Routing strangeness-HSRP related?

it · ‎12-02-2005

I have two routers on a common subnet running HSRP connected to another pair of routers also running HSRP via a couple of WAN links, 1 10 Meg and 1 5 Meg. The 5 Meg link is a LAN extension, so EIGRP forms neighbour relationships OK, but the 10 Meg link crosses the telco network which uses BGP.We got them to redistribute our EIGRP into their BGP and redistribute out again at the other end, played with the EIGRP weighting and got the 10 M link as the preferred route. All seemed OK....until we tested the failover! The routers failover OK, traffic switches to the backup 5M link, but the clients lose their connection to the webservers which are behind a couple of CSS 11500's. Pinging from the client side routers works if we use the backup router, but fails from the main router. When the network is in the normal state(no failover) pinging from either router works! I've attached a sanitized copy of the configs for the routers. Does anyone have any ideas what to check next?

Thx

George

sundar.palaniappan · ‎12-02-2005

Appears NAT is your problem.

As the NAT table on the routers don't get replicated, the failover you are seeing is non-stateful, i.e all existing tcp/udp sessions will hang. Connections have to be restarted.

HTH,

Sundar

Georg Pauwen · ‎12-02-2005

Hello George,

in addition to Sundar's post, there are basically two approaches to get around the HSRP/NAT failover issue, you might want to have a look at the documents below:

Stateful Failover of Network Address Translation (SNAT)

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper09186a00801124ad.shtml

NAT - Static Mapping Support with HSRP for High Availability

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087c4c.html

Regards,

GP