Re: RE: it started out as a really good idea ... [7:64638]
must ... find... coffee just catching back up as dc awakens. the default gateways used by the pc's are the virtual router addresses, a different one for each (i.e. pc1 uses virtual router 1 and pc2 uses virtual router 2). the pc arp caches correctly reflect the virtual mac address (cisco generated 0c...)which are different than the router interfaces bia's. the virtual macs do move and the different interfaces do seem to stop and start their role as the active interface. looking over the traces last nite didn't yield much more. i have a couple things to try and i did find a tac article that holds some hope using standby use-bia. we'll see. thanks for all your thoughts and help. i'll get this to work or i'll revert to plan b, 2 tin cans and ... - Original Message - From: Priscilla Oppenheimer Date: Thursday, March 6, 2003 5:14 pm Subject: RE: it started out as a really good idea ... [7:64638] What did you use a default gateway on the PCs?? Priscilla garrett allen wrote: i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:00.940 Hot standby IP address is 10.3.0.2 configured Active router is 10.3.255.1 expires in 00:00:09, priority 225 Standby router is local 20 state changes, last state change 00:22:34 Ethernet1 - Group 2 Local state is Active, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.676 Hot standby IP address is 10.4.254.10 configured Active router is local Standby router is 10.4.254.1 expires in 00:00:08 Standby virtual mac address is .0c07.ac02 17 state changes, last state change 00:23:26 Router1# Router2#show standby Ethernet0 - Group 1 Local state is Active, priority 225, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.010 Hot standby IP address is 10.3.0.2 configured Active router is local Standby router is 10.3.255.2 expires in 00:00:09 Standby virtual mac address is .0c07.ac01 24 state changes, last state change 00:22:04
Re: RE: it started out as a really good idea ... [7:64638]
mirable dictu! secret is in the standby track command. lost 9 pings and then picked up just like nothing happened. can pull any of the 4 links now an it works just like in the movies. thanks all. - Original Message - From: garrett allen Date: Friday, March 7, 2003 6:57 am Subject: Re: RE: it started out as a really good idea ... [7:64638] must ... find... coffee just catching back up as dc awakens. the default gateways used by the pc's are the virtual router addresses, a different one for each (i.e. pc1 uses virtual router 1 and pc2 uses virtual router 2). the pc arp caches correctly reflect the virtual mac address (cisco generated 0c...)which are different than the router interfaces bia's. the virtual macs do move and the different interfaces do seem to stop and start their role as the active interface. looking over the traces last nite didn't yield much more. i have a couple things to try and i did find a tac article that holds some hope using standby use-bia. we'll see. thanks for all your thoughts and help. i'll get this to work or i'll revert to plan b, 2 tin cans and ... - Original Message - From: Priscilla Oppenheimer Date: Thursday, March 6, 2003 5:14 pm Subject: RE: it started out as a really good idea ... [7:64638] What did you use a default gateway on the PCs?? Priscilla garrett allen wrote: i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:00.940 Hot standby IP address is 10.3.0.2 configured Active router is 10.3.255.1 expires in 00:00:09, priority 225 Standby router is local 20 state changes, last state change 00:22:34 Ethernet1 - Group 2 Local state is Active, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.676 Hot standby IP address is 10.4.254.10 configured Active router is local Standby router is 10.4.254.1 expires in 00:00:08
Re: it started out as a really good idea ... [7:64638]
That's an excellent point. With this design you run a risk of asymmetrical routing. To solve this, in the HSRP configuration on each router have the e0 interface track the e1 interface and vice-versa. That way, if you pull a cable on one side, this triggers failover on both sides. Give that a shot, I think it will work. John Priscilla Oppenheimer 3/6/03 4:23:46 PM Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. HSRP assumes the ehternet interfaces to be on the same subnet. your ehternet side is on two different subnets. hence - no failover. to get this to work using 2514's: E0--2514_1---E1 E0--2514_2---E1 the e0's on the same subnet, the e1's on the same subnet thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:00.940 Hot standby IP address is 10.3.0.2 configured Active router is 10.3.255.1 expires in 00:00:09, priority 225 Standby router is local 20 state changes, last state change 00:22:34 Ethernet1 - Group 2 Local state is Active, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.676 Hot standby IP address is 10.4.254.10 configured Active router is local Standby router is
Re: it started out as a really good idea ... [7:64638]
having the interfaces track one another was in fact the secret sauce that made it work. i can pull any of the links and it contines to ping with minimal interruption. cheers! - Original Message - From: John Neiberger Date: Friday, March 7, 2003 11:42 am Subject: Re: it started out as a really good idea ... [7:64638] That's an excellent point. With this design you run a risk of asymmetrical routing. To solve this, in the HSRP configuration on eachrouter have the e0 interface track the e1 interface and vice- versa. That way, if you pull a cable on one side, this triggers failover on both sides. Give that a shot, I think it will work. John Priscilla Oppenheimer 3/6/03 4:23:46 PM Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gatewayon the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mentionlack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. HSRP assumes the ehternet interfaces to be on the same subnet. your ehternet side is on two different subnets. hence - no failover. to get this to work using 2514's: E0--2514_1---E1 E0--2514_2---E1 the e0's on the same subnet, the e1's on the same subnet thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may
Re: it started out as a really good idea ... [7:64638]
Hooray! We actually solved a problem on GroupStudy. ;-) And someone let us know. It's frustrating when someone asks for help and then never lets us know the resolution. This is supposed to be a GroupStudy, in other words a group learning experience, not a GroupFEEDmeTheAnswerSoIcanDoLessWork. (Sorry, a little cynical due to mean comments on another thread.) Thanks for letting us know the resolution. Priscilla garrett allen wrote: having the interfaces track one another was in fact the secret sauce that made it work. i can pull any of the links and it contines to ping with minimal interruption. cheers! - Original Message - From: John Neiberger Date: Friday, March 7, 2003 11:42 am Subject: Re: it started out as a really good idea ... [7:64638] That's an excellent point. With this design you run a risk of asymmetrical routing. To solve this, in the HSRP configuration on eachrouter have the e0 interface track the e1 interface and vice- versa. That way, if you pull a cable on one side, this triggers failover on both sides. Give that a shot, I think it will work. John Priscilla Oppenheimer 3/6/03 4:23:46 PM Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gatewayon the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mentionlack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. HSRP assumes the ehternet interfaces to be on the same subnet. your ehternet side is on two different subnets. hence - no failover. to get this to work using 2514's: E0--2514_1---E1 E0--2514_2---E1 the e0's on the same subnet, the e1's on the same subnet thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address
Re: it started out as a really good idea ... [7:64638]
nice catch daniel, I've never used that before, will be mulling this one over in my lab for the next week. learn something new everyday, scott Daniel Cotts wrote in message news:[EMAIL PROTECTED] standby track (interface) might do the trick. http://www.cisco.com/warp/public/619/6.html I've never seen HSRP on both sides of a router. Maybe each side could track the ethernet interface on the other side. If the far side goes down then the monitoring side decrements its priority and allows the other router to take over. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2003 6:52 PM To: [EMAIL PROTECTED] Subject: Re: it started out as a really good idea ... [7:64638] Larry Letterman wrote: that was my answer as well...the broken connection will black hole the path on one side or the other... Larry Letterman Network Engineer Cisco Systems Whew! I wasn't losing it. :-) For this to work, you would need a way to tell Router 1 (as well as Router 2), if my E0 interface goes down, make sure I'm not the default gateway on my E1 interface. (And vice versa.) Maybe you can do that with HSRP? I don't know how though. HSRP does have an advanced feature to avoid LAN users using a default gateway that has lost its access to the rest of the network on its other interface. I can't remember how to do that, but it's supported somehow, from what I understand. But I don't think that helps. It's not the same as no longer being the default gateway for the LAN that reaches the rest of the network because you're no longer the default gateway on the local LAN. Sorry if that's convoluted. I can't think of a better way of saying it! ;-) I think a routing protocol solves the problem too, but there are some gotchas. Assuming I understand his topology correctly, with a distance-vector routing protocol, Router 2 would not send via its E0 interface a route that tells Router 1 that Router 2 can get to network 10.3.0.0, due to split horizon. That's fine. However, Router 2 would tell Router 1 this information via its E1 interface. When there's no problem, Router 1 would ingore this information because Router 1 can get to network 10.3.0.0 directly already. Now Router 1's E0 goes down. After the route comes out of holdown (could be a long time for some routing protocols) Router 1 will accept Router 2's offer to send to network 10.3.0.0. Now, it gets a little hairy. Packet comes in on Router 1's E1 interface destinated to 10.3.x.x. (That's the ping reply from PC 2 to PC1.) Router 1 should send the packet back out E1 and let Router 2 pick it up. Router 1 may send an ICMP redirect too, which would avoid the extra hop in the future, except that ICMP redirects are often disabled with HSRP. I think that would work? It's not too pretty, but that's OK, he said it was a lab network. :-) I think the general-purpose answer is that the original poster did sort of misunderstand HSRP's purpose. In a hierarchical network design, you probably wouldn't have a router that was a default gateway on both sides of it. Instead, you might have two routers on a LAN acting together (with HSRP) as the default gateway. Both these routers can also get out to the rest of the network, for example the rest of the enterprise network or the Internet, so it doesn't matter which one gets used. Priscilla - Original Message - From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Sent: Thursday, March 06, 2003 3:23 PM Subject: Re: it started out as a really good idea ... [7:64638] Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might
Re: it started out as a really good idea ... [7:64638]
garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. HSRP assumes the ehternet interfaces to be on the same subnet. your ehternet side is on two different subnets. hence - no failover. to get this to work using 2514's: E0--2514_1---E1 E0--2514_2---E1 the e0's on the same subnet, the e1's on the same subnet thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:00.940 Hot standby IP address is 10.3.0.2 configured Active router is 10.3.255.1 expires in 00:00:09, priority 225 Standby router is local 20 state changes, last state change 00:22:34 Ethernet1 - Group 2 Local state is Active, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.676 Hot standby IP address is 10.4.254.10 configured Active router is local Standby router is 10.4.254.1 expires in 00:00:08 Standby virtual mac address is .0c07.ac02 17 state changes, last state change 00:23:26 Router1# Router2#show standby Ethernet0 - Group 1 Local state is Active, priority 225, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.010 Hot standby IP address is 10.3.0.2 configured Active router is local Standby router is 10.3.255.2 expires in 00:00:09 Standby virtual mac address is .0c07.ac01 24 state changes, last state change 00:22:04 Ethernet1 - Group 2 Local state is Standby, priority 150, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.272 Hot standby IP address is 10.4.254.10 configured Active router is 10.4.254.2 expires in 00:00:09, priority 200 Standby router is local 32 state changes, last state change 00:22:25 Router2# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64660t=64638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: it started out as a really good idea ... [7:64638]
Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. HSRP assumes the ehternet interfaces to be on the same subnet. your ehternet side is on two different subnets. hence - no failover. to get this to work using 2514's: E0--2514_1---E1 E0--2514_2---E1 the e0's on the same subnet, the e1's on the same subnet thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:00.940 Hot standby IP address is 10.3.0.2 configured Active router is 10.3.255.1 expires in 00:00:09, priority 225 Standby router is local 20 state changes, last state change 00:22:34 Ethernet1 - Group 2 Local state is Active, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.676 Hot standby IP address is 10.4.254.10 configured Active router is local Standby router is 10.4.254.1 expires in 00:00:08 Standby virtual mac address is .0c07.ac02 17 state changes, last state change 00:23:26 Router1# Router2#show standby Ethernet0 - Group 1 Local state is Active, priority 225, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.010 Hot standby IP address is 10.3.0.2 configured Active router is
Re: it started out as a really good idea ... [7:64638]
Larry Letterman wrote: that was my answer as well...the broken connection will black hole the path on one side or the other... Larry Letterman Network Engineer Cisco Systems Whew! I wasn't losing it. :-) For this to work, you would need a way to tell Router 1 (as well as Router 2), if my E0 interface goes down, make sure I'm not the default gateway on my E1 interface. (And vice versa.) Maybe you can do that with HSRP? I don't know how though. HSRP does have an advanced feature to avoid LAN users using a default gateway that has lost its access to the rest of the network on its other interface. I can't remember how to do that, but it's supported somehow, from what I understand. But I don't think that helps. It's not the same as no longer being the default gateway for the LAN that reaches the rest of the network because you're no longer the default gateway on the local LAN. Sorry if that's convoluted. I can't think of a better way of saying it! ;-) I think a routing protocol solves the problem too, but there are some gotchas. Assuming I understand his topology correctly, with a distance-vector routing protocol, Router 2 would not send via its E0 interface a route that tells Router 1 that Router 2 can get to network 10.3.0.0, due to split horizon. That's fine. However, Router 2 would tell Router 1 this information via its E1 interface. When there's no problem, Router 1 would ingore this information because Router 1 can get to network 10.3.0.0 directly already. Now Router 1's E0 goes down. After the route comes out of holdown (could be a long time for some routing protocols) Router 1 will accept Router 2's offer to send to network 10.3.0.0. Now, it gets a little hairy. Packet comes in on Router 1's E1 interface destinated to 10.3.x.x. (That's the ping reply from PC 2 to PC1.) Router 1 should send the packet back out E1 and let Router 2 pick it up. Router 1 may send an ICMP redirect too, which would avoid the extra hop in the future, except that ICMP redirects are often disabled with HSRP. I think that would work? It's not too pretty, but that's OK, he said it was a lab network. :-) I think the general-purpose answer is that the original poster did sort of misunderstand HSRP's purpose. In a hierarchical network design, you probably wouldn't have a router that was a default gateway on both sides of it. Instead, you might have two routers on a LAN acting together (with HSRP) as the default gateway. Both these routers can also get out to the rest of the network, for example the rest of the enterprise network or the Internet, so it doesn't matter which one gets used. Priscilla - Original Message - From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Sent: Thursday, March 06, 2003 3:23 PM Subject: Re: it started out as a really good idea ... [7:64638] Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets
Re: it started out as a really good idea ... [7:64638]
i do apologize about the drawing - never could stay in the lines with crayons either. you are correct, both e0's in one subnet and both e1's in the other. appropriate virtual routers as well. pc1 is attached to e0's (all in hub 1) and pc2 with the e1's in hub 2. guess the drawing lost something in translation. i didn't trying pinging back the other way round but will tomorrow am. the lab's at work and (finally) i'm not. i pulled debug standby traces and i'll go through them tonite. the pc has the virtual mac address in its arp table and the virtual address does move from interface e0 to interface e1. but i like your theory of no return path. thanks much. garrett - Original Message - From: Priscilla Oppenheimer Date: Thursday, March 6, 2003 6:23 pm Subject: Re: it started out as a really good idea ... [7:64638] Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start usingRouter2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. HSRP assumes the ehternet interfaces to be on the same subnet. your ehternet side is on two different subnets. hence - no failover. to get this to work using 2514's: E0--2514_1---E1 E0--2514_2---E1 the e0's on the same subnet, the e1's on the same subnet thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip
Re: it started out as a really good idea ... [7:64638]
ok, when priscilla says now it gets hairy its time to think about plan b. maybe this isn't really what i need to do after all. while it did seem to be a good idea at the time ... thanks all for the advice. tomorrow we'll take another run at it. i have a couple more things i want to try. i'm going over the debug standby traces now. this is an isolated lab lan segment so i can experiment without doing harm. from what i see in the debugs the virtual mac and ip addresses move as they should from interface to interface when i pull the cable. the pc uses the virtual interface mac and ip per its arp cache which i also printed before, during and afterwards - no change. i just read a tac article that says there is an asymmetric twist to all this - the pc uses the virtual routers mac address to send but replies come back from the router with the router's actual burned in address as the mac. so i can see, well sort of see, how things could get messy. later all. - Original Message - From: Priscilla Oppenheimer Date: Thursday, March 6, 2003 7:51 pm Subject: Re: it started out as a really good idea ... [7:64638] Larry Letterman wrote: that was my answer as well...the broken connection will black hole the path on one side or the other... Larry Letterman Network Engineer Cisco Systems Whew! I wasn't losing it. :-) For this to work, you would need a way to tell Router 1 (as well as Router 2), if my E0 interface goes down, make sure I'm not the default gateway on my E1 interface. (And vice versa.) Maybe you can do that with HSRP? I don't know how though. HSRP does have an advanced feature to avoid LAN users using a default gateway that has lost its access to the rest of the network on its other interface. I can't remember how to do that, but it's