MDH Lab – HSRP

Topologi

lab5-2

Objective

Configure inter-VLAN routing with HSRP to provide redundant, fault-tolerant routing to the internal network.

Background

Hot Standby Router Protocol (HSRP) is a Cisco-proprietary redundancy protocol for establishing a faulttolerant default gateway. It is described in RFC 2281. HSRP provides a transparent failover mechanism to the end stations on the network. This provides users at the access layer with uninterrupted service to the network if the primary gateway becomes inaccessible.

The Virtual Router Redundancy Protocol (VRRP) is a standards-based alternative to HSRP and is defined in RFC 3768. The two technologies are similar but not compatible. This lab focuses on HSRP.

Genomförande

Börjar med default-konfig för att få upp vlan/etherchannels/trunkar.

S1

Switch(config)#hostname S1
 S1(config)#line con 0
 S1(config-line)#logging sync
 S1(config-line)#!Trunk-links till S2
 S1(config-line)#int range fa0/1 - 2
 S1(config-if-range)#switchport trunk encaps dot1q
 S1(config-if-range)#switchport mode trunk
 S1(config-if-range)#description to S2
 S1(config-if-range)#channel-protocol lacp
 S1(config-if-range)#channel-group 1 mode active
 Creating a port-channel interface Port-channel 1
S1(config-if-range)#
 S1(config-if-range)#!Trunk-links till S3
 S1(config-if-range)#int range fa0/3 - 4
 S1(config-if-range)#switchport trunk encaps dot1q
 S1(config-if-range)#switchport mode trunk
 S1(config-if-range)#description to S2
 S1(config-if-range)#channel-protocol lacp
 S1(config-if-range)#channel-group 2 mode active
 Creating a port-channel interface Port-channel 2
S1(config-if-range)#exit
 S1(config)#
 S1(config)#vtp mode server
 Device mode already VTP SERVER.
 S1(config)#vtp domain CISCO
 Changing VTP domain name from NULL to CISCO
 S1(config)#
 S1(config)#vlan 10
 S1(config-vlan)#name Red
 S1(config-vlan)#vlan 20
 S1(config-vlan)#name Blue
 S1(config-vlan)#vlan 30
 S1(config-vlan)#name Orange
 S1(config-vlan)#vlan 40
 S1(config-vlan)#

S3

Switch(config)#hostname S3
 S3(config)#line con 0
 S3(config-line)#logging sync
 S3(config-line)#!Trunk-links till S2
 S3(config-line)#int range fa0/1 - 2
 S3(config-if-range)#switchport trunk encaps dot1q
 S3(config-if-range)#switchport mode trunk
 S3(config-if-range)#description to S2
 S3(config-if-range)#channel-protocol lacp
 S3(config-if-range)#channel-group 1 mode active
 Creating a port-channel interface Port-channel 1
S3(config-if-range)#
 S3(config-if-range)#!Trunk-links till S1
 S3(config-if-range)#int range fa0/3 - 4
 S3(config-if-range)#switchport trunk encaps dot1q
 S3(config-if-range)#switchport mode trunk
 S3(config-if-range)#description to S1
 S3(config-if-range)#channel-protocol lacp
 S3(config-if-range)#channel-group 2 mode passive
 Creating a port-channel interface Port-channel 2
S3(config-if-range)#exit
 S3(config)#
 S3(config)#vtp mode client
 Setting device to VTP CLIENT mode.
 S3(config)#vtp domain CISCO

S2

Switch(config)#hostname S2
 S2(config)#line con 0
 S2(config-line)#logging sync
 S2(config-line)#!Trunk-links till S1
 S2(config-line)#int range fa0/1 - 2
 S2(config-if-range)#switchport mode trunk
 S2(config-if-range)#description to S1
 S2(config-if-range)#channel-protocol lacp
 S2(config-if-range)#channel-group 1 mode passive
 Creating a port-channel interface Port-channel 1
S2(config-if-range)#
 S2(config-if-range)#!Trunk-links till S3
 S2(config-if-range)#int range fa0/3 - 4
 S2(config-if-range)#switchport mode trunk
 S2(config-if-range)#description to S3
 S2(config-if-range)#channel-protocol lacp
 S2(config-if-range)#channel-group 2 mode passive
 Creating a port-channel interface Port-channel 2
S2(config-if-range)#exit
 S2(config)#
 S2(config)#vtp mode client
 Setting device to VTP CLIENT mode.
 S2(config)#vtp domain CISCO
 Domain name already set to CISCO.

