Solved: Re: HSRP and Route Tracking

ittechk4u1 · ‎02-19-2020

Hello experts,

I just want to verify is this setup will work properly or not.

My notebook is behind WANSW1.

Now If Te1/1/3 interface goes down on WANSW1 then which route will used to go to CoreSW1 ?

My aim is to achieve:

1. 1st route via Te1/1/3 from WANSW1 to CoreSW1

2. If Te1/1/3 on WANSW1 is down then route via WANSW2 must take priority and then the VPN tunnel.

Is it possible with this config ?

Thanks in advance

ngkin2010 · ‎02-20-2020

That's mean VLAN247 is not able to flow through WANSW1 <--> CORESW2.

Please review the layer 2 topology of VLAN 247.

For example, try to trace the layer 2 path:
1) Find the ARP entry of 10.247.27.1 on WANSW2
>> show arp | include 10.247.27.1
aaaa.bbbb.cccc 10.247.27.1 ARPA
2) Check the MAC address is in your mac address table of WANSW2
>> show mac address | include aaaa.bbbb.cccc
247 aaaa.bbbb.cccc TRUNK
3) Check the MAC address is in your mac address table of WANSW1
>> show mac address | include aaaa.bbbb.cccc
247 aaaa.bbbb.cccc Te1/1/3

View solution in original post

ngkin2010 · ‎02-19-2020

Hi,

It depends on which WANSW is the primary HSRP for your notebook notebook behind WANSW2, and how did you configure the "track 247".

Although your PC is behind WANSW2, but it doesn't mean your HSRP primary for this notebook is WANSW2.

if the current primary is WANSW1 and when the WANSW2's Te1/1/1 is just down :

1. Since there is not tracking for Te1/1/1, there is no change on HSRP role. (your trunk link is still exist, the VLAN247 is still remain UP state)

2. notebook traffic will first go to WANSW1 via layer 2, and routed by WANSW1.

3. According to the routing table of WANSW1, it forwards to 10.247.27.1 (which is on VLAN 247(?))

4. Then it looking on Spanning Tree topology, seeing that WANSW1 Te1/1/1 should be the only available link to reach another side (10.247.27.1)

5. WANSW1 forward to CoreSW1 via layer 2 (VLAN 247).

However, if the current primary is WANSW2 and when the WANSW2's Te1/1/1 is just down :

1. Since there is not tracking for Te1/1/1, there is no change on HSRP role. (your trunk link is still exist, the VLAN247 is still remain UP state)

2. notebook traffic will first go to WANSW2.

3. According to the routing table of WANSW2, it forwards to 10.247.27.1 (which is on VLAN 247(?))

4. Then it looking on Spanning Tree topology, seeing that WANSW2 TRUNK should be the only available link to reach another side (10.247.27.1)

5. WANSW2 forward to WANSW1, and forward to CoreSW1; all via layer 2 (VLAN 247).

ittechk4u1 · ‎02-19-2020

I have WANSW1 is primary and WANSW2 is secondary for HSRP.

VLAN 247 - Core SW is root of spanning tree

Tracking config both WANSW:

ip sla 247
icmp-echo 10.247.27.1 source-interface Vlan247
threshold 100
timeout 1000
frequency 3
ip sla schedule 247 life forever start-time now

Tracking config both CoreSW:

ip sla 247
icmp-echo 10.247.27.254 source-interface Vlan247
threshold 100
timeout 1000
frequency 3
ip sla schedule 247 life forever start-time now

As you wrote:

However, if the current primary is WANSW1 and when the WANSW1's Te1/1/3 is just down :

1. Since there is not tracking for Te1/1/3, there is no change on HSRP role. (your trunk link is still exist, the VLAN247 is still remain UP state) - Corerct

2. notebook traffic will first go to WANSW1 - Correct

3. According to the routing table of WANSW1, it forwards to 10.247.27.1 (which is on VLAN 247(?))- Yes but the tracking will make this route down as tracking will go down and new route from 10.99.2.5 will be installed in routing table which i dont want.

Now please let me know, if the routing will work as i need or not ? let me know if i need to change anything ?

Thanks in advance

ngkin2010 · ‎02-19-2020

Hi,

According to your IP SLA configuration, you are pinging 10.247.27.1 from the SVI VLAN247.

When Te1/1/1 of WANSW2 is down, WANSW2 should still able to ping 10.247.27.1 as they (10.247.27.1 & 10.247.27.254) are on the same broadcast domain, and WANSW2 able to reach 10.247.27.1 by the layer-2 path: WANSW2 -> WANSW1 -> CoreSW1. So, at a result, the tracking status is remain unchanged.

ittechk4u1 · ‎02-19-2020

if i Make te1/1/3 interface down then track also goes down.

Means new orute is getting installed over 10.99.2.5 which is wrong...

ngkin2010 · ‎02-20-2020

Hi,

"if i Make te1/1/1 interface down then track also goes down."

Is it true? Please provide the result of "show ip route 10.247.27.1" on both WANSW1, WANSW2.

Also the result of "show run interface te1/1/1" & "show run interface vlan247" on both WANSW1, WANSW2.

ittechk4u1 · ‎02-20-2020

Sorry for confusion..

I updated the right layout again. WANSW1 has higher priority then WANSW2 and my notebook is also behind WANSW1.

here are the config:

WANSW1#show ip route 10.247.27.1
Routing entry for 10.247.27.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Vlan247
Route metric is 0, traffic share count is 1
!
interface Vlan247
ip address 10.247.27.252 255.255.255.0
standby 247 ip 10.247.27.254
standby 247 priority 110
standby 247 preempt
!
interface TenGigabitEthernet1/1/3
switchport access vlan 247
switchport mode access
spanning-tree portfast

WANSW2#show ip route 10.247.27.1
Routing entry for 10.247.27.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Vlan247
Route metric is 0, traffic share count is 1
!
interface Vlan247
ip address 10.247.27.253 255.255.255.0
standby 247 ip 10.247.27.254
standby 247 preempt
!
interface TenGigabitEthernet1/1/3
switchport access vlan 247
switchport mode access
spanning-tree portfast

I am testing the failover from WANSW1

WANSW1 and WANSW2 has trunk port where all vlans are allowed.

Sorry again for wrong topology

Thanks

ngkin2010 · ‎02-20-2020

Hi,

Based on your configuration, the VLAN237 is 10.247.27.0/24 such that 10.247.27.254 &10.247.27.1 are on the same subnet.

In your IP SLA's configuration, you were monitoring reachability from 10.247.27.253 to 10.247.27.1 which are on the same subnet. Imagine your layer 2 topology for VLAN237 as follow:

If Te1/1/3 is down, your layer 2 topology will change (and of coz, the spanning tree may be re-calculated depending on the location of root switch). At this moment, your IP SLA will not OR will be down until the convergence of your STP. Your IP SLA will ultimately become UP when STP is fully convergence (even the Te1/1/3 is down).

So, the steps are still the same as follow:

Given that if the current primary is WANSW1 and when the WANSW1's Te1/1/1 is just down :

1. Since there is not tracking for Te1/1/3, there is no change on HSRP role.

2. notebook traffic will first go to WANSW1 via layer 2.

3. According to the routing table of WANSW1, it forwards to 10.247.27.1 (as your IP SLA is UP)

4. Then it looking on Spanning Tree topology, seeing that WANSW2 Te1/1/1 should be the only available link to reach another side (10.247.27.1)

5. WANSW1 forward to WANSW2 , then to CoreSW1 via layer 2 (VLAN 247).

ittechk4u1 · ‎02-20-2020

Ok I will test again today evening and let you know.

Thanks for help.

ittechk4u1 · ‎02-20-2020

Hi,

The issue i am facing is:

Once i shut the interface Te1/1/3 my track 247 goes down and if it goes down then switch take the 2nd best route and that is via VPN which i dont want.

here is the screenshot

WANSW2(config)#int TenGigabitEthernet1/1/3
WANSW2(config-if)#shut
!
WANSW2#sh ip route track-table
ip route 0.0.0.0 255.255.0.0 Vlan247 name DARKFIBRE track 247 state is [down]

Thanks

ngkin2010 · ‎02-20-2020

That's mean VLAN247 is not able to flow through WANSW1 <--> CORESW2.

Please review the layer 2 topology of VLAN 247.

For example, try to trace the layer 2 path:
1) Find the ARP entry of 10.247.27.1 on WANSW2
>> show arp | include 10.247.27.1
aaaa.bbbb.cccc 10.247.27.1 ARPA
2) Check the MAC address is in your mac address table of WANSW2
>> show mac address | include aaaa.bbbb.cccc
247 aaaa.bbbb.cccc TRUNK
3) Check the MAC address is in your mac address table of WANSW1
>> show mac address | include aaaa.bbbb.cccc
247 aaaa.bbbb.cccc Te1/1/3

ittechk4u1 · ‎02-20-2020

You were right.

Earlier Spanning tree root for VLAN 247 was the CoreSW1.

Now i changed it and WANSW1 is the root for vlan 247.

After change I shut down the interface on WANSW2 and track was ..

ip route 0.0.0.0 255.255.0.0 Vlan247 name DARKFIBRE track 247 state is [up]

I will again test the failover of both WAN switch in evening and let you know.

Thanks

ittechk4u1 · ‎02-20-2020

Hi,

It is working now.

Failover is smooth, once I make the WANSW1 spanning tree root for vlan 247.

Thanks for your help.

Georg Pauwen · ‎02-20-2020

Hello,

post the full running configs of all devices. It is unclear how your IP addressing is configured...

paul driver · ‎02-20-2020

Hello

@ittechk4u1 wrote:

My notebook is behind WANSW1.

Now If Te1/1/3 interface goes down on WANSW1 then which route will used to go to CoreSW1 ?

My aim is to achieve:

1. 1st route via Te1/1/3 from WANSW1 to CoreSW1

2. If Te1/1/3 on WANSW1 is down then route via WANSW2 must take priority and then the VPN tunnel.

Is it possible with this config ?

It is possible however, looking at your topology it suggests your aim isn’t going to work as expected at this time.

The interconnection between the WANSWx devices shows a L2 interconnect however you also show HRSP i assume for internal clients, But for HRSP to function there needs to a L3 connected between the WANSWx

You also show static routing with iplsa tracking with the same default routes on each WANSWx and with HRSP suggests may have mHRSP?

For the WANSWx switchs to take the tunnel path basically as a third optimal path then you need to make sure when either their primary interface fails there is a preferred route via each WANSWx before the second defined static route you show in you diagram is preferred

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul