Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
7415
Views
1
Helpful
2
Comments

How to use HSRP to provide redundancy in a multihomed BGP network

TCC_2
Level 10
Level 10

‎06-22-2009 05:38 PM - edited ‎03-01-2019 04:14 PM

Core Issue

Hot Standby Router Protocol (HSRP) is used to build redundancy into IP networks. HSRP ensures that network downtime due to failure of devices is minimal and that the process of the backup device taking over the forwarding function is transparent to the end user.

However, HSRP cannot influence the path taken by the traffic entering the Autonomous System (AS). Border Gateway Protocol (BGP) can be used to influence the path taken by the incoming traffic, but it cannot provide first-hop failure redundancy for hosts on the network. HSRP and BGP together can influence the path for both incoming and outgoing traffic if connectivity to one Internet Service Provider (ISP) fails. Then the backup path to the other ISP used.

Resolution

To resolve this issue, perform these steps:

  1. Configure the router to be used for forwarding outbound traffic with a higher HSRP priority, making it the active HSRP router.
  2. Configure HSRP to track the state of the primary link to the ISP. If the link to the ISP fails, the HSRP priority of the router is reduced (by 10, by default), which results in the router's HSRP priority becoming less than that of the standby router. The HSRP standby router becomes the active router by virtue of its higher priority and starts forwarding traffic.
  3. To configure HSRP priority, issue the standby priority command in interface configuration mode.
  4. To configure HSRP to track an interface and change the HSRP priority based on the state of the interface, issue the standby track command.
  5. The router with the primary link can be configured to preempt. This is done to take over the role of the HSRP active router as soon as its link to the ISP is restored. To configure HSRP to preempt, issue the standby preempt command in interface configuration mode.
  6. To influence the path taken by the incoming traffic, prepend the local AS number to the updates sent out on the backup link more than once. This makes the updates sent out on the backup link have a longer AS-Path attribute, making them less preferable compared to updates sent over the primary link. The inbound traffic is now routed over the primary link.
  7. Create an Access Control List (ACL) to specify the updates for the AS-Path attribute that need modified. To define an ACL, issue the access-list command in global configuration mode.
  8. Create a new route map and configure it to match this ACL and modify the AS-Path attribute.
  9. To create a route map, issue the route-map command in global configuration mode.
  10. To match the destination network number specified in standard or extended ACL, issue the match ip address command in route-map configuration mode.
  11. To extend the length of the AS-Path attribute for these BGP routes, issue the set as-path command with the prepend keyword in route-map configuration mode.

For more information and configuration examples, refer to How to Use HSRP to Provide Redundancy in a Multihomed BGP Network.


Comments
eahmed007
Level 1
Level 1
‎06-27-2015 10:30 PM

Hi,

I have configured EBGP between to Internet service provider and configured HSRP with IBGP for High-Availability for Local traffic. In this Network Topology, I have two Firewalls behind Two Routers where I configured EBPG Multi-homing.

 

ISP01                                 ISP02

     EBGP                             EBGP

Router01         IBGP     Router02

                    HSRP

Firewall01           Firewall02

 

I have one global network block 105.X.X.X/23. My intention is to use both ISP active for 105.X.X.X/24 and 105.X.Y.X/24 while configuring EBGP Multi-homing with HSRP protocol. That means 105.X.X.X/24 will use one ISP for incoming and outgoing traffic and 105.X.Y.X/24 will use other ISP and fail-over happens in case of one ISP goes down.

 

Can you tell me how I can configure to achieve this Active/Active High-Availability configuring BGP with HSRP protocol and keeping Firewall behind for LAN Network.

 

I am looking forward to your assistance.

