Solved: Re: HSRP Wrong Traffic Flow

212935n · ‎12-17-2023

SIT Router (Active Router)

SIT DMZ (Standby router)

Configuration:

SIT (Active)
int g0/0/1.20
standby 2 ip 10.16.0.254
standby 2 priority 110
standby 2 preempt

standby track s0/1/0

int g0/0/1.10
standby 1 ip 10.17.0.254
standby 1 priority 110
standby 1 preempt

standby track s0/1/0


DMZ (Standby)
int g0/0/1.20
standby 2 ip 10.16.0.254
standby 2 preempt
standby track s0/1/0
int g0/0/1.10
standby 1 ip 10.17.0.254
standby 1 preempt
standby track s0/1/0

The traffic is supposed to flow from SDM PC to SIT PC via SIT Router(Active), However it is flowing to (SIT DMZ).

How do I correct this?

From the diagram below, the red arrows with cross is what is happening when packets are returning, which is not supposed to be. The correct traffic flow should be the orange arrows.

Please help to solve.

M02@rt37 · ‎12-17-2023

Hello @212935n

It seems like the traffic is taking the path through the DMZ router instead of the SIT router as concerned the "return trafic".

On the router where there the 2 serial links towards SIT and DMZ router, add floating static routes. Add an administrative distance of 10 on the static route pointing DMZ ROUTER and let to default (1) the other static route towards SIT ROUTER.

Floating static routes are used in scenarios wherein the static route is configured with a higher Administrative Distance than the preferred route so that the best path is chosen for the packet to traverse towards its destination.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

MHM Cisco World · ‎12-17-2023

this design will generate Asymmetric traffic Flow,
you need make Two sided HSRP
you need to config HSRP with track
the Side that face router config the router with static route toward VIP of HSRP
this solve your asymmetric traffic.

MHM

212935n · ‎12-17-2023

what is 2 sided hsrp?

MHM Cisco World · ‎12-17-2023

212935n · ‎12-17-2023

do I need to set virtual ip on both sides on only the inner side ?

MHM Cisco World · ‎12-17-2023

Using static

Yes you need.

Also as I mention you need defualt route toward HSRP VIP group 1

Using ospf

And for ospf with hsrp we can not control traffic and you always face asymmetric traffic except if you use EEM to change ospf metric with status of active/standby of HSRP.

MHM

MHM Cisco World · ‎12-17-2023

for static the floating route not help you in this case
M02@rt37 can you more elaborate how it solve asymmetric routing here ?
for my suggestion
this lab simply the config one static route in R3 toward HSRP VIP of R1/R2
and you can see the traceroute detect the change of active and standby and show only one and same one hop either R1 or R2

for OSPF, I dont have PKT, can you check if

event

command is accept or not, as I know the PKT is not capable for EEM
sorry
MHM

M02@rt37 · ‎12-17-2023

Hello @212935n

It seems like the traffic is taking the path through the DMZ router instead of the SIT router as concerned the "return trafic".

On the router where there the 2 serial links towards SIT and DMZ router, add floating static routes. Add an administrative distance of 10 on the static route pointing DMZ ROUTER and let to default (1) the other static route towards SIT ROUTER.

Floating static routes are used in scenarios wherein the static route is configured with a higher Administrative Distance than the preferred route so that the best path is chosen for the packet to traverse towards its destination.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

212935n · ‎12-17-2023

But i have already configured ospf on all routers, will that affect ?