Då återstår det bara att sätta upp HSRP mellan S1 & S3. Enligt labben ska fördelningen vara enligt följande:

  • S1 Primary – Vl1, 20 & 40
  • S3 Primary – Vl10 & 30

Vi styr detta genom att modfiera priority-värdet för den switch vi vill ska vara active (default = 100, högst värde vinner).

S1

S1(config)#interface vlan 1
 S1(config-if)#ip add 172.16.1.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.1.1
 S1(config-if)#standby 1 priority 150
 S1(config-if)#standby 1 preempt
 S1(config-if)#
 S1(config-if)#interface vlan 10
 S1(config-if)#ip add 172.16.10.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.10.1
 S1(config-if)#standby 1 priority 100
 S1(config-if)#standby 1 preempt
 S1(config-if)#
 S1(config-if)#interface vlan 20
 S1(config-if)#ip add 172.16.20.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.20.1
 S1(config-if)#standby 1 priority 150
 S1(config-if)#standby 1 preempt
 S1(config-if)#
 S1(config-if)#interface vlan 30
 S1(config-if)#ip add 172.16.30.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.30.1
 S1(config-if)#standby 1 priority 100
 S1(config-if)#standby 1 preempt
 S1(config-if)#
 S1(config-if)#interface vlan 40
 S1(config-if)#ip add 172.16.40.10 255.255.255.0
 S1(config-if)#no shut
 S1(config-if)#standby 1 ip 172.16.40.1
 S1(config-if)#standby 1 priority 150
 S1(config-if)#standby 1 preempt
 S1(config-if)#exit
 S1(config)#ip routing

S3

S3(config)#interface vlan 1
 S3(config-if)#ip add 172.16.1.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.1.1
 S3(config-if)#standby 1 priority 100
 S3(config-if)#standby 1 preempt
 S3(config-if)#
 S3(config-if)#interface vlan 10
 S3(config-if)#ip add 172.16.10.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.10.1
 S3(config-if)#standby 1 priority 150
 S3(config-if)#standby 1 preempt
 S3(config-if)#
 S3(config-if)#interface vlan 20
 S3(config-if)#ip add 172.16.20.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.20.1
 S3(config-if)#standby 1 priority 100
 S3(config-if)#standby 1 preempt
 S3(config-if)#
 S3(config-if)#interface vlan 30
 S3(config-if)#ip add 172.16.30.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.30.1
 S3(config-if)#standby 1 priority 150
 S3(config-if)#standby 1 preempt
 S3(config-if)#
 S3(config-if)#interface vlan 40
 S3(config-if)#ip add 172.16.40.30 255.255.255.0
 S3(config-if)#no shut
 S3(config-if)#standby 1 ip 172.16.40.1
 S3(config-if)#standby 1 priority 100
 S3(config-if)#standby 1 preempt
 S3(config-if)#exit
 S3(config)#ip routing
 S3(config)#

S2

S2(config)#interface vlan 1
 S2(config-if)#ip add 172.16.1.2 255.255.255.0
 S2(config-if)#no shut
 S2(config-if)#exit
 S2(config)#
 S2(config)#ip default-gateway 172.16.1.1

