Guide of Replacing the HSRP

Created: Mar 23, 2017 14:54:39Latest reply: Jul 10, 2018 19:48:18 5087 2 1 0

 

1.1 HSRP Principle

Background

As the Internet gains in popularity, people rely more and more on networks. To improve network stability, the device backup is used, which is similar to dual hard disks in a server to improve data security. Devices at the network core layer are central to the entire network. If a critical fault occurs on the core devices, the local network breaks down. If the backbone router becomes faulty, the impact will be significant. Therefore, it is inevitable that core devices work in hot standby mode to improve network reliability. When a core device fails, the backup device in the system will take over it until the faulty device is restored. The Hot Standby Router Protocol (HSRP) is used to address the preceding issue.

HSRP Principle

HSRP is a Cisco proprietary router redundancy protocol. It allows multiple routers to be deployed in hot standby mode to eliminate network interruption caused by a single device failure.

To achieve HSRP, two or more routers on a network form a hot standby group, which is a virtual router.

HSRP uses the priority to determine the active router. The HSRP priority can be set manually.

If a router has a higher priority than all other routers, the router becomes the active router in the corresponding standby group. When Hello messages sent from the active router fail to be received within the hold time, the standby router with the highest priority becomes the active router. None of the hosts on the network detects the packets exchanged between routers.

The following figure shows the working mechanism of HSRP which is similar to that of VRRP:

Figure 1-1 Working mechanism of HSRP

20170323145354126004.png

 

Basic Concepts

l   Standby group: indicates a group of devices which form a virtual router, which called HSRP router.

l   Active router: indicates a router in a standby group that forwards packets on behalf of the virtual router.

l   Standby router: indicates the first standby router in a standby group.

l   Hello Time: indicates the interval for a device to send Hello messages. If the value is not specified, the Hello time depends on the interval when the active router successfully sends two Hello messages. Otherwise, the default value (3s) is used.

l   Hold Time: indicates the interval for the HSRP router to declare an active router failure, which is characterized by being at least 3 times that of the Hello time

l   Standby priority: indicates the priority of routers in an HSRP group, which is 100 by default. If the routers have the same priority, the router with the largest IP address becomes the active router. This address is the IP address of the interface have a HSRP configured.

l   Virtual MAC address: indicates the MAC address of the virtual router. 00.00.0c.07.ac.2f is used as an example.

           Vendor ID: indicates the first three bytes. 00.00.0c indicates the Cisco device.

           HSRP code: indicates that the MAC address is used to identify one HSRP virtual router, which is always 07.ac.

           HSRP group number: indicates the group ID, which identifies the number of the HSRP backup group. In this example, 2f is a hexadecimal value, which equals to the decimal value 47.

HSRP Message

A router configured with HSRP has the following three types of multicast messages:

l   Hello: is sent when HSRP is running on the router that can become an active router or standby router. By default, HSRP routers send a Hello message every three seconds.

l   Coup: is sent by a standby router when it becomes an active router.

l   Resign: is sent by the active router when the active router wants to go Down or when a router with a higher priority sends a Hello message. This message indicates that the active router does not want to be the active router again.

HSRP messages are encapsulated in UDP packets using the UDP port number 1985. The destination IP address is the multicast IP address 224.0.0.2 (means all-router) with a TTL value of 1.

HSRP State

HSRP defines six possible states of an HSRP-enabled router.

l   Initial: indicates the state of HSRP upon startup. HSRP is not running at this time. A router enters this state when the configuration is changed or the interface is just started.

l   Learn: indicates that a router is waiting for messages from the active router. At this time, the router has not received Hello messages from the active router and has not learned the virtual router IP address.

l   Listen: indicates that the router is listening to Hello messages. When the virtual IP address is obtained, routers (but not the active and standby routers) remain in Listen state.

l   Speak: indicates that the router sends Hello messages periodically and participates in the election of the active router or standby router.

l   Standby: indicates the state of a router in a standby group. Standby group members monitor the active router, and are ready to take over services on the active router when it fails. Additionally, a group member periodically sends Hello messages to other members to notify its own state.

l   Active: indicates the state of the active router (responsible for data transmission) in a standby group.

1.2 Interworking Analysis

Based on the HSRP principle, the destination MAC address of HSRP packets is different from that of VRRP packets. Therefore, the two protocols cannot interwork with each other. When Huawei S series switches replace Cisco devices, HSRP can only be replaced by VRRP with the following two replacement methods:

l   Replace HSRP with VRRP in Cisco devices before migration.

a.         Shut down Layer 3 interfaces on an HSRP standby device. Some downlink services are affected during this process, and service interruption time is equal to the route switching time.

b.         Change the configurations of the HSRP standby device to those of a VRRP master device and keep Layer 3 interfaces Down.

c.         Shut down Layer 3 interfaces on the HSRP active device, and enable Layer 3 interfaces on a VRRP master device to complete service switching.

d.         Change the configurations of the HSRP active device to those of a VRRP backup device, and enable Layer 3 interfaces to complete HSRP-to-VRRP switching.

e.         Migrate services of the VRRP backup device to the Huawei VRRP backup device.

f.          Migrate services of the VRRP master device to the Huawei VRRP master device.

l   Migrate downlinks on HSRP active and standby devices to Huawei VRRP master and backup devices.

a.         Before migration, ensure that there are network-side routes on Huawei devices to minimize the service loss after the service platform switching begins.

b.         Shut down downlink interfaces of the HSRP standby device, connect the physical cable to the VRRP master device, and keep interfaces Down.

c.         Shut down downlink interfaces of the HSRP active device, and immediately enable interfaces on the VRRP master device to complete service switching.

d.         Connect physical cables of the HSRP active device to the VRRP backup device, and enable interfaces on the VRRP backup device to complete the migration.

The first replacement method is not commonly used because service is interrupted for about 3 seconds during Step 3. Therefore, you are advised to use the second replacement method.

1.3 Comparison Between HSRP and VRRP

Comparison Between HSRP and VRRP Parameters

Table 1-1 Comparison between HSRP and VRRP parameters

Parameter

HSRP

VRRP

Standards compliance

Cisco proprietary protocol with low protocol compliance

Standard protocol with high protocol compliance

Destination MAC address of protocol packets

00-00-0c-07-ac-Group_ID

00-00-5e-00-01-VRID

Destination IP address of protocol packets

224.0.0.2

224.0.0.18

TTL

1

255

Encapsulation mode

Encapsulated in UDP packets, port number 1985

Encapsulated in IP packets

Default interval for sending Hello messages

Sending interval: 3s, timeout interval: 9s

Sending interval: 1s, timeout interval: 3s

Association with an interface

Supported

Supported

Protocol state machine

Initial, Learn, Listen, Speak, Standby, Active

Initialize, Master, Backup

 

Comparison Between HSRP and VRRP Commands

Table 1-2 Comparison between HSRP and VRRP commands

Function

HSRP Command

VRRP Command

Configure a standby group.

standby group-number ip virtual-ip-address

vrrp vrid virtual-router-id virtual-ip virtual-address

Configure the priority for a standby group.

standby group-number priority priority-value

vrrp vrid virtual-router-id priority priority-value

Configure the preemption mode.

standby group-number Preempt

vrrp vrid virtual-router-id preempt-mode disable

Configure the Hello message timer.

standby group-number timers hellotime holdtime

vrrp vrid virtual-router-id timer advertise advertise-interval

Display the configuration of a standby group.

show standby vlan vlan-number

show stanby brief

debug standby

display vrrp brief

debugging vrrp4 state interface interface-type interface-number vrid virtual-router-id

debugging vrrp4 packet interface interface-type interface-number vrid virtual-router-id [ verbose ]

debugging vrrp4 timer interface interface-type interface-number vrid virtual-router-id

Configure association with interfaces.

standby group-number track type number interface-priority

vrrp vrid virtual-router-id track interface interface-type interface-number [ increased value-increased | reduced value-reduced ]

 

1.4 Replacement Solution

Overview

HSRP and VRRP cannot interwork with each other. In the replacement solution, services on HSRP active and standby downlinks are migrated to the Huawei VRRP master and backup devices.

Networking Requirements

In Figure 1-2, Cisco switches are deployed. Two core switches constitute a stack. Two aggregation switches establish an Eth-Trunk in manual load balancing mode, and also establish OSPF neighbor relationships with core switches to receive and transmit routes. HSRP is used to implement virtual gateway backup. CiscoA is the master gateway and CiscoB is the backup gateway. In networking, the switches use Rapid PVST+ to prevent loops.

Huawei S series switches are used to replace two aggregation switches in the networking without changing the original network planning.

The following are HSRP configurations on the Cisco aggregation switches.

CiscoA

interface Vlan110
 ip address 172.31.217.156 255.255.255.224
 standby 110 ip 172.31.217.158
 standby 110 priority 110
 standby 110 preempt delay minimum 60
 standby 110 authentication hsrp110
interface Vlan120
 ip address 172.31.218.157 255.255.255.224
 standby 120 ip 172.31.218.158
 standby 120 authentication hsrp120

CiscoB

interface Vlan110
 ip address 172.31.217.155 255.255.255.224
 standby 110 ip 172.31.217.158
 standby 110 authentication hsrp110
interface Vlan120
 ip address 172.31.218.156 255.255.255.224
 standby 120 ip 172.31.218.158
 standby 120 priority 110
 standby 120 preempt delay minimum 60
 standby 120 authentication hsrp120

Figure 1-2 Networking for HSRP

20170323145355746005.png

 

Configuration Roadmap

1.         Configure OSPF for the Huawei S series switches to establish OSPF neighbor relationships with core switches to receive and transmit routes.

2.         Configure link aggregation in manual load balancing mode between Huawei S series switches to load balance traffic.

3.         Configure VRRP for Huawei S series switches to replace HSRP on the original Cisco switches to implement virtual gateway backup.

4.         Configure Huawei S series switches to achieve interworking with other Cisco switches to prevent loops. For detailed interworking solution, see Interworking and Replacement Guide of Cisco Spanning Tree Protocols and Huawei MSTP and VBST.

5.         Configure service forwarding functions for the Huawei S series switches by following the original network planning.

Procedure

                               Step 1     Run the show standby brief command to check the device status.

# Check the HSRP status of CiscoA.

CiscoA# show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Vlan110     110  110 P Active  local           172.31.217.155  172.31.217.158
Vlan120     120  100   Standby 172.31.218.156  local           172.31.218.158

# Check the HSRP status of CiscoB.

CiscoB# show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Vlan110     110  100   Standby 172.31.217.156  local           172.31.217.158
Vlan120     120  110 P Active  local           172.31.218.157  172.31.218.158

                               Step 2     Power on two Huawei S series switches and connect the links between them and the uplinks in bypass mode. Configure IP addresses for the core switches' downlink interfaces, and configure IP addresses and loopback addresses for the S series switches' uplink interfaces. Configure VRRP and configure HuaweiB as the master switch. Complete all the configurations on Huawei S series switches, and then shut down the VLANIF interfaces on the downlink access side.

# Configure VRRP for HuaweiB. Configure HuaweiB as the master device in VRRP group 1, and the backup device in VRRP group 2.

<HUAWEI> system-view
[HUAWEI] syaname HuaweiB
[HuaweiB] interface vlanif 110
[HuaweiB-Vlanif110] ip address 172.31.217.156 255.255.255.224
[HuaweiB-Vlanif110] vrrp vrid 110 virtual-ip 172.31.217.158
[HuaweiB-Vlanif110] vrrp vrid 110 priority 110
[HuaweiB-Vlanif110] vrrp vrid 110 preempt-mode timer delay 60
[HuaweiB-Vlanif110] vrrp vrid 110 authentication-mode simple cipher vrrp110
[HuaweiB-Vlanif110] quit
[HuaweiB] interface vlanif 120
[HuaweiB-Vlanif120] ip address 172.31.218.157 255.255.255.224
[HuaweiB-Vlanif120] vrrp vrid 120 virtual-ip 172.31.218.158
[HuaweiB-Vlanif120] vrrp vrid 120 authentication-mode simple cipher vrrp120
[HuaweiB-Vlanif120] quit

# Configure VRRP for HuaweiA. Configure HuaweiA as the backup device in VRRP group 1, and the master device in VRRP group 2.

<HUAWEI> system-view
[HUAWEI] syaname HuaweiA
[HuaweiA] interface vlanif 110
[HuaweiA-Vlanif110] ip address 172.31.217.155 255.255.255.224
[HuaweiA-Vlanif110] vrrp vrid 110 virtual-ip 172.31.217.158
[HuaweiA-Vlanif110] vrrp vrid 110 authentication-mode simple cipher vrrp110
[HuaweiA-Vlanif110] quit
[HuaweiA] interface vlanif 120
[HuaweiA-Vlanif120] ip address 172.31.218.156 255.255.255.224
[HuaweiA-Vlanif120] vrrp vrid 120 virtual-ip 172.31.218.158
[HuaweiA-Vlanif120] vrrp vrid 120 priority 110
[HuaweiA-Vlanif120] vrrp vrid 120 preempt-mode timer delay 60
[HuaweiA-Vlanif120] vrrp vrid 120 authentication-mode simple cipher vrrp120
[HuaweiA-Vlanif120] quit

                               Step 3     Based on the Cisco device HSRP configurations, CiscoA is an active router. Shut down CiscoB's downlink interfaces, connect CiscoD's physical cables to HuaweiB, and keep the interface connecting CiscoD and HuaweiB Down.

Figure 1-3 VRRP replacement (step 1)

20170323145356809006.png

 

                               Step 4     Shut down CiscoA's downlink interfaces and immediately enable HuaweiB's interfaces to complete service switching.

                               Step 5     Test HuaweiB's configured services. If no exception is detected, connect the physical cables connecting CiscoA with CiscoD to HuaweiA. Enable the interfaces on HuaweiA to complete migration.

Figure 1-4 VRRP replacement (step 2)

20170323145356304007.png

 

                               Step 6     Complete the access switch migration one by one based on the preceding steps.

                               Step 7     Check the VRRP status of Huawei switches.

# Check the VRRP status of HuaweiB.

[HuaweiB] display vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
110   Master       Vlanif110                Normal   172.31.217.158 
120   Backup       Vlanif120                Normal   172.31.218.158 
----------------------------------------------------------------
Total:2     Master:1     Backup:1     Non-active:0 

# Check the VRRP status of HuaweiA.

[HuaweiA] display vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
110   Backup       Vlanif110                Normal   172.31.217.158 
120   Master       Vlanif120                Normal   172.31.218.158 
----------------------------------------------------------------
Total:2     Master:1     Backup:1     Non-active:0

----End

Configuration Files

HuaweiB configuration file

#                                                                               
interface Vlanif110                                                              
 ip address 172.31.217.156 255.255.255.224                                      
 vrrp vrid 110 virtual-ip 172.31.217.158                                        
 vrrp vrid 110 priority 110                                                      
 vrrp vrid 110 preempt-mode timer delay 60                                      
 vrrp vrid 110 authentication-mode simple cipher %^%#!e<$Ql28W2S&k^Jl;mU#/)n59kqh%9rF_E8EFWIF%^%#
#
interface Vlanif120                                                              
 ip address 172.31.218.157 255.255.255.224                                      
 vrrp vrid 120 virtual-ip 172.31.218.158                                        
 vrrp vrid 120 authentication-mode simple cipher %^%#S0^rDt=7[I1a^EU\zzpSN2BoIHvN%H]o&0M2_A=&%^%#
#

