05-18-2009 12:18 PM - edited 03-04-2019 04:47 AM
I have a pair of 3825s and have successfully established HSRP between the two. However, I see that the configuration on the primary router is not written to the standby router. Does CISCO support a true failover model, where the configuration is shared, and any changes to the config are automatically updated on each router?
05-18-2009 12:25 PM
Jessica
This is not how comfiguration on routers works. By configuring HSRP you are allowing 2 interfaces to act as a backup to each other. But the config will not be copied from one router to the other.
You need to configure both routers independently.
Jon
05-18-2009 12:27 PM
Man, that's really lame of CISCO. Thanks for your help.
05-18-2009 12:34 PM
Jessica
On devices intended to provide true failover capability (such as Catalyst with redundant supervisors or the firewall ASA/PIX products) there is config update capability between the devices.
But HSRP is really not intended as a failover technology between routers and that is the main reason that configs are not shared/updates on one sent to the other. In HSRP both routers operate independently and share a virtual address on the interface(s) configured with HSRP. But the virtual address is the only thing that they share.
HTH
Rick
05-18-2009 12:43 PM
Thanks, that helps a lot. OK, so HSRP does not cover this. Is there some other way of obtaining config update capability between redundant routers or is my only option to maintain the configs manually? Sorry to belabor this point, but I come from the Firewall side of network management and still can't believe I can't set up my routers in failover mode.
05-18-2009 12:40 PM
Lame ?!?
You probably have little networking knowledge and do not grasp the complications involved with router redundancy. Hopefully the other useful answer here will be a first step for you in the right direction.
05-18-2009 12:50 PM
And yet, no self respecting Firewall vendor would even *consider* offering a firewall in redundant mode that did NOT maintain a common config. Go figure...
05-18-2009 12:57 PM
The thing is that a router is not a firewall (although it has rich FW features), HSRP predates firewalls by at least 10 years, and it is not a replacement for it.
As is has been explained to you, the cisco firewall (ASA) fully support stateful redundancy with automatic configuration synchronization, if that is what you want.
Please keep your marketing consideration for another venue, as you may be surprised to learn that cisco users want the router product to be exactly the way it is.
05-18-2009 01:13 PM
Jessica
The problem is that with firewalls they are typically deployed as a redundant pair and in effect acting as a backup to each other. So it is natural for a firewall vendor to offer automatic configuration replication between the pair. And as Rick pointed out Cisco do indeed offer this capability between a pair of ASA/PIX/FWSM firewalls so they are like any other firewall vendor in this respect.
But it's not that simple with a router. Routers can be deployed for any number of reasons, including firewalls as Paolo points out. Setting up HSRP between the 2 routers doesn't mean you can automatically assume that the rest of the config should be common as well. In fact it would often be the totally wrong thing to assume.
So the challenge of automatically copying config between routers is far more difficult. With a firewall pair you want the same rule base etc.. between them. But it is perfectly possible and in fact quite common to have 2 routers running HSRP on their ethernet interfaces but one router connects to the WAN via MPLS and the other via ADSL as a backup. Clearly you cannot just copy the config across blankly.
Jon
05-18-2009 12:55 PM
.
05-19-2009 04:03 AM
Jessica
It seems to me that the main issue in this discussion is a difference in perspective about redundancy and failover. From your perspective, coming from a firewall background, the norm is that you will frequently pair devices and configure them in failover mode. And that part of failover support is the ability to share and update configs between the devices.
Coming from a router perspective, it is not common to pair devices and to configure them for failover. And so Cisco has not developed a facility to share and update configs between IOS routers.
In your original post it is pretty clear that you saw HSRP as part of a failover mechanism between routers. But that is not the case. And so there is not a mechanism to share and update configs between routers. So you will need to maintain the config on each of your routers manually.
HTH
Rick
05-19-2009 05:22 AM
Rick,
Thanks for your help.
05-19-2009 01:30 PM
Just to expand a bit on the point Rick makes, while firewalls that share a config might be identical models or at least within the same vendor family, Cisco network devices that support HSRP can be very, very different. E.g. 3825 ISR paired with 3750 (L3 switch). Other than supporting a redundant gateway interface, what the devices are doing can be very, very different too. E.g, 3825 could be supporting a WAN interface that's ATM and has advanced QoS enabled, while the 3750 could be member of a 3750 stack hosting 400 access ports and multiple VLANs. This is one reason having some kind of shared config isn't often very practical for network devices compared to application specific devices such as firewalls.
To extend this even further, HSRP is unique to Cisco, but VRRP, which also provides a virtual redundant gateway is supported across many vendors. So a Cisco device could be supporting a redundant gateway with a non-Cisco device. This makes sharing a config even less practical.
This last point of inter-vendor support is very common with network devices that share/support many of the same external standards, whether media encapsulation or routing protocols, but often don't share how they accomplish such internally. If you've worked with more than one vendor's firewall products, I'm sure you've notice how different their configuration options might be and what they support might differ, but routers and switches, by design, work with other (often anybody's device that adheres to standards) routers and switches.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide