HSRP With Two Routers and Two Diverse Internet Circuits

Redundancy is the name of the game when it comes to uptime in the computer networking field. We as networking professionals spend time tracking down our single points of failure and eliminating them one by one. However, one place we typically see a lack of redundancy is in Internet connectivity. Many times a business only has a single Internet circuit connected to a single router which makes setup and configuration a breeze but offers no redundancy. When moving to two diverse circuits with two redundant routers the configuration can get a little tricky. One of the first challenges you have to tackle is how do you handle the default route for your network and how do you move that default route from your primary router to your backup router in the case of a network or router outage? Well good news, we’ve done the research for you and provided the step-by-step Hot Standby Router Protocol or HSRP configuration below.

Requirements:

2x ISR or ASR routers. I used two ASRs, so the config may vary slightly if you use an ISR.
Two diverse internet connections running a BGP failover setup between them.

The Setup:

HSRP01

Configuration:

I always find it helpful when the full configuration is given at the beginning of an article and is then broken down into chunks. So here the complete and final configuration:

Router 1:

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

interface GigabitEthernet0/0/0
description Carrier Facing Interface
ip address 10.1.0.2 255.255.255.252

track 1 ip sla 1 reachability
down delay 21

ip sla 1
icmp-echo 172.16.0.1 source-interface GigabitEthernet0/0/0
frequency 5

ip sla schedule 1 life forever start-time now

Router 2:

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.4 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 101

 


 

Now let’s break everything down part by part:

Router 1 Step-by-step:

The initial interface configuration on the corp facing interface is fairly standard fair. You will want to assign an IP address to the interface so the primary and backup routers can chat to each other and so you have an interface to use for management, this is not the IP address you should use as your default route. The IP address you assign should be on the same network as the IP you plan on using for your default route and the same network as your outside interface on your firewall.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

 

Next we assign the IP address we want used as our default gateway using the standby command. This “standby” IP is the address that can swap between the two routers in the event of an outage. The number 1 listed right after the standby command is the standby group number with which we will assign all additional configurations that relate to this specific HSRP instance.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

 

The priority command determines which router should currently have the standby address and thus the default route IP. The router with the highest number will be the device that currently holds the standby IP.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

 

Now for the good stuff. We need a way for HSRP to determine whether or not connection to the internet is down or not. We start this process by specifying a track that will determine if the connection is up for not, more on this later. We will be using track 1 in this case and in the case of the track dependency failing we will decrement the priority by 10. By decrementing the priority by 10 from 105 to 95 the primary router will have a lower priority than the secondary and the standby IP address will switch over to the secondary and along with it the default Internet route of the corp firewall.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

 

We will assign sla 1 to track 1 with the command reachability. Reachability is used to determine the ability of the router to reach its remote destination. We also set the down delay to 21 so that if the sla reports to the track that there is an issue to wait 21 seconds before reacting. This can avoid missing a few random pings and having your standby IP address over-actively switching between routers.

track 1 ip sla 1 reachability
down delay 21

 

The sla configuration itself fairly straight forward. First we specify what we want the sla to do. In this case I want the sla to ping the first offsite (or first next hop) router of my carrier. I ping the first offsite router of my carrier for a couple of reasons. If you ping the on-prem carrier router it will not account for network failures further up the chain to the Internet because your sla will still be able to reach its destination. Now you could ping further down the chain to your carriers head-end  (and it might not be a bad idea depending on link reliability) but you risk missing pings and causing a false positive and triggering the standby IP to switch to the secondary switch. Next we set the frequency of the ping to 5 seconds, this number is up to you, but I didn’t see the need to ping more than every 5 seconds.

ip sla 1
icmp-echo 172.16.0.1 source-interface GigabitEthernet0/0/0
frequency 5

 

The final configuration step on Router 1 is to start the sla immediately and running it forever.

ip sla schedule 1 life forever start-time now

 

Router 2 Step-by-step:

The initial setup for the corp facing interface is similar to the primary router in that we setup an ip address used for the primary to communicate to the secondary and for management purposes.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.4 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 101

 

We will continue to use the standby group number 1 and assign the same standby IP address to this interface as we did for Router 1.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.4 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 101

 

We will set the priority of this router to a number lower than Router 1. You can set this number to whatever you want, just make sure that you keep it below Router 1’s priority yet above its decremented value. So in this example, you could use any number between 96 and 104.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.4 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 101

 

Final Thoughts and Notes:

In the event of a failure the standby router will pick up the standby IP and MAC address used as your networks default route and allow you to route data down your secondary circuit. Whenever the priority of the primary router is restored to its original state (higher than the secondary) the secondary will switch the standby IP address back over to the primary, after the 21 second delay timer we set of course.

The secondary router is constantly monitoring the availability of the primary so in the event of a complete primary router failure such as as power loss, software crash, etc., the secondary will take over the standby IP address.

3 Comments

  1. Vishal

    Thank you! this is exactly what i needed for my setup.

    Reply
    1. Philip Straatsma (Post author)

      Glad to hear! I hope it worked out as you needed it to.

      Reply
  2. Matt

    So theoretically this could be used for Geographical redundancy as well, yes?

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *