Networks Training

You are here: Home / Cisco Routers / Configuring High Availability using HSRP and Boolean Object Tracking

Configuring High Availability using HSRP and Boolean Object Tracking

Written By

In this tutorial we will see a special case of high availability scenario using HSRP with object tracking. Most modern enterprise networks in today’s deployments require some form of high availability depending on the uptime needed and the criticality of the service.

The network infrastructure elements that are usually needed to be highly-availability include network devices and communication links.

Let’s discuss first some important features and theory behind HSRP combined with object tracking for implementing high availability in Cisco Networks.

What is HSRP

If you are new to the networking world you may ask yourself “What is HSRP, do I really need it, when to use it?” I will try to explain why and how to use it but first a brief introduction will be useful.

HSRP is part of a select list of redundancy protocol suites named generic First Hop Redundancy Protocols.

These protocols include also VRRP (Virtual Router Redundancy Protocol) and GLBP (Gateway Load Balancing Protocol) and they all do the same thing ensuring high availability of the gateway device and load balancing if required.

HSRP is a CISCO proprietary protocol and works by providing a virtual IP address (virtual gateway address) and a MAC address shared between the interfaces participating in the HSRP process. Some key points below about HSRP :

– Active and Standby Router: 

The state of the routers after the election that designates how traffic will flow. The Active router uses the virtual IP and MAC addresses of the HSRP group and the standby router listens for hello messages sent by the active router and assumes the active state if no hello messages are received within some period of time.

– Hello and hold time:  Hello packet sent every 3 seconds, hold time 10 seconds.

– HSRP states:  Initial, Listen, Speak, Standby, Active

– Virtual MAC:  0000.0C07.ACxx, where xx is the hexadecimal number of HSRP group number

– Groups:  up to 256 in HSRP version 1, and 4096 in version 2

– Default Priority: 100

MORE READING:  Configuring PPPoE for Cisco Router 520 and for series 850 and 870

More info about basic HSRP on Cisco Website here.

Object Tracking

Object tracking works by tracking combined states of defined objects and is used with the following boolean functions:

AND  –  it requires that all the objects defined in the track list to be up.
OR  – it requires that at least one object to be up.

See this link for more information about object tracking.

Practical Network Scenario

To better explain the features described above, let’s discuss the following scenario :

hsrp-object-tracking

  • One HQ site LAN (top of diagram).
  • A remote site (bottom of diagram) that has one provider with 2 routers serving as default gateway for the local LAN for high availability.
  • The remote network reaches the HQ LAN via MPLS network of the provider. Internet access is done locally on the same router device.
  • Internet access  is provided through interface FastEthernet4 of the routers and MPLS VPN is provided through the interface Vlan999

Objective:

Provide high availability for both the VPN and Internet access for the remote site.

Equipment used:

We are using for this example two Cisco 881-SEC-K9 routers with c880data-universalk9-mz.150-1.M7.bin image installed.

Configuration of Router 1

Below is the configuration for tracking the VPN line. We will use IP SLA tracking with icmp echo sent via Vlan999 to the HQ router. To be sure we are reaching the LAN in HQ we will track it’s gateway virtual IP.

 ip sla 1
icmp-echo 192.168.1.1  source-interface Vlan999
timeout 9000 <————- the time configured , in milliseconds, that the router waits for a response
frequency 15 <—————- sends probes every 15 seconds

track 1 ip sla 1 reachability

Below is the configuration for tracking the internet line. Again we will use IP SLA tracking with icmp echo sent via FastEthernet4 to the internet.

ip sla 2
icmp-echo 100.100.100.100  source-interface FastEthernet4
timeout 9000           <———–the time configured , in milliseconds, that the router waits for a response
frequency 15       <—————– sends probes every 15 seconds
ip sla schedule 2 life forever start-time now

track 2 ip sla 2 reachability

NOTE:  The example address 100.100.100.100 shown above is the internet IP monitored. It can be your ISP default gateway or any other IP from the internet that sends icmp reply. Be careful because public services or providers can have ICMP blocked on their equipment and some pings may fail.

MORE READING:  Configuring GRE Tunnel Through a Cisco ASA Firewall

Below is the tracking configuration with boolean object tracking so that if any of the IP SLA tracking mechanisms fail, the standby router will become active.

track 3 list boolean and
object 1           < ——————   track 1
object 2            <—————— track 2

After tracking is configured we can configure the HSRP on Vlan1. Assume that Vlan1 is the vlan facing the LAN of the two routers.

interface Vlan1
ip address 192.168.0.2 255.255.255.0
standby 1 ip 192.168.0.1                   <———-   Virtual HSRP IP Address
standby 1 priority 150                        <———-   Configured priority
standby 1 preempt                             <———–  Preemption required to be enabled
standby 1 track 3 decrement 60      <———–  If the tracking list is down the priority decrements by 60, becomes 90 which is under 100, and the router switches to standby mode

Some verifications are required to see if everything is working properly

[email protected]# show track 3
Track 3
List boolean and
Boolean AND is Up
1 changes, last change 1d10h
object 1 Up
object 2 Up
Tracked by:
HSRP Vlan1 1

NOTE: if any of the two objects goes down, track 3 goes down also. If I would have configured using the OR boolean statement, then for track 3 to go down both of the objects must go down.

[email protected]#show standby vlan 1 brief
                     P indicates configured to preempt.
|
Interface   Grp  Pri   P State   Active          Standby         Virtual IP
Vl1         1    150  P Active  local       192.168.0.3     192.168.0.1

Configuration of Router 2 is done in the same way, the only difference is that the priority is left default (100).

There are many applications for IP SLA monitoring with object tracking. Other network redundancy examples will be covered in future articles.

Related Posts

Filed Under: Cisco Routers

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Comments

  1. imran shahid says

    Hi Andrea,

    Thanks for the article. I would like to know if we have an ADSL backup with a Fiber active link, do you think we need extra configurations for the ADSL line. I know fiber link could be straight forward point to point but what about the ADSL if we are using dialer interface. You guidance will be really appreciated.
    Thanks in advance.

    Imran shahid

  2. Harris Andrea says

    If the ADSL connection is up then you can use IP SLA tracking just as the example with no problem.

  4. imad says

    hello Sir haris great article.i have a question if we do not have HSRP like in above case we have VSS so how we combine Bolean track.

    thank you

  6. Harris Andrea says

    VSS works on Layer2. HSRP works on Layer3. You can implement HSRP on routing devices and you can have VSS together.

  7. Wallis Short says

    Hi Harris
    Many thanks for this excellent article – cleared up a few things for me :)

    A quick question if I may,
    I see in your article that your boolean :
    AND – it requires that all the objects defined in the track list to be up.
    OR – it requires that at least one object to be up.

    However later you mention:
    “NOTE: if any of the two objects goes down, track 3 goes down also. If I would have configured using the OR boolean statement, then for track 3 to go down both of the objects must go down.

    It seems that your “NOTE” statement is the wrong way around? :)
    Cheers Wallis

  8. Harris Andrea says

    Wallis, thanks for your comment and for reading my article.
    Actually my note statement is correct.
    If you have AND: 1 AND 0 = 0 , 0 AND 1 = 0 ( i.e if any of the two objects goes down (i.e 0) then the whole track list will be zero)
    If you have OR: 0 OR 0 = 0 (i.e both objects must be zero in order for the track list to be zero).

    Let me know if I was not clear enough.

    Harris

  9. Wallis Short says

    Hi Harris – thanks for your reply !
    I am still a bit confused. You originally said that with the “OR’ statement it requires at least ONE object to be down for it to register as down. Which ( as I understand it) means if one statement is down and the other is still up, it will register as DOWN and will failover to the backup.
    With the AND – it means both of the tracked objects to be down before it fails over to the backup?

    If that’s the case, then your statement ” If I would have configured using the OR boolean statement, then for track 3 to go down both of the objects must go down.” Surely this should be if ONLY ONE goes down then track3 will failover to the backup??
    Just trying to get my head around this :(

  10. Harris Andrea says

    Wallis, my original statement in the article says that “OR – it requires that at least one object to be up (in order to register as UP)

    For the AND Boolean statement “AND – it requires that all the objects defined in the track list to be up (in order to register as UP)“.

    The track 3 list does a Boolean AND or a Boolean OR operation between the two objects (object 1 , object 2). With the AND boolean operation, if any one of the two objects goes down (i.e becomes zero) then the whole track list goes down as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx