Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol for establishing a faulttolerant default gateway, and has been described in detail in RFC 2281.
The protocol establishes a framework between network routers in order to achieve default gateway
failover if the primary gateway becomes inaccessible, in close association with a rapid-converging
routing protocol like EIGRP or OSPF. By multicasting packets, HSRP sends its hello messages to the
multicast address 224.0.0.2 (all routers) for version 1, or 224.0.0.102 for version 2, using UDP port 1985,
to other HSRP-enabled routers, defining priority between the routers.
VRRP (Virtual Router Redundancy Protocol) is a computer networking protocol that provides for
automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the
availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.
The Virtual Router Redundancy Protocol (VRRP) eliminates the single point of failure inherent in the
static default routed environment. VRRP specifies an election protocol that dynamically assigns
responsibility for a virtual router (a VPN 3000 Series Concentrator cluster) to one of the VPN
Concentrators on a LAN. The VRRP VPN Concentrator that controls the IP address(es) associated with a
virtual router is called the Master, and forwards packets sent to those IP addresses.
GLBP (Gateway Load Balancing Protocol) is a Cisco proprietary protocol that attempts to overcome the
limitations of existing redundant router protocols by adding basic load balancing functionality. GLBP is a
virtual gateway protocol similar to HSRP and VRRP.
However, unlike its little brothers, GLBP is capable of using multiple physical gateways at the same time.
As we know, a single HSRP or VRRP group represents one virtual gateway, with single virtual IP and MAC
addresses. Only one physical gateway in a standby/redundancy group is responsible for packet
forwarding, others remain inactive in standby/backup state.
VRRP (Virtual Router Redundancy Protocol) is a computer networking protocol that provides for
automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the
availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.
The Virtual Router Redundancy Protocol (VRRP) eliminates the single point of failure inherent in the
static default routed environment. VRRP specifies an election protocol that dynamically assigns
responsibility for a virtual router (a VPN 3000 Series Concentrator cluster) to one of the VPN
Concentrators on a LAN. The VRRP VPN Concentrator that controls the IP address(es) associated with a
virtual router is called the Master, and forwards packets sent to those IP addresses.
GLBP (Gateway Load Balancing Protocol) is a Cisco proprietary protocol that attempts to overcome the
limitations of existing redundant router protocols by adding basic load balancing functionality. GLBP is a
virtual gateway protocol similar to HSRP and VRRP.
However, unlike its little brothers, GLBP is capable of using multiple physical gateways at the same time.
As we know, a single HSRP or VRRP group represents one virtual gateway, with single virtual IP and MAC
addresses. Only one physical gateway in a standby/redundancy group is responsible for packet
forwarding, others remain inactive in standby/backup state.
Webinar topic: BGP tuning: Peer with loopback
Presenter: Achmad Mardiansyah
In this webinar, we discussed BGP tuning: peer with loopback. a loopback interface is a virtual interface, which is always ON and will not be affected by physical status. therefore it is very useful to use it as a peering parameter to ensure high availability of BGP peer.
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording is available on youtube:
https://youtu.be/tRW1xQDtH7w
A
PROJECT REPORT
On
CISCO CERTIFIED NETWORK ASSOCIATE
A computer network, or simply a network, is a collection of computer and other hardware components interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network. Simply, more than one computer interconnected through a communication medium for information interchange is called a computer network.
he Associate level of Cisco Certifications can begin directly with CCNA for network installation, operations and troubleshooting or CCDA for network design. Think of the Associate Level as the foundation level of networking certification.
Mobile Transport Evolution with Unified MPLSCisco Canada
Mobile Service Providers are seeing unprecedented challenges in relation to their Transport architectures with the 3GPP evolution towards IP based Node Bs, LTE (Long Term Evolution) and LTE-Advanced. This presentation will initially discuss the network migration trends and factors that are changing how mobile networks are evolving. A description is provided on Unified MPLS and the current issues that need to be fixed and how this architecture addresses this. A more detailed analysis will then examine the options available for transporting GSM/2G, UMTS/3G traffic and IP/Ethernet Node B deployments and some of factors that need consideration like scalability, resiliency and security. Finally, there is a detailed description of the LTE/LTE - A evolution and the feature requirements made on the transport network. There will be detailed analysis of different LTE models and also some technical enhancements and proposals considered for the implementation of LTE in a Unified MPLS environment.
Tunneling provides a mechanism to transport packets of one protocol within another protocol. The
protocol that is carried is called as the passenger protocol, and the protocol that is used for carrying the
passenger protocol is called as the transport protocol. Generic Routing Encapsulation (GRE) is one of the
available tunneling mechanisms which uses IP as the transport protocol and can be used for carrying
many different passenger protocols. The tunnels behave as virtual point-to-point links that have two
endpoints identified by the tunnel source and tunnel destination addresses at each endpoint.
Webinar topic: BGP tuning: Peer with loopback
Presenter: Achmad Mardiansyah
In this webinar, we discussed BGP tuning: peer with loopback. a loopback interface is a virtual interface, which is always ON and will not be affected by physical status. therefore it is very useful to use it as a peering parameter to ensure high availability of BGP peer.
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording is available on youtube:
https://youtu.be/tRW1xQDtH7w
A
PROJECT REPORT
On
CISCO CERTIFIED NETWORK ASSOCIATE
A computer network, or simply a network, is a collection of computer and other hardware components interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network. Simply, more than one computer interconnected through a communication medium for information interchange is called a computer network.
he Associate level of Cisco Certifications can begin directly with CCNA for network installation, operations and troubleshooting or CCDA for network design. Think of the Associate Level as the foundation level of networking certification.
Mobile Transport Evolution with Unified MPLSCisco Canada
Mobile Service Providers are seeing unprecedented challenges in relation to their Transport architectures with the 3GPP evolution towards IP based Node Bs, LTE (Long Term Evolution) and LTE-Advanced. This presentation will initially discuss the network migration trends and factors that are changing how mobile networks are evolving. A description is provided on Unified MPLS and the current issues that need to be fixed and how this architecture addresses this. A more detailed analysis will then examine the options available for transporting GSM/2G, UMTS/3G traffic and IP/Ethernet Node B deployments and some of factors that need consideration like scalability, resiliency and security. Finally, there is a detailed description of the LTE/LTE - A evolution and the feature requirements made on the transport network. There will be detailed analysis of different LTE models and also some technical enhancements and proposals considered for the implementation of LTE in a Unified MPLS environment.
Tunneling provides a mechanism to transport packets of one protocol within another protocol. The
protocol that is carried is called as the passenger protocol, and the protocol that is used for carrying the
passenger protocol is called as the transport protocol. Generic Routing Encapsulation (GRE) is one of the
available tunneling mechanisms which uses IP as the transport protocol and can be used for carrying
many different passenger protocols. The tunnels behave as virtual point-to-point links that have two
endpoints identified by the tunnel source and tunnel destination addresses at each endpoint.
Cisco CCNA IP SLA with tracking configurationHamed Moghaddam
Cisco CCNA/CCNP Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
IP Address is a unique identification given to Host, network device, server for data communication. IP
Address stand for Internet Protocol address, it is an addressing scheme used to identify a system on a
network. It is a unique address that certain electronic devices currently use to communicate with each
other on a network using internet protocol.
Networking Devices are units that mediate data in a computer network and are also called network equipment. Units which are the last receiver or generate data are called hosts or data terminal equipment.
TCP Intercept was developed to protect servers and other resources from Denial-of-Service (DoS)
attacks, specifically TCP SYN attacks.
Just as the name says, TCP Intercept captures incoming TCP requests. Instead of allowing direct access
to the server, TCP Intercept acts as an intermediary, establishing a connection to the server on behalf of
the requesting client.
TCP Intercept will block a client if too many incoming connections are attempted.
A network consists of a collection of computers, printers and other compatible equipment/ hardware
that is connected together so that they can communicate with each other.
A VPN (Virtual Private Network) extends a private network across a public network, such as the
Internet.
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their organization's network. A VPN ensures
privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol
(L2TP). Data is encrypted at the sending end and decrypted at the receiving end.
Wireless networks come in many different forms, cover various distances, and provide a range of low to
high bandwidth depending on the type installed. Wireless LAN – Wireless LAN enable Laptop users to
access the Network of a company.
The enterprise network is being transformed by cloud computing, BYOD, multimedia over IP and pervasive Wi-Fi. These technologies are still relatively early in the adoption cycle, but we can see the direction they are taking. But other, arguably more fundamental changes in network architecture are in the pipeline, driven by the adoption of IPv6, very-high-speed Wi-Fi, the increased penetration of consumer technologies and software-defined network architectures. This talk will touch on these areas, drawing on the experiences of early-adopters of new WLANs with a dash of medium-term vision. It will pose questions for network architects looking out several years, and hopefully provide some of the answers.
OSPF- Open Shortest path first, had conveyed the details of OSPF routing explaination which comes under Dynamic routing protocols and also configured OSPF Multi-area with the help of CISCO Packet tracer. The persons who were Pursuing CCNA will gain more exposure on overviewing this.
Similar to HSRP (hot standby router protocol) (20)
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
1. HSRP (Hot Standby Router Protocol)
Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol for establishing a fault-
tolerant default gateway, and has been described in detail in RFC 2281.
The protocol establishes a framework between network routers in order to achieve default gateway
failover if the primary gateway becomes inaccessible, in close association with a rapid-converging
routing protocol like EIGRP or OSPF. By multicasting packets, HSRP sends its hello messages to the
multicast address 224.0.0.2 (all routers) for version 1, or 224.0.0.102 for version 2, using UDP port 1985,
to other HSRP-enabled routers, defining priority between the routers. The primary router with the
highest configured priority will act as a virtual router with a pre-defined gateway IP address and will
respond to the ARP request from machines connected to the LAN with the MAC address
0000.0C07.ACXX (or 0000.0C9F.FXXX for HSRPv2) where X will be hex representation of the (decimal)
group ID. If the primary router should fail, the router with the next-highest priority would take over the
gateway IP address and answer ARP requests with the same MAC address, thus achieving transparent
default gateway failover.
HSRP is not a routing protocol as it does not advertise IP routes or affect the routing table in any way.
Figure 1 HSRP Terminology
2. HSRP (Hot Standby Router Protocol)
HSRP for IPv4
HSRP routers communicate with each other by exchanging HSRP hello packets. These packets are sent
to the destination IP multicast address 224.0.0.2 (reserved multicast address used to communicate to all
routers) on UDP port 1985. The active router sources hello packets from its configured IP address and
the HSRP virtual MAC address while the standby router sources hellos from its configured IP address and
the interface MAC address, which might be the burned-in address (BIA). The BIA is the last six bytes of
the MAC address that is assigned by the manufacturer of the network interface card (NIC).
Because hosts are configured with their default router as the HSRP virtual IP address, hosts must
communicate with the MAC address associated with the HSRP virtual IP address. This MAC address is a
virtual MAC address, 0000.0C07.ACxy, where xy is the HSRP group number in hexadecimal based on the
respective interface. For example, HSRP group 1 uses the HSRP virtual MAC address of 0000.0C07.AC01.
Hosts on the adjoining LAN segment use the normal Address Resolution Protocol (ARP) process to
resolve the associated MAC addresses.
HSRP version 2 uses the new IP multicast address 224.0.0.102 to send hello packets instead of the
multicast address of 224.0.0.2, which is used by version 1. HSRP version 2 permits an expanded group
number range of 0 to 4095 and uses a new MAC address range of 0000.0C9F.F000 to 0000.0C9F.FFFF.
