HSRP-router fail over issue

bymc · ‎04-13-2020

I have two routers at a site for redundancy each running HSRP on the inside interface. and tracking the outside interface on each router. This has been working as I thought. The problem came into play when the site routers lost connectivity with each other's inside interface where HSRP was configured. This caused both routers to think they where the primary router and was advertising across the WAN the same IP address which took the site offline until we could fix the issue.

What can I do to prevent this scenario from accruing?

BYMC

Georg Pauwen · ‎04-13-2020

Hello,

post the configs of both routers. Only one router can be the active router, so there must be some sort of misconfiguration. When the connectivity between the inside interfaces is lost, typically the router configured with the higher priority and configured as preemptive router, becomes the primary router...

Meheretab Mengistu · ‎04-13-2020

Hi,

As HSRP peers exchange Hello packets, they need to be able to reach to each other. If they can not reach each other (or if the standby did not receive 3 Hello packets by default), both assume they are active. So, the only solution is to make sure they could reach each other. As far as I know, there is no work around for that.

HTH,

Meheretab

HTH,
Meheretab

bymc · ‎04-13-2020

I have not test bedded this yet but if I configured a tracker in both router's HSRP configuration pointing at the other router outside/WAN interface IP address.

What are your thoughts?

Meheretab Mengistu · ‎04-13-2020

Usually, a tracker will be used to decrement the priority so that the standby router becomes an active router. In your case, it will not help you much. Whether you decrement the Priority to a lower value or not, both routers will be active when the Hello packet is missed and the Hold timer expires.

It will be better to figure out and solve why the two peers failed to exchange Hello packets. One thing you can do is increase the Hello and Hold timers from default 3 and 10 seconds to higher values.

HTH,
Meheretab

HTH,
Meheretab

bymc · ‎04-13-2020

Well thats what I was thinking after asking the question. Thanks

The site cleaned up their rack and missed some cable connections.

Keep safe

Thanks

bymc

Richard Burts · ‎04-13-2020

BYMC

There are things that we do not know about your situation and that impacts our ability to give good suggestions. As I understand it you have 2 routers that provide routing for some inside network. The routers run HSRP to provide redundancy for the inside network. There was a problem with cabling and the routers could no longer communicate with each other on their inside interface. It is not clear but I am assuming that one (or perhaps both) of the routers could no longer communicate with anything on the inside network. Is that correct?

And you describe the problem as being that both routers advertised the inside network. It is not clear what is the normal situation. In normal times do both routers advertise the inside network or do you have something that controls which of the routers advertises the inside network? It is also not clear how the routers are advertising the inside network. Is the advertisement done using a dynamic routing protocol or some other way? How is the inside network injected into the routing protocol (redistribute connected, or redistribute static, or using a network statement)? If there is a static route perhaps there is a possibility of some track on the static route testing reachability to the inside resources? Or perhaps there is a possibility of writing some EEM script to control the dynamic routing protocol testing access to the inside network?

I will offer this observation that some problems are easy to fix and should be fixed. But some problems are complex to fix and the effort expended to fix them may not be worth it. I suspect that your problem is in the latter category.

HTH

Rick