[c-nsp] HSRP, and the router on the other side...

[Phil Mayers]

On 03/29/2010 08:40 PM, Rick Coloccia wrote:
> Hi Everyone,
>
> Please view this message in a fixed width font for the bad ascii art to
> make sense... thanks!
>
> I have an HSRP question, I'm hoping someone here can clarify something
> for me that isn't made clear in any of the many "how to use HSRP" web
> sites all over the web.
>
> Most of HSRP makes sense to me:
>
> plug many hosts into a switch
> plug the switch into 2 routers
> configure the two interfaces on the routers to belong to the same hsrp
> group and to share a third virtual ip address
> tell the many hosts that the virtual ip address is their router.
>
> on the two routers, tell each that their upstream router is exactly who
> it is.  In my case I am using a static route from each of the two
> routers to a third router that is upstream from both of these two
> routers doing the hsrp.
>
> Here's my question:  How do I tell the upstream router to get back to my
> hosts via the switch on which the virtual ip address resides?

You don't. You can't. It's (arguably) a weakness of HSRP compared to 
some combined layer2/layer3 failover protocols e.g. Extreme ESRP.

The return traffic will always come in via the lowest-cost route, and if 
it hits the HSRP standby, it will be emitted there, since a "connected" 
route always wins.

Depending on what routing protocol you are using you could write an EEM 
applet to modify a route-map changing the advertised route metric when 
HSRP master/slave status changes, but honestly I wouldn't bother - 
instead, just deal with the issue.


> ip route 10.10.10.0 255.255.255.0 10.10.10.2
> and/or
> ip route 10.10.10.0 255.255.255.0 10.10.10.3
> and/or
> ip route 10.10.10.0 255.255.255.0 Vlan7

None of the above. It's either:

ip route 10.10.10.0 255.255.255.0 Vlan7 10.10.11.2
ip route 10.10.10.0 255.255.255.0 Vlan7 10.10.11.3

...or better yet, a dynamic routing protocol, and accept that some/all 
of the traffic will hit the HSRP slave on return path.