HSRP for IPv6
IPv6 hosts learn of available IPv6 routers through IPv6 neighbor discovery (ND) router advertisement
(RA) messages. These messages are multicast periodically, or might be solicited by hosts, but the time
delay for detecting when a default route is down might be 30 seconds or more. HSRP for IPv6 provides a
much faster switchover to an alternate default router than the IPv6 ND protocol provides, less than a
second if the milliseconds timers are used. HSRP for IPv6 provides a virtual first hop for IPv6 hosts.
When you configure an IPv6 interface for HSRP, the periodic RAs for the interface link-local address stop
after IPv6 ND sends a final RA with a router lifetime of zero. No restrictions occur for the interface IPv6
link-local address. Other protocols continue to receive and send packets to this address.
IPv6 ND sends periodic RAs for the HSRP virtual IPv6 link-local address when the HSRP group is active.
These RAs stop after a final RA is sent with a router lifetime of 0 when the HSRP group leaves the active
state. HSRP uses the virtual MAC address for active HSRP group messages only (hello, coup, and
redesign).
HSRP for IPv6 uses the following parameters:
HSRP version 2
UDP port 2029
Virtual MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF
3. HSRP (Hot Standby Router Protocol)
Multicast link-local IP destination address of FF02::66
Hop limit set to 255
This protocol is used for Gateway redundancy or high availability
1. Cisco Proprietary (1994)
2. Hello interval 3 sec
3. Hold interval 10 sec
4. It use UDP port number 1985
5. It sends multicast hellos via 224.0.0.2
6. Default Priority is 100
7. Default Preempt Disable
8. Default decrement in priority using track 10
9. It supports two types of authentication (MD-5 & Txt).
10. HSRP virtual Mac 0000.0c07.acxx (XX is group ID)
11. It has two versions (v1 & v2)
12. It has built in track command
(Note: Maximum Group we can create in HSRP is 0 to 255)
HSRP Authentication
HSRP message digest 5 (MD5) algorithm authentications protects against HSRP-spoofing software and
uses the industry-standard MD5 algorithm for improved reliability and security. HSRP includes the IPv4
or IPv6 address in the authentication TLVs.
HSRP Messages
Routers that are configured with HSRP exchange the following three types of multicast messages:
Hello- The hello message conveys the HSRP priority and state information of the router to other
HSRP routers.
Coup- When a standby router wants to assume the function of the active router, it sends a coup
message.
Resign- A router that is the active router sends this message when it is about to shut down or
when a router that has a higher priority sends a hello or coup message.
HSRP Load Sharing
HSRP allows you to configure multiple groups on an interface. You can configure two overlapping IPv4
HSRP groups to load share traffic from the connected hosts while providing the default router
4. HSRP (Hot Standby Router Protocol)
redundancy expected from HSRP. Figure 19-2 shows an example of a load-sharing HSRP IPv4
configuration.
(Note: HSRP for IPv6 load-balances by default. If there are two HSRP IPv6 groups on the subnet, then
hosts learn of both groups from their router advertisements and choose to use one so that the load is
shared between the advertised routers.)
Figure 2 Two routers A and B and two HSRP groups. Router A is the active router for group A but is the
standby router for group B. Similarly, router B is the active router for group B and the standby router
for group A. If both routers remain active, HSRP load balances the traffic from the hosts across both
routers. If either router fails, the remaining router continues to process traffic for both hosts.
5. HSRP (Hot Standby Router Protocol)
Object Tracking and HSRP
You can use object tracking to modify the priority of an HSRP interface based on the operational state of
another interface. Object tracking allows you to route to a standby router if the interface to the main
network fails.
Two objects that you can track are the line protocol state of an interface or the reachability of an IP
route. If the specified object goes down, Cisco NX-OS reduces the HSRP priority by the configured
amount.
Configuring HSRP Object Tracking
You can configure an HSRP group to adjust its priority based on the availability of other interfaces or
routes. The priority of a device can change dynamically if it has been configured for object tracking and
the object that is being tracked goes down.
The tracking process periodically polls the tracked objects and notes any value change. The value change
triggers HSRP to recalculate the priority. The HSRP interface with the higher priority becomes the active
router if you configure the HSRP interface for preemption.
SUMMARY STEPS
1. configure terminal
2. track object-id interface interface-type number {{ip | ipv6} routing | line-protocol}
3. track object-id {ip | ipv6} route ip-prefix/length reachability
4. interface interface-type slot/port
5. hsrp group-number [ipv4 | ipv6]
6. priority [value]
7. track object-number [decrement value]
8. preempt [delay [minimum seconds] [reload seconds] [sync seconds]]
9. (Optional) show hsrp interface interface-type number
10. (Optional) copy running-config startup-config
This example shows how to configure HSRP object tracking on Ethernet 1/2:
switch# configure terminal
switch(config)# track 1 interface ethernet 2/2 line-protocol
switch(config)# interface ethernet 1/2
switch(config-if)# hsrp 2
switch(config-if-hsrp)# track 1 decrement 20
switch(config-if-hsrp)# copy running-config startup-config
6. HSRP (Hot Standby Router Protocol)
HSRP Roles
1. Active
2. Stand by
HSRP States
(i) Disabled
(ii) Init
(iii) Listening
(iv) Speaking
(v) Stand by
Active- A router which gives the reply of ARP request of clients for gateway.
Active Requirements–
(i) Higher Priority
(ii) Higher IP
Stand by- Backup to active. The router which has the higher priority would be active.
Preempt by default is disabled; we need to enable it, once it will enable it force higher priority
router to become active.
Figure 3 HSRP Role Selection
7. HSRP (Hot Standby Router Protocol)
Prerequisites for HSRP
(i) You must enable the HSRP feature in a device before you can configure and enable any HSRP
groups.
(ii) If you configure VDCs, install the Advanced Services license and enter the desired VDC (see
the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x).
Guidelines and Limitations for HSRP
HSRP has the following configuration guidelines and limitations:
You must configure an IP address for the interface that you configure HSRP on and enable that
interface before HSRP becomes active.
You must configure HSRP version 2 when you configure an IPv6 interface for HSRP.
For IPv4, the virtual IP address must be in the same subnet as the interface IP address.
We recommend that you do not configure more than one first-hop redundancy protocol on the
same interface.
HSRP version 2 does not interoperate with HSRP version 1. An interface cannot operate both
version 1 and version 2 because both versions are mutually exclusive. However, the different
versions can be run on different physical interfaces of the same router.
You cannot change from version 2 to version 1 if you have configured groups above the group
number range allowed for version 1 (0 to 255).
HSRP for IPv4 is supported with BFD. HSRP for IPv6 is not supported with BFD.
Cisco NX-OS removes all Layer 3 configurations on an interface when you change the interface
VRF membership, port channel membership, or when you change the port mode to Layer 2.
If you configure virtual MAC addresses with vPC, you must configure the same virtual MAC
address on both vPC peers.
For mixed-chassis configurations where the vPC peer link is configured on an F-series module,
configure the vPC peer gateway exclude option to exclude the Layer 3 backup route that
traverses the vPC peer link.
You cannot use the HSRP MAC address burned-in option on a VLAN interface that is a vPC
member.
If you have not configured authentication, the show hsrp command displays the following string:
Authentication text "cisco"
This is the default behavior of HSRP as defined in RFC 2281:
If no authentication data is configured, the RECOMMENDED default value is 0x63 0x69 0x73
0x63 0x6F 0x00 0x00 0x00.
8. HSRP (Hot Standby Router Protocol)
Default Settings
Parameters Default
HSRP Disabled
Authentication Enabled as text for version 1, with cisco as the password
HSRP version Version 1
Preemption Disabled
Priority 100
Virtual MAC address Derived from HSRP group number
Enabling HSRP
You must globally enable HSRP before you can configure and enable any HSRP groups.
To enable the HSRP feature in a VDC, use the following command in global configuration mode:
Command Purpose
feature hsrp
Example:
switch(config)# feature hsrp
Enables HSRP.
To disable the HSRP feature in a VDC and remove all associated configurations, use the following
command in global configuration mode:
Command Purpose
no feature hsrp
Example:
switch(config)# no feature hsrp
Disables HSRP for all groups in a VDC.
Configuring the HSRP Version
You can configure the HSRP version. If you change the version for existing groups, Cisco NX-OS
reinitializes HSRP for those groups because the virtual MAC address changes. The HSRP version applies
to all groups on the interface.
9. HSRP (Hot Standby Router Protocol)
(Note: IPv6 HSRP groups must be configured as HSRP version 2.)
To configure the HSRP version, use the following command in interface configuration mode:
Command Purpose
hsrp version {1 | 2}
Example:
switch(config-if)# hsrp version 2
Configures the HSRP version. Version 1 is the default.
Configuring an HSRP Group for IPv4
You can configure an HSRP group on an IPv4 interface and configure the virtual IP address and virtual
MAC address for the HSRP group.
SUMMARY STEPS
1. configure terminal
2. interface type number
3. ip ip-address/length
4. hsrp group-number [ipv4]
5. ip [ip-address [secondary]]
6. exit
7. no shutdown
8. (Optional) show hsrp [group group-number] [ipv4]
9. (Optional) copy running-config startup-config
The following example shows how to configure an HSRP group on Ethernet 1/2:
switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# ip 192.0.2.2/8
switch(config-if)# hsrp 2
switch(config-if-hsrp)# ip 192.0.2.1
switch(config-if-hsrp)# exit
switch(config-if)# no shutdown
switch(config-if)# copy running-config startup-config
Configuring an HSRP Group for IPv6
You can configure an HSRP group on an IPv6 interface and configure the virtual MAC address for the
HSRP group.
10. HSRP (Hot Standby Router Protocol)
When you configure an HSRP group for IPv6, HSRP generates a link-local address from the link-local
prefix. HSRP also generates a modified EUI-64 format interface identifier in which the EUI-64 interface
identifier is created from the relevant HSRP virtual MAC address.
There are no HSRP IPv6 secondary addresses.
SUMMARY STEPS
1. configure terminal
2. interface type number
3. ipv6 address ipv6-address/length
4. hsrp version 2
5. hsrp group-number ipv6
6. ip [ipv6-address [secondary]]
7. ip autoconfig
8. no shutdown
9. (Optional) show hsrp [group group-number] [ipv6]
10. (Optional) copy running-config startup-config
This example shows how to configure an IPv6 HSRP group on Ethernet 3/2:
switch# configure terminal
switch(config)# interface ethernet 3/2
switch(config-if)# ipv6 address 2001:0DB8:0001:0001:/64
switch(config-if)# hsrp 2 ipv6
switch(config-if-hsrp)# exit
switch(config-if)# no shutdown
switch(config-if)# copy running-config startup-config
Example of HSRP
R1 (config) #int fa0/0
R1 (config-if) #ip add 192.168.101.2 255.255.255.0
R1 (config-if) #no shut
R1 (config-if) #int s0/0
R1 (config-if) #ip add 192.168.1.1 255.255.255.0
R1 (config-if) #no shut
R1 (config) #router ei 100
R1 (config-router) #no auto
R1 (config-router) #network 0.0.0.0
11. HSRP (Hot Standby Router Protocol)
Ho (config) #int fa0/0
Ho (config-if) #ip add 192.168.102.1 255.255.255.0
Ho (config-if) #no shut
Ho (config-if) #int s0/0
Ho (config-if) #ip add 192.168.1.2 255.255.255.0
Ho (config-if) #no shut
Ho (config-if) #int s0/1
Ho (config-if) #ip add 192.168.2.1 255.255.255.0
Ho (config-if) #no shut
Ho (config-if) #router ei 100
Ho (config-router) #no auto
Ho (config-router) #network 0.0.0.0
R2 (config) #int fa0/0
R2 (config-if) #ip add 192.168.101.3 255.255.255.0
R2 (config-if) #no shut
12. HSRP (Hot Standby Router Protocol)
R2 (config-if) #int s0/0
R2 (config-if) #ip add 192.168.2.2 255.255.255.0
R2 (config-if) #no shut
R2 (config-if) #router ei 100
R2 (config-router) #no auto
R2 (config-router) #network 0.0.0.0
Ho #sh ip route
R1#sh ip int br
R2#sh ip int br
Now we will provide the IP add to the PC, which is 192.168.101.10. And computer Gateway would
192.168.101.1.
