Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to use HSRP to provide redundancy in a multihomed BGP network

Core Issue

Hot Standby Router Protocol (HSRP) is used to build redundancy into IP networks. HSRP ensures that network downtime due to failure of devices is minimal and that the process of the backup device taking over the forwarding function is transparent to the end user.

However, HSRP cannot influence the path taken by the traffic entering the Autonomous System (AS). Border Gateway Protocol (BGP) can be used to influence the path taken by the incoming traffic, but it cannot provide first-hop failure redundancy for hosts on the network. HSRP and BGP together can influence the path for both incoming and outgoing traffic if connectivity to one Internet Service Provider (ISP) fails. Then the backup path to the other ISP used.


To resolve this issue, perform these steps:

  1. Configure the router to be used for forwarding outbound traffic with a higher HSRP priority, making it the active HSRP router.
  2. Configure HSRP to track the state of the primary link to the ISP. If the link to the ISP fails, the HSRP priority of the router is reduced (by 10, by default), which results in the router's HSRP priority becoming less than that of the standby router. The HSRP standby router becomes the active router by virtue of its higher priority and starts forwarding traffic.
  3. To configure HSRP priority, issue the standby priority command in interface configuration mode.
  4. To configure HSRP to track an interface and change the HSRP priority based on the state of the interface, issue the standby track command.
  5. The router with the primary link can be configured to preempt. This is done to take over the role of the HSRP active router as soon as its link to the ISP is restored. To configure HSRP to preempt, issue the standby preempt command in interface configuration mode.
  6. To influence the path taken by the incoming traffic, prepend the local AS number to the updates sent out on the backup link more than once. This makes the updates sent out on the backup link have a longer AS-Path attribute, making them less preferable compared to updates sent over the primary link. The inbound traffic is now routed over the primary link.
  7. Create an Access Control List (ACL) to specify the updates for the AS-Path attribute that need modified. To define an ACL, issue the access-list command in global configuration mode.
  8. Create a new route map and configure it to match this ACL and modify the AS-Path attribute.
  9. To create a route map, issue the route-map command in global configuration mode.
  10. To match the destination network number specified in standard or extended ACL, issue the match ip address command in route-map configuration mode.
  11. To extend the length of the AS-Path attribute for these BGP routes, issue the set as-path command with the prepend keyword in route-map configuration mode.

For more information and configuration examples, refer to How to Use HSRP to Provide Redundancy in a Multihomed BGP Network.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:38 PM
Updated by:
Labels (1)
Everyone's tags (4)
New Member


I have configured EBGP between to Internet service provider and configured HSRP with IBGP for High-Availability for Local traffic. In this Network Topology, I have two Firewalls behind Two Routers where I configured EBPG Multi-homing.


ISP01                                 ISP02

     EBGP                             EBGP

Router01         IBGP     Router02


Firewall01           Firewall02


I have one global network block 105.X.X.X/23. My intention is to use both ISP active for 105.X.X.X/24 and 105.X.Y.X/24 while configuring EBGP Multi-homing with HSRP protocol. That means 105.X.X.X/24 will use one ISP for incoming and outgoing traffic and 105.X.Y.X/24 will use other ISP and fail-over happens in case of one ISP goes down.


Can you tell me how I can configure to achieve this Active/Active High-Availability configuring BGP with HSRP protocol and keeping Firewall behind for LAN Network.


I am looking forward to your assistance.


With Regards