Issues in HSRP Switchover

wittyenggs · ‎10-01-2013

Hi folks,

Recently i have started observing some issues in HSRP Failover, please find attached Network Infrastructure for the same.

So if you look at the diagram, we have dual local loops and dual routers to achieve Link as well as router level redundancy. So under normal circumstances, any Public IP address gets pinged from both LAN and WAN Interfaces of Routers named as "My Internet Router Primary" and

"My Internet Router Secondary".

These Routers are Operating in HSRP for LAN Redundancy with priorties as 120 and 115 respectively. The configurations for Switchover says that when the WAN interface G0/0 on any of My Routers goes down or if the BGP Session with the Service Provider Router goes down, then it will decreement the priority by 10 each. Please find the commands configured for the same. Both My routers are learning a default Route from their Respective Service Provider Routers. Note that the Service Provider is the same.

standby 1 track G0/0

standby 1 track 11

track 11 ip route 0.0.0.0 0.0.0.0 reachability

Even from the end user desktops, i am able to ping Public IP's seamlessly without any packet drops under normal scenario. However when i shut down My Primary Router, i see that the ping stops from the end user desktops and also when i ping from the LAN interface of My Secondary Router.

HSRP status changes, My secondary Router assumes the Role of being the active Router, it also responds to requests for Virtual IP address and Virtual MAC Address configured in HSRP, but the ping fails. One more thing to note is that the BGP session on the Secondary Router with its peer is not lost. It learns the default route from its peer. But packets sourced from LAN interface or LAN side of My Primary Router, they do not pass through.

Please help. Thanks in advance!!!

wittyenggs · ‎10-01-2013

A typo, in the last line, its not Primary Router, instead it is My Secondary Router

rfalconer.sffcu · ‎10-01-2013

Has this ever worked in the past?

Do you have iBGP running between those 2 routers?

Have you captured any information during your HSRP testing? Sh ip route or sh ip bgp from the secondary?

wittyenggs · ‎10-01-2013

Hi Robert,

Thanks for the reply, yes this has worked in the past. There is no iBGP running between My Routers. As far as the output of show ip route and show ip bgp is concerned, i am able to see the default route learned using BGP Prefix from Service Provider Router when My Primary Router Goes down.

rfalconer.sffcu · ‎10-01-2013

After shutting off primary, can you ping the HSRP address from the workstation?

After shutting off primary, can you ping gig0/0 on secondary from the workstation?

After shutting off primary, can you ping the public ip with a source of secondary gig0/0?

How long do you wait for the pings to start coming back on the workstation?

wittyenggs · ‎10-01-2013

After shutting down the Primary, i am able to ping the Virtual IP from workstations

After shutting down the Primary, i am unable to ping any Public IP nor the Gig0/0 on the Secondary Router from workstations. However as mentioned earlier i am able to ping Public IP's from the Secondary Router using the WAN Interface G0/0 as the Source, but when i use G0/1 as the Source, it fails.

rfalconer.sffcu · ‎10-01-2013

What do the routes look like on the secondary router?

Are you running a routing protocol between the router and the switch or is it a static route?

wittyenggs · ‎10-02-2013

My Routers learn default Route from Service Provider Routers using BGP Sessions. The Switch is a plain L2 Switch and does not even have a L3 interface or Routing protocol running on it.

mlund · ‎10-02-2013

Hi

You mentioned that You can ping internet when sourcing from g0/0 but not when sourcing from g0/1.

That would be a result when Your provider has no return-path for Your local lan, or the return path is still pointing to Your primary router ( that is powered off)

How long has You been waiting for the provider to reroute to secondary line, it can in some circumstances take a couple of minutes.

You may have to talk to the provider so they can check if the reroute is working.

/Mikael

wittyenggs · ‎10-04-2013

Hi Mikael,

If the Service Provider Router looses my local LAN Route when the Primary Router goes down, then why do i still see the BGP neighbour relationship and also how am i able to see the Default Route through BGP.

Also FYI, My Primary Router has BGP with Primary Service Provider and has BGP with Secondary Service Provider. Hence the Secondary Service Router has route for my local LAN pointed not to My Primary Router but to My Secondary Router.

rfalconer.sffcu · ‎10-04-2013

If the Service Provider Router looses my local LAN Route when the Primary Router goes down, then why do i still see the BGP neighbour relationship and also how am i able to see the Default Route through BGP.

If the local interface on the primary router goes down, the route to that network will be removed from BGP advertisements since the router no longer has a valid path to that network. The BGP session won't go down since g0/0 is still up but the network for gig0/1 and any networks learned through g0/1 will be removed from advertisements. You will also still receive any routes from the SP.

Also FYI, My Primary Router has BGP with Primary Service Provider and has BGP with Secondary Service Provider. Hence the Secondary Service Router has route for my local LAN pointed not to My Primary Router but to My Secondary Router.

Convergence may be slow within the SP network. You say that the SP is the same for both links. Does your ISP have a public route server so that you can see what they are seeing?

Have you verified that you are advertising the network correctly to the secondary side?

sh ip bgp neigh advertised-routes

Mikael asked how long you are waiting for the secondary line to work? Is it a few seconds or are you waiting minutes without it working?

wittyenggs · ‎10-04-2013

But there are two different Service Providers with whom My Routers are establishing BGP Neighbour Relationship. My Primary Router with Primary Service Provider Router and same for Secondary too. So i can understand that the Primary Service Provider Router will loose local LAN Routes, but what happens to the Secondary Service Provider Router. My Secondary Router is UP and alive. Hence Secondary Service Provider Router should still learn Local LAN Routes from My Secondary Router.

Also i checked this, when i reload the Primary Router, the ping from the LAN interface of my Secondary Router fails, but i ran the show ip bgp neighbors advertised routes command, and i can confirm that My Secondary Router does advertise the Local LAN Prefix to Secondary Service Provider Router.

mlund · ‎10-09-2013

Do a ping from your secondary router to the next hop address (provider-router wan address) on the wan-link ( it's the bgp neighbour address) source from your own wan address. For example if your wan address is 192.168.1.2 then ping 192.168.1.1.

This ping will work. because this is what bgp is using.

Next ping the same address, now with a source of your LAN address.

If this works, the provider router has Your local LAN in its routing tabel.

If it does not work, the provider does not have your LAN address in the routing tabel or the routing tabel is pointing somewhere else.

You can also do this test with traceroute.