Verifiering

S3#sh standby
Vlan1 - Group 1
 State is Standby
 Virtual IP address is 172.16.1.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 1.216 secs
 Preemption enabled
 Active router is 172.16.1.10, priority 150 (expires in 9.600 sec)
 Standby router is local
 Priority 100 (default 100)
 Group name is "hsrp-Vl1-1" (default)
Vlan10 - Group 1
 State is Active
 Virtual IP address is 172.16.10.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 0.208 secs
 Preemption enabled
 Active router is local
 Standby router is 172.16.10.10, priority 100 (expires in 10.112 sec)
 Priority 150 (configured 150)
 Group name is "hsrp-Vl10-1" (default)
Vlan20 - Group 1
 State is Standby
 Virtual IP address is 172.16.20.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 0.560 secs
 Preemption enabled
 Active router is 172.16.20.10, priority 150 (expires in 8.080 sec)
 Standby router is local
 Priority 100 (default 100)
 Group name is "hsrp-Vl20-1" (default)
Vlan30 - Group 1
 State is Active
 Virtual IP address is 172.16.30.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 1.824 secs
 Preemption enabled
 Active router is local
 Standby router is 172.16.30.10, priority 100 (expires in 10.496 sec)
 Priority 150 (configured 150)
 Group name is "hsrp-Vl30-1" (default)
Vlan40 - Group 1
 State is Standby
 Virtual IP address is 172.16.40.1
 Active virtual MAC address is 0000.0c07.ac01
 Local virtual MAC address is 0000.0c07.ac01 (v1 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 1.040 secs
 Preemption enabled
 Active router is 172.16.40.10, priority 150 (expires in 10.608 sec)
 Standby router is local
 Priority 100 (default 100)
 Group name is "hsrp-Vl40-1" (default)
S2#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1007 ms

Allt ok så långt. Vi kan även testa failover:

S1(config)#inte range fa0/1 - 4
S1(config-if-range)#shut

En debug visar då följande på S3:

