Re: HSRP PBR issue

rubberheart · ‎03-09-2023

I have a requirement which needs your help, many thanks in advance

for example, vlan 200 , 10.10.10.0/24

I have hsrp in 2-N7Ks in this vlan , but with a different group with different VIP

under SVI 200

hsrp 1 --VIP1 --10.10.10.1 and hsrp 2--VIP2--10.10.10.10

in this VLAN200, the host whose gateway is VIP1 just follows the normal gateway routing, but the host whose gateway is VIP2 will go a special next-hop

how can I separate them?

MHM Cisco World · ‎03-09-2023

how you have two VIP in same HSRP group ? can you more elaborate ?

rubberheart · ‎03-09-2023

thanks for the quick reply! Below are sample configurations

ip address 1.1.1.77 255.255.255.0

standby 1 ip 1.1.1.1

standby 1 priority 200

standby 2 ip 1.1.1.10

standby 2 priority 200

a host whose GW is 1.1.1.1 go the normal route, the host whose GW is 1.1.1.10, the next-hop will go a special next-hop

paul driver · ‎03-09-2023

Hello

NK1
ip address 1.1.1.77 255.255.255.0
standby 1 ip 1.1.1.1
standby 1 priority 200
standby 2 ip 1.1.1.10

NK2
ip address 1.1.1.78 255.255.255.0
standby 1 ip 1.1.1.1
standby 2 ip 1.1.1.10
standby 2 priority 200

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

rubberheart · ‎03-09-2023

good idea , NK2 only apply the PBR ,, but what if the failover happened, both VIPs are active in NK1,,

paul driver · ‎03-09-2023

Hello

@rubberheart wrote:

good idea , NK2 only apply the PBR ,, but what if the failover happened, both VIPs are active in NK1,,

Yes correct ...

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎03-09-2023

this config of HSRP is unusual, instead of using this config try following
make DHCP push two IP
IP of VLAN1 in NSK1
IP of VLAN2 in NSK2

that make each client have it GW, GW will forward traffic no need to forward it through peer-link.

rubberheart · ‎03-09-2023

sorry, Sir, the hosts are not DHCP clients, they are servers

Richard Burts · ‎03-09-2023

How do you determine which servers use the special gateway? Is it possible that those servers are in a particular range of IP addresses? We are looking for ways to identify which servers are normal and which are special. So it would be helpful to know how you identify them.

HTH

Rick

rubberheart · ‎03-09-2023

ya, that's the problem, those servers are old and I'm may not able to identify each one of them ...I am just trying to see if there is an alternate way to avoid this part.

I was wondering if there is PBR can be applied based on the hsrp group

Richard Burts · ‎03-09-2023

HSRP group is not significant. I have not done it but think that since each HSRP group uses a different mac address, if you could configure a filter that looked at destination mac address you could differentiate traffic going to which virtual IP and PBR that traffic.

HTH

Rick

MHM Cisco World · ‎03-09-2023

how these Server get GW IP (VIP1 and VIP2) ?

rubberheart · ‎03-09-2023

Servers are assigned their GW static ..not get from DHCP

MHM Cisco World · ‎03-09-2023

I have solution but I need to check it first
thanks

paul driver · ‎03-09-2023

Hello
It just a form of LB the traffic for that vlan, I would say half users will route via HSRP1 group via a default-gaeway of 10.10.10.1 the other half will route via HSRP2 group via a default-gaeway of 10.10.10,10, if either fails then the altentaive standy will take over.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul