As per my previous post on Hot Standby Router Protocol fundamentals and some basic/advance concepts, here i came with a Lab for this type of setup. Below are some of the information which i used during the lab configuration:
Global Telecom provides internet service for a small mid size company named FastFood, ISP provides a block of IP address to be used for this connection, and named FastFood client as a Cusomter-A.
FastFood has two separate Routers connected to a Switch in which we have the connection for the Internet, these routers are used for redundancy purposes, internal network of the FastFood is configured with Private Range IP Address and configured with HSRP. Below is the table for the IP Addresses Configurations:
|Device Name||Interface||IP Address|
|R1 – Active Router||Ethernet 0/0||22.214.171.124 /29|
|Ethernet 0/1||192.168.100.1 /24|
|R2 – Standby Router||Ethernet 0/0||126.96.36.199 /29|
|Ethernet 0/1||192.168.100.2 /24|
|Internet||Ethernet 0/0||188.8.131.52 /29|
|Loopback 0 ( Internet Ips )||172.16.1.1 /24172.16.2.1 /24
|Host – Router in this Case||Ethernet 0/0||192.168.100.3 /24|
Below is the Topology which we will use for this lab:
Below is the configuration of Internet Router ( This is only the configuration for the Lab Purpose, the real internet router configuration may by different and might be much more then this sample configuration ):
The above is the only configuration which is done in Internet Router, there is only the interface connected to the Customer-A and the Loopback IP addresses which we referred to Internet IP Addresses in our Lab.
Let’s jump to the Router 1 configuration, here our R1 is the active router for the HSRP and configured with the Track Syntax, which is tracking the Interface Ethernet 0/0 of the Internet router, in this case if R1 loses it connection to the Switch in middle, R2 will take over R1 and will be active router in case R1 came back it will take over R2 due to the Preempt Command which we configured.
Note: if the link between Switch and the internet router is down, still the same process will happen and R1 will decrement the value of 30 from its priority and R2 will be the active router, but since there is no reachability to the Internet router, R2 will drop all the packets.
R1 and R2 are both configured for NAT in between Private and Public IP address, and has a default route toward Internet gateway, both share the same ip address as a gateway and below are the configs for Router 1:
Above you can see the Router 1 is configured with Standby 0 ip address 192.168.100.254 which is in our case is the gateway which we will assign for our host network, i have also configured authentication between these two pairs with the MD5 Key-String Value of CISCO, so R2 should have the same key-string value in order to communicate with R1 and initiate the HSRP Session.
I have configured the Track on R1 so when Router 1 lost reachability to Internet router it will be on speak mode which we will see in verification:
Above you can see that R1 is the Active router for the standby group 0 which is configured for 192.168.100.254 the default hello timers are not touched, hence this is an optional for each cases, you can see that the authentication is enabled, and the standby router is 192.168.100.2 ( in this case R2 ip address ), default Priority is 100 however we have configured the priority value to 120 so if the track was unsuccessful it will decrement by 30 and then R1 priority will be 90 as long as it lost it’s connectivity to the internet. Default group name is hsrp-Et0/1-0 however we can change this but it will be optional in any cases.
Above is the configuration of the Track and the NAT on Router 1, the full command for the Track is as below:
# track 1 ip route 184.108.40.206 255.255.255.248 reachability
we have also configured a simple access-list for the NAT as below:
# access-list 100 permit ip 192.168.100.0 0.0.0.255 any
There is default route configured on both R1 and R2 as below:
# ip route 0.0.0.0 0.0.0.0 220.127.116.11
Below is the configurations on Router 2:
Above is very straight forward configuration on Router 2 which all commands are described above and after verification we see below:
It show that R2 is the Standby router in which R1 is the active with the ip address 192.168.100.1, i have enabled preemption on this router but it is only optional and not mandatory in Standby router.
Above is the Nat and Access-list configuration under Router 2:
In my scenario i have inserted a router instead of the Host for a smooth verification, there is not much configuration in this router, it has only the interface configured which is the NIC interface address in case of Host and the gateway configured in case the default gateway in Host, below are the configs:
We will verify our configuration with the ICMP packet Sourced from Host and Destination Internet Router ( in this case loopbacks of Internet router ):
Above i have pinged only few interfaces but the same will work for all other IP addresses, now let’s trace the path and see which path is preferred by Host to take the gateway and reach the Internet:
This works well and perfectly as we see that Host selects Router 1 as a default gateway to reach internet, now let’s shut down the interface ethernet 0/0 ( R1 ethernet 0/0 connected to Internet ) and see how it works:
As soon as i shut down the interface the above HSRP syslog messages appear which first checked the Tracking State and verified that this is unreachable and soon it went to the Speak State and after 3 Hello timers which you can see in the timer of the Syslog message, the Router 1 went to the Speak state @ 13:18:35 and then went to the Standby State @ 13:18:45 it means that after 3 hello packets which is 9 second the router went to the standby mode which is 10 second.
Below is the verification on both routers:
You see that the Track is down and the router priority is changed to the 90 and this router is now Standby router and the Active router is 192.168.100.2 ( router 2 ) after the convergence:
This time R2 is the Active and you can see as above, now lets ping again from the Host to the Internet IP Addresses:
Pings works as expected, let’s traceroute to the IP addresses and see which path it selects:
Walla everything is working like a charme.