cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6139
Views
0
Helpful
5
Replies

Implementing HSRP in a multi-VRF environment

richardkoudry
Level 1
Level 1

Hi Folks,

I am new to VRF Lite but have recently implemented multiple VRFs on a single CPE (Customer Premises Equipment) router.

I have also implemented a two-CPE redundancy using Cisco HSRP protocol but with a single VRF.

Now, I would like to expand my design by using HSRP with multiple VRFs. The problem here isn't the VRF implementation, but how to implement HSRP with multiple VRFs.  The scope of this query is on the Customer Premises Equipment (CPE).

Thanks.

Gbehode

1 Accepted Solution

Accepted Solutions

Just playing devil advocate, but if the  scenario is to use the same LAN subnet for for multiple VRFs, will it be  technically possible to use the same HSRP VIP for the various HSRP  groups under different VRFs?

As a given IP subnet can (locally) only belong to exactly one VRF (or the global context), those subnets have to be distinguished somehow on common links, e.g. by VLAN-tags on trunk links. The (non-default VLAN) HSRP messages then are tagged too, so their membership is clear, even if you use the same IP addresses multiple times (in different VRFs).

HTH

Rolf

View solution in original post

5 Replies 5

Rolf Fischer
Level 9
Level 9

Hi,

I'm not sure if I understand the question correctly.

When using differnt VRFs, the only difference in the configuration is that the layer-3 interfaces have to be assigned to the corresponing VRF. The scope of the HSRP hellos is the local subnet, so the hellos will be assigned to the VRF of the receiving (sub-)interface/SVI. For the sake of consitency you could use different HSRP groups (affect the virtual MAC address).

An example:

CE1:

interface FastEthernet0/0

! global routing context

ip address 192.168.1.2 255.255.255.0

standby 1 ip 192.168.1.1

standby 1 preempt

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ip vrf forwarding VRF-2

ip address 192.168.2.2 255.255.255.0

standby 2 ip 192.168.2.1

standby 2 preempt

!

interface FastEthernet0/0.3

encapsulation dot1Q 3

ip vrf forwarding VRF-3

ip address 192.168.3.2 255.255.255.0

standby 3 ip 192.168.3.1

standby 3 preempt

CE2:

interface FastEthernet0/0

ip address 192.168.1.3 255.255.255.0

standby 1 ip 192.168.1.1

standby 1 priority 90

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ip vrf forwarding VRF-2

ip address 192.168.2.3 255.255.255.0

standby 2 ip 192.168.2.1

standby 2 priority 90

!

interface FastEthernet0/0.3

encapsulation dot1Q 3

ip vrf forwarding VRF-3

ip address 192.168.3.3 255.255.255.0

standby 3 ip 192.168.3.1

standby 3 priority 90

CE1#show standby brief

                     P indicates configured to preempt.

                     |

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa0/0       1   100  P Active   local           192.168.1.3     192.168.1.1

Fa0/0.2     2   100  P Active   local           192.168.2.3     192.168.2.1

Fa0/0.3     3   100  P Active   local           192.168.3.3     192.168.3.1

CE1#show ip vrf interfaces

Interface              IP-Address      VRF                              Protocol

Fa0/0.2                192.168.2.2     VRF-2                            up    

Fa0/0.3                192.168.3.2     VRF-3                            up

HTH

Rolf

Hi Rolf,

This does help. Thanks for the sample config that I am going to try on GNS3.

I guess the concept is not to use the same HSRP group. I also see that you have used different LAN subnet which is what needs to be done traditionally. As you know, in a VRF environment, it is possible to re-use the same subnet/IP so long as they belong to different VRFs.

Just playing devil advocate, but if the scenario is to use the same LAN subnet for for multiple VRFs, will it be technically possible to use the same HSRP VIP for the various HSRP groups under different VRFs? I don't know why anyone would want to do something like this but I am trying to think ahead in case my customer has only one LAN subnet that they are intending to use for all VRFs. The ideal situation would be to break the LAN subnet down into various chunks, but you never know.

thanks.

Gbehode

Just playing devil advocate, but if the  scenario is to use the same LAN subnet for for multiple VRFs, will it be  technically possible to use the same HSRP VIP for the various HSRP  groups under different VRFs?

As a given IP subnet can (locally) only belong to exactly one VRF (or the global context), those subnets have to be distinguished somehow on common links, e.g. by VLAN-tags on trunk links. The (non-default VLAN) HSRP messages then are tagged too, so their membership is clear, even if you use the same IP addresses multiple times (in different VRFs).

HTH

Rolf

Hi Rolf,

I have built a GNS3 model based on different LAN subnet per VRF and having an HSRP group per VRF. This appears to be working correctly, at least from HSRP point of view.

I am going to modify the GNS3 model to use same LAN subnet to see if and how it works. I don't see a problem since each LAN sub-interface will have a different VLAN tag and will be encapsulated / shielded in a separate VRF. I will post further updates on this.

The other challenge is to get this to work with dynamic routing protocols like OSPF or BGP but that is  totally different subjet.

Thanks.

Gbehode

Hi Rolf,

Just to sum up this query ...

The Multiple HSRP (M-HSRP) can be used in a multi-VRF environment to achieve redundancy on the CPE side. I have tested this with different LAN subnets and the same LAN subnets with the help of VRF. This works fine.

thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco