fox54
asked on
HSRP with dedicated interface
Hi,
I have two Cisco routers with 3 interfaces
Fe0/0 is a /30 network for a Public IP. All IP are used in this subnet. None available
Fe0/1 is a /29 network for a Public IP subnet. All IP are used in this subnet. None available
Fe0/2 is not used (plan is for a decicated link for HSRP)
The idea is to track the Fe0/2 link state which will be a crossover cable with the Fe0/2 of the second router for HSRP and failover to the second router in case of a failure of the first
So the IP of Fe0/0 and Fe0/1 must use a public IP and I have none left for a Real IP and a Standby one
If a use private IPs on my Fe0/2 can I achieve this ?
Will the two interface Fe0/0 (and Fe0/1) avec the same IP in both routers ?
Any example of what kind of configuration I need ?
I have two Cisco routers with 3 interfaces
Fe0/0 is a /30 network for a Public IP. All IP are used in this subnet. None available
Fe0/1 is a /29 network for a Public IP subnet. All IP are used in this subnet. None available
Fe0/2 is not used (plan is for a decicated link for HSRP)
The idea is to track the Fe0/2 link state which will be a crossover cable with the Fe0/2 of the second router for HSRP and failover to the second router in case of a failure of the first
So the IP of Fe0/0 and Fe0/1 must use a public IP and I have none left for a Real IP and a Standby one
If a use private IPs on my Fe0/2 can I achieve this ?
Will the two interface Fe0/0 (and Fe0/1) avec the same IP in both routers ?
Any example of what kind of configuration I need ?
ASKER
The idea is to use HSRP with a /30 subnet (2 usable IP) and a /29 subnet with no available IP
Can you, please, draw suggested topology, so I am sure that we are on the same page. :)
ASKER
ASKER
Idea is to add Router#2 for active/standby redudancy
Since you are planning to use /30 for HSRP ... isn't one of IP addresses belong to ISP, so you have only one IP address there (so, look like you can't use HSRP or VRRP there)? HSRP need to be IP address from the same subnet, and you need additional IP address as standby address.
However, VRRP don't need additional IP address maybe that ca be used on 99.99.99.99/29 side, but I don't think so (too complicated is the best case scenario).
Generally, this is not valid scenario. You simply need more IP addresses.
Let's think about ARP resolution on 88.88.88.88/30 side. Which device will be active? The one that was resolved ARP with ISP... Which router should be active on the 99/29 side?
However, VRRP don't need additional IP address maybe that ca be used on 99.99.99.99/29 side, but I don't think so (too complicated is the best case scenario).
Generally, this is not valid scenario. You simply need more IP addresses.
Let's think about ARP resolution on 88.88.88.88/30 side. Which device will be active? The one that was resolved ARP with ISP... Which router should be active on the 99/29 side?
ASKER
I saw scheme that uses private IP as primary and stanby IP. The Public IP is defined in
standby ip xxx.xxx.xxx.xxx secondary. Not sure if it works
Let's say Router#1 is the primary, Router 2 is always standby unless router#1 dies.
We are not trying to load balance anything nor route anything differently with router#2. We just want to add redundancy at this router level
standby ip xxx.xxx.xxx.xxx secondary. Not sure if it works
Let's say Router#1 is the primary, Router 2 is always standby unless router#1 dies.
We are not trying to load balance anything nor route anything differently with router#2. We just want to add redundancy at this router level
Once again, HSRP can't use the same IP address for interface and for Standby. For HSRP you need at least 3 IP addresses. VRRP can be created with 2 IP addresses. You can't have the same IP addresses configured on both routers, you must have two different IP addresses for those 2 routers.
ASKER
I was thinking of using the same MAC for equivalent interface and the dedicated link to monitor the status of router#1.
If the router#1 fails, the link goes down, so the equivalent interface on the router#2 would go up with the same MAC.
That could be done with the event manager applet command and the tracking of the link-protocol of the interface that would serve as a link between the two routers. With a very small ARP cache time on the switch that would be used for this, the communication redundancy may not be instantaneous, but it will go up faster than switch the routers manually.
If the router#1 fails, the link goes down, so the equivalent interface on the router#2 would go up with the same MAC.
That could be done with the event manager applet command and the tracking of the link-protocol of the interface that would serve as a link between the two routers. With a very small ARP cache time on the switch that would be used for this, the communication redundancy may not be instantaneous, but it will go up faster than switch the routers manually.
That is not option with HSRP.
:)
That was my idea how it can be done, but I did not even want to suggest that solution...
Combination of EEM and TCL can do the trick, however, I do not recommend you to go that path, since it adds complexity to network and starting to be too complicated. Too many variables starting to be included. Length of downtime in that case can be way much higher that price for larger IP address space. Since you are trying to reduce downtime, I guess you can't afford long downtime. That automatically should exclude complicated solution like the one above.
You don't need to use the same MAC address in the scenario you are describing (sure you can do it with the same MAC address anyway), since new router will ARP for next hop and resolve ARP in any case (for both devices - ISP will get ARP request from different MAC-IP combination).
Since I did not want to mention your scenario as resolution for your problem - I guess it tells everything by itself.
:)
:)
That was my idea how it can be done, but I did not even want to suggest that solution...
Combination of EEM and TCL can do the trick, however, I do not recommend you to go that path, since it adds complexity to network and starting to be too complicated. Too many variables starting to be included. Length of downtime in that case can be way much higher that price for larger IP address space. Since you are trying to reduce downtime, I guess you can't afford long downtime. That automatically should exclude complicated solution like the one above.
You don't need to use the same MAC address in the scenario you are describing (sure you can do it with the same MAC address anyway), since new router will ARP for next hop and resolve ARP in any case (for both devices - ISP will get ARP request from different MAC-IP combination).
Since I did not want to mention your scenario as resolution for your problem - I guess it tells everything by itself.
:)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have too many points of failure.
Also, you need to test failback from the second router to the first one. That is where whole situation is really going to be messed up.... It is one just one side problem.
:)
The first router is back in working order... what then????
Having two routers with the same MAC address in the network in not an option (switch will report MAC flapping).
That's "too complicated" design.
And it is not the end of points of failure... there is more to it (which side of HSRP should be active one - to avoid asynchronous routing) .
I still believe that you should stay away from that design.
Also, you need to test failback from the second router to the first one. That is where whole situation is really going to be messed up.... It is one just one side problem.
:)
The first router is back in working order... what then????
Having two routers with the same MAC address in the network in not an option (switch will report MAC flapping).
That's "too complicated" design.
And it is not the end of points of failure... there is more to it (which side of HSRP should be active one - to avoid asynchronous routing) .
I still believe that you should stay away from that design.
ASKER
If the first router comes back, the second one shut its interfaces. Communications resume in a couple of seconds
It kind of act like a pair of ASA5505 with active/standby failover
It kind of act like a pair of ASA5505 with active/standby failover
You'll have to live with it.
I would not do it that way, except if that it is explicit customer request.
Good luck.
;)
I would not do it that way, except if that it is explicit customer request.
Good luck.
;)
ASKER
it's better than a "cold standby"
I guess it is, adding complexity to network typically is not a good thing.
Since we could not change the public IP subnetDid you try to get a new IP address range from ISP and to see if you can keep this one? In that case ISP should forward traffic to your current network range via new IP address range, just simple routing. You would still own current IP address (and current ISP address too) in that case, just one additional hop would be added.
ASKER
It sure is possible but it would add recurring fee. That's why we ended up with the solution I explained
Yes. It is recurring fee, but this solution can end up as way much more expensive.
But, never mind.... You know your reasons.
Again, good luck...
:)
But, never mind.... You know your reasons.
Again, good luck...
:)
ASKER
I ended up with my primary idea. Other proposed solutions were not applicable to our network
With that design, best case scenario is you will get headache, worst case - you will be fired. ;)