How do I enable HSRP to work in event of BGP multi-homing peer failure

Unanswered Question

Hi,


I am currently trying to lab a dual-homed internet scenario using HSRP object tracking that it will cut over in the event of a route learnt from the internet is no longer accessible.

We recently had a real life failure where standard HSRP was configured and it did not cut over because it was only tracking the status of the WAN interface rather than whether the BGP peering dropped. So interface was still up but no routes were being given to us via ISP. The result was that the HSRP did not cut over.

After some investigation it seemed that object tracking would solve this. But in the lab environment I cannot get this to work using just BGP. The message I get is

Track 1

IP route 4.4.4.4 255.255.255.255 reachability

Reachability is Down (unsupported)

9 changes, last change 00:01:08

First-hop interface is unknown

Tracked by:

HSRP Vlan20 0


It is reachable when I get this message. The only way I found round this was to implement a static route to the far end device but this still does not work because even when the route is gone it still believes it is alive and well because of the static route. So even this would not cut over. My belief is that HSRP object tracking is not working with BGP as a routing protocol. A lot of documents do not mention using BGP but do not explicitly say that it is not supported.

To summarize I need a mechanism to ensure that HSRP cuts over in the event of pure BGP peer failure. The current solution we have is textbook with prepending and I-BGP in place.


Does anybody have any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Tue, 01/29/2008 - 11:09
User Badges:
  • Silver, 250 points or more

When you are running BGP with more than one service provider, you run the risk that your autonomous system (AS) will become a transit AS. This causes Internet traffic to pass through your AS and potentially consume all of the bandwidth and resources on the CPU of your router. Following links may help you

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080093f2c.shtml

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml

shahzad-ali Wed, 01/30/2008 - 07:54
User Badges:

We are using IBGP with HSRP and it works fine.


ISP1 ISP2

| EBGP | EBGP

IR1 --- IBGP Crossover --- IR2Active

| |

Active ------ HSRP -------- Standby

| |

SW1 ------- EC -------- SW2

===================================

firewall


Crossover to avoid single switch failover.


Use LP and AS-path prepend for your ISP2 if it backup.


HTH,


Regards,


-SA


shahzad-ali Thu, 01/31/2008 - 08:26
User Badges:

Here is the config: It should work with the BGP route.


1. R1 -- EBGP 192.168.1.0/24 -- R2

2. R2 -- VRRP 10.1.1.0/24 -- R3

3. R1 is sending default via BGP


//////////////////////////////////////////////

r1#sh run | beg router bgp

router bgp 1

no synchronization

bgp log-neighbor-changes

network 0.0.0.0

neighbor 192.168.1.2 remote-as 2

default-information originate

no auto-summary

!

ip route 0.0.0.0 0.0.0.0 Null0

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

!


//////////////////////////////////////////////


r2#sh run | beg track 1

track 1 ip route 0.0.0.0 0.0.0.0 reachability

!

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.1.1.2 255.255.255.0

duplex auto

speed auto

vrrp 1 ip 10.1.1.1

vrrp 1 timers advertise 3

vrrp 1 timers learn

vrrp 1 priority 120

vrrp 1 authentication cisco

vrrp 1 track 1 decrement 100

!


//////////////////////////////////////////////


r3#sh run | beg FastEthernet0/1

interface FastEthernet0/1

ip address 10.1.1.3 255.255.255.0

duplex auto

speed auto

vrrp 1 ip 10.1.1.1

vrrp 1 timers advertise 3

vrrp 1 timers learn

vrrp 1 authentication cisco

!


//////////////////////////////////////////////



r1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

r1(config)#router bgp 1

r1(config-router)#no network 0.0.0.0

r1(config-router)#



r2#sh vrrp

FastEthernet0/1 - Group 1

State is Master

Virtual IP address is 10.1.1.1

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 3.000 sec

Preemption enabled

Priority is 120

Track object 1 state Up decrement 100

Authentication text "cisco"

Master Router is 10.1.1.2 (local), priority is 120

Master Advertisement interval is 3.000 sec

Master Down interval is 9.531 sec


r2#sh ip bgp

BGP table version is 2, local router ID is 192.168.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete


Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 192.168.1.1 0 0 1 i

r2#

r2#

*Sep 7 15:25:14.235: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Master -> Backup

r2#

r2#sh vrrp

FastEthernet0/1 - Group 1

State is Backup

Virtual IP address is 10.1.1.1

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 3.000 sec

Preemption enabled

Priority is 20 (cfgd 120)

Track object 1 state Down decrement 100

Authentication text "cisco"

Master Router is 10.1.1.3, priority is 100

Master Advertisement interval is 3.000 sec

Master Down interval is 9.531 sec (expires in 9.031 sec) Learning


r2#sh ip bgp


r2#


r3#sh vrrp

FastEthernet0/1 - Group 1

State is Backup

Virtual IP address is 10.1.1.1

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 3.000 sec

Preemption enabled

Priority is 100

Authentication text "cisco"

Master Router is 10.1.1.2, priority is 120

Master Advertisement interval is 3.000 sec

Master Down interval is 9.609 sec (expires in 8.213 sec) Learning


r3#

*May 8 23:28:25.763: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Backup -> Master

r3#sh vrrp

FastEthernet0/1 - Group 1

State is Master

Virtual IP address is 10.1.1.1

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 3.000 sec

Preemption enabled

Priority is 100

Authentication text "cisco"

Master Router is 10.1.1.3 (local), priority is 100

Master Advertisement interval is 3.000 sec

Master Down interval is 9.609 sec


r3#


HTH,


Regards, SA


shahzad-ali Thu, 01/31/2008 - 08:30
User Badges:

Please understand and plan before making changes into the production Env. Make changes during your maintenance windows with the rollback plan.

Hi Ali,


Don't worry I am nowhere near a production environment yet. I have tried your configuration in a lab and still cannot get the CE to recognise the fact that it is receiving a default via BGP. If you look at the attachment for All configs.txt on the Primary_Int you can see that it gets a default in via BGP but does recongise this as valid using VRRP.


I have added attachments of configs which essentially try and mimic what will be real environment where the customer has 2 CE devices connecting to completely separate ISPs and each ISP only gives them a default via E-BGP.


Details as follows

------------------


Primary_Int - Primary internet CE router

Backup_Int- Backup internet CE router

THUS - Primary ISP PE device

Verizon - Backup ISP PE device



Attachment: 
shahzad-ali Thu, 01/31/2008 - 18:32
User Badges:

Hello,


R1 in the scenario is the internet router or PE and consider R2 as a CE or your IR.


Regards,


-Shahzad

Hi Ali,


I have some more information which may help. I am wondeering now whether you can implement VRRP alongside BGP:


Primary_Int#sho track

Track 1

IP route 0.0.0.0 0.0.0.0 reachability

Reachability is Down (unsupported)

1 change, last change 00:00:09

First-hop interface is unknown

Tracked by:

VRRP Vlan20 1


Actions

This Discussion