02-14-2016 10:04 AM - edited 03-05-2019 03:20 AM
Hi guys,
just a simple HSRP load-balancing question:
got only one vlan (10) and want some of the clients to route to DG on router 1 and the others to route to DG on router #2. devided the clients to two groups and configured the routers - but something does not work and I can`t understand why.
for group 1 router #1 is active and router #2 is standby
for group 2 router #2 is active and router #1 is standby
here is a peek at the run-config and at the end a simple diagram of the network
=============
router 1
=============
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.0.3 255.255.255.0
standby version 2
standby 1 ip 192.168.0.254
standby 1 priority 150
standby 1 preempt
standby 1 track FastEthernet0/1
standby 2 ip 192.168.0.238
standby 2 preempt
standby 2 track FastEthernet0/1
!
interface FastEthernet0/1
ip address 80.0.0.1 255.0.0.0
duplex auto
speed auto
============
router 2
===========
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.0.2 255.255.255.0
standby version 2
standby 1 ip 192.168.0.254
standby 1 preempt
standby 1 track FastEthernet0/1
standby 2 ip 192.168.0.238
standby 2 priority 150
standby 2 preempt
standby 2 track FastEthernet0/1
!
interface FastEthernet0/1
ip address 80.0.0.2 255.0.0.0
duplex auto
speed auto
!
==================================
here is a diagram of the network. can you spot the problem?
edit: this pix wrongly indicated DG 111 and 112, they were change to 254 and 238, but that isn`t the problem of course
thanks!
02-15-2016 02:48 AM
You haven't said what doesn't work but there is one issue with your configuration that I can see.
You are setting the HSRP priority on the active router to be 150 and using the default on the standby router which would be 100.
If the tracked interface goes down then the default is to decrement the priority by 10 but that still means the active router has a higher priority than the standby so the standby will not take over
Either set the priority on the active route to 105 or use the decrement command but either way you need to make sure the priority ends up being lower on the active router if the tracked interface goes down
Jon
02-15-2016 04:02 AM
Hi Jon,
The problem start way before any router goes down, my hosts can not even ping their DG after setting the 2 HSRP standby groups. they ping the DG alright for like 10 seconds after configuration and then suddenly 192.168.0.254 changes to "request timed out" and only 192.168.0.238 keeps pinging. it`s like the interface stopped working - which of course is not true.
here is the show standby brief from router 1
-----------------------------------------------------------------
Router(config-if)#do sh stand b
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 101 P Active local 192.168.0.2 192.168.0.254
Fa0/0 2 99 P Standby 192.168.0.2 local 192.168.0.238
here is the show standby brief from router 2
----------------------------------------------------------
Router(config-if)#do sh stand b
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 99 P Standby 192.168.0.1 local 192.168.0.254
Fa0/0 2 101 P Active local 192.168.0.1 192.168.0.238
----------------------------------------------------
as you can see - the configuration is fine, each router is active for one group and standby for the other, yet hosts that got 192.168.0.254 can not ping their respective router.
another thing: if you turn off both routers and turn them back on again - none of the routers are able to ping their DG and this is what you get from the STATECHANGE message:
-------------------
on router 1
------------------
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 2 state Speak -> Standby
---------------------
on router 2
---------------------
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 2 state Speak -> Standby
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 2 state Standby -> Active
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby
that is very very wrong, but what is wrong and why is beyond me.
02-15-2016 07:51 AM
I have a comment about potential issues with track and a guess at the problem with HSRP. Jon is quite correct that by default track an interface will lower the priority by 10. So if you set the interface priorities as 150 and 100 even if track does lower the priority it will not cause traffic to use the other router. So you either need to configure HSRP to decrement by a larger amount or you need to set the interface priorities to be less than 10 apart. The other factor to consider is that track interface depends on the interface changing to the protocol down state. There are frequently circumstances where you may lose connectivity over an Ethernet interface but the interface will remain in the protocol up state in which HSRP will not decrement its priority. So you might need something like IP SLA to check on reachability through the Ethernet interface.
The symptoms sound like there might be some connectivity issues. At the point where a PC assigned to group 1 is not able to ping 192.168.0.254 is that PC able to ping 192.168.0.3 and if so what does traceroute to 192.168.0.3 show?
HTH
Rick
02-15-2016 08:32 AM
Hi Richard,
the hosts are able to ping the "physical" DG with no problem, they can not ping the virtual DG given to them by HSRP.
I corrected the track issue (as seen by the input of my last replay) but that wasn`t the problem. when no HSRP is configured, group 1 goes to the server through router 1 and group 2 does it through router 2, thus there can not be a connectivity issue here. after configuring only one HSRP address (for group 1) everything still works fine (for that group). adding HSRP DG to group 2 also works well. only when configuring the load-sharing things get messy. it works for 10 seconds, and suddenly - none of the clients are able to reach their virtual router.
been tracking the packet to see what happens to it. so as we all know, the mac address of the virtual interface ends with F001 for group 1 (router 1) and F002 for group 2 frames (router 2)
checking the arp table at the routers looks fine: they both know that 192.168.0.254 is F001 and 192.168.0.238 is F002. so far so good.
checking the switch mac-table also shows everything in order: f0/4 for F001 and f0/5 for F002.
but when sending the frames from the client, frame F001 arrives to the switch and chooses f0/5 - as if router #1 had crushed and the standby came into the game, which of course never happened.
the router that receives that frame is not building the layer 3 of course, and says "the mac address destination does not match the port"
I think it`s a bug, there is no way the basic configuration is wrong (aside the tracking decrement issue - thanks for that)
02-15-2016 09:52 AM
I do see that the priority/decrement issue has been fixed. And the output of show standby brief looks appropriate. So perhaps it is a bug issue.
HTH
Rick
02-15-2016 10:08 AM
Just an aside question, have you considered using GLBP?
02-15-2016 10:14 AM
of course, with GLBP it`s no big deal, I can also use vlan`s to separate the groups and it would work find with HSRP, but I just wondered why is it happening...
02-15-2016 03:56 PM
where does 192.168.0.1 come from? doesn't match your previous hsrp config
02-15-2016 11:47 PM
yes, Richard, you are right. the thing is I tries to use the physical interfaces rather than the sub-interfaces, thinking that maybe vlan is causing some sort of clash, so the original question was with sub-interfaces 192.168.0.2 and 192.168.0.3 and the new configuration, the one without sub-interfaces, was 192.168.0.1 and 192.168.0.2. I also re-configured the hsrp virtual address (111 & 112 to 254 & 138) but nothing helped, not the old config with the vlan 10 and not the new config with physical interfaces.
searched this thing over and over and I came to the conclusion it is nothing but a bug. there is nothing wrong with the statements and "show standby brief" proves it... so there is really nothing I can do about it.
thanks alot to everyone who answered and tried to help!
02-15-2016 08:42 PM
ot only one vlan (10) and want some of the clients to route to DG on router 1 and the others to route to DG on router #2. devided the clients to two groups and configured the routers - but something does not work and I can`t understand why.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide