HSRP - 3845

Unanswered Question
Sep 15th, 2009
User Badges:

HI, we had a data provider come in and install 2 3845's for us so we could have redundant connections to thier site. They have told me they can give me only redundancy/failover or load balancing but not both. Is this accurate?

The way is is set up currently if the active router/circuit fails it take 5 minutes to failover is this the best I can expect?

Maybe you can tell I'm not sure that I'm getting what I'm paying for. If this is the best these routers can do then I guess it's ok, but I would expect a little more.

thanks for any insight you can provide.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 09/15/2009 - 08:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


"They have told me they can give me only redundancy/failover or load balancing but not both. Is this accurate?"

Kind of accurate ie. either you run all traffic through one router and then if that router fails it will use the other one


you use both links at once ie. load-balancing. Where i think it is a bit misleading in what they told you is that if you load-balance ie. use both links at the same time and one of the routers/links fails you still have redundancy because the other router/link is still up.

So it sounds like you want load-balancing. The other advantage of load-balancing is that if one of the routers/links fails then it is almost instantaneous that all traffic then goes via the remaining router/link.

If you want redundancy/failover however 5 mins does seem a long time. It depends on the routing protocols in use etc. but you should be able to improve on that time.


Richard Burts Tue, 09/15/2009 - 08:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I am sure that there are aspects of the environment that we do not know which impact the time to failover. But I find it hard to believe that anything about the routers (or the model of the routers) is responsible for a 5 minute failover.

In terms of failover or load share, the simple implementation of HSRP has a single standby group wich results in an active router which takes all of the load and a standby router which carries no load. But there is an alternative to configure HSRP with 2 standby groups. You set up HSRP so that one router is the lead in one group and the other router is the lead in the other group. (each router is the standby router in the group for which it is not the lead) Then you configure the end stations so that one half have their default gateway as the first group shared address and the other end stations have their default gateway as the shared address of the second group. In this way each router carries some load and there is redundancy so that one router carries all of the load if there is a problem with the other router.

There may be reasons why your provider did not give you this alternative. We can not know about that without knowing a lot more about the provider and the details of your environment. But the constraint is something in the provider and is not inherent in the routers.



0jimlong0 Tue, 09/15/2009 - 08:34
User Badges:

As these routers sit outside my firewall I route all traffic to the networks they maintain to a single (shared) address. Not sure there's a way for me to divide that traffic across two addreses (gateways), If that's the only way to get load balancing then I guess I'll pass.

Not real pleased with 5 minute failover, each router is connected via gig interface to a 50mb optiman connection with a VPN tunnel from end to end.

Joseph W. Doherty Tue, 09/15/2009 - 15:37
User Badges:
  • Super Bronze, 10000 points or more

As Rick correctly notes, we might not have sufficient information, but the response, on it's face, seems inaccurate. (Much might have to do with what they consider "redundancy/failover or load balancing ".)

Besides what Rick was describing (I believe mHSRP), the 3845's should support GLBP although from a firewall this might not be useful. If the firewall supports multiple gateways, mHSRP might be very suitable.

Even without balancing across gateways, it should be possible to have one router send half it's traffic to the other router.

Like both Jon and Rick noted, 5 minute failover seems very, very long. Failover can be sometimes brought down in the range of subsecond to several seconds, so there should be some room for improvement.


This Discussion