Hsrp

Magic JohnsonMagic Johnson Member Posts: 414
Can anyone tell me if it is possible to use an HSRP setup to utilise a backup link?

I was just watching something about EIGRP and 'unequal cost load balancing' so an idea popped in to my head; I have a 20mb fibre link and a primary router with HSRP and a 10mb EFM link and a secondary router with HSRP. Both spoofed to be a single IP address (the default gateway of my network)

So is it possible to combine them and increase bandwidth, but still retain the hot swap functionality? Or is it just not possible? One is a 1900 and the other is an 800 series.

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    That's not really what HSRP is designed to do. You are only going to have one active router at a time. So only one is going to answer for that VIP (virtual IP). HSRP and any other FHRP is not designed to be used on the WAN and has many limitations there.
    An expert is a man who has made all the mistakes which can be made.
  • Magic JohnsonMagic Johnson Member Posts: 414
    That's not really what HSRP is designed to do. You are only going to have one active router at a time. So only one is going to answer for that VIP (virtual IP). HSRP and any other FHRP is not designed to be used on the WAN and has many limitations there.

    Ah yeah of course, so how would it be possible to route it down another one! Oh well you don't ask you don't get, just when you learn new stuff all these ideas start flying around in your head, I guess if it was possible then the ISP might have suggested to do that!

    Thanks!
  • Dieg0MDieg0M Member Posts: 861
    Use GLBP instead.
    Follow my CCDE journey at www.routingnull0.com
  • Magic JohnsonMagic Johnson Member Posts: 414
    Dieg0M wrote: »
    Use GLBP instead.

    In what respect mate? Not sure what GLBP is!
  • Magic JohnsonMagic Johnson Member Posts: 414
    Dieg0M wrote: »

    Cheers, had a quick WIKI of it too, seems that is the preferred protocol for this sort of thing?

    HOWEVER:



    Cisco 1700 series, Cisco 2600 series, Cisco 3620, Cisco 3631, Cisco 3640, Cisco 3660, Cisco 3725, Cisco 3745, Cisco 7100 series, Cisco 7200 series, Cisco 7400 series, Cisco 7500 series




    icon_sad.gif

    800 and 1900 not there.
  • Dieg0MDieg0M Member Posts: 861
    Yes, the reason it is not used most of the time is because it is not supported on some platforms and some features like IPSEC HA can't be used.
    Follow my CCDE journey at www.routingnull0.com
  • Magic JohnsonMagic Johnson Member Posts: 414
    Dieg0M wrote: »
    Yes, the reason it is not used most of the time is because it is not supported on some platforms and some features like IPSEC HA can't be used.

    I've got a meeting with our network provider next month, will definitely mention this, afterall we're spending a bit upgrading the network why not go for that extra bandwidth even if it involves a router upgrade?

    Thanks Diego for that suggestion, awesome!
  • networker050184networker050184 Mod Posts: 11,962 Mod
    GLBP really isn't going to do much for you either. What GLBP does different than HSRP is use more than one MAC address to allow load balancing for a group of hosts. Again, this is a protocol designed for first hop redundancy for hosts, not WAN load balancing.
    An expert is a man who has made all the mistakes which can be made.
  • Dieg0MDieg0M Member Posts: 861
    If you implement GLBP on the LAN side, the hosts will load balance to both of his routers. From there if they both have a default static route out to the WAN it will accomplish a 50/50 load balancing ratio. The downside is you might encounter asymmetrical routing. Correct me if I am wrong...
    Follow my CCDE journey at www.routingnull0.com
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Sure you could get some balancing outbound like that, but as you said that's isn't going to do anything for inbound traffic which is the concern for most enterprise networks a lot of the time. Depending on the NAT setups and types of traffic you might actually make things worse with that latency from asymmetric routing. Especially if there are security appliances that track flows.
    An expert is a man who has made all the mistakes which can be made.
  • atorvenatorven Member Posts: 319
    What's a good way to load balance inbound traffic?
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Depends on your setup. If you are doing BGP and have multiple prefixes you can work your advertisements to balance it out once you know your traffic patterns. If it's just all basically internet traffic being NAT'ed it's a little more difficult to get it going even. Overall I think load balancing is something that people make a big deal out of for no reason. I much prefer an active/standby set up for the predictability ans stable traffic patterns.
    An expert is a man who has made all the mistakes which can be made.
  • Dieg0MDieg0M Member Posts: 861
    In theory could you Tag your traffic outbound and use route-maps to direct your inbound packets to the correct router?
    Follow my CCDE journey at www.routingnull0.com
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Tag the traffic in what way?
    An expert is a man who has made all the mistakes which can be made.
  • Dieg0MDieg0M Member Posts: 861
    BGP transitive attribute like communities or even just route-maps with the TAG match statement.
    Follow my CCDE journey at www.routingnull0.com
  • networker050184networker050184 Mod Posts: 11,962 Mod
    BGP attributes or route-maps with tags are not attached to traffic, only updates so that wouldn't help there.
    An expert is a man who has made all the mistakes which can be made.
  • Dieg0MDieg0M Member Posts: 861
    How do static routes with tags work then?
    Follow my CCDE journey at www.routingnull0.com
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Just think of it as an internal mechanism for matching and applied in routing updates. It's nothing physically present in the actual traffic itself.
    An expert is a man who has made all the mistakes which can be made.
  • Dieg0MDieg0M Member Posts: 861
    What about MPLS traffic engineering for each edge router?
    Follow my CCDE journey at www.routingnull0.com
  • networker050184networker050184 Mod Posts: 11,962 Mod
    TE tunnels are signaled with RSVP and then traffic is actually physically tagged with the corresponding MPLS labels. That isn't going to help you sending traffic off to the service provider though.

    That is completely different than matching on tags in route maps though. Nothing is psychically done to the traffic in that scenario.
    An expert is a man who has made all the mistakes which can be made.
  • Dieg0MDieg0M Member Posts: 861
    Alright thanks, was just trying to figure out another way without knowing traffic patterns.
    Follow my CCDE journey at www.routingnull0.com
  • Magic JohnsonMagic Johnson Member Posts: 414
    Depends on your setup. If you are doing BGP and have multiple prefixes you can work your advertisements to balance it out once you know your traffic patterns. If it's just all basically internet traffic being NAT'ed it's a little more difficult to get it going even. Overall I think load balancing is something that people make a big deal out of for no reason. I much prefer an active/standby set up for the predictability ans stable traffic patterns.

    Fair enough! Amazing what you learn just reading people talk about things that are way over your head haha.

    Thanks guys.
  • Magic JohnsonMagic Johnson Member Posts: 414
    Another question:

    So the Active router had a bit of a meltdown eventually leading to it completely hanging up and requiring a reboot. For about 3-4 minutes traffic was all over the place, then when it completely gave up the standby router became active.

    I mentioned to our 3rd party network provider that I thought that was a looooong time for the standby to come in and start taking the load given I'd done tests at another site and it took 10-15 seconds. I put it down to the eventual slow down and crash of the router, it was still managing to take some traffic whilst it was going down so the standby didn't kick in.

    So I rebooted the primary router and once its LAN interface was pingable, it took about 20 seconds for it to become active again.

    The 3rd party informed me the ISP told him that it could take up to 10 minutes because of the way BGP works in their MPLS network.

    Can anyone verify that or were they just talking b@lls? It is above my head, if you hadn't guessed already, plus I can't even login to the routers.
  • xnxxnx Member Posts: 464 ■■■□□□□□□□
    A stable corporate internet connection has more to do with general routing / switching equipment along with good QoS class maps, then again none of this stuff can make up for a rubbish internet connection..

    I used to know roughly how long BGP usually takes to propogate but i've forgot now, any of the guys doing CCNP / CCIE should be able to help you there.
    Getting There ...

    Lab Equipment: Using Cisco CSRs and 4 Switches currently
  • networker050184networker050184 Mod Posts: 11,962 Mod
    If a provider told me it would take 10 minutes for my BGP to converge in my MPLS service I'd find a new provider.
    An expert is a man who has made all the mistakes which can be made.
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    If a provider told me it would take 10 minutes for my BGP to converge in my MPLS service I'd find a new provider.


    LOL! I called BS on that statement from his ISP as well.
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • Magic JohnsonMagic Johnson Member Posts: 414
    If a provider told me it would take 10 minutes for my BGP to converge in my MPLS service I'd find a new provider.
    LOL! I called BS on that statement from his ISP as well.

    This doesn't surprise me, these are the ones that 'manage' our firewall/VPN too, they've removed SDM access randomly, removed advertised routes breaking our VPN setup, haven't been patching, total joke actually. I'm sick of them, and the 3rd party in betweener we use. They always pawn crap excuses on to us because they assume we don't know about this stuff but I did pull them on on the 10 minute thing, what the hell are we paying for two separate lines, an extra router etc if it takes up to 10 mins of downtime before anything happens? That's when he pulled the BGP line, I couldn't refute that because I know next to nothing about BGP but Odom and Cioara insist you can have failover within miliseconds and almost not have any downtime even for SIP etc.
Sign In or Register to comment.