cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1663
Views
0
Helpful
12
Replies

Query Related to HSRP

nitin.yadav
Level 1
Level 1

Hi,

I want to know that after enabling the HSRP , whether both the routers(active & standby) are using virtual IP for routing the packets or can it use one of the its  assigned IP.

5 Accepted Solutions

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Hello Nitin,

Any router in a standby group is fully reachable under its real IP address and this IP address remains functional regardless of the HSRP. In other words, you can always use these real IP address to contact the routers or to perform routing via these IP addresses as default gateways.

In addition, the Active router also uses the virtual IP address and can be contacted using that IP address.

Does this answer your question?

Best regards,

Peter

View solution in original post

Welcome  back my friend. So glad to see u again

View solution in original post

Sandeep Choudhary
VIP Alumni
VIP Alumni

HI Nitin,

I am agree with Peter.

Using HSRP, a set of routers work in concert to present the illusion of a single virtual router to the hosts on the LAN.  This set is known as an HSRP group or a standby group.A single router elected  from the group is responsible for forwarding the packets that hosts send to the virtual router.This router is known as the active router.Another router is elected as the standby router.  In the event that the active router fails, the standby assumes the packet forwarding duties of the active router.  Although an arbitrary number of routers may run HSRP, only the active router forwards the packets sent to the virtual router.

   To minimize network traffic, only the active and the standby routers send periodic HSRP messages once the protocol has completed the election process.  If the active router fails, the standby router takes over as the active router.  If the standby router fails or becomes the active router, another router is elected as the standby router.

They usually use the real ip address of the router to communicate via default gateway( HSRP hello packets).

Regards

Plz rate if it helps.

View solution in original post

Hi Nitin,

Configure your Eth 1, 2, 3 ,4 & 5 to have Gateway IP of 10.32.23.49 and I guess then everything should work as a charm...

HTH,

Smitesh

PS: Please rate helpful posts...

View solution in original post

Hello Nitin,

I agree with Smitesh. Your Linux should be using only one default gateway - the vIP address 10.32.23.49.

Please note that there are two incorrect aspects of your current configuration:

  1. There is no such thing as a separate default gateway for a particular interface. The Linux has a common routing table, and defining a "default gateway" results in a normal default route 0.0.0.0/0 being added to the routing table with the IP address of the next hop set to the address of the "default gateway". If you define four different default gateways, you will either end up with the routing table having a single default route 0.0.0.0/0 through four different next hops, or the routing table will contain the default route through only a single next hop (either the first or the last one - that depends on many factors). Once more, regardlessly of how many network cards you have, you should use only one default gateway - in this case, the vIP address of the entire HSRP standby group.
  2. Your current configuration of "per-interface default gateways" is furthermore incorrect because the address of the default gateway lies outside your directly connected networks. Your four NICs belong to the IP network 10.32.23.48/28 while the defined default gateways are somewhere in the 10.31.X.X range, clearly outside your directly connected network 10.32.23.48/28. A default gateway must always be located on a directly connected network, otherwise it is invalid and not accepted. I suppose that is also the reason why the route output you have posted does not contain any default route at all.

Best regards,

Peter

View solution in original post

12 Replies 12

Peter Paluch
Cisco Employee
Cisco Employee

Hello Nitin,

Any router in a standby group is fully reachable under its real IP address and this IP address remains functional regardless of the HSRP. In other words, you can always use these real IP address to contact the routers or to perform routing via these IP addresses as default gateways.

In addition, the Active router also uses the virtual IP address and can be contacted using that IP address.

Does this answer your question?

Best regards,

Peter

Welcome  back my friend. So glad to see u again

Hello Kishore,

Thank you buddy! It's still difficult for me to get back to CSC as often as I would like to but I hope to see things improve a bit in the next couple of days.

Best regards,

Peter

Sandeep Choudhary
VIP Alumni
VIP Alumni

HI Nitin,

I am agree with Peter.

Using HSRP, a set of routers work in concert to present the illusion of a single virtual router to the hosts on the LAN.  This set is known as an HSRP group or a standby group.A single router elected  from the group is responsible for forwarding the packets that hosts send to the virtual router.This router is known as the active router.Another router is elected as the standby router.  In the event that the active router fails, the standby assumes the packet forwarding duties of the active router.  Although an arbitrary number of routers may run HSRP, only the active router forwards the packets sent to the virtual router.

   To minimize network traffic, only the active and the standby routers send periodic HSRP messages once the protocol has completed the election process.  If the active router fails, the standby router takes over as the active router.  If the standby router fails or becomes the active router, another router is elected as the standby router.

They usually use the real ip address of the router to communicate via default gateway( HSRP hello packets).

Regards

Plz rate if it helps.

thanks for reply ...

Below are the some analysis (through wireshark) on each linux  interface. It seem that each interface is communicating with only one  particular IP address .

Before HSRP Disable:

eth2 (10.32.23.55)

10.32.23.55 ---- ARP request(unicast) ---->> 10.31.22.197 (Degault gateway)

10.32.23.55 <<---- ARP reply(unicast) ----   10.31.22.197 (Degault gateway)

eth3 (10.32.23.54)

10.32.23.54 ---- ARP request(unicast) ---->> 10.31.11.70 (router)

10.32.23.54 <<---- ARP reply(unicast) ----   10.31.11.70 (router)

eth4 (10.32.23.53)

10.32.23.53 ---- ARP request(unicast) ---->> 10.31.13.76 (router)

10.32.23.53 <<---- ARP reply(unicast) ----   10.31.13.76 (router)

eth5 (10.32.23.53)

10.32.23.52 ---- ARP request(unicast) ---->> 10.31.24.72 (router)

10.32.23.52 <<---- ARP reply(unicast) ----   10.31.24.72 (router)

After HSRP Enable:

eth2 (10.32.23.55)

10.32.23.55 ---- ARP request(unicast) ---->> 10.31.22.197 (Degault gateway)

10.32.23.55 <<---- ARP reply(unicast) ----   10.31.22.197 (Degault gateway)

  (ARP request sent by Standby router )

10.32.23.52 (eth5) <<---- ARP request(Broadcast) ----  10.32.23.50 (Standby router) virtual IP Address: 10.32.23.49

10.32.23.55 (eth2) <<---- ARP request(Broadcast) ----  10.32.23.50 (Standby router) virtual IP Address: 10.32.23.49

Can you please suggest is it correct behavior ?

Can standby router send ARP request using its real IP ?

Hello Nitin,

I am having trouble understanding the different IP addresses displayed in your post. Would you please answer the following questions?

  1. What is the virtual IP address of the HSRP group?
  2. What are the individual real IP addresses of the routers in the HSRP group?
  3. What are the IP addresses and netmasks of the individual Ethernet interfaces at the Linux box?
  4. What is the default gateway configured on the Linux box? Would it be possible to show the output of the ip route command?

Thank you!

Best regards,

Peter

Thanks for reply ..........

Below are the IP details :

1. virtual IP address of the HSRP group is 10.32.23.49.

2. Individual IP addresses of the routers is 10.32.23.51 (active) & 10.32.23.50 (standby).

3. IP addresses of the individual Ethernet interfaces at the Linux box are:

ifconfig

eth0      Link encap:Ethernet  HWaddr 00:25:B3:1C:B9:7E

          inet addr:192.231.36.82  Bcast:192.231.36.255  Mask:255.255.255.0

          inet6 addr: fe80::225:b3ff:fe1c:b97e/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 00:25:B3:1C:B9:7C

          inet addr:10.32.23.56  Bcast:10.32.23.63  Mask:255.255.255.240

          inet6 addr: fe80::225:b3ff:fe1c:b97c/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth2      Link encap:Ethernet  HWaddr 00:1F:29:5A:B5:E9

          inet addr:10.32.23.55  Bcast:10.32.23.63  Mask:255.255.255.240

          inet6 addr: fe80::21f:29ff:fe5a:b5e9/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth3      Link encap:Ethernet  HWaddr 00:1F:29:5A:B5:E8

          inet addr:10.32.23.54  Bcast:10.32.23.63  Mask:255.255.255.240

          inet6 addr: fe80::21f:29ff:fe5a:b5e8/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth4      Link encap:Ethernet  HWaddr 00:1F:29:5A:B5:EB

          inet addr:10.32.23.53  Bcast:10.32.23.63  Mask:255.255.255.240

          inet6 addr: fe80::21f:29ff:fe5a:b5eb/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth5      Link encap:Ethernet  HWaddr 00:1F:29:5A:B5:EA

          inet addr:10.32.23.52  Bcast:10.32.23.63  Mask:255.255.255.240

          inet6 addr: fe80::21f:29ff:fe5a:b5ea/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

4.

O100282:~# route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.31.11.70     *               255.255.255.255 UH    0      0        0 eth3

10.31.24.72     *               255.255.255.255 UH    0      0        0 eth5

10.31.22.197    *               255.255.255.255 UH    0      0        0 eth2

10.31.13.76     *               255.255.255.255 UH    0      0        0 eth4

10.32.23.48     *               255.255.255.240 U     0      0        0 eth2

10.32.23.48     *               255.255.255.240 U     0      0        0 eth3

10.32.23.48     *               255.255.255.240 U     0      0        0 eth4

10.32.23.48     *               255.255.255.240 U     0      0        0 eth5

10.32.23.48     *               255.255.255.240 U     0      0        0 eth1

10.117.18.128   10.32.23.49     255.255.255.192 UG    0      0        0 eth1

10.17.5.128     10.32.23.49     255.255.255.128 UG    0      0        0 eth1

192.231.36.0    *               255.255.255.0   U     0      0        0 eth0

O100282:~# arp

Address                  HWtype  HWaddress           Flags Mask            Iface

localhost                        (incomplete)                              eth0

10.31.24.72              ether   00:19:E8:77:86:08   C                     eth5

10.31.11.70              ether   00:19:E8:77:86:08   C                     eth3

10.32.23.49              ether   00:19:E8:77:86:08   C                     eth2

192.231.36.1             ether   00:1E:0B:F9:C3:B2   C                     eth0

10.32.23.49              ether   00:19:E8:77:86:08   C                     eth1

O100281                  ether   00:23:7D:26:CA:66   C                     eth0

10.31.13.76              ether   00:19:E8:77:86:08   C                     eth4

10.31.22.197             ether   00:19:E8:77:86:08   C                     eth2

Hi Nitin,

Configure your Eth 1, 2, 3 ,4 & 5 to have Gateway IP of 10.32.23.49 and I guess then everything should work as a charm...

HTH,

Smitesh

PS: Please rate helpful posts...

Thanks for reply smitesh..

But each interface is configured with different gateway .

eth2 (10.32.23.55) -------->> 10.31.22.197 (Degault gateway)

eth3 (10.32.23.54) ---->> 10.31.11.70 (Degault gateway)

eth4 (10.32.23.53) ---->> 10.31.13.76 (Degault gateway)

eth5 (10.32.23.53) ---->> 10.31.24.72 (Degault gateway)

You need atleast one port to have gateway as VIP IP ( in your case 10.32.23.49)...

HTH,

Smitesh

Hello Nitin,

I agree with Smitesh. Your Linux should be using only one default gateway - the vIP address 10.32.23.49.

Please note that there are two incorrect aspects of your current configuration:

  1. There is no such thing as a separate default gateway for a particular interface. The Linux has a common routing table, and defining a "default gateway" results in a normal default route 0.0.0.0/0 being added to the routing table with the IP address of the next hop set to the address of the "default gateway". If you define four different default gateways, you will either end up with the routing table having a single default route 0.0.0.0/0 through four different next hops, or the routing table will contain the default route through only a single next hop (either the first or the last one - that depends on many factors). Once more, regardlessly of how many network cards you have, you should use only one default gateway - in this case, the vIP address of the entire HSRP standby group.
  2. Your current configuration of "per-interface default gateways" is furthermore incorrect because the address of the default gateway lies outside your directly connected networks. Your four NICs belong to the IP network 10.32.23.48/28 while the defined default gateways are somewhere in the 10.31.X.X range, clearly outside your directly connected network 10.32.23.48/28. A default gateway must always be located on a directly connected network, otherwise it is invalid and not accepted. I suppose that is also the reason why the route output you have posted does not contain any default route at all.

Best regards,

Peter

Hi Peter,

I added default gateway, but still i am facing same problem & below are the outputs:

Command: ip addr show

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: sit0: mtu 1480 qdisc noop state DOWN

    link/sit 0.0.0.0 brd 0.0.0.0

3: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:25:b3:1c:b9:7e brd ff:ff:ff:ff:ff:ff

    inet 192.231.36.82/24 brd 192.231.36.255 scope global eth0

    inet6 fe80::225:b3ff:fe1c:b97e/64 scope link

       valid_lft forever preferred_lft forever

4: eth2: mtu 1500 qdisc pfifo_fast state UP qlen 100

    link/ether 00:1f:29:5a:b5:e9 brd ff:ff:ff:ff:ff:ff

    inet 10.32.23.55/28 brd 10.32.23.63 scope global eth2

    inet6 fe80::21f:29ff:fe5a:b5e9/64 scope link

       valid_lft forever preferred_lft forever

5: eth3: mtu 1500 qdisc pfifo_fast state UP qlen 100

    link/ether 00:1f:29:5a:b5:e8 brd ff:ff:ff:ff:ff:ff

    inet 10.32.23.54/28 brd 10.32.23.63 scope global eth3

    inet6 fe80::21f:29ff:fe5a:b5e8/64 scope link

       valid_lft forever preferred_lft forever

6: eth4: mtu 1500 qdisc pfifo_fast state UP qlen 100

    link/ether 00:1f:29:5a:b5:eb brd ff:ff:ff:ff:ff:ff

    inet 10.32.23.53/28 brd 10.32.23.63 scope global eth4

    inet6 fe80::21f:29ff:fe5a:b5eb/64 scope link

       valid_lft forever preferred_lft forever

7: eth5: mtu 1500 qdisc pfifo_fast state UP qlen 100

    link/ether 00:1f:29:5a:b5:ea brd ff:ff:ff:ff:ff:ff

    inet 10.32.23.52/28 brd 10.32.23.63 scope global eth5

    inet6 fe80::21f:29ff:fe5a:b5ea/64 scope link

       valid_lft forever preferred_lft forever

8: eth1: mtu 1500 qdisc noop state DOWN qlen 1000

    link/ether 00:25:b3:1c:b9:7c brd ff:ff:ff:ff:ff:ff

9: bond0: mtu 1500 qdisc noop state DOWN

    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

10: bond1: mtu 1500 qdisc noop state DOWN

    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

Command: ip route show table all

10.31.11.70 dev eth3  scope host

10.31.24.72 dev eth5  scope host

10.31.22.197 dev eth2  scope host

10.31.13.76 dev eth4  scope host

10.32.23.48/28 dev eth5  proto kernel  scope link  src 10.32.23.52

10.32.23.48/28 dev eth2  proto kernel  scope link  src 10.32.23.55

10.32.23.48/28 dev eth3  proto kernel  scope link  src 10.32.23.54

10.32.23.48/28 dev eth4  proto kernel  scope link  src 10.32.23.53

192.231.36.0/24 dev eth0  proto kernel  scope link  src 192.231.36.82

default via 10.32.23.49 dev eth5

default via 10.32.23.49 dev eth2

default via 10.32.23.49 dev eth3

default via 10.32.23.49 dev eth4

broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1

broadcast 192.231.36.255 dev eth0  table local  proto kernel  scope link  src 192.231.36.82

broadcast 10.32.23.63 dev eth5  table local  proto kernel  scope link  src 10.32.23.52

broadcast 10.32.23.63 dev eth2  table local  proto kernel  scope link  src 10.32.23.55

broadcast 10.32.23.63 dev eth3  table local  proto kernel  scope link  src 10.32.23.54

broadcast 10.32.23.63 dev eth4  table local  proto kernel  scope link  src 10.32.23.53

broadcast 192.231.36.0 dev eth0  table local  proto kernel  scope link  src 192.231.36.82

local 192.231.36.82 dev eth0  table local  proto kernel  scope host  src 192.231.36.82

broadcast 10.32.23.48 dev eth5  table local  proto kernel  scope link  src 10.32.23.52

broadcast 10.32.23.48 dev eth2  table local  proto kernel  scope link  src 10.32.23.55

broadcast 10.32.23.48 dev eth3  table local  proto kernel  scope link  src 10.32.23.54

broadcast 10.32.23.48 dev eth4  table local  proto kernel  scope link  src 10.32.23.53

local 10.32.23.55 dev eth2  table local  proto kernel  scope host  src 10.32.23.55

local 10.32.23.54 dev eth3  table local  proto kernel  scope host  src 10.32.23.54

local 10.32.23.53 dev eth4  table local  proto kernel  scope host  src 10.32.23.53

broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1

local 10.32.23.52 dev eth5  table local  proto kernel  scope host  src 10.32.23.52

local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1

local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1

local ::1 via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 4294967295

local fe80::21f:29ff:fe5a:b5e8 via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 4294967295

local fe80::21f:29ff:fe5a:b5e9 via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 4294967295

local fe80::21f:29ff:fe5a:b5ea via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 4294967295

local fe80::21f:29ff:fe5a:b5eb via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 4294967295

local fe80::225:b3ff:fe1c:b97e via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 4294967295

fe80::/64 dev eth0  metric 256  expires 8531085sec mtu 1500 advmss 1440 hoplimit 4294967295

fe80::/64 dev eth5  metric 256  expires 8531106sec mtu 1500 advmss 1440 hoplimit 4294967295

fe80::/64 dev eth2  metric 256  expires 8531106sec mtu 1500 advmss 1440 hoplimit 4294967295

fe80::/64 dev eth4  metric 256  expires 8531106sec mtu 1500 advmss 1440 hoplimit 4294967295

fe80::/64 dev eth3  metric 256  expires 8531106sec mtu 1500 advmss 1440 hoplimit 4294967295

ff00::/8 dev eth0  metric 256  expires 8531085sec mtu 1500 advmss 1440 hoplimit 4294967295

ff00::/8 dev eth5  metric 256  expires 8531106sec mtu 1500 advmss 1440 hoplimit 4294967295

ff00::/8 dev eth2  metric 256  expires 8531106sec mtu 1500 advmss 1440 hoplimit 4294967295

ff00::/8 dev eth4  metric 256  expires 8531106sec mtu 1500 advmss 1440 hoplimit 4294967295

ff00::/8 dev eth3  metric 256  expires 8531106sec mtu 1500 advmss 1440 hoplimit 4294967295

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco