[c-nsp] HSRP and removing connected route

Jay Hennigan jay at west.net
Thu Dec 8 16:44:54 EST 2011

On 12/8/11 12:23 PM, Jay Nakamura wrote:
> So, the situation is this.
> Let's say I have a topology where there are two routers, each router
> connected to separate switches, and the two switches are connected to
> a gigabit ethernet WAN.

Just to each other or to other resources on the WAN?

> One router and switch is in one city, other router and switch is in
> another city.
> There is a VLAN that spans the two routers, two switches and servers
> hosted in one city.

Somewhat confused here, as previously you indicated that there was one
router/switch pair in each city.  Or is it router/switch A along with
servers in city A and router/switch B in city B that wants to reach the
servers in city A?

> I have the VLAN on HSRP between the two routers.
> The problem is this.  When the gigabit WAN goes down, the one end of
> the router without the host will still try to route that traffic out
> it's VLAN.  Is there a way to prevent that by using IP SLA or track
> command or some other trick?  Perhaps shutdown the subinterface auto
> magically?  (Although, if it shuts it down, I am not sure how it will
> detect that the service is back up)

Is there a backup route via another path for the orphaned remote city to
reach the servers?

If the link goes down, HSRP will fail to see heartbeats and both routers
will assume the virtual IP and primary role.  This may not be what you
want, but if the orphaned end is connected to nothing it probably won't
hurt anything.  You probably want to use preempt if you want one router
to be "sticky" as primary after a failure and recovery.

You can certainly use IP SLA and track to pull down a static route
should the other end not be pingable.  Unless there's a backup path it
won't do anything useful, though.

I wouldn't shut down the VLAN unless you WANT to have to manually bring
it back up after a failure.

> Or is there something I am not thinking of I should be doing other than HSRP?

If a host on the WAN link that is critical to reach is a router you can
run a routing protocol over it such as OSPF.  Depending on exactly what
the problem is that you're trying to solve you might also be able to use
a routing protocol instead of HSRP just between the pair to determine
what do do in case of a link failure.

Things to consider are other potential failure modes, convergence time,
scalability and growth.  HSRP with IP/SLA and track are probably fine
for a pair of devices, but if you expect this to grow to other sites you
might want to consider a routing protocol.

Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

More information about the cisco-nsp mailing list