 

With Regards

Erfan

 

siskum
Spotlight
Spotlight
‎07-11-2022 05:12 PM

HSRP Network RedundencyHSRP Network Redundency

HSRP-Reliable Internet Solution (Network Redundency)
Hot Standby Router Protocol

ISP-Router 1 Configurations

ISP-R1#
ISP-R1#config t
ISP-R1(config)#interface GigabitEthernet0/0/0
ISP-R1(config-if)# ip address 10.35.20.2 255.255.255.248
ISP-R1(config-if)# ip nat inside
ISP-R1(config-if)# duplex auto
ISP-R1(config-if)# speed auto
ISP-R1(config)#interface GigabitEthernet0/0/1
ISP-R1(config-if)# ip address 10.35.40.2 255.255.255.248
ISP-R1(config-if)# ip nat inside
ISP-R1(config-if)# duplex auto
ISP-R1(config-if)# speed auto
ISP-R1(config-if)#exit
ISP-R1(config)#interface Serial0/1/0
ISP-R1(config-if)# ip address 172.10.100.1 255.255.255.248
ISP-R1(config-if)# ip nat outside
ISP-R1(config)#interface Serial0/1/1
ISP-R1(config-if)# ip address 172.10.200.1 255.255.255.248
ISP-R1(config-if)# ip nat outside
ISP-R1(config-if)# clock rate 2000000
ISP-R1(config-if)#exit
ISP-R1(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
ISP-R1(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ISP-R1(config)#ip route 10.35.0.0 255.255.0.0 10.35.40.1
ISP-R1(config)#ip route 10.35.0.0 255.255.0.0 10.35.20.1
ISP-R1(config)#exit
ISP-R1#


ISP-R1#sh run
Building configuration...

Current configuration : 1068 bytes
!
version 16.6.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ISP-R1
!
interface GigabitEthernet0/0/0
ip address 10.35.20.2 255.255.255.248
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
ip address 10.35.40.2 255.255.255.248
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/1/0
ip address 172.10.100.1 255.255.255.248
ip nat outside
!
interface Serial0/1/1
ip address 172.10.200.1 255.255.255.248
ip nat outside
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 10.35.0.0 255.255.0.0 10.35.40.1
ip route 10.35.0.0 255.255.0.0 10.35.20.1
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

---------------------------------------------------------------------
Home Office Router 3 Configurations

R3#
R3#config t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface GigabitEthernet0/1
R3(config-if)# no ip address
R3(config-if)# ip nat inside
R3(config-if)# duplex auto
R3(config-if)# speed auto
R3(config-if)#exit
R3(config)#interface GigabitEthernet0/1.10
R3(config-subif)# encapsulation dot1Q 10
R3(config-subif)# ip address 10.35.10.1 255.255.255.0
R3(config-subif)# standby 10 ip 10.35.10.10
R3(config-subif)# standby 10 priority 140
R3(config-subif)# standby 10 preempt
R3(config-subif)#exit
R3(config)#interface GigabitEthernet0/1.30
R3(config-subif)# encapsulation dot1Q 30
R3(config-subif)# ip address 10.35.30.1 255.255.255.0
R3(config-subif)# standby 30 ip 10.35.30.30
R3(config-subif)# standby 30 priority 140
R3(config-subif)# standby 30 preempt
R3(config-subif)#exit
R3(config)#
R3(config)#ip dhcp pool Net10
R3(dhcp-config)# network 10.35.10.0 255.255.255.0
R3(dhcp-config)# default-router 10.35.10.1
R3(dhcp-config)#ip dhcp pool Net30
R3(dhcp-config)# network 10.35.30.0 255.255.255.0
R3(dhcp-config)# default-router 10.35.30.1
R3(dhcp-config)#exit
R3(config)#ip default-gateway 10.35.20.2
R3(config)#
R3(config)#ip route 10.35.30.0 255.255.255.0 GigabitEthernet0/1.30
R3(config)#ip route 10.35.10.0 255.255.255.0 GigabitEthernet0/1.10
R3(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
R3(config)#ip route 0.0.0.0 0.0.0.0 10.35.20.2
R3(config)#exit
R3#


R3>enable
R3#sh run
Building configuration...

Current configuration : 1330 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R3
!
ip dhcp pool Net10
network 10.35.10.0 255.255.255.0
default-router 10.35.10.1
ip dhcp pool Net30
network 10.35.30.0 255.255.255.0
default-router 10.35.30.1
!
interface GigabitEthernet0/0
ip address 10.35.20.1 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.35.10.1 255.255.255.0
standby 10 ip 10.35.10.10
standby 10 priority 140
standby 10 preempt
!
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 10.35.30.1 255.255.255.0
standby 30 ip 10.35.30.30
standby 30 priority 140
standby 30 preempt
!
interface Vlan1
no ip address
shutdown
!
ip default-gateway 10.35.20.2
ip classless
ip route 10.35.30.0 255.255.255.0 GigabitEthernet0/1.30
ip route 10.35.10.0 255.255.255.0 GigabitEthernet0/1.10
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip route 0.0.0.0 0.0.0.0 10.35.20.2
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

---------------------------------------------------------------------
Home Office Router 4 Configurations

R4>enable
R4#config t
R4(config)#
R4(config)#interface GigabitEthernet0/0
R4(config-if)# ip address 10.35.40.1 255.255.255.248
R4(config-if)# ip nat outside
R4(config-if)# duplex auto
R4(config-if)# speed auto
R4(config-if)#exit
R4(config)#interface GigabitEthernet0/1
R4(config-if)# no ip address
R4(config-if)# ip nat inside
R4(config-if)# duplex auto
R4(config-if)# speed auto
R4(config-if)#exit
R4(config)#interface GigabitEthernet0/1.10
R4(config-subif)# encapsulation dot1Q 10
R4(config-subif)# ip address 10.35.10.2 255.255.255.0
R4(config-subif)# standby 10 ip 10.35.10.10
R4(config-subif)# standby 10 priority 140
R4(config-subif)# standby 10 preempt
R4(config-subif)#exit
R4(config)#interface GigabitEthernet0/1.30
R4(config-subif)# encapsulation dot1Q 30
R4(config-subif)# ip address 10.35.30.2 255.255.255.0
R4(config-subif)# standby 30 ip 10.35.30.30
R4(config-subif)# standby 30 priority 140
R4(config-subif)# standby 30 preempt
R4(config-subif)#exit
R4(config)#
R4(config)#ip dhcp pool net10
R4(dhcp-config)# network 10.35.10.0 255.255.255.0
R4(dhcp-config)# default-router 10.35.10.2
R4(dhcp-config)#ip dhcp pool net30
R4(dhcp-config)# network 10.35.30.0 255.255.255.0
R4(dhcp-config)# default-router 10.35.30.2
R4(dhcp-config)#exit
R4(config)#ip default-gateway 10.35.40.1
R4(config)#
R4(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
R4(config)#ip route 10.35.10.0 255.255.255.0 GigabitEthernet0/1.10
R4(config)#ip route 10.35.30.0 255.255.255.0 GigabitEthernet0/1.30
R4(config)#ip route 0.0.0.0 0.0.0.0 10.35.40.2
R4(config)#exit
R4#


R4#sh run
Building configuration...

Current configuration : 1442 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R4
!
ip dhcp pool net10
network 10.35.10.0 255.255.255.0
default-router 10.35.10.2
ip dhcp pool net30
network 10.35.30.0 255.255.255.0
default-router 10.35.30.2
!
interface GigabitEthernet0/0
ip address 10.35.40.1 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.35.10.2 255.255.255.0
standby 10 ip 10.35.10.10
standby 10 priority 140
standby 10 preempt
!
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 10.35.30.2 255.255.255.0
standby 30 ip 10.35.30.30
standby 30 priority 140
standby 30 preempt
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip default-gateway 10.35.40.1
ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip route 10.35.10.0 255.255.255.0 GigabitEthernet0/1.10
ip route 10.35.30.0 255.255.255.0 GigabitEthernet0/1.30
ip route 0.0.0.0 0.0.0.0 10.35.40.2
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

------------------------------------------------------------------------------

Please vote me as "Helpful" after sloving your problem. Thanks.

Summery of Router Status

R3 - Router Status

R3>enable
R3#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gig 10 140 P Standby 10.35.10.2 local 10.35.10.10
Gig 30 140 P Standby 10.35.30.2 local 10.35.30.30
R3#

R4 - Router Status

R4>enable
R4#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gig 10 140 P Active local 10.35.10.1 10.35.10.10
Gig 30 140 P Active local 10.35.30.1 10.35.30.30
R4#

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents