One ugly way to do it would be to create an eem applet on both routers which would do the following:
1) watch for syslog messages "STANDBY ....Active->xxx" and then "decrease" the metric of these redistributed connected routes through configuring the local router 2) watch for syslog messages "STANDBY ....xxx->Active" and then "increase" the metric of these redistributed connected routes through configuring the local router I guess if eem can watch the hsrp state, it would be even easier. Of course if you have a lot of hsrp groups, that is going to be a long config, but it might do the job. One nice way (if your network design allows it) is to track (through hsrp) the upstream interface/connection of the hsrp primary router and if it loses connectivity (you can use ip sla/rtr to check non-direct connectivity), then switch over to the standby hsrp router, which should always announce the same networks as the primary router, but using a smaller metric. I personally use such a design and it works very well, especially after tuning the ospf timers. -- Tassos Phil Mayers wrote on 27/10/2007 4:55 μμ: > On Fri, 2007-10-26 at 14:37 -0700, Ian Cox wrote: >> At 08:33 PM 10/26/2007 +0100, Phil Mayers wrote: >>> On Fri, 2007-10-26 at 13:08 -0500, Justin Shore wrote: >>>> Phil Mayers wrote: >>>>>> Is there a HSRP option to tell the standby router to only route traffic >>>>>> when it's active? VRRP and GLBP would have the same problem I imagine. >> What exactly do you mean by not route traffic? HSRP on the standby > > Return path traffic. > > Basically, the HSRP standby still has a connected route, which it will > export via it's routing protocol (if configured) to neighbours, and even > if you suppress the export the box itself will route packets via the > connected route. Take for example the following topology: > > > borderA ---- gigE ---- borderB > | | > gigE gigE > | | > routerA ---- gigE ---- routerB > | | > hsrp master hsrp standby > gigE 100meg > | | > > ...it is desirable for routerB to both > > a. not export the route, and > b. not pass packets via the 100meg standby link > > There are lots of other topologies where forcing the out/return traffic > paths to be symmetric is desirable. Stateful firewalls is one that > springs to mind. > > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/