Cisco Routers

Cisco routers provide access to applications and services, and integrate technologies

IP Phone - Cisco

IP phone takes full advantage of converged voice and data networks, while retaining the convenience and user-friendliness you expect from a business phone...

WAN - Cisco Systems

Transform your WAN to deliver high-performance, highly secure, and reliable services to unite campus, data center, and branch networks.

EtherChannel - Cisco Systems

EtherChannel provides incremental trunk speeds between Fast Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet. EtherChannel combines multiple Fast ...

Looking Toward the Future - Cisco Systems

Looking Toward the Future by Vint Cerf. The Internet Corporation for Assigned Names and Numbers (ICANN) was formed 9 years ago....


Saturday, March 17, 2012

Hot Standby Router Protocol (HSRP)

Hot Standby Routing Protocol or HSRP, is a Cisco proprietary protocol that allows two or more routers to work together to represent a single IP address for a particular network. HSRP, as well as Virtual Route Redundancy Protocol (VRRP) are considered high-availability network services that allow for almost immediate fail over to a secondary interface when the primary interface becomes unavailable.

HSRP is a fairly simple concept that works by having one router within an HSRP group be selected as the primary, or active router.
That primary will handle all routing requests while the other routers within the HSRP group simply wait in a standby state. These standby routers remain ready to take on all of the traffic load if the primary router becomes unavailable. In this scenario, HSRP provides high network availability since it routes IP traffic without depending on a single router.

The hosts that use the HSRP address as a gateway never know the actual physical IP or MAC address of the routers in the group. Only the virtual IP address that was created within the HSRP configuration along with a virtual MAC address is known to other hosts on the network.
Hot Standby Router Protocol

Basic HSRP Configuration
       Before we discuss more advanced HSRP concepts, lets create a basic HSRP configuration to get an idea of how this all works. For this scenario we will use a topology consisting of just two core switches. Keep in mind that one or both of these routers. But for this discussion let’s just refer them as core switches.

       CORESW1-6509 and CORESW2-6509 will both be configured to be in standby group 1. The HSRP address will be given an IP address of All hosts on the segment and in the VLAN will use this address as their default gateway.

CORESW1-6509(config)#interface VLAN 100
CORESW1-6509(config-if)#ip address
CORESW1-6509(config-if)#standby 1 ip
CORESW2-6509(config)#interface VLAN 100
CORESW2-6509(config-if)#ip address
CORESW2-6509(config-if)#standby 1 ip

       To see the status of HSRP use the command show standby. This is the first command you should run to ensure that HSRP is running and configured properly.

CORESW1-6509#show standby
VLAN 100 - Group 1
Local state is Standby, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.776
Virtual IP address is configured
Active router is, priority 100 expires in 9.568
Standby router is local
1 state changes, last state change 00:00:22

CORESW2-6509#show standby
VLAN 100 - Group 1
Local state is Active, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.592
Virtual IP address is configured
Active router is local
Standby router is expires in 8.020
Virtual mac address is 0000.0c07.ac05
2 state changes, last state change 00:02:08

       We can see that CORESW2-6509 has been selected as the Active core switch ("Local state is Active"), the virtual core switch's IP is, and CORESW1-6509 is the standby core switch.

Controlling the Active HSRP Router
       There are more HSRP values that you'll need to change from time to time to ensure complete control over your network traffic. For example, what if we wanted CORESW1-6509 to be the Active core switch instead of CORESW2-6509? To force a particular core switch to be the active core switch in an HSRP group you will need to use the priority command.
       The default
priority is 100. The higher priority will determine which core switch is active. If both core switchs are set to the same priority, the first core switch to come up will be the active core switch.

Using our example above, this is how the commands would look.

CORESW1-6509(config)#interface VLAN 100
CORESW1-6509(config-if)#ip address
CORESW1-6509(config-if)#standby 1 ip
CORESW1-6509(config-if)#standby 1 priority 200 <-- Add this to force CORESW1-6509 to be active 

CORESW2-6509(config)#interface VLAN 100 
CORESW2-6509(config-if)#ip address 
CORESW2-6509(config-if)#standby 1 ip 

Keeping the Active Core switch Active 
      In our scenario above, if CORESW1-6509 fails, CORESW2-6509 will become active. This is perfect! But, if CORESW1-6509 comes back up and returns to service, CORESW2-6509 will continue to stay active. This may not be a preferred behavior. There are times when you may always want CORESW1-6509 to be in an active state in the HSRP group. Cisco provides a way for use to control this by using the Preempt command. Preempt forces a core switch to be active after recovering from a failure. 
      Here again is our two core switch topology, with the preempt command added. CORESW1-6509(config)#interface VLAN 100 
CORESW1-6509(config-if)#ip address 
CORESW1-6509(config-if)#standby 1 ip 
CORESW1-6509(config-if)#standby 1 priority 200 
CORESW1-6509(config-if)#standby 1 preempt <-- Add this to force CORESW1-6509 to return to active state after failure 
CORESW2-6509(config)#interface VLAN 100 
CORESW2-6509(config-if)#ip address 
CORESW2-6509(config-if)#standby 1 ip

Do you still have questions about this configuration or another question about HSRP? If you need a flash presentation files, please contact me directly and/or Leave a comment below and let’s work on it.

Cisco Hierarchical Model

       Cisco has defined a hierarchical model known as the hierarchical internetworking model. This model simplifies the task of building a reliable, scalable, and less expensive hierarchical internetwork because rather than focusing on packet construction, it focuses on the three functional areas, or layers, of your network.

       The Cisco hierarchical model can help you design, implement, and maintain a scalable, reliable, cost-effective hierarchical internetwork and can be applied to any network type such as LAN, WAN, MAN and WLAN.

The following are the three layers:
  • The Core layer or Backbone
  • The Distribution layer
  • The Access layer
      Each layer has specific responsibilities. However, that the three layers are logical and are not necessarily physical devices. Consider the OSI model, another logical hierarchy. The seven layers describe functions but not necessarily protocols. Sometimes a protocol maps to more than one layer of the OSI model, and sometimes multiple protocols communicate within a single layer. In the same way, when we build physical implementations of hierarchical networks, we may have many devices in a single layer, or we might have a single device performing functions at two layers. The definition of the layers is logical, not physical.

Now, let's take a closer look at each of the layers.

The Core Layer

       The core layer is literally the Internet backbone. At the top of the hierarchy, the core layer is responsible for transporting large amounts of traffic both reliably and quickly. The only purpose of the network&apos;s core layer is to switch traffic as fast as possible. The traffic transported across the core is common to a majority of users. However, remember that user data is processed at the distribution layer, which forwards the requests to the core if needed.

       If there is a failure in the core, every user can be affected. Therefore, fault tolerance at this layer is an issue. The core is likely to see large volumes of traffic, so speed and latency are driving concerns here. Given the function of the core, we can now consider some design specifics. Let's start with something we don't want to do.
  • Don't do anything to slow down traffic. This includes using access lists, routing between virtual local area networks, and packet filtering.
  • Don't support workgroup access here.
  • Avoid expanding the core when the internetwork grows. If performance becomes an issue in the core, give preference to upgrades over expansion.
Now, there are a few things that we want to do as we design the core. They include the following:
  • Design the core for high reliability. Consider data-link technologies that facilitate both speed and redundancy, such as FDDI, Fast Ethernet, or even ATM.
  • Design with speed in mind. The core should have very little latency.
  • Select routing protocols with lower convergence times. Fast and redundant data-link connectivity is no help if your routing tables are shot.
The Distribution Layer

       The distribution layer is sometimes referred to as the workgroup layer and is the major communication point between the access layer and the core. The primary function of the distribution layer is to provide routing, filtering, and WAN access and to determine how packets can access the core, if needed.

       The distribution layer must determine the fastest way that network service requests are handled; for example, how a file request is forwarded to a server. After the distribution layer determines the best path, it forwards the request to the core layer. The core layer then quickly transports the request to the correct service.

       The distribution layer is the place to implement policies for the network. Here you can exercise considerable flexibility in defining network operation. There are several items that generally should be done at the distribution layer such as:
  • Implementation of tools such as access lists, of packet filtering, and of queuing
  • Implementation of security and network policies including firewalls
  • Redistribution between routing protocols, including static routing
  • Routing between VLANs and other workgroup support functions
  • Definitions of broadcast and multicast domains
      Things to avoid at this layer are limited to those functions that exclusively belong to one of the other layers.

The Access Layer

       The access layer controls user and workgroup access to internetwork resources. The access layer is sometimes referred to as the desktop layer. The network resources most users need will be available locally. The distribution layer handles any traffic for remote services.

The following are some of the functions to be included at the access layer:
  • Continued access control and policies
  • Creation of separate collision domains
  • Workgroup connectivity into the distribution layer through layer 2 switching
OSI & Cisco Three-Layer Hierarchical Model