supported somehow, from what I understand. But I don't think that helps. It's not the same as no longer being the default gateway for the LAN that reaches the rest of the network because you're no longer the default gateway on the local LAN. Sorry if that's convoluted. I can't think of a better way of saying it! ;-) I think a routing protocol solves the problem too, but there are some gotchas. Assuming I understand his topology correctly, with a distance- vector routing protocol, Router 2 would not send via its E0 interface a route that tells Router 1 that Router 2 can get to network 10.3.0.0, due to split horizon.That's fine. However, Router 2 would tell Router 1 this information via its E1 interface. When there's no problem, Router 1 would ingore this information becauseRouter 1 can get to network 10.3.0.0 directly already. Now Router 1's E0 goes down. After the route comes out of holdown (could be a long time for some routing protocols) Router 1 will accept Router 2's offer to send to network 10.3.0.0. Now, it gets a little hairy. Packet comes in on Router 1's E1 interface destinated to 10.3.x.x. (That'sthe ping reply from PC 2 to PC1.) Router 1 should send the packet back out E1 and let Router 2 pick it up. Router 1 may send an ICMP redirect too,which would avoid the extra hop in the future, except that ICMP redirects are often disabled with HSRP. I think that would work? It's not too pretty, but that's OK, he said it was a lab network. :-) I think the general-purpose answer is that the original poster did sort of misunderstand HSRP's purpose. In a hierarchical network design, you probably wouldn't have a router that was a default gateway on both sides of it. Instead, you might have two routers on a LAN acting together (with HSRP) as the default gateway. Both these routers can also get out to the rest of the network, for example the rest of the enterprise network or the Internet, so it doesn't matter which one gets used. Priscilla - Original Message - From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Sent: Thursday, March 06, 2003 3:23 PM Subject: Re: it started out as a really good idea ... [7:64638] Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured
RE: it started out as a really good idea ... [7:64638]
standby track (interface) might do the trick. http://www.cisco.com/warp/public/619/6.html I've never seen HSRP on both sides of a router. Maybe each side could track the ethernet interface on the other side. If the far side goes down then the monitoring side decrements its priority and allows the other router to take over. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2003 6:52 PM To: [EMAIL PROTECTED] Subject: Re: it started out as a really good idea ... [7:64638] Larry Letterman wrote: that was my answer as well...the broken connection will black hole the path on one side or the other... Larry Letterman Network Engineer Cisco Systems Whew! I wasn't losing it. :-) For this to work, you would need a way to tell Router 1 (as well as Router 2), if my E0 interface goes down, make sure I'm not the default gateway on my E1 interface. (And vice versa.) Maybe you can do that with HSRP? I don't know how though. HSRP does have an advanced feature to avoid LAN users using a default gateway that has lost its access to the rest of the network on its other interface. I can't remember how to do that, but it's supported somehow, from what I understand. But I don't think that helps. It's not the same as no longer being the default gateway for the LAN that reaches the rest of the network because you're no longer the default gateway on the local LAN. Sorry if that's convoluted. I can't think of a better way of saying it! ;-) I think a routing protocol solves the problem too, but there are some gotchas. Assuming I understand his topology correctly, with a distance-vector routing protocol, Router 2 would not send via its E0 interface a route that tells Router 1 that Router 2 can get to network 10.3.0.0, due to split horizon. That's fine. However, Router 2 would tell Router 1 this information via its E1 interface. When there's no problem, Router 1 would ingore this information because Router 1 can get to network 10.3.0.0 directly already. Now Router 1's E0 goes down. After the route comes out of holdown (could be a long time for some routing protocols) Router 1 will accept Router 2's offer to send to network 10.3.0.0. Now, it gets a little hairy. Packet comes in on Router 1's E1 interface destinated to 10.3.x.x. (That's the ping reply from PC 2 to PC1.) Router 1 should send the packet back out E1 and let Router 2 pick it up. Router 1 may send an ICMP redirect too, which would avoid the extra hop in the future, except that ICMP redirects are often disabled with HSRP. I think that would work? It's not too pretty, but that's OK, he said it was a lab network. :-) I think the general-purpose answer is that the original poster did sort of misunderstand HSRP's purpose. In a hierarchical network design, you probably wouldn't have a router that was a default gateway on both sides of it. Instead, you might have two routers on a LAN acting together (with HSRP) as the default gateway. Both these routers can also get out to the rest of the network, for example the rest of the enterprise network or the Internet, so it doesn't matter which one gets used. Priscilla - Original Message - From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Sent: Thursday, March 06, 2003 3:23 PM Subject: Re: it started out as a really good idea ... [7:64638] Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect
RE: it started out as a really good idea ... [7:64638]
Daniel Cotts wrote: standby track (interface) might do the trick. http://www.cisco.com/warp/public/619/6.html I've never seen HSRP on both sides of a router. Maybe each side could track the ethernet interface on the other side. If the far side goes down then the monitoring side decrements its priority and allows the other router to take over. That doesn't help the traffic coming back, though, which could still be using the router whose cable was pulled. Priscilla -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2003 6:52 PM To: [EMAIL PROTECTED] Subject: Re: it started out as a really good idea ... [7:64638] Larry Letterman wrote: that was my answer as well...the broken connection will black hole the path on one side or the other... Larry Letterman Network Engineer Cisco Systems Whew! I wasn't losing it. :-) For this to work, you would need a way to tell Router 1 (as well as Router 2), if my E0 interface goes down, make sure I'm not the default gateway on my E1 interface. (And vice versa.) Maybe you can do that with HSRP? I don't know how though. HSRP does have an advanced feature to avoid LAN users using a default gateway that has lost its access to the rest of the network on its other interface. I can't remember how to do that, but it's supported somehow, from what I understand. But I don't think that helps. It's not the same as no longer being the default gateway for the LAN that reaches the rest of the network because you're no longer the default gateway on the local LAN. Sorry if that's convoluted. I can't think of a better way of saying it! ;-) I think a routing protocol solves the problem too, but there are some gotchas. Assuming I understand his topology correctly, with a distance-vector routing protocol, Router 2 would not send via its E0 interface a route that tells Router 1 that Router 2 can get to network 10.3.0.0, due to split horizon. That's fine. However, Router 2 would tell Router 1 this information via its E1 interface. When there's no problem, Router 1 would ingore this information because Router 1 can get to network 10.3.0.0 directly already. Now Router 1's E0 goes down. After the route comes out of holdown (could be a long time for some routing protocols) Router 1 will accept Router 2's offer to send to network 10.3.0.0. Now, it gets a little hairy. Packet comes in on Router 1's E1 interface destinated to 10.3.x.x. (That's the ping reply from PC 2 to PC1.) Router 1 should send the packet back out E1 and let Router 2 pick it up. Router 1 may send an ICMP redirect too, which would avoid the extra hop in the future, except that ICMP redirects are often disabled with HSRP. I think that would work? It's not too pretty, but that's OK, he said it was a lab network. :-) I think the general-purpose answer is that the original poster did sort of misunderstand HSRP's purpose. In a hierarchical network design, you probably wouldn't have a router that was a default gateway on both sides of it. Instead, you might have two routers on a LAN acting together (with HSRP) as the default gateway. Both these routers can also get out to the rest of the network, for example the rest of the enterprise network or the Internet, so it doesn't matter which one gets used. Priscilla - Original Message - From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Sent: Thursday, March 06, 2003 3:23 PM Subject: Re: it started out as a really good idea ... [7:64638] Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp
RE: it started out as a really good idea ... [7:64638]
What did you use a default gateway on the PCs?? Priscilla garrett allen wrote: i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:00.940 Hot standby IP address is 10.3.0.2 configured Active router is 10.3.255.1 expires in 00:00:09, priority 225 Standby router is local 20 state changes, last state change 00:22:34 Ethernet1 - Group 2 Local state is Active, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.676 Hot standby IP address is 10.4.254.10 configured Active router is local Standby router is 10.4.254.1 expires in 00:00:08 Standby virtual mac address is .0c07.ac02 17 state changes, last state change 00:23:26 Router1# Router2#show standby Ethernet0 - Group 1 Local state is Active, priority 225, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.010 Hot standby IP address is 10.3.0.2 configured Active router is local Standby router is 10.3.255.2 expires in 00:00:09 Standby virtual mac address is .0c07.ac01 24 state changes, last state change 00:22:04 Ethernet1 - Group 2 Local state is Standby, priority 150, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.272 Hot standby IP address is 10.4.254.10 configured Active router is 10.4.254.2 expires in 00:00:09, priority 200 Standby router is local 32 state changes, last state change 00:22:25 Router2# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64656t=64638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: it started out as a really good idea ... [7:64638]
