Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

HSRP problem

after configuring multiple group HSRP for two routers(router 1 active for half of the traffic and router 2 active for the remaining half)I found that at certain time all traffic directed to router 1 and then the situation reversed the second router handle all the traffic and router 1 does not handle any traffic???!!!!!

is this and arp cache problem???

how to solve this problem????

18 REPLIES
Hall of Fame Super Blue

Re: HSRP problem

Hi

Could you post your config. Assuming that you have a stable environment and the routers are not flipping between each other half you clients should have one default-gateway set (one of the HSRP VIP's) and the other half of your clients should be using the other default-gateway (the other HSRP VIP).

Jon

Silver

Re: HSRP problem

Hi Mohammad ,

I think you are doing load balacing qith HSRP.

Please check the below link..Can you paste the config of both the routers.

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094e90.shtml

Thanks,

satish

New Member

Re: HSRP problem

thanks for cooperation

below is my routers config

Router1

-------

standby 1 ip

standby 1 preempt

standby 1 track Serial0

standby 1 priority 105

standby 2 preempt

standby 2 ip

standby 2 track serial 0

Router 2

---------

standby 1 ip

standby 1 preempt

standby 1 track Serial0

standby 2 preempt

standby 2 ip

standby 2 track serial 0

standby 2 priority 105

Regards,

Re: HSRP problem

There are a number of possible reasons, but two "headline" possibilities.

Either you have some instability that was causing the active router for each HSRP group to move around.

Or, you have some issue where all the users were using the same HSRP addres at that time.

How do you allocate gateway addresses to users? Are they manually configured or do you use DHCP? If DHCP have you got an advanced solution, or are you just using two DHCP servers and let them race?

New Member

Re: HSRP problem

I have a firewall with two default routes to the two Virtual IP of HSRP..

Hall of Fame Super Blue

Re: HSRP problem

Is it the firewall that is not loadbalancing and does the firewall use a Virtual IP address itself ?

So what default-gateway have you setup on the firewall and what are the static routes.

The thing is the firewall can only use one gateway at a time. HSRP load-balancing is for spreading the load between multiple clients.

Jon

New Member

Re: HSRP problem

it is a juniper firewall??what do you think??

Hall of Fame Super Blue

Re: HSRP problem

Hi

If it is a single device then it will not load balance as such unless it is doing per-packet loadbalancing.

Yes it may well use both routers but it can only use one router at a time.

Jon

New Member

Re: HSRP problem

cisco routers accept two default routes and load balance between them

Hall of Fame Super Blue

Re: HSRP problem

Well yes, but from your previous posts my understanding was that the default static routes are on the Juniper not the routers ?

Jon

New Member

Re: HSRP problem

ok thanks Jon,,I will try to ask Juniper about that

Re: HSRP problem

Ah! You need to investigate the firewall - what is it?

Different systems use multiple routes differently.

Some will load balance, some will use just one.

You need to understand how the FW handles multiple routes.

New Member

Re: HSRP problem

This is right juniper firewall use only one default route..Any idea??

New Member

Re: HSRP problem

so what is the solutions a vailable in like situation, again the two cisco routers are connected to the same firewall and the firewall does not accept more than one default route so MHSRP didnt work with me??

New Member

Re: HSRP problem

Any idea???

Hall of Fame Super Blue

Re: HSRP problem

Hi

If the Juniper firewall can only use one default route then you cannot load-balance traffic from it.

HSRP / MHSRP won't work because it will always be talking to the same router.

GLBP will not work because the source device, ie. the firewall is always the same.

It's not really anything to do with the Cisco devices. it's more to do with the Juniper firewall capabilities.

Certain firewalls can participate in routing so the Juniper may well run RIP/OSPF. Depending on the routing protocol you use on your Cisco devices you could have the firewall participate in the routing and that way it may well see 2 equal cost paths in it's routing table.

It's difficult to be definitive on this as i have limited experience with Netscreens.

Jon

Re: HSRP problem

There is not a lot you can do. You could look at the fireall and see if it will participate in routing such as RIP/OSPF and look at what it will do with multiple routes dynamically learnt. That may nor be any different though - it may load balance, or it may just select one to use. Then there is the security consideration - many people dislike firewalls participating in routing.

You could front this pair of routers with a third/fourth router, using high speed lan and this extra router load balancing between your existing routers.

The most realistic optin maybe to just accept it as that's the way things work.

New Member

Re: HSRP problem

Parallaly look to the Serial0, in which both groups are track to this in each routers.

At any case , serial 0 link on first or second router fails/flaps, traffic flow will go for both group to other router.

365
Views
6
Helpful
18
Replies