HSRP problem

Unanswered Question
Dec 11th, 2007

after configuring multiple group HSRP for two routers(router 1 active for half of the traffic and router 2 active for the remaining half)I found that at certain time all traffic directed to router 1 and then the situation reversed the second router handle all the traffic and router 1 does not handle any traffic???!!!!!

is this and arp cache problem???

how to solve this problem????

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Jon Marshall Tue, 12/11/2007 - 01:39


Could you post your config. Assuming that you have a stable environment and the routers are not flipping between each other half you clients should have one default-gateway set (one of the HSRP VIP's) and the other half of your clients should be using the other default-gateway (the other HSRP VIP).


mohammady Tue, 12/11/2007 - 02:03

thanks for cooperation

below is my routers config



standby 1 ip

standby 1 preempt

standby 1 track Serial0

standby 1 priority 105

standby 2 preempt

standby 2 ip

standby 2 track serial 0

Router 2


standby 1 ip

standby 1 preempt

standby 1 track Serial0

standby 2 preempt

standby 2 ip

standby 2 track serial 0

standby 2 priority 105


paul.matthews Tue, 12/11/2007 - 01:53

There are a number of possible reasons, but two "headline" possibilities.

Either you have some instability that was causing the active router for each HSRP group to move around.

Or, you have some issue where all the users were using the same HSRP addres at that time.

How do you allocate gateway addresses to users? Are they manually configured or do you use DHCP? If DHCP have you got an advanced solution, or are you just using two DHCP servers and let them race?

mohammady Tue, 12/11/2007 - 02:04

I have a firewall with two default routes to the two Virtual IP of HSRP..

Jon Marshall Tue, 12/11/2007 - 02:08

Is it the firewall that is not loadbalancing and does the firewall use a Virtual IP address itself ?

So what default-gateway have you setup on the firewall and what are the static routes.

The thing is the firewall can only use one gateway at a time. HSRP load-balancing is for spreading the load between multiple clients.


Jon Marshall Tue, 12/11/2007 - 02:32


If it is a single device then it will not load balance as such unless it is doing per-packet loadbalancing.

Yes it may well use both routers but it can only use one router at a time.


mohammady Tue, 12/11/2007 - 02:35

cisco routers accept two default routes and load balance between them

Jon Marshall Tue, 12/11/2007 - 02:40

Well yes, but from your previous posts my understanding was that the default static routes are on the Juniper not the routers ?


paul.matthews Tue, 12/11/2007 - 04:18

Ah! You need to investigate the firewall - what is it?

Different systems use multiple routes differently.

Some will load balance, some will use just one.

You need to understand how the FW handles multiple routes.

mohammady Tue, 12/11/2007 - 05:59

This is right juniper firewall use only one default route..Any idea??

mohammady Wed, 12/26/2007 - 23:01

so what is the solutions a vailable in like situation, again the two cisco routers are connected to the same firewall and the firewall does not accept more than one default route so MHSRP didnt work with me??

Jon Marshall Sun, 12/30/2007 - 10:37


If the Juniper firewall can only use one default route then you cannot load-balance traffic from it.

HSRP / MHSRP won't work because it will always be talking to the same router.

GLBP will not work because the source device, ie. the firewall is always the same.

It's not really anything to do with the Cisco devices. it's more to do with the Juniper firewall capabilities.

Certain firewalls can participate in routing so the Juniper may well run RIP/OSPF. Depending on the routing protocol you use on your Cisco devices you could have the firewall participate in the routing and that way it may well see 2 equal cost paths in it's routing table.

It's difficult to be definitive on this as i have limited experience with Netscreens.


paul.matthews Wed, 01/02/2008 - 01:01

There is not a lot you can do. You could look at the fireall and see if it will participate in routing such as RIP/OSPF and look at what it will do with multiple routes dynamically learnt. That may nor be any different though - it may load balance, or it may just select one to use. Then there is the security consideration - many people dislike firewalls participating in routing.

You could front this pair of routers with a third/fourth router, using high speed lan and this extra router load balancing between your existing routers.

The most realistic optin maybe to just accept it as that's the way things work.

BALAJI RAJAN Wed, 01/02/2008 - 03:03

Parallaly look to the Serial0, in which both groups are track to this in each routers.

At any case , serial 0 link on first or second router fails/flaps, traffic flow will go for both group to other router.


This Discussion