocols used to set up, maintain, tear down, or redirect calls. Depending on the end-point this could be H.323 or Media Gateway Control Protocol (MGCP)

Auxiliary VLANs

Some Cisco Catalyst switches offer a unique feature called “Auxiliary VLAN“. This feature allows one to overlay a voice topology over an existing data network. One can segment phones into a separate logical network, even though the data and voice network are physically the same.

The auxiliary VLAN feature places the phones into their own VLANs without any end-user configuration. Additionally VLAN assignment can be maintained even if the phone is moved.

How this works is that when a phone is plugged into the switch (whichever port), the phone will request a DHCP address, and the phone is placed in a VLAN automatically. With phones in their own VLANs administrators can troubleshoot and identify problems easily. This also makes enforcement of QoS and security policies easier.

QoS

QoS is the application of features and functionality required to actively manage and satisfy the networking requirements of applications that are sensitive to loss, delay and delay variations (jitter). QoS allows preference to be given to critical application flows for the available bandwidth.

Cisco IOS implementations allows for QoS to provid these features:

Priority access to resources: QoS allows administrators to control which traffic it allows to access specific network resources such as bandwidth, kit, and WAN links.
Efficient management of network resources: If network management and accounting tools indicate that specific traffic is experiencing latency, jitter, and packet loss, then QoS tools can be used to adjust how traffic is handled.
Tailored service: The control provided by QoS enables Internet Service Providers to offer carefully tailored grades of service to their customers.
Coexistance of mission-citical applications: QoS technologies ensure that mission-critical applications receive priority access to network resources while providing adequate processing for applications that are not delay sensitive.

High Availability

Traditional Telephony networks strive to provide 99.999 (5.25 minutes) of downtime a year. This is less downtime than most data networks. To provide the same experience this means choosing hardware and software with a low mean time between failure (MTBF) or installing redundant links and hardware.

Availability is when a user wants to make a call the network is able to respond to that need. Efforts to ensure availability would include proactive management to predict failure and taking steps to correct problems in design of the network as it grows. When the converged network goes down things downtime can be minutes, hours or days. This is unacceptable in a converged network where downtime means no phone calls. Providing for uninterpretable power supplies (UPS), lighting arrestors and other means to ensure availability at all costs.

High Availability encompases many areas of a network. In a fully redundant network these components need to be duplicated:

Servers and call managers,
Acces layer devices (layer-2 switches)
Distribution layer devices (routers or Layer-3 switches)
Core layer devices (layer-3 switches)
Interconnections (WAN links, PSTN Gateways, ISP links)
Power supplies and UPSs

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

Gateway Load Balancing Protocol (GLBP)

Published

Deon Botha

on May 9, 2008

in BCMSN, Certification, Cisco Systems, Concepts and Constructs and GLBP

. 2 Comments

Both Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) provide gateway resiliency. A drawback of both abovementioned protocols would be that any non Active/Master member routers have wasted bandwidth as they are idle in standby mode and don’t participate in the forwarding process.

As discussed in the HSRP post and the VRRP post only Active/Master members forward traffic for a particular virtual router group. Some load balancing/sharing can be done through creating multiple groups & gateways for end-devices (as discussed in the end of each of the above posts) but it is admintastic administratic (I had to throw that in somewhere, I loved that definition).

So now in comes the Cisco designed Gateway Load Balancing Protocol (GLBP) to allow automatic selection and simultaneous use of multiple available gateways in addition to automatic failover between gateways. Multiple routers share the load of frames that, from end-device prespective, are being sent to a single default gateway (DG).

Functions

GLBP Active Virtual Gateway (AVG): Members of a GLBP group elect one gateway to be the AVG for the group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable. The AVG assigns a virtual MAC address to each members of the GLBP group.

GLBP Active Virtual forwarder (AVF): Each gateway assumes responsibility for forwarding packets that are sent to the virtual MAC address assigned to that gateway by the AVG. These gateways are known as AVFs for their virtual MAC address.

GLBP communication: GLBP members communicate between each other through hello messages sent adverts 3 (three) seconds to the multicast address 244.0.0.102, User Datagram Protocol (UDP) port 3222 (UDP:3222).

Features

Load Sharing:GLBP can be configured in such a way that traffic from end-devices can be shared between multiple routers, thus sharing traffic more equitably between available routers.

Multiple Virtual Router: support for up to 1024 virtual router (GLBP Groups) on each physical interface of a router and up to four virtual forwarders per group.

Preemping: The redundancy scheme of GLBP enables you to preempt an AVG with a higher priority backup virtual gateway that has become available. Forwarders preemption works similarly except it works with weighting and not priority and is enabled by default.

Efficient resource utilization: GLBP makes it possible for any router in a group to serve as a backup, this eliminates the need for a dedicated backup router because all available routers can support network traffic.

Operations Process

A GLBP group elect one router as the AVG, the other routers provide backup for the AVG should it become unavailable. The AVGs role is to assign a virtual MAC address to each member of the GLBP group. All routers become AVFs in the GLBP group for frames addressed to the virtual MAC address.

As end-devices then sent Address Resolution Protocol (ARP) requestsfor the address of the DG, the AVG sends these virtual MAC addresses in the ARP replies. A GLBP group can have up to four group members.

GLBP supports these operational modes for load balancing traffic across multiple default routers servicing the same DG IP Address:

Weighted load-balancing algorithm:the load directed to a router is dependant on the weighting advertised by that router.

Host-dependant load-balancing algorithm: a host (end-device? or router?) is guaranteed to use the same virtual MAC address as long as that virtual MAC address is participating in the GLBP group.

Round-robin load-balancing algorithm: As cleints send ARP requests to resolve the MAC address of the DG, the reply to each client contains the MAC address of the next possible router in round-robin fashion. All router MAC addresses take turns being included in address resolution replies for the DG IP address.

Configuration

switch(config)#interface vlan 10 switch(config-if)#ip address 192.168.10.1 255.255.255.0 switch(config-if)#glpb group-number ip virtual-ip-gateway-address switch(config-if)#glpb group-number timers {msec} hello-value {msec} holdtime-value

Implementation

Switch A switchA(config)#interface vlan 10 switchA(config-if)#ip address 192.168.10.1 255.255.255.0 switchA(config-if)#glbp 1 ip 192.168.0.200 switchA(config-if)#glbp 1 priority 150 switchA(config-if)#glbp 1 timers msec 250 msec 750

Switch B switchB(config)#interface vlan 10 switchB(config-if)#ip address 192.168.10.2 255.255.255.0 switchB(config-if)#glbp 1 ip 192.168.10.200 switchB(config-if)#glbp 1 priority 100 switchB(config-if)#glbp 1 timers msec 250 msec 750

Notes and Notices:

Virtual Router Redundancy Protocol (VRRP)

Published

Deon Botha

on May 6, 2008

in BCMSN, Certification, Cisco Systems, Concepts and Constructs and VRRP

. 1 Comment

The previous post dealt with Hot Standby Router Protocol (HSRP) that is a Cisco Proprietary protocol, when dealing with a mixed networking environment, the added features and IEEE compatibility of Virtual Router Redundancy Protocol (VRRP) could be used.

VRRP similar to HSRP allows for two or more routers to be grouped forming a virtual router. In VRRP like HSRP one router is elected to handle end-device requests to the virtual IP address. Review HSRP for the concepts. In VRRP there is Master Router and one or more Backup Router(s).

VRRP and HSRP differ in these ways:

VRRP is an IEE standard (RFC 2338) for router redundancy whereas HSRP is Cisco Proprietary.
The Virtual Router, representing a group of routers is known as a VRRP Group.
The Active Router is referred to as the Master Virtual Router.
The Master Virtual Router may have the same IP Address as the Virtual Router Group.
Multiple routers can function as Backup Routers.
VRRP is supported on Ethernet, Fast Ethernet, Gigabit Ethernet; and on Multiprotocol Label Switching (MPLS) virtual Private Networks (VPNs) and VLANs.

VRRP offers these redundancy features:

VRRP provides redundancy for the real IP address of a router or for a Virtual IP address shared among the VRRP group members.
If a real IP address is used, the router with that address becomes the master. If a Virtual IP Address is used, the master is the router with the highest priority.
A VRRP group has one master router and one or more backup routers. The master router uses VRRP messages to inform the group members that it is the master.

VRRP Operation

VRRP Operation

Like always I work better with pictures. Take note (NB) there aren’t exactly district areas (distribution, access) for this network diagram but I like boxing things into areas for my own benefit. To get those distinctions one would have to get a Access switch (Layer-2). The figure shows VRRP is configured so that routers A and B share the load of default gateway for end-devices. Routers A and B act as backup for each other should either one fail.

In the diagram two routers groups are configured. Virtual Router 1 (router A) and Virtual Router 2 (router B). Router A owns 192.168.0.1 and is backup for 192.168.0.2 and Router B owns 192.168.0.2 and is backup for 192.168.0.1

As discussed in the introduction of the post, the IP address of the VRRP group is the physical interface of one of the group members, the router that owns that address will be the Master Router of that group. Its priority is set to 255. The Backup router priority will therefore be set between 1 and 254; default is 100. The priority value of 0 has special meaning in that when 0 the current Master Router has stopped and Backup Routers must transition quickly to Master without having to wait for the Master Router to time out.

In VRRP only the Master Router sends advertisements (HSRP hellos). The master sends advertisements on multicast 244.0.0.18 protocol number 112 on a default interval of 1 second.

VRRP Transition

Dynamic failover, when the Master Router becomes unavailable, VRRP uses three timers:

Advertisement Interval: the time interval between advertisements (seconds). default 1 sec

Master Down Internal: the time interval for backups to declare the master is down (seconds). default 3 x advertisement interval + the skew time

The Stew Time: ensures the Backup router with the highest priority becomes the new master. (256 – priority / 256) milliseconds

VRRP configuration

Making the interface a member of a virtual group identified with the Virtual IP Address.

switch(config)#interface vlan 10 switch(config-if)#ip address 192.168.10.1 255.255.255.0 switch(config-if)#vrrp group-number ip virtual-ip-gateway-address switch(config-if)#vrrp group-number priority priority_value 1-255
Configure the master router with this parameter to advertise the value to the other group members
switch(config-if)#vrrp group-number timers advertise timres-value
Configure the non-master routers with this parameter to learn timer values from the master
switch(config-if)#vrrp group-number timers learn
Implementation

Switch A switchA(config)#interface vlan 10 switchA(config-if)#ip address 192.168.10.1 255.255.255.0 switchA(config-if)#vrrp 1 ip 192.168.0.199 switchA(config-if)#vrrp 1 priority 150 switchA(config-if)#vrrp 1 timers advertise 4
Switch B switchB(config)#interface vlan 10 switchB(config-if)#ip address 192.168.10.1 255.255.255.0 switchB(config-if)#vrrp 1 ip 192.168.10.200 switchB(config-if)#vrrp 1 priority 100 switchB(config-if)#vrrp 1 timers advertise 4

Notes and Notices:

Hot Standy Router Protocol (HSRP)

Published

Deon Botha

on May 5, 2008

in BCMSN, Certification, Cisco Systems, Concepts and Constructs, HSRP, Hot Standby Router Protocol and Trunk

. 8 Comments

Hot Standby Router Protocol (HSRP) is the protocol mentioned in the previous post that rolls gateways, Proxy ARP and redundancy into one “protocol”.

HSRP defines a group of standby routers, with one active router. The protocol (HSRP) provides gateway redundancy by sharing an IP and MAC Address between the redundant gateways; this is all done transparently to the end-devices.

A HSRP group comprises of these “entities”:

One Active Router – the router that is currently forwarding packets for the virtual router
One Standby Router – The primary backup router for the virtual router
One Virtual Router – The set of routers participating in HSRP that jointly emulate a virtual router
Other Routers

An HSRP group is not a virtual router look carefully at the table, one of the HSRP elements that makes up the group is a virtual router.

HSRP Operation – Virtual Router

The virtual router is what the end-devices use for communicating with the “gateway”. This is the IP and MAC Address configured on the end-devices. NB The virtual router processes no physical frames.

HSRP Operation – Active Router

An HSRP group has one elected active router that physically forwards packets sent to the virtual router MAC address. This means that this active router responds to traffic.

If an end-device sends an ARP request to the virtual router IP Address, the active router replies with the virtual router MAC Address.

The HSRP active and standby routers send hello messages to the multicast address 224.0.0.2 User Datagram Protocol (UDP) port 1985

HSRP Operation – Standby Router

The function of the standby router is to monitor the operation of the HSRP group and quickly assume the packer-forwarding responsibility if the active router goes down.

The HSRP active and standby routers send hello messages to the multicast address 224.0.0.2 User Datagram Protocol (UDP) port 1985.

HSRP Operation – Other Router

There are or could be other routers in the HSRP group that are neither active nor in standby, these routers monitor the hello messages and ensure that an active and standby route exist. These “other” routers issue speak messages at every hello from the active and standby router. These routers forward packets addressed to their own IP Addresses but they do not forward packets for the virtual router.

HSRP Operation – Active and Standby

Because an HSRP group has at least two routers there is at least an active and standby router in the group at any one time.

When the Active Router fails the other routers stop seeing hello messages from the Active Router. The standby router will then assume the active role in this case. If there are other routers in the HSRP group they will then contend to become the new standby router.

In the unlikely event that both the active and standby router fails, all routers in the group will contend for the active and standby roles.

The settings that can be set for message intervals and delays as outlined below:

Hello Message Interval – Interval between successive HERP hello messages from a router is default 3 seconds.
Hold interval time – interval between receipt of hello and presumption that sending router has failed is default 10 second.

HSRP and ARP

The IP and MAC Address of the virtual router is maintained in each of the HSRP groups ARP tables. The command used to view the ARP cache on a Cisco Catalyst multilayer switch is:
switch#show ip arp
The output as I mentioned will show the ARP cache in a table output; the MAC Address will be in the following format, notice that end-devices have the starting digits normally 01 while the virtual router has a starting digit of 00.

HSRP MAC Address

HSRP States

Initial – This is the state at the start, this state indicates that HSRP does not run. This state is entered through a configuration change or when an interface first comes up.
Learn – The router is neither active or standby, nor does it have enough information to claim the active or standby role.
Listen – The router knows the virtual router IP Address but is not active or standy. It listens to the hello messages.
Speak – The router sends periodic hello messages and actively participates in the election of active or standby router. A router cannot enter this state unless the router has the Virtual IP address.
Standby – The router is a candidate to become the net active router and sends periodic hello messages. There is at most one router in this state (except for transition periods).
Active – The router that forwards packets for the virtual router MAC Address (also replies to ARP requests to virtual routers IP Address). The router sends periodic hello messages. There must be one route in the active state in the group (except for transition periods).

HSRP State Transition

All routers begin in the initial state, this starting state indicates that HSRP is not running on the router, this state is entered into via configuration changes (when HSRP is first brought up, when no shutdown is used). The listen state is there for routers to determine if there are already active or standby routers in the HSRP group. In the peak state, routers actively participate in the election of active routers or standby routers.

Active Timer – Used to monitor the active router, resets any time a router in standby group receives a hello packet from the active router. This timer expires the same as the hold time value set in the HSRP hello message.
Standby Timer – Used to monitor the standby router, resets any time a router in standby group receives a hello packet from from the standby router. This timer expires the same as the hold time value set in the respective packet.
Hello Timer – Used to clock hello packets, all HSRP routers in any HSRP state generate a hello packet when this timer expires.

Configuration

I created a fictional network because I work better when I can “see” what is going on, in the example you have a “distribution” and access portion of the network.

From top down you have two distribution multilayer switches connected to the single layer-2 switch that feeds out three end-devices (workstations in this case). Now the task is to configure HSRP on the MLSs at the distribution level. This will enable the end-devices to be configured with a single IP Address for a gateway and transparent failover should something go wrong.

HSRP Example

We start off with configuring HSRP on an interface (this includes the group number). The IP Address is that of the virtual gateway (default group number is 0). To disable add no to the front of the command.

switch>enable switch#config term switch(config)#interface gigabitethernet 0/1 switch(config-if)#standby 0 ip 192.168.0.1

To verify configuration of HSRP there is two commands. The first will show the configuration for everything so you can check all config.

switch#show run

The second command is standby (HSRP) specific, add commands (use ? to minimize on the amount of output)

switch#show standby

Note: While running HSRP, the standby routers IP address must not be visible (discovered or discoverable) to the end-devices. Any protocol that informs end-devices of routers actual IP Addresses must be disabled. When enabling HSRP on Cisco Catalyst Routers the interface auto disables Internet Control Message Protocol (ICMP) redirects (This causes problems later on).

HSRP Optimization

On Cisco Catalyst Layer-3 switches there are options available (optimization features) to take the guess work out of HSRP configuration and operations. HSRP options available:

Standby priority - Allows the network admin to control the order in which active routers for a group is selected.
Standby preempt - allows a router to regain its role of active router even if there is an existing active router on a segment.
Hellow message timer adjustment - configure the time between hello packets and the time before other routers declare active routers are down
HSRP Interface Tracking - interface configuration command ties the router hot standby priority to the availability of its interface and is useful for tracking interfaces that are not configured for HSRP.

Standby Priority

As explained each HSRP group has its own active and standby routers. A Network Admin can assign a priority to each router in the group allowing the admin to actively control in which order what router will assume active router status.

The router with the highest priority will become the HSRP group active router. In cases of a tie, the router with the highest configured IP address will become the HSRP group active router.

The command for this is (to reset to default no standby priority):
switch(config-if)#standby 1 priority priority-value

As with life there are exceptions and problems. In a network environment where as an example over time new equipment was added, lets say the old equipment is being used as failover standby kit. So lets say an 877 Series Router is standby for a 2851 Series. The speed difference between the routers would determine the HSRP Active router (the one that boots up first) and not the priority value UNLESS preempt is configured.

The command for this is:
switch(config-if)#standby 1 preempt

Standby Preempt

As explained in the paragraph above the command standby group-number preempt allows the network admin (you, me or whoever) to configure a HSRP group to respect the standby group-number priority.

Using my above example of our mixed router network (routers purchased over time as the business grew with demand), lets say that the 2851 router is configured to be our Active router (highest priority, highest IP address combination), with the 877 as standby.

If something were to happen or go wrong with the 2851, the natural progression would be 877 becomes the Active Router. When the 2851 comes back online unless something happens to the stability of the network again causing the 877 to fail the 2851 won’t become the active router (EVEN if it has a higher priority and IP address).

This is where standby group-number preempt comes in where the former active router is configured to resume the forwarding (active router) position role by preempting a router with a lower priority.

Now that we have a predictable failover and “recovery” what happens when maintenance occurs? In the boot process some interfaces and processes take longer than others. Optimally we want all interfaces and all processes stable before rejoining the HSRP group and becoming the Active Router.

To do this, measure the boot time (stopwatch) and set the HSRP preempt delay to a value 50 percent greater than the boot time. This ensures that the primary distribution switch establishes full connectivity to the network before HSRP communication occurs.

switch(config-if)#standby 1 preempt switch(config-if)#standby 1 delay minimum 180

HSRP Message Timers

The hello message contains the priority of the router and also the hellotime and holdtime parameter values.

hellotime holds the interval between the hello messages that the router sends.
holdtime holds the amount of time that the current hello message is considered valid.

The standby timer includes an msec parameter to allow for subsecond failover. Lowering the hello timer results in increased traffic for hello messages and should be used with caution.

The procedure is that when a router sends a hello message( every 3s), a receiving router considers that hello message to be valid for one hold time(every 10s). The holdimte value should be at least three times (x3) the value of the hellotime. the holdimte value must be greater than the value of the hellotime.

default HSRP hellotime 3 seconds

default HSRP holdtime 10 seconds

This means that failover could be as much as 10 seconds before communication is restored and end-devices begin communicating with a new gateway. The hellotime and holdtime intervals must be identical for ALL DEVICES in a HSRP group.

The configuration is with the 1 being the group-number, hellotime in seconds, holdtime in seconds both from 1 to 255 (to disable no standby group-number timers):
switch(config-if)#standby 1 timers [msec] hellotime holdtime

As said the HSRP hellotime and holdimte can be set in millisecond values so that HSRP failover occurs in less than 1 second.

switch(config-if)#standby 1 timers msec 250 msec 940

HSRP Interface Tracking

In some cases the status of an interface will directly affect which router needs to be the active router. This is true when each router in an HSRP group has a different path to different resources within a campus. Especially considering that some resources are more important than others in some topologies.

HSRP Interface Tracking The network diagram depicts two distribution areas connected via links A and B.

If the HSRP Active Router link between the buildings (A) were to KONK then a Internet Control Message Protocol (ICMP) redirect would be sent to the standby router to notify it of the problem; problem being that in HSRP ICMP is disabled.

So neither Active Router nor the Virtual Router sends a ICMP redirect. Added to that the Active Router link A remains down and is not able to send/receive packets yet the active router still communicates hello messages out link AA because, the router is still functioning fine, the link AA stil works (connection to Standby Router); i.e. there is no problem right?

To solve this problem interface tracking enables the priority of a router to be automatically adjusted dependant on a tracked interface of that router. So when a tracked interface on that router becomes unavailable (like in the example), the priority is adjusted (plus x or minus x depending on whether an interface comes online or goes offline).

So to restate the example with interface tracking if link A were to down (tracked interface) then the router automatically decreases the priority on that router and stops transmitting hello messages on AA. The standby Router assumes the Active Router role when no hello messages are detected (i.e. Standby Router assumes a failure) and takes over the building link.

Problem Solved.

To implement this use the following command string, standby group-number track interface 0/0 priority. This can be configured on a VLAN or a interface. Shown below is the application to an interface VLAN change the VLAN for a interface gigabitethernet 0/1

To disable this command use no standby group-number track:
switch(config)#interface vlan10 switch(config-if)#standby 1 track gigabitethernet 0/1 30

NB: preempt must be configured on all interfaces within this HSRP group.

The priority command is the value that HSRP will be decrements (minus) when disabled and incremented (plus) if enabled. The default is 10.

HSRP Load Sharing

All examples up until now have been a single HSRP group with a single “network”. This will allow for a single router (Active Router) in the HSRP group to forward packets for the virtual router for the entire network.

To facilitate load sharing where both routers participate in a HSRP group (see network diagram). In the example diagram a single router could be a member of both Groups. There can be up to 255 standby groups on a LAN but the needed groups should not be more than the number of needed Active Routers (in this case 2).

If a Router has to participate in more than one group, it increases the load on the router and thus decreases performance. If you want to be funny and use 255 groups then expect heavy performance impact.

The config for this would look something like this:
switchA(config)interface VLAN 10 switchA(config-if)ip address 192.168.0.32 255.255.255.0 switchA(config-if)no ip redirects switchA(config-if)standby 1 priority 150 switchA(config-if)standby 1 ip 192.168.0.100 switchA(config-if)standby 2 priority 50 switchA(config-if)standby 2 ip 192.168.0.110
Then on the other router:
switchB(config)interface VLAN 10 switchB(config-if)ip address 192.168.0.33 255.255.255.0 switchB(config-if)no ip redirects switchB(config-if)standby 1 priority 150 switchB(config-if)standby 1 ip 192.168.0.100 switchB(config-if)standby 2 priority 50 switchB(config-if)standby 2 ip 192.168.0.110
HSRP Accross Trunk Links
HSRP Per Vlan Load Sharing To start getting more practical (this is basically how Ive setup my network) with a distribution area feeding to an access area with multiple VLANs; I have each end-device in a separate VLAN (meaning each workstation in a VLAN in a range, each IP Phone in a VLAN in a range, printers, server and so on) this is heavy overkill but I wanted practice when I did the setup and needed to do some repetitive config work to make it stick in my head.

By configuring HSRP over trunk (802.1Q or ISL), we can eliminate situations where a single point of failure causes traffic interruptions. This inherently provides improvements in overall networking resilience by providing load balancing and redundancy capabilities between subnets and VLANs should one of the Distribution layer links or routers fail.

What was said in the previous section still applies; For each VLAN, a standby group, an IP Address, and a single well-known MAC address with a unique group ID is allocated (but as mentioned keep the groups to a minimum for performance reasons).
To configure this:
switchA(config)interface VLAN 2 switchA(config-if)ip address 192.168.20.1 255.255.255.0 switchA(config-if)no ip redirects switchA(config-if)standby 1 priority 150 switchA(config-if)standby 1 ip 192.168.0.102 switchA(config)interface VLAN 3 switchA(config-if)ip address 192.168.30.1 255.255.255.0 switchA(config-if)no ip redirects switchA(config-if)standby 2 priority 50 switchA(config-if)standby 2 ip 192.168.0.103
Then on the other router:
switchB(config)interface VLAN 2 switchB(config-if)ip address 192.168.20.2 255.255.255.0 switchB(config-if)no ip redirects switchB(config-if)standby 1 priority 150 switchB(config-if)standby 1 ip 192.168.0.102 switchB(config)interface VLAN 3 switchB(config-if)ip address 192.168.20.2 255.255.255.0 switchB(config-if)no ip redirects switchB(config-if)standby 1 priority 50 switchB(config-if)standby 1 ip 192.168.0.103
HSRP Debug

The commands used to debug HSRP are as follows:
switch#debug standby [errors] [events] [packets]
switch#debug standby terse
To kill debug output
switch#no debug standby
switch#no debug all

Be aware that debug processes are assigned a high CPU priority and any command that will cause LOTS of output, like all HSRP messages display WILL render the system unusable and mean you will need to reboot the router. (If you didn’t save changes you will wish you did)

Notes and Notices:

References I want to remember

Hucaby, D. (2007). CCNP Self-Study: CCNP BCMSN Official Exam Certification Guide, Fourth Ed, Router Redundancy in Multilayer Switching (page. 318-347). Indianapolis: Cisco Press.

Routing Issues

Published

Deon Botha

on April 25, 2008

in BCMSN, Certification, Cisco Systems, Concepts and Constructs and Proxy ARP

. 1 Comment

This subject ties into the Campus Network Model and ECNM

Default Gateways

Typically when a default gateway is configured on network devices there is no means to configure a second default gateway (not always the case). On end-devices a single default gateway is typically configured (single IP Address) that does not change when the IP topology changes due to failure. If (or when) the router that is acting as default gateway fails the end device cannot send packets off the local network segment this would be the case even if there exists a back-up default gateway or network device (router or MLS) that could act as a secondary gateway.

Proxy Address Resolution Protocol (ARP)

The IOS software on Routers runs proxy ARP to provide end-devices with the routing option (MAC Address) of a gateway that is able to forward a packet off the local subnet.

With Proxy ARP, end-devices behave as if the destination device were connected to its own network segment.

If the default gateway router fails (responsible router), the source end-devices continue to send packets for the IP destination to the MAC Address of the failed router, and the packets are discarded.

Eventually, the Proxy ARP address will age out the end-devices ARP cache and the end-device may eventually acquire the address of another proxy ARP failover router (secondary gateway). During this time the end-device cannot send packets off the local segment. (RFC 1027)

Router Redundancy

With router device redundancy a set of routers (two or more) can present themselves as a single virtual router to end-devices on the LAN. By sharing an IP Address (layer-3) and a MAC Address (layer-2), two or more routers can act as a single “virtual” router.

The IP address of the virtual router will be configured as the default gateway for end-devices on a particular segment. When frames are to be sent from an end-device to the default gateway, the end-device will use ARP to resolve the MAC Address of the default gateway (which will return the virtual router MAC Address).

Frames in turn sent to the virtual router can be physically processed by any active or standby router that is part of that virtual router group. The physical router that receives the forwarded traffic is transparent to the end-device as the virtual router IP and MAC Address is presented to end-devices.

A protocol is used to identify two or more routers as the devices responsible for processing frames for the virtual router group. This redundancy protocol provides the mechanism by which the router determines what router will forward traffic and determines when that role must be taken by another router. This transition as with the processing is transparent to the end-user.

The next post will detail Hot Standby Router Protocol (HSRP) that will elaborate on this topic

Notes and Notices:

Network Ninja

Tag Archive for 'HSRP'

CCIE Command Memorizer

Planning Voice on a Data Network

Gateway Load Balancing Protocol (GLBP)

Virtual Router Redundancy Protocol (VRRP)

Hot Standy Router Protocol (HSRP)

Routing Issues

Search

About

Latest

Archives

Categories