In my last tip, I discussed Multi-group HSRP and how to set up some simple load-balancing with it. In this tip, I want to look at a better way for the routers to figure out which one is the primary.
Years ago, HSRP was very useful for providing failover, but it had some pretty serious drawbacks; it would only fail over if the LAN interface failed, or if the whole router failed. It would not fail over if the WAN interface went down, or if the routing got mixed up, etc. So Cisco added the ability to track interfaces with the standby command, but this was limited to the router itself. So, for instance, if the WAN interface went down on the primary router, the HSRP standby router would take over, but you couldn't track interfaces on another router, or a switch for instance, and this still caused some problems with Frame-relay interfaces which would remain up, even if the router on the far end went down. That issue was remedied by an obscure hack where frame-relay keepalives are used to trigger failover. Yet, none of these really solve the problem common in enterprise networks today, where what you really want to trigger a failover is a few hops away. This is particularly true in networks that use diverse POPs and especially diverse service providers for their redundant circuits.
As of IOS version 12.2(15)T, finally there is a really solid solution for this. The answer requires the Service Assurance Agent (SAA), which is capable of tracking devices. It can track routes, as well, and not just routes, but their metric and reachability.
The ability to track the presence of a route is likely immediately obvious to readers of this site, but consider how keen the metric tracking is. With the growing emphasis on minimal delay for such applications as VoIP, metric tracking gives your hosts the ability to automatically send their traffic to the router with the best route.
As an example, let's say your primary path is usually slightly faster than your backup path, but a failure occurs in a region of your service provider's backbone that causes the primary path to be slower (reflected in the route metrics). If HSRP is configured as an SAA client, then when a route metric crosses a threshold defined by you, it can trigger a failover.
To configure SAA to track a route, use the track command:
track <object> ip route <x.x.x.x/y> metric threshold
threshold metric down <x> up <y>
use the "show track" command to make sure it's working.
To configure HSRP as an SAA client, use the "standby track" command, which will allow you to decrement the priority when the tracked object exceeds a threshold.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.