Hi I am trying to configure High Availability on two Cisco ISR 4400 series routers. Each router has 4 interfaces. I have to connect both routers directly, as we have only 1 switch. I am thinking to use Gi1/1/1 on each interface to be connected directly and configure HSRP on each router to monitor the Link Gi1/1/2 which is connected to an un managed switch and going into the ISP. I was wondering if this is going to work? any other ideas that i can try.
If your pair of Routers are acting as Default Gateways for the end hosts in the network, you can use HSRP on the LAN facing interface and the IP SLA + track feature to monitor your WAN connectivity.
A template (but not final configuration) can be:
R1 (Active) configure terminal ! ip route <INTERNET_IP_ADDRESS> 255.255.255.255 <ISP_IP_ADDRESS> permanent ! ip sla 1 icmp-echo <INTERNET_IP_ADDRESS> ! ip sla schedule 1 start-time now life forever ! track 1 ip sla 1 ! ! interface GigabitEthernetx/x/x description LAN interface ip address 192.168.1.1 255.255.255.0 standby 1 ip 192.168.1.254 standby 1 priority 110 standby 1 preempt standby 1 track 1 decrement 50 !
R2 (Standby configure terminal ! interface GigabitEthernetx/x/x description LAN interface ip address 192.168.1.2 255.255.255.0 standby 1 ip 192.168.1.254 standby 1 priority 90 !
The configurations discussed in this post can be merely templates and may not be final configurations that can be just copied & pasted to any network device in a production environment. It is responsibility of whoever follows this suggestions to review, evaluate and modify the configurations at convenience. Ensure that you understand the potential impact of any command. In all cases, make sure not to lose remote management access to the device. It is highly suggested to introduce changes to live networks only during maintenance windows. The author of this post is not responsible of unintended consequences by failing to follow this disclaimer note.
you would need a second switch downstream of the routers.
the direct connection between the two routers can use routing protocols to provide a backup path in case of failure of the uplink or the downlink path, but enabling HSRP on the direct link is not useful at all.
HSRP is a First Hop Redundancy Protocol that can provide an always on VIP address to be used as default gateway on user PCs and printers and so on.
You can use HSRP on the interfaces going to the internal network but you would need a managed switch to make the connections.
This HSRP will track the uplink interface, this can be done and it is useful.
Both devices need to use standby xx preempt to be able to take over when the current active router decreases its HSRP priority as a result of a failure on a tracked object.
Hope to help
Thanks for the reply. Actually at this point I am not worried about LAN side redundancy Two routers each WAN facing interface (Lets call it R1 GiEth1/1/1 and R2 GiEth1/1/1) going to an unmanaged switch which connects to the ISP. I was possibily looking to connect R1 and R2 GiEth1/1/2 directly without a switch and use this as a hearbeat Keeping R1 as primary always and failover to R2 if GiEth1/1/1 goes down on R1. Not sure though if its gonna work.
Nowadays a failure in the ISP connectivity does not always bring the WAN interface to down state since Ethernet hand offs are used. In other words, your Internet connection may be down and the Router can still have its WAN interface in up/up state.
The IP SLA + track configuration should trigger an HSRP failover to R2 once R1 cannot reach the Internet over its own WAN link which is a more likely scenario.
I do not see a benefit of interconnecting your Routers between them unless you had a scenario where R1 is still the HSRP primary even with its own WAN link not able to reach Internet. In such case traffic path can be LAN > R1 > R2 > WAN which is more commonly seen when running BGP between your Routers and the ISP.
Thanks Hector for your valuable input. Lets look at it from the network prospective and if you can propose something that would be great. I have a SonicWall with a WAN link going to the internet. I have two more connections from SonicWall FW going to ISR4400 routers. From Sonicwall side I can define Failover with pretty easily not much configurations to do it will be as below
SonicWall WAN1->ETH0 ISR4400 (R1) ETH1-->SW-1 port1-->ISP
SonicWall WAN2->ETH0 ISR4400 (R2) ETH1-->SW-1 port2-->ISP
ISR4400 R1 ETH2<-->ISR4400 R2 ETH2
In all this setup I am limited by switching component the end user wants limited point of failure and barely agreed with 1 meraki switch to connect both R1 and R2 to ISP. Now we need to monitor the R1 and R2 interfaces which are going into the switch to be monitored for line protocol and do a fail over of the line protocol is down (please suggest if you think there is a better way then just monitoring the physical link). At this point I have one port from R1 going directly into R2 and rest is HSRP. I believe there is a possibility to do it using BGP or iBGP as well do share your thoughts on that if that is better in the above explained scenario. Thanks once again for all your feedback.
P.S. SonicWall will monitor the physical link failure on the WAN side (there can be some policies which can monitor traffic but lets not be worried about it)