On a PC one usually configures a single gateway by default ... But what happens if it is out of order? ... The answer is simple ... no way to communicate outside its domain of diffusion. To remedy this, there are several ways to manage gateway redundancy including HSRP, VRRP, and GLBP.
Here is a simple example of setting
up gateway redundancy using HSRP. However, it is important to note that this is
a proprietary Cisco protocol.
Topology
In order to go straight to the
basics, the basic configuration of the topology is considered completed. For my
part I simply activated EIGRP between R1, R2 and R3.
R3 has a Loopback interface
(1.1.1.1/32) which I will use to test the communication from the PC.
The PC (C1) is configured with
address 192.168.0.10/24 with a default gateway 192.168.0.254. Note that this is
not the address configured on R1 or R2 ... But it will be the one whose role
will be assumed either by R1 or by R2 depending on the state of the network.
What is the HSRP
HSRP is a protocol that provides a
service continuity solution primarily for default gateway redundancy.
For each network, the interfaces of
the routers are associated with an HSRP group (the same group number for all
interfaces that must perform the same role). To this group we associate a
virtual IP address (in this case it will be 192.168.0.254).
Redundancy is implemented through
the ARP protocol. When the PC must send a frame to its gateway, it sends an ARP
request and responds by supplying its MAC address.
With HSRP, routers will associate a
particular MAC address with the virtual IP address in the form 00: 00: 0c: 07:
ac: XX (where XX is the number of the HSRP group).
From then on, for the PC, whatever
happens, it will be this MAC address that will identify its gateway. For their
part, the routers dialogue by multicast in order to negotiate and know who will
be in charge of processing the frame intended for the MAC HSRP address.
Configuring
R1
R1 (config) # interface FastEthernet0 / 0
R1 (config-if) # standby 1 ip 192.168.0.254
R1 (config-if) # standby 1 priority 200
R1 (config-if) # standby 1 preempt
The interface Fa0 / 0 of R1 has thus
been configured to operate in the group HSRP # 1 to which the virtual IP
address 192.168.0.254 has been associated. In addition we have defined a
priority of 200 (the highest priority will be the effective gateway) and we
activate the right of preemption (if R1 breaks down, R2 takes over ... but is
R1 returns, it will resume its place without preemption , R2 would remain the
gateway).
Configuring
R2
R2 (config) # interface FastEthernet0 / 0
R2 (config-if) # standby 1 ip 192.168.0.254
R2 (config-if) # standby 1 priority 100
The configuration of R2 is similar
to that of R1, since R2 is configured with a lower priority, it is not
necessary to activate the preemption.
Verification
On the PC, a communication test
demonstrates the proper functioning of the configuration ...
The configuration of C1:
NAME IP / MASK GATEWAY MAC
VPCS1 192.168.0.10/24 192.168.0.254 00: 50:
79: 66: 68: 00
Testing Communication to 1.1.1.1
VPCS
[1]> ping 1.1.1.1
1.1.1.1 icmp_seq = 1 timeout
1.1.1.1 icmp_seq = 2 ttl = 254 time = 50,000
ms
1.1.1.1 icmp_seq = 3 ttl = 254 time = 50,000
ms
1.1.1.1 icmp_seq = 4 ttl = 254 time = 39.000
ms
1.1.1.1 icmp_seq = 5 ttl = 254 time = 48,000
ms
It is interesting to analyze the
table ARP of C1 ...
VPCS
[1]> arp
00: 00: 0c: 07: ac: 01 192.168.0.254 expires
in 114 seconds
Thus, it is noted that 192.168.0.254
is the gateway of C1 and that the associated MAC address is indeed that of an
HSRP group (here group 1, indicated by the last byte of the MAC ... 01
address). A traceroute will prove that R1 is indeed the router acting as
gateway ...
VPCS
[1]> trace 1.1.1.1
Trace to 1.1.1.1, 8 hops max, press Ctrl + C
to stop
1
192.168.0.1 20.000 ms 10.000 ms 10.000 ms
2
172.30.0.1 30.000 ms 10.000 ms 10.000 ms
3
1.1.1.1 30.000 ms 10.000 ms 10.000 ms
Checking
the configuration
On R1 and R2 it is possible to check
the operation of HSRP by a simple command:
R1 #
show standby
FastEthernet0 / 0 - Group 1
State
is Active
2 state
changes, last state change 00:14:40
Virtual
IP address is 192.168.0.254
Active
virtual MAC address is 0000.0c07.ac01
Local
virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello
time 3 sec, hold time 10 sec
Next
hello sent in 1.064 secs
Preemption enabled
Active
router is local
Standby
router is 192.168.0.2, priority 100 (expires in 8.320 sec)
Priority 200 (configured 200)
Group
name is "hsrp-Fa0 / 0-1" (default)
R1 #
It shows that "State is
Active" which means that R1 is the active gateway (and therefore R2 is in
standby). The rest of the information is explicit.
What
happens if R1 goes down ...
To simulate a failure, I simply put
the Fa0 / 0 interface of R1 in shutdown ...
R1
(config-if) # shutdown
* Mar 1 00: 44: 02.331:%
HSRP-5-STATECHANGE: FastEthernet0 / 0 Grp 1 state Active -> Init
* Mar 1 00: 44: 04.343:% LINK-5-CHANGED:
Interface FastEthernet0 / 0, changed state to administratively down
* Mar 1 00: 44: 05.343:% LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthern and0 / 0, changed state to down
Immediate reaction of R2 ...
R2 #
* Mar 1 00: 44: 11.071:% HSRP-5-STATECHANGE:
FastEthernet0 / 0 Grp 1 state Standby -> Active
R2 has become the active gateway,
check on C1 ...
VPCS
[1]> ping 1.1.1.1
1.1.1.1 icmp_seq = 1 ttl = 254 time = 32,000
ms
1.1.1.1 icmp_seq = 2 ttl = 254 time = 41,000
ms
1.1.1.1 icmp_seq = 3 ttl = 254 time = 31,000
ms
1.1.1.1 icmp_seq = 4 ttl = 254 time = 31,000
ms
1.1.1.1 icmp_seq = 5 ttl = 254 time = 40,000
ms
VPCS
[1]> arp
00: 00: 0c: 07: ac: 01 192.168.0.254 expires
in 15 seconds
Nothing has changed on its side,
normal ... since R1 and R2 use the same virtual IP address associated with the
same MAC address for HSRP. On the other hand the ICMP package passes well by R2
...
VPCS
[1]> trace 1.1.1.1
Trace to 1.1.1.1, 8 hops max, press Ctrl + C
to stop
1
192.168.0.2 21.000 ms 11.000 ms 11.000 ms
2
172.30.0.5 31.000 ms 12.000 ms 12.000 ms
3
1.1.1.1 32.000 ms 12.000 ms 12.000 ms
This is very simple to manage
default gateway redundancy
0 comments:
Post a Comment