Solved: Thanks for your input. At

ChuckHaynes · ‎05-15-2015

Greetings. I am trying to get MHSRP working between two locations. Here is the topology:

( C L O U D )

| |

Router 1 Router 2

| |

Switch 1 ------------- Switch 2

I have it working as to when the T1 ciruits for R1 go down, it swaps to R2 - and when the circuits for R2 go down, it swaps to R1. The problem is that I need to find a way to make also make it swap when the fiber link between S1 and S2 goes down. Some research has pointed me towards using IP SLA to ping an IP address of the switch for reachability. However, I'm not sure that I understand it completely. Here is what I have so far for each router.

R1

----

interface GigabitEthernet0/0.55
description Redundancy Network
encapsulation dot1Q 55
ip address 10.110.55.240 255.255.255.0
ip flow ingress
standby 2 ip 10.110.55.254
standby 2 timers 5 15
standby 2 priority 110
standby 2 preempt
standby 2 track 1 decrement 20
!
interface GigabitEthernet0/0.60
description Primary Network
encapsulation dot1Q 60
ip address 10.110.60.240 255.255.255.0
ip flow ingress
standby 1 ip 10.110.60.254
standby 1 timers 5 15
standby 1 preempt
standby 1 track 1 decrement 20

R2

----

interface GigabitEthernet0/0.55
description Redundancy Network
encapsulation dot1Q 55
ip address 10.110.55.253 255.255.255.0
ip flow ingress
standby 2 ip 10.110.55.254
standby 2 timers 5 15
standby 2 preempt
standby 2 track 1 decrement 20
!
interface GigabitEthernet0/0.60
description Primary Network
encapsulation dot1Q 60
ip address 10.110.60.253 255.255.255.0
ip flow ingress
standby 1 ip 10.110.60.254
standby 1 timers 5 15
standby 1 priority 110
standby 1 preempt
standby 1 track 1 decrement 20

Can anyone please help me figure out what exactly I want to monitor? I assume that I would use the IP SLA command to monitor the Switch 2 from R1 and monitor Switch 1 from R2? Would I need an access list or something to make sure the Routers are monitoring them via there LAN side and not the WAN side?

Thanks

Rolf Fischer · ‎05-18-2015

I'd say it depends on whether changes of the current IP address scheme are possible or not.

If common subnets are not required, you could assign separate subnets on R1 and R2 and convert their connection across the fiber link to a routed connection, and let the routing protocol do the work.

If that's not possible, you could perhaps assign host IPs in a range of 1-127 to one site and 128-254 to the other and let the routers advertise the corresponding /25 prefixes. This is of course not a recommended solution (not to say dirty) but it would at least reduce the impact when the fiber link fails.

View solution in original post

Rolf Fischer · ‎05-16-2015

Hello Chuck,

just as informational purpose, Multi-Group HSRP actually means that a layer-3 interface has more than one standby group; here you can find an example: Doc-ID 13781: Load Sharing with HSRP

Probably we don't see the whole topology, but if the link between Sw1 and Sw2 fails, R1 and R2's HSPR groups loose their layer-2 connectivity, and as a result both routers will change to the HSPR active state (regardless of their priorities). So the question is, from an end device perspective, whether it makes sense to track that inter-switch link? Perhaps you could elaborate a bit on what you're trying to achieve?

HTH

Rolf

ChuckHaynes · ‎05-16-2015

Rolf,

Thanks for the response. I believe that I understand what MHSRP is (or at least I think I do, lol). As you can see from the configs that I posted, both routers do have more than one standby group. Each router has two T1 circuits, so we are using MHSRP to do load balancing, as opposed to just HSRP for redundancy. I have attached a better topology map for you to review. The last line of the MHSRP config on both routers is "standby 1 track 1 decrement 20". Track 1 represents a Multilink Bundle that consists of two T1s circuits. When both routers' circuits are up, the load balancing seems to be working. If I down the circuits on R1, it does failover to R2 via the fiber link. If I down the circuits on R2, it does failover to R1 via the fiber link. The problem is that if I down the fiber link, it doesn't appear to failover. I assume this is because I am only tracking the Multilink Bundle and not the fiber link (which is farther down the network). It would probably be a lot easier if the fiber link was between both routers, but that isn't an option.

Rolf Fischer · ‎05-16-2015

Ok, I understand this part:

(...) If I down the circuits on R1, it does failover to R2 via the fiber link. If I down the circuits on R2, it does failover to R1 via the fiber link.

But I have still difficulties in understanding that:

The problem is that if I down the fiber link, it doesn't appear to failover.

I'm not sure if there are redundant connections between the secondary switches. If so, when the fiber link goes down, one previously STP blocked port should change to forwarding state and restore the layer-2 topology (no HSRP change when running Rapid-STP). If not, R1 and R2 will both become HSRP active and should both act as default gateways for the devices connected to the respective switches.

ChuckHaynes · ‎05-16-2015

Maybe I am misdiagnosing the problem or not explaining it properly. We have other locations that are connected to the cloud. Each of these locations have their own router. I can be pinging devices on the .55 subnet and .60 subnet on the R1 side and pinging devices on the .55 subnet and .60 subnet on the R2 side. When I down the R1 circuits, I see a brief outage (about 30 seconds, as that's what I have my standby timers set at). Then when R2 takes over (and the R1 side traffic is coming over the fiber link), my pings start to reply again. The same goes for when I down the R2 circuits. However, when I down the fiber link that connects both locations, the ping replies to both subnets stop and do not start replying again (I have waited several minutes). It's only when I bring the fiber link back up that the devices start to reply again. We actually have this exact issue happening at three different locations throughout the company. I guess it could be possible that the issue isn't related to MHSRP, but it's only the three locations that utilize MHSRP that experience these issues.

Rolf Fischer · ‎05-17-2015

If the fiber link is the only layer-2 connection between R1 and R2 for those subnets, reachability from outside will be very limited when that link goes down. The subnets are split into two separate layer-2 domains then but outside routers continue forwarding packets according to their routing tables - they don't know which client is located where.

So the only way I see is adding layer-2 redundancy.

ChuckHaynes · ‎05-17-2015

Thank you for your explanation. Now you see the problem that I face, haha. When I was trying to research this, I kept stumbling across pages that mention the use of IP SLA to track an additional point. When that point becomes unavailable, the router will update. But I don't fully understand exactly what the pages are recommending or if it even applies to my situations. Short of running another fiber link (which is near impossible), do you have any other ideas? Perhaps making cost changes on other remote routers?

Rolf Fischer · ‎05-18-2015

I'd say it depends on whether changes of the current IP address scheme are possible or not.

If common subnets are not required, you could assign separate subnets on R1 and R2 and convert their connection across the fiber link to a routed connection, and let the routing protocol do the work.

If that's not possible, you could perhaps assign host IPs in a range of 1-127 to one site and 128-254 to the other and let the routers advertise the corresponding /25 prefixes. This is of course not a recommended solution (not to say dirty) but it would at least reduce the impact when the fiber link fails.

ChuckHaynes · ‎05-20-2015

Thanks for your input. At this time, it looks like adding another fiber link for redundancy is the best solution - although not easy.

MHSRP and IP SLA