cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2059
Views
0
Helpful
11
Replies

How do I enable HSRP to work in event of BGP multi-homing peer failure

jpearce
Level 1
Level 1

Hi,

I am currently trying to lab a dual-homed internet scenario using HSRP object tracking that it will cut over in the event of a route learnt from the internet is no longer accessible.

We recently had a real life failure where standard HSRP was configured and it did not cut over because it was only tracking the status of the WAN interface rather than whether the BGP peering dropped. So interface was still up but no routes were being given to us via ISP. The result was that the HSRP did not cut over.

After some investigation it seemed that object tracking would solve this. But in the lab environment I cannot get this to work using just BGP. The message I get is

Track 1

IP route 4.4.4.4 255.255.255.255 reachability

Reachability is Down (unsupported)

9 changes, last change 00:01:08

First-hop interface is unknown

Tracked by:

HSRP Vlan20 0

It is reachable when I get this message. The only way I found round this was to implement a static route to the far end device but this still does not work because even when the route is gone it still believes it is alive and well because of the static route. So even this would not cut over. My belief is that HSRP object tracking is not working with BGP as a routing protocol. A lot of documents do not mention using BGP but do not explicitly say that it is not supported.

To summarize I need a mechanism to ensure that HSRP cuts over in the event of pure BGP peer failure. The current solution we have is textbook with prepending and I-BGP in place.

Does anybody have any ideas?

11 Replies 11

didyap
Level 6
Level 6

When you are running BGP with more than one service provider, you run the risk that your autonomous system (AS) will become a transit AS. This causes Internet traffic to pass through your AS and potentially consume all of the bandwidth and resources on the CPU of your router. Following links may help you

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080093f2c.shtml

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml

We are using IBGP with HSRP and it works fine.

ISP1 ISP2

| EBGP | EBGP

IR1 --- IBGP Crossover --- IR2Active

| |

Active ------ HSRP -------- Standby

| |

SW1 ------- EC -------- SW2

===================================

firewall

Crossover to avoid single switch failover.

Use LP and AS-path prepend for your ISP2 if it backup.

HTH,

Regards,

-SA

Or use VRRP but question will be which route? May be default route if you receiving it.

http://cisco.com/en/US/customer/products/ps6350/products_configuration_guide_chapter09186a008042fbeb.html

Hi Ali,

I am just receiving a default route from the cloud. I will read the VRRP document.

Best Regards,

Jeremy Pearce

Hi Ali,

I will have a look at VRRP but it seems to suggest that this will only work when a default route is statically configured. I am receiving a default via BGP.

Best Regards,

Jeremy

Here is the config: It should work with the BGP route.

1. R1 -- EBGP 192.168.1.0/24 -- R2

2. R2 -- VRRP 10.1.1.0/24 -- R3

3. R1 is sending default via BGP

//////////////////////////////////////////////

r1#sh run | beg router bgp

router bgp 1

no synchronization

bgp log-neighbor-changes

network 0.0.0.0

neighbor 192.168.1.2 remote-as 2

default-information originate

no auto-summary

!

ip route 0.0.0.0 0.0.0.0 Null0

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

!

//////////////////////////////////////////////

r2#sh run | beg track 1

track 1 ip route 0.0.0.0 0.0.0.0 reachability

!

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.1.1.2 255.255.255.0

duplex auto

speed auto

vrrp 1 ip 10.1.1.1

vrrp 1 timers advertise 3

vrrp 1 timers learn

vrrp 1 priority 120

vrrp 1 authentication cisco

vrrp 1 track 1 decrement 100

!

//////////////////////////////////////////////

r3#sh run | beg FastEthernet0/1

interface FastEthernet0/1

ip address 10.1.1.3 255.255.255.0

duplex auto

speed auto

vrrp 1 ip 10.1.1.1

vrrp 1 timers advertise 3

vrrp 1 timers learn

vrrp 1 authentication cisco

!

//////////////////////////////////////////////

r1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

r1(config)#router bgp 1

r1(config-router)#no network 0.0.0.0

r1(config-router)#

r2#sh vrrp

FastEthernet0/1 - Group 1

State is Master

Virtual IP address is 10.1.1.1

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 3.000 sec

Preemption enabled

Priority is 120

Track object 1 state Up decrement 100

Authentication text "cisco"

Master Router is 10.1.1.2 (local), priority is 120

Master Advertisement interval is 3.000 sec

Master Down interval is 9.531 sec

r2#sh ip bgp

BGP table version is 2, local router ID is 192.168.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 192.168.1.1 0 0 1 i

r2#

r2#

*Sep 7 15:25:14.235: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Master -> Backup

r2#

r2#sh vrrp

FastEthernet0/1 - Group 1

State is Backup

Virtual IP address is 10.1.1.1

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 3.000 sec

Preemption enabled

Priority is 20 (cfgd 120)

Track object 1 state Down decrement 100

Authentication text "cisco"

Master Router is 10.1.1.3, priority is 100

Master Advertisement interval is 3.000 sec

Master Down interval is 9.531 sec (expires in 9.031 sec) Learning

r2#sh ip bgp

r2#

r3#sh vrrp

FastEthernet0/1 - Group 1

State is Backup

Virtual IP address is 10.1.1.1

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 3.000 sec

Preemption enabled

Priority is 100

Authentication text "cisco"

Master Router is 10.1.1.2, priority is 120

Master Advertisement interval is 3.000 sec

Master Down interval is 9.609 sec (expires in 8.213 sec) Learning

r3#

*May 8 23:28:25.763: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Backup -> Master

r3#sh vrrp

FastEthernet0/1 - Group 1

State is Master

Virtual IP address is 10.1.1.1

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 3.000 sec

Preemption enabled

Priority is 100

Authentication text "cisco"

Master Router is 10.1.1.3 (local), priority is 100

Master Advertisement interval is 3.000 sec

Master Down interval is 9.609 sec

r3#

HTH,

Regards, SA

Please understand and plan before making changes into the production Env. Make changes during your maintenance windows with the rollback plan.

Hi Ali,

Don't worry I am nowhere near a production environment yet. I have tried your configuration in a lab and still cannot get the CE to recognise the fact that it is receiving a default via BGP. If you look at the attachment for All configs.txt on the Primary_Int you can see that it gets a default in via BGP but does recongise this as valid using VRRP.

I have added attachments of configs which essentially try and mimic what will be real environment where the customer has 2 CE devices connecting to completely separate ISPs and each ISP only gives them a default via E-BGP.

Details as follows

------------------

Primary_Int - Primary internet CE router

Backup_Int- Backup internet CE router

THUS - Primary ISP PE device

Verizon - Backup ISP PE device

Hi Ali,

Thanks for the config. The only issue I have is that the CE routers are

receiving routes from the cloud. The scenario you have given seems to be one where the routers are advertising and not receiving.

Hello,

R1 in the scenario is the internet router or PE and consider R2 as a CE or your IR.

Regards,

-Shahzad

Hi Ali,

I have some more information which may help. I am wondeering now whether you can implement VRRP alongside BGP:

Primary_Int#sho track

Track 1

IP route 0.0.0.0 0.0.0.0 reachability

Reachability is Down (unsupported)

1 change, last change 00:00:09

First-hop interface is unknown

Tracked by:

VRRP Vlan20 1