S3#
*Mar 1 00:19:36.980: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
*Mar 1 00:19:36.988: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down
*Mar 1 00:19:36.997: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel2, changed state to down
S3#
*Mar 1 00:19:37.978: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
*Mar 1 00:19:38.012: %LINK-3-UPDOWN: Interface Port-channel2, changed state to down
*Mar 1 00:19:38.012: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to down
S3#
*Mar 1 00:19:45.452: HSRP: Vl30 Grp 1 Standby router is unknown, was 172.16.30.10
*Mar 1 00:19:45.452: HSRP: Vl30 Nbr 172.16.30.10 no longer standby for group 1 (Active)
*Mar 1 00:19:45.452: HSRP: Vl30 Nbr 172.16.30.10 Was active or standby - start passive holddown
*Mar 1 00:19:45.872: HSRP: Vl10 Grp 1 Standby router is unknown, was 172.16.10.10
*Mar 1 00:19:45.872: HSRP: Vl10 Nbr 172.16.10.10 no longer standby for group 1 (Active)
*Mar 1 00:19:45.872: HSRP: Vl10 Nbr 172.16.10.10 Was active or
S3# standby - start passive holddown
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Standby: c/Active timer expired (172.16.1.10)
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Active router is local, was 172.16.1.10
*Mar 1 00:19:45.872: HSRP: Vl1 Nbr 172.16.1.10 no longer active for group 1 (Standby)
*Mar 1 00:19:45.872: HSRP: Vl1 Nbr 172.16.1.10 Was active or standby - start passive holddown
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Standby router is unknown, was local
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Standby -> Act
S3#ive
*Mar 1 00:19:45.872: %HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Active
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Redundancy "hsrp-Vl1-1" state Standby -> Active
*Mar 1 00:19:45.872: HSRP: Vl1 Added 172.16.1.1 to ARP (0000.0c07.ac01)
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Activating MAC 0000.0c07.ac01
*Mar 1 00:19:45.872: HSRP: Vl1 Grp 1 Adding 0000.0c07.ac01 to MAC address filter
*Mar 1 00:19:45.872: HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" standby, local -> unknown
*Mar 1 00:19:45.872: HSRP:
S3# Vl1 IP Redundancy "hsrp-Vl1-1" update, Standby -> Active
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Standby: c/Active timer expired (172.16.20.10)
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Active router is local, was 172.16.20.10
*Mar 1 00:19:46.023: HSRP: Vl20 Nbr 172.16.20.10 no longer active for group 1 (Standby)
*Mar 1 00:19:46.023: HSRP: Vl20 Nbr 172.16.20.10 Was active or standby - start passive holddown
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Standby router is unknown, was local
*Mar 1 00:19:46.02
S3#3: HSRP: Vl20 Grp 1 Standby -> Active
*Mar 1 00:19:46.023: %HSRP-5-STATECHANGE: Vlan20 Grp 1 state Standby -> Active
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Redundancy "hsrp-Vl20-1" state Standby -> Active
*Mar 1 00:19:46.023: HSRP: Vl20 Added 172.16.20.1 to ARP (0000.0c07.ac01)
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Activating MAC 0000.0c07.ac01
*Mar 1 00:19:46.023: HSRP: Vl20 Grp 1 Adding 0000.0c07.ac01 to MAC address filter
*Mar 1 00:19:46.023: HSRP: Vl20 IP Redundancy "hsrp-Vl20-1" standby, lo
S3#cal -> unknown
*Mar 1 00:19:46.023: HSRP: Vl20 IP Redundancy "hsrp-Vl20-1" update, Standby -> Active
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Standby: c/Active timer expired (172.16.40.10)
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Active router is local, was 172.16.40.10
*Mar 1 00:19:46.392: HSRP: Vl40 Nbr 172.16.40.10 no longer active for group 1 (Standby)
*Mar 1 00:19:46.392: HSRP: Vl40 Nbr 172.16.40.10 Was active or standby - start passive holddown
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Standby rout
S3#er is unknown, was local
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Standby -> Active
*Mar 1 00:19:46.392: %HSRP-5-STATECHANGE: Vlan40 Grp 1 state Standby -> Active
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Redundancy "hsrp-Vl40-1" state Standby -> Active
*Mar 1 00:19:46.392: HSRP: Vl40 Added 172.16.40.1 to ARP (0000.0c07.ac01)
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Activating MAC 0000.0c07.ac01
*Mar 1 00:19:46.392: HSRP: Vl40 Grp 1 Adding 0000.0c07.ac01 to MAC address filter
*Mar 1 00:19:46.392: HSRP:
S3# Vl40 IP Redundancy "hsrp-Vl40-1" standby, local -> unknown
*Mar 1 00:19:46.392: HSRP: Vl40 IP Redundancy "hsrp-Vl40-1" update, Standby -> Active
*Mar 1 00:19:48.875: HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Active -> Active
*Mar 1 00:19:49.043: HSRP: Vl20 IP Redundancy "hsrp-Vl20-1" update, Active -> Active
*Mar 1 00:19:49.412: HSRP: Vl40 IP Redundancy "hsrp-Vl40-1" update, Active -> Active

Pingar vi från S2 igen kan vi nu se att S3 har tagit över:

S2#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/9 ms

Tar vi upp interfacen på S1 så går den återigen Active för Vl1, 20 & 40 pga “standby 1 preempt”.,

S1#sh standby brief
 P indicates configured to preempt.
 |
Interface Grp Pri P State Active Standby Virtual IP
Vl1 1 150 P Active local 172.16.1.30 172.16.1.1
Vl10 1 100 P Standby 172.16.10.30 local 172.16.10.1
Vl20 1 150 P Active local 172.16.20.30 172.16.20.1
Vl30 1 100 P Standby 172.16.30.30 local 172.16.30.1
Vl40 1 150 P Active local 172.16.40.30 172.16.40.1

Klart!

IPv6 – HSRP

Hot Standby Routing Protocol är ett Cisco proprietärt protokoll som erbjuder redundans genom användandet av en virtuell ip-adress som delas mellan routrar för att sedan användas som default-gateway. Denna video förklarar grunderna väldigt bra:

https://www.youtube.com/watch?v=kxhdPI1jh6I

Detta är dock som synes för IPv4, så funktionaliteten skiljer lite när vi använder oss av IPv6 istället. Något som jag själv inte kände till var att IPv6 faktiskt har en light-version av detta inbyggt i protokollet, och genom att modifiera timers för Router Advertisements & Neighbor Discoverys kan få “fail-over” tiden under 1 sekund. Packetlife.net har en väldigt läsvärd post om just detta här.

ipv6-hsrp

Vår host kommer ha sin default-gateway konfigurerad till FE80:CC1E:1, men innan den kan skicka paketen dit behöver den först ta reda på Lager 2-adressen (MAC). Då vi inte har ARP-requests i IPv6 skickas istället en “Neighbor Solicitation” över multicast till den L2-adress hosten TROR att FE80:CC1E;:1 har. Vi tog upp allt detta i en tidigare post om just Neighbor Solicitation här om du behöver friska upp minnet lite.

När vi konfigurerat upp HSRP kommer den aktiva routern att gå med i multicast-gruppen som relaterar till den virtuella adress vi konfigurerat. Den aktiva routern kommer då svara hosten med en tillhörande virtuell mac-adress (deriverad från HSRPs grupp-nummer).

Innan vi konfigurerat mer än grundkonfigen från ovanstående topologi så visar en show ipv6 int fa0/0 på R2 (mot SW1) följande:

FastEthernet0/0 is up, line protocol is up
 IPv6 is enabled, link-local address is FE80::2
 No Virtual link-local address(es):
 No global unicast address is configured
 Joined group address(es):
  FF02::1 <- all nodes
  FF02::2 <- all routers
  FF02::1:FF00:2 <- solicited-node

Hur konfar vi då upp HSRP? Enkelt! Vi gör det direkt på interfacet.

R2(config)#inte fa0/0
 R2(config-if)#standby ?
 <0-4095> group number
 authentication Authentication
 bfd Enable HSRP BFD
 delay HSRP initialisation delay
 follow Name of HSRP group to follow
 ip Enable HSRP IPv4 and set the virtual IP address
 ipv6 Enable HSRP IPv6
 mac-address Virtual MAC address
 mac-refresh Refresh MAC cache on switch by periodically sending packet
 from virtual mac address
 name Redundancy name string
 preempt Overthrow lower priority Active routers
 priority Priority level
 redirect Configure sending of ICMP Redirect messages with an HSRP
 virtual IP address as the gateway IP address
 timers Hello and hold timers
 track Priority tracking
 use-bia HSRP uses interface's burned in address
 version HSRP version

Vi har en hel del valmöjligheter för finjustering som synes, men för att få upp en enkel HSRP-session mellan R1 & R2 behövs endast följande:

R1

interface FastEthernet0/0
 standby version 2
 standby 1 ipv6 FE80:ccie::1
 standby 1 priority 101
 standby 1 preempt
*Mar  1 02:20:04.447: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

R2

interface FastEthernet0/0
 standby version 2
 standby 1 ipv6 FE80:ccie::1
 standby 1 priority 99
 standby 1 preempt
*Mar  1 02:28:31.107: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby

För att kunna använda HSRP tillsammans med IPv6 krävs det att vi aktiverar version 2 av protokollet (standby version 2). Vi kan även styra vilken router som ska vara aktiv genom att modifiera priority, högst värde vinner (default: 100), i detta fall kommer därför R1 bli aktiv. Om vi inte inkluderar kommandot “preempt” kommer sekundären fortsätta vara aktiv även om den primära routern blir nåbar igen vid ett eventuellt avbrott.

Både R1 & R2 kommer nu börja skicka HSRPv2 Hello-paket till multicast-adressen FF02::66.

R1 skickar dock sitt Hello-paket med state – Active

ipv6-hsrp-hello

R3 markerar istället sitt Hello-paket som state – standby

ipv6-hsrp-hello-standby

Om vi återigen tar en titt på R2s interface kan vi nu se att den gått med i ytterligare två multicast-grupper som förväntat:

R2#sh ipv6 int fa0/0
 FastEthernet0/0 is up, line protocol is up
 IPv6 is enabled, link-local address is FE80::2 [UNA]
 Virtual link-local address(es):
 FE80:CC1E::1 [OOD]
 No global unicast address is configured
 Joined group address(es):
 FF02::1
 FF02::2
 FF02::66 <- HSRP
 FF02::1:FF00:1 <- Solicited-node adress för FE80:CC1E::1
 FF02::1:FF00:2

Och för R3:

R3#sh ipv6 int fa0/0
 FastEthernet0/0 is up, line protocol is up
 IPv6 is enabled, link-local address is FE80::3 [UNA]
 Virtual link-local address(es):
 FE80:CC1E::1 [UNA/OOD/TEN]
 No global unicast address is configured
 Joined group address(es):
 FF02::1
 FF02::2
 FF02::66
 FF02::1:FF00:3

Observera att R3 endast gått med i HSRP-multicastgruppen, bara den aktiva routern går med i solicited-node gruppen (FF02::1:FF00:1)! 

Vi kan verifiera att allt är ok via kommandot show standby:

R2#sh standby 
FastEthernet0/0 - Group 1 (version 2)
 State is Active
 2 state changes, last state change 00:25:37
 Virtual IP address is FE80:CC1E::1
 Active virtual MAC address is 0005.73a0.0001
 Local virtual MAC address is 0005.73a0.0001 (v2 IPv6 default)
 Hello time 3 sec, hold time 10 sec
 Next hello sent in 1.756 secs
 Preemption enabled
 Active router is local
 Standby router is FE80::3, priority 99 (expires in 7.040 sec)
 Priority 101 (configured 101)
 Group name is "hsrp-Fa0/0-1" (default)

Vi sätter nu denna virtuella adress som default-gateway på R1:

R1(config)#ipv6 route ::/0 FastEthernet0/0 FE80:cc1e::1
R1(config)#end
R1#ping ipv6 2001:db8:cc1e:4444::4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:CC1E:4444::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/92 ms

Vi stänger ner R2’s interface via shutdown och ser vad som händer..

R2 skickar ut ett HSRP Resign-paket för att informera om att den är på väg ner:

ipv6-hsrp-resign

R3 ser detta och ändrar state från Standby till Active.

*Mar  1 02:49:30.131: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
R1#ping ipv6 2001:db8:cc1e:4444::4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:CC1E:4444::4, timeout is 2 seconds:
!.!.!
Success rate is 60 percent (3/5), round-trip min/avg/max = 12/32/52 ms

Anledningen till att vi tappar paket är bara för att jag varit lite lat. R4 har två default-routes som pekar mot R2 & R3, så vartannat paket skickas tillbaka till R2 och timar ut.. 😉

När vi återigen aktiverar interfacet på R2 skickas ett HSRP “Coup”-paket innehållande R2’s priority. R3 ser detta och ändrar sin state från Active -> Speak -> Standby, samtidigt som R2 går tillbaka till Active.

ipv6-hsrp-coup
*Mar 1 02:56:18.195: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak
*Mar 1 02:56:28.195: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby

Om vi vill ge vår primära router lite tid att få “stabilisera” sig innan vi skickar över stafettpinnen igen kan vi konfigurera en delay-timer via kommandot:

R2(config-if)#standby 1 preempt delay minimum ?
 <0-3600> Number of seconds for minimum delay

Ytterligare en intressant sak är att efter vi aktiverat HSRP på ett interface så slutar routern annonsera sina övriga link-local prefix (FF80::2 / FF80::3) via Router Advertisement.

ipv6-hsrp-linklocal

Men konfigurerar vi istället ytterligare en global adress annonseras det:

R2(config-if)#ipv6 add 2001:db8:cc1e:999::1/64

ipv6-hsrp-globalRA

Det var allt jag hade om HSRP i IPv6, borde väl ta och sätta ihop en post som tar upp lite mer avancerade exempel för IPv4 men det får nog bli lite längre fram i tiden när vi är klara med IPv6.