that was my answer as well...the broken connection will black hole the path on one side or the other... Larry Letterman Network Engineer Cisco Systems - Original Message - From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Sent: Thursday, March 06, 2003 3:23 PM Subject: Re: it started out as a really good idea ... [7:64638] Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. HSRP assumes the ehternet interfaces to be on the same subnet. your ehternet side is on two different subnets. hence - no failover. to get this to work using 2514's: E0--2514_1---E1 E0--2514_2---E1 the e0's on the same subnet, the e1's on the same subnet thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:00.940 Hot standby IP address is 10.3.0.2 configured Active router is 10.3.255.1 expires in 00:00:09, priority 225 Standby router is local 20 state changes, last state change 00:22
RE: it started out as a really good idea ... [7:64638]
Priscilla Oppenheimer wrote: Daniel Cotts wrote: standby track (interface) might do the trick. http://www.cisco.com/warp/public/619/6.html I've never seen HSRP on both sides of a router. Maybe each side could track the ethernet interface on the other side. If the far side goes down then the monitoring side decrements its priority and allows the other router to take over. That doesn't help the traffic coming back, though, which could still be using the router whose cable was pulled. Never mind. My comment didn't make sense. I think it could work. It's worth a try anyway. Though a different design might be the real answer! :-) Priscilla Priscilla -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2003 6:52 PM To: [EMAIL PROTECTED] Subject: Re: it started out as a really good idea ... [7:64638] Larry Letterman wrote: that was my answer as well...the broken connection will black hole the path on one side or the other... Larry Letterman Network Engineer Cisco Systems Whew! I wasn't losing it. :-) For this to work, you would need a way to tell Router 1 (as well as Router 2), if my E0 interface goes down, make sure I'm not the default gateway on my E1 interface. (And vice versa.) Maybe you can do that with HSRP? I don't know how though. HSRP does have an advanced feature to avoid LAN users using a default gateway that has lost its access to the rest of the network on its other interface. I can't remember how to do that, but it's supported somehow, from what I understand. But I don't think that helps. It's not the same as no longer being the default gateway for the LAN that reaches the rest of the network because you're no longer the default gateway on the local LAN. Sorry if that's convoluted. I can't think of a better way of saying it! ;-) I think a routing protocol solves the problem too, but there are some gotchas. Assuming I understand his topology correctly, with a distance-vector routing protocol, Router 2 would not send via its E0 interface a route that tells Router 1 that Router 2 can get to network 10.3.0.0, due to split horizon. That's fine. However, Router 2 would tell Router 1 this information via its E1 interface. When there's no problem, Router 1 would ingore this information because Router 1 can get to network 10.3.0.0 directly already. Now Router 1's E0 goes down. After the route comes out of holdown (could be a long time for some routing protocols) Router 1 will accept Router 2's offer to send to network 10.3.0.0. Now, it gets a little hairy. Packet comes in on Router 1's E1 interface destinated to 10.3.x.x. (That's the ping reply from PC 2 to PC1.) Router 1 should send the packet back out E1 and let Router 2 pick it up. Router 1 may send an ICMP redirect too, which would avoid the extra hop in the future, except that ICMP redirects are often disabled with HSRP. I think that would work? It's not too pretty, but that's OK, he said it was a lab network. :-) I think the general-purpose answer is that the original poster did sort of misunderstand HSRP's purpose. In a hierarchical network design, you probably wouldn't have a router that was a default gateway on both sides of it. Instead, you might have two routers on a LAN acting together (with HSRP) as the default gateway. Both these routers can also get out to the rest of the network, for example the rest of the enterprise network or the Internet, so it doesn't matter which one gets used. Priscilla - Original Message - From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Sent: Thursday, March 06, 2003 3:23 PM Subject: Re: it started out as a really good idea ... [7:64638] Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable
