HSRP doubt

Unanswered Question
Oct 5th, 2007


My customers have one central site and n remote site. Each one with a link MPLS. The customers buy another link (internet /ppp) and want to use this link like backup preemptive, using this link with VPN (site-to-site).

My doubt is, using HSRP in the central site, when the link (MPLS) of remote site down, the remote forward date by internet/vpn, but like the central site would response to this remote site? The active router is up, but the link destination is down!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 10/05/2007 - 05:52

Hi Peterson

I'm not sure i fully understand your question so please come back if i missed the point.

It all depends on how you are routing to the remote site. if you are using static routes at the central site then yes this may be an issue.

If however you are using a dynamic routing protocol over the MPLS network to exchange routes then if the remote MPLS link goes the routes should be removed from the central site routers. As long as you have an an alternative route at the central site, a floating static would do the job, then you should be okay.



pgcristovam Fri, 10/05/2007 - 05:55

Hi Jon

Yes, routing is static routes. Central Site -> Remote Site and Remote Site -> Central Site.

The question is, when the link(MPLS) of remote site is down, how the central site send the information, by active router or standby router? How it do it?


Jon Marshall Fri, 10/05/2007 - 06:02


It's more to do with where the routes are pointing to rather than HSRP and the active router.

It doesn't matter which of the routers at the central site is HSRP active/standby. What matters is that when either router looks in it's routing table for the remote site subnet do they have a route point out over the MPLS network or do they have a route pointing out over the Internet.


pgcristovam Fri, 10/05/2007 - 06:07


I don't understand your response

Central Site

In active router there are routes by MPLS

In standby router there are routes by Internet

Remote Site

There are routes by MPLS link and Internet link

Do you see the attachments?

How the routers in Central Site, forward date by router correct when only the link MPLS of remote site down?

Kevin Dorrell Fri, 10/05/2007 - 06:11

You say you have 'n' remote sites. Let us consider these 'n' remote sites that are connected through your MPLS cloud as well as via the backup link. Consider that you will want the failover to take place per remote site. That is, when one remote site fails over, you don't want them to all failover together.

Now, there is a way of doing that with HSRP, but it is awkward. HSRP was designed as a first-hop redundancy protocol, not as a remote routing protocol. I can tell you how to do it with HSRP, but I would really recommend you consider a dynamic routing protocol instead.

I would say that dynamic routing protcols were designed to do just what you want to do here. Dynamic routing protocols are good at detecting topology changes at remote locations. HSRP is OK for detecting a topology change at the first hop, but not so good at handling remote stuff, as you have already worked out.

If you really want to use HSRP, the technique is to define several standby groups on the central site, one group per remote site. Each group has a standby address that the central site hosts hosts use to route to the corresponding remote site. You then use object tracking and/or link tracking on each group so that the active router resigns for that group only if it loses sight of the link on the corresponding remote site.

I told you the technique was awkward, but it does work OK. But you would be much better off running a routing protocol. Even RIP would do the trick.

Kevin Dorrell


pgcristovam Fri, 10/05/2007 - 06:25

Hi Kevin

HSRP i think should be a correct choose. But if there is another, no problem. But the ISP don't offer dynamic routing protocols to customer, just static route!

So, case the ISP use dynamic routing protocols, when the link of destination is down, the active router (using HSRP) alert to standby router about it?

Active Router:

-Forward to all destination less destination with MPLS down

Standby Router:

-Forward just to destination with MPLS down (by Internet/VPN)

Kevin Dorrell Fri, 10/05/2007 - 06:36

With a dynamic routing protocol, you get the router on the remote site to advertise the remote network to you along the MPLS link. That maintains a route in the active router.

If those advertisments go silent, then the active router loses its route, and can resign from the HSRP group.

Alternatively, if you have no dynamic routing protocol, you could get the active router to ping some object on the remote site every few seconds, usually the remote router. If it gets no response, then it assumes the link is down and tells the HSRP to decrement its priority, which causes it to resign. If the link comes back again, it tells the HSRP to increase its priority again, and the router becomes active again.

Kevin Dorrell


pgcristovam Fri, 10/05/2007 - 06:40

Hi Kevin

Your suggestion is very good, but sorry my question:

"active router to ping some object on the remote site every few seconds, usually the remote router"

How can i do it? What's problem or technique?

Jon Marshall Fri, 10/05/2007 - 06:50

Hi Kevin

Could you just clear something up for me because i'm beginning to think i have missed the point.

You say if the active router stops receiving advertisements over the MPLS link then it can resign from the HSRP group. But why would it need to do this ?.

If you had a floating static pointing to the remote subnet via the Internet it doesn't matter which router is active and which is standby as long as their is an IGP running at the central site ?


Kevin Dorrell Fri, 10/05/2007 - 07:02

True. Sorry, I got tied in a knot. You are right that there is no need to manipulate the HSRP.

In fact, on reflection, if he doesn't want to use dynamic routing, he would be better off using a floating static to his fallback router, along with tracking for the primary route as described in http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html

He could either do SLA tracking on a remote object like his remote router, or track a route provided by a dynamic routing protocol.

Sorry, it's getting towards the weekend and I lost the plot a bit here. It's me that missed the point, not you. ;-) Luxembourg, null points!

Jon Marshall Fri, 10/05/2007 - 07:03


Absolutely no problem. I honestly thought it was me that had got it wrong. Looks like we both need a nice relaxing weekend :)


pgcristovam Mon, 10/08/2007 - 03:53

Hi Kevin

How can I do to that router ping remote site every few seconds?




This Discussion