HSRP Object tracking

HSRP can track interfaces, which is pretty handy if they are tracking the WAN interface to get out the network. There are times when tracking the interface itself is not enough. This is a great example:
HSRPObject1 HSRP Object tracking

Our customer is running HSRP between 2 routers connected to his local LAN. All PC’s connected to his switch are using 10.1.1.254 as their default gateway. R1 is the primary HSRP router and R2 is the backup.

HSRP allows you to track an interface and lower the priority if this happens. So let’s say R1′s WAN interface goes down, HSRP will notice that, and allow R2 to take over the HSRP group. This allows the customer to continue to get to the cloud. A basic config here:
R1:

interface FastEthernet0/1
 description LAN
 ip address 10.1.1.1 255.255.255.0
 standby version 2
 standby 1 ip 10.1.1.254
 standby 1 priority 110
 standby 1 preempt
 standby 1 track FastEthernet0/0 65

R2:

interface FastEthernet0/1
 description LAN
 ip address 10.1.1.2 255.255.255.0
 standby version 2
 standby 1 ip 10.1.1.254
 standby 1 preempt
 standby 1 track FastEthernet0/0 50

What happens if the interface stays up though? In the above diagram, R1′s WAN interface connects to a switch. Now this could be a local switch or a 3rd party NTE (which often happens on leased lines) – The circuit from the switch to the cloud could be down, but the port between the router and switch are still up.HSRPObject2 HSRP Object tracking
As far as HSRP is concerned, that interface is up and healthy. All LAN PC’s will continue to send traffic to R1, but that traffic gets dropped at the switch. Another case is if you’ve got some sort of MPLS/VPLS solution with your provider. They could have a problem and all traffic is getting black-holed inside their network. But R1 still thinks the link is healthy and sends it on it’s way.

There is a better way of doing this.

IOS allows you to track object. An object could be an IP SLA instance. That IP SLA instance could very easily be an ICMP echo from another device in the cloud. See where I’m going here?

Assume R3 has a rock solid connection. We could assume is a big bad router with multiple power feeds on multiple phases with multiple WAN connections. 192.168.1.1 is the loopback of this device accessible from multiple connections. Basically we assume that 192.168.1.1 is ALWAYS available.

Let’s create an IP SLA instance that tests connectivity to 192.168.1.1. We then tell HSRP to track reachability to that instance. If it cannot get to the instance, we can assume that the link to it is dead, regardless of whether R1′s WAN interface is up or not. First up is the IP SLA instance:

ip sla monitor 10
 type echo protocol ipIcmpEcho 192.168.1.1
 frequency 5
ip sla monitor schedule 10 life forever start-time now

Here we’ve told the router to ping 192.168.1.1 every 5 seconds and never stop. If I get a reply, consider the SLA a success. If I get no response, consider it a failure.

Now we tell IOS that we want to create an object and track this IP SLA instance:

track 100 rtr 10

I create an object labelled 100 that is tracking instance 10 of IP SLA we created above.

We now amend R1′s HSRP config as follows:

interface FastEthernet0/1
 description LAN
 ip address 10.1.1.1 255.255.255.0
 no ip redirects
 standby version 2
 standby 1 ip 10.1.1.254
 standby 1 priority 110
 standby 1 preempt
 standby 1 track FastEthernet0/0 65
 standby 1 track 100 decrement 65

I’ve kept the interface tracking there as if it goes down, why wait for IP SLA to timeout?

But does it work? Let’s have a look and see. Let’s kill S1′s connection into the cloud. Once that’s done, let’s have a look at R1:

R13#sh standby
FastEthernet0/1 - Group 1 (version 2)
  State is Standby
    7 state changes, last state change 00:01:08
  Virtual IP address is 10.1.1.254
  Active virtual MAC address is 0000.0c9f.f001
    Local virtual MAC address is 0000.0c9f.f001 (v2 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.052 secs
  Preemption enabled
  Active router is 10.1.1.2, priority 100 (expires in 9.052 sec)
  Standby router is local
  Priority 45 (configured 110)
    Track interface FastEthernet0/0 state Up decrement 65
    Track object 100 state Down decrement 65
  IP redundancy name is "hsrp-Fa0/1-1" (default)

R1#sh int fa0/0
FastEthernet0/0 is up, line protocol is up

IOS is telling us that although the interface is up, it’s passed the HSRP group to R2. Now we don’t have to worry about traffic getting black-holed!

btw, if you need to ping an address and can’t guarantee 100% availability, you could just as easily track 2 objects. Weight it so that only if pings fail to both will the HSRP group failover.

9 thoughts on “HSRP Object tracking”

  1. You can also use the track object to track a static default route, for example:

    Ip route 0.0.0.0 0.0.0.0 10.10.10.2 track 100
    Ip route 0.0.0.0 0.0.0.0 dialler0 20

    When the reachability fails the floating route would get installed.

    Also very useful in scenarios with ADSL primary with ISDN backup (though primitive) where although the ATM interface goes down in the event of a DSL failure but the Dialer (virtual) interface remains up.

    Nice one Mate!

  2. Thankyou for this resource, I have found it very useful for an ip sla primer for my CCNP studies. I labed this scenario and got it to work, I have one question though. In the monitor settings you can set the frequency for the icmp pings, is there a recommended highest frequency? Another thing on the IOS ver 12.4-15 i found an entire submenu to configure the monitor i.e

    Router(config)#ip sla 1
    Router(config-ip-sla)#icmp-echo [dest ip]
    Router(config-ip-sla-echo)#frequency 5
    Router(config)#ip sla schedule 1 life forever start-time now

    Which format will Cisco likely test on for exams such as the CCNP Switch and the CCNP Route?

  3. R Davis: I don’t think this is actually on the exam. At least it wasn’t when I did my CCNP. My guess is that you would need to know both ways.

    As for frequency’s, I’ve yet to see a proper recommendation. I think it’s up to the topology in question. There is also a timeout value which is a good thing to set. I’ve seen sometimes that my tracked objects go down even when the link stays up as the timeout is a bit too short. Again this value will depend on link load and reliability (I’ve got mine set to 1500msec)

  4. hi folks !
    one fundamental thing we need to ensure: R1 needs to be configured such as that it NEVER will reach the ‘always up’ box thru R2. otherwise we get a nice and atomic-clock precise HSRP flapping :-) (use accesslist or route filter)
    /Martin

  5. so, i have a question to the community: is there a way to TRACK (bind to a track / SLA object) the EIGRP, OSPF, BGP routing neighborhood ? this would ease the logic quite a bit.
    /Martin

  6. HI Martin, I was able to do use HSRP to track a BGP route and it worked great. I had to tune the BGP timers so that would speed the process to disconnect the neighbor and remote the route from the routing table but once bgp lost the neighbor and the route was removed HSRP tracked, set the priority and the other router took over fast. Thanks for posting the examples on here which simplified my work big time and helped me better understand this nice additional feature for HSRP.

Leave a Reply