Right now 192.168.101.1 (computers default gateway) doesn’t exist anywhere.
Computer #ping 192.168.102.1
Unsuccessful
Now we will provide this virtual ip
R1 (config) #int fa0/0
R1 (config-if) #standby 1 ip 192.168.101.1
R2 (config) #int fa0/0
R2 (config-if) #standby 1 ip 192.168.101.1
(Here 1 means Group 1)
R1#sh standby
State is active, Group 1, Hello 3 sec, Hold 10 sec
Virtual Mac – 0.0.0.0:0c07:ac01
Preempt disabled, Default Priority 100
R2#sh standby
Computer #tracert 192.168.102.1
Now here we will shut down the interface f0/0 of R1
R1 (config) #int fa0/0
R1 (config-if) #shut
13. HSRP (Hot Standby Router Protocol)
R2 will immediately become active
Computer # ping 192.168.102.1
Now we will up the R1s f0/0
R1 (config) #int fa0/0
R1 (config-if) #no shut
R1#sh standby
Now we can see R1 is in standby mode. Now we will shut the fa0/0 of R2
R2 (config) #int fa0/0
R2 (config-if) #shut
R1#sh standby
Here we can see state is active
R2 (config) #int fa0/0
R2 (config-if) #no shut
Now here we can see R1 is active, but we want to make R2 as active. For that we will change the
Priority
R2 (config) #int fa0/0
R2 (config-if) #standby 1 priority 101
R2 (config-if) #standby 1 preempt
Here we increased the priority which was by default 100, and then enabled preempt which will force the
high priority router to become active.
R2#sh standby
Active
Now if we want to make the R1 active then we increased the R1s priority and enable the Preempt.
R1 (config) #int fa0/0
R1 (config-if) #standby 1 priority 102
R1 (config-if) #standby 1 preempt
R1#sh standby
Active
14. HSRP (Hot Standby Router Protocol)
Now here what we can see if the R1s f0/0 would down then R2s f0/0 would become active but if the R1s
S0/0 would down then what will happen? Data will move first on R1 and then it will reach on switch,
after that it will go on R2.
R1 (config) #int s0/0
R1 (config-if) #shut
Computer# tracert 192.168.102.1
Now here we want, if the R1s s0/0 is down then data should immediately forward via R2.
R1 (config) #int s0/0
R1 (config-if) #no shut
R1 (config-if) #int fa0/0
R1 (config-if) #standby 1 track s0/0
All the command will run on LAN Link.
Here if the serial link will down then track will decrement 10 in priority.
R1 (config) #int s0/0
R1 (config-if) #shut
R1#sh standby
Priority 92 (10 decreased)
Computer# tracert 192.168.102.1
Now data will go directly via R2
R1 (config) #int s0/0
R1 (config-if) #no shut
R1#sh standby
Priority 102
R1#sh run config int fa0/0
Now here if we want load balancing
R2 (config) #int fa0/0
R2 (config-if) #standby 2 ip 192.168.101.4
R2 (config-if) #standby 2 priority 101
R2 (config-if) #standby 2 preempt
R2 (config-if) #standby 2 track s0/0
R2#sh run int fa0/0
R1 (config) #int fa0/0