HuaweiA configuration file

#                                                                               
interface Vlanif110                                                             
 ip address 172.31.217.155 255.255.255.224                                      
 vrrp vrid 110 virtual-ip 172.31.217.158                                        
 vrrp vrid 110 authentication-mode simple cipher %^%#%XlM,3)SX/Q{S+'bB9GA.1wI;wh^^&ReNC-c:K<L%^%#
#
interface Vlanif120                                                             
 ip address 172.31.218.156 255.255.255.224                                      
 vrrp vrid 120 virtual-ip 172.31.218.158                                        
 vrrp vrid 120 priority 110                                                      
 vrrp vrid 120 preempt-mode timer delay 60                                      
 vrrp vrid 120 authentication-mode simple cipher %^%#tkK~$%dlFD%Yv>"UzAd8=o6k:z6c0Z%K`pPueWC/%^%#
#

1.5 Checking the Device Status Before and After Replacement

Table 1-3 Check Cisco devices items before replacement

Procedure

Check Item

Command

1

Check the clock status.

show clock

2

Check the NTP status.

show ntp status

3

Check the interface status.

show inventory

show interface brief

show interfaces

4

Check the HSRP status.

show standby

show standby brief

show standby all

5

Check the saved configurations.

show version

show running-config

 

Table 1-4 Check Huawei device items after replacement

Procedure

Check Item

Command

1

Check version information.

display startup

display version

2

Check the clock status.

display clock

3

Check the NTP status.

display ntp-service sessions

display ntp-service sessions verbose

display ntp-service status

4

Check the interface status.

display interface brief

display interface

5

Check the VRRP status.

display vrrp brief

display vrrp

6

Check the device configuration.

display current-configuration

display saved-configuration

 

  • x
  • convention:

user_2790689     Created Mar 23, 2017 15:58:55 Helpful(1) Helpful(1)

thank you
  • x
  • convention:

yogijain     Created Jul 10, 2018 19:48:18 Helpful(1) Helpful(1)

can you please help to replica of cisco nexus 9k to Huawei 6700 switch


cisco config is as follows


vdc paytm9k1 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 511
limit-resource u4route-mem minimum 248 maximum 248
limit-resource u6route-mem minimum 96 maximum 96
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8

feature telnet
cfs eth distribute
feature interface-vlan
feature hsrp
feature lacp
feature vpc
ssh key rsa 2048
ip domain-lookup
system default switchport
copp profile strict
snmp-server contact NOC
snmp-server location India
snmp-server source-interface traps mgmt0
snmp-server source-interface informs mgmt0
snmp-server globalEnforcePriv
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
snmp-server community Nexus-Sify group network-operator


vrf context management
hardware profile portmode 48x25G+2x100G+4x40G

vpc domain 10
role priority 10
peer-keepalive destination 192.168.25.2 source 192.168.25.1


interface Vlan1

interface Vlan2
description *** Management ***
no shutdown
ip address 172.16.202.2/24
hsrp 0
preempt
ip 172.16.202.1
hsrp 2
priority 90

interface Vlan10
no shutdown
ip address 172.16.203.2/24
hsrp 1
preempt
ip 172.16.203.1

interface Vlan20
no shutdown
ip address 172.16.204.2/24
hsrp 2
preempt
ip 172.16.204.1

interface Vlan30
no shutdown
ip address 172.16.205.2/24
hsrp 3
preempt
ip 172.16.205.1

interface Vlan40
no shutdown
ip address 172.16.206.2/28
hsrp 40
ip 172.16.206.1 secondary

interface port-channel15
description "PEER-LINK"
switchport mode trunk
spanning-tree port type network
vpc peer-link

interface mgmt0
vrf member management
ip address 192.168.25.1/30
line console
line vty
ip route 0.0.0.0/0 172.16.202.4
no system default switchport shutdown

  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top