HSRP can track interfaces, which is pretty handy if they are tracking the WAN interface to get out the network. There are times when tracking the interface itself is not enough. This is a great example:
Our customer is running HSRP between 2 routers connected to his local LAN. All PC’s connected to his switch are using 10.1.1.254 as their default gateway. R1 is the primary HSRP router and R2 is the backup.
HSRP allows you to track an interface and lower the priority if this happens. So let’s say R1′s WAN interface goes down, HSRP will notice that, and allow R2 to take over the HSRP group. This allows the customer to continue to get to the cloud. A basic config here:
interface FastEthernet0/1 description LAN ip address 10.1.1.1 255.255.255.0 standby version 2 standby 1 ip 10.1.1.254 standby 1 priority 110 standby 1 preempt standby 1 track FastEthernet0/0 65
interface FastEthernet0/1 description LAN ip address 10.1.1.2 255.255.255.0 standby version 2 standby 1 ip 10.1.1.254 standby 1 preempt standby 1 track FastEthernet0/0 50
What happens if the interface stays up though? In the above diagram, R1′s WAN interface connects to a switch. Now this could be a local switch or a 3rd party NTE (which often happens on leased lines) – The circuit from the switch to the cloud could be down, but the port between the router and switch are still up.
As far as HSRP is concerned, that interface is up and healthy. All LAN PC’s will continue to send traffic to R1, but that traffic gets dropped at the switch. Another case is if you’ve got some sort of MPLS/VPLS solution with your provider. They could have a problem and all traffic is getting black-holed inside their network. But R1 still thinks the link is healthy and sends it on it’s way.
There is a better way of doing this.
IOS allows you to track object. An object could be an IP SLA instance. That IP SLA instance could very easily be an ICMP echo from another device in the cloud. See where I’m going here?
Assume R3 has a rock solid connection. We could assume is a big bad router with multiple power feeds on multiple phases with multiple WAN connections. 192.168.1.1 is the loopback of this device accessible from multiple connections. Basically we assume that 192.168.1.1 is ALWAYS available.
Let’s create an IP SLA instance that tests connectivity to 192.168.1.1. We then tell HSRP to track reachability to that instance. If it cannot get to the instance, we can assume that the link to it is dead, regardless of whether R1′s WAN interface is up or not. First up is the IP SLA instance:
ip sla monitor 10 type echo protocol ipIcmpEcho 192.168.1.1 frequency 5 ip sla monitor schedule 10 life forever start-time now
Here we’ve told the router to ping 192.168.1.1 every 5 seconds and never stop. If I get a reply, consider the SLA a success. If I get no response, consider it a failure.
Now we tell IOS that we want to create an object and track this IP SLA instance:
track 100 rtr 10
I create an object labelled 100 that is tracking instance 10 of IP SLA we created above.
We now amend R1′s HSRP config as follows:
interface FastEthernet0/1 description LAN ip address 10.1.1.1 255.255.255.0 no ip redirects standby version 2 standby 1 ip 10.1.1.254 standby 1 priority 110 standby 1 preempt standby 1 track FastEthernet0/0 65 standby 1 track 100 decrement 65
I’ve kept the interface tracking there as if it goes down, why wait for IP SLA to timeout?
But does it work? Let’s have a look and see. Let’s kill S1′s connection into the cloud. Once that’s done, let’s have a look at R1:
R13#sh standby FastEthernet0/1 - Group 1 (version 2) State is Standby 7 state changes, last state change 00:01:08 Virtual IP address is 10.1.1.254 Active virtual MAC address is 0000.0c9f.f001 Local virtual MAC address is 0000.0c9f.f001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.052 secs Preemption enabled Active router is 10.1.1.2, priority 100 (expires in 9.052 sec) Standby router is local Priority 45 (configured 110) Track interface FastEthernet0/0 state Up decrement 65 Track object 100 state Down decrement 65 IP redundancy name is "hsrp-Fa0/1-1" (default) R1#sh int fa0/0 FastEthernet0/0 is up, line protocol is up
IOS is telling us that although the interface is up, it’s passed the HSRP group to R2. Now we don’t have to worry about traffic getting black-holed!
btw, if you need to ping an address and can’t guarantee 100% availability, you could just as easily track 2 objects. Weight it so that only if pings fail to both will the HSRP group failover.