Internet Failover Using Cisco HSRP

I have a very unique internet setup at my house, I currently have two Road Runner connections. One is for all the roommates and the other is for me, paid out of pocket for my consulting work. There are plenty of products out there that would allow failover but my version of failover, is like I said, unique.

I want both connections active, at all times. The problem is that sometimes only one of the connections goes down or I am doing maintenance on one but don’t want to disconnect everyone. The solution for me was a combination of static routes, two layer 3 Cisco switches and IPCop.

Below is the quick overview of steps. I will add a network diagram later.

  1. Add static route on each Cisco switch pointing to an IPCop
  2. Place green IPCop segment in isolated Vlan accessing only one switch.
  3. Configure IP address on isolated vlan
  4. Add static route on IPCop to point the internal network to the linked switch
  5. Configure 2nd IPCop and switch in the same manner
  6. Setup IP Standby on Cisco switches

I did this set up a month or so ago so the exact steps are hazy but this should get you through assuming you have worked with IPCop and Cisco switches before.

The configuration for the direct vlan. Notice the subnet mask. We only need 2 hosts in this vlan so there is no use wasting a full 256 addresses. This mask gives us addresses at .1 and .2, we can then use the same again and have .5 and .6 for use with IPCopB and SwitchB, as show in the 2nd snippet.

ip route 0.0.0.0 0.0.0.0 10.0.255.1
interface Vlan255
description Direct to IPCopA
ip address 10.0.255.2 255.255.255.252
ip route 0.0.0.0 0.0.0.0 10.0.255.5
interface Vlan256
description Direct to IPCopB
ip address 10.0.255.6 255.255.255.252

This code provides ‘up’ status checking. With just one check things failed over too often so I adjusted to an OR statement of two hosts. Both must be unreachable before the link is considered down. The two IPs are a RR DNS server and an IP of the Google website cluster that was returned by a ping of Google.

track 101 rtr 101 reachability
!
track 102 rtr 102 reachability
!
track 200 list boolean or
object 101
object 102
!
ip sla 101
icmp-echo 24.92.226.40
frequency 120
ip sla schedule 101 life forever start-time now
ip sla 102
icmp-echo 72.14.207.99
frequency 120
ip sla schedule 102 life forever start-time now

Here is the code for the HSRP on Switch A

standby 1 ip 10.0.1.1
standby 1 priority 200
standby 1 preempt
standby 1 authentication password
standby 1 name Consulting-Gateway
standby 1 track 200 decrement 150
standby 11 ip 10.0.1.11
standby 11 preempt
standby 11 authentication password
standby 11 name Roommate-Gateway

Here is the code for the HSRP on Switch B

standby 1 ip 10.0.1.1
standby 1 preempt
standby 1 authentication password
standby 1 name Consulting-Gateway
standby 11 ip 10.0.1.11
standby 11 priority 200
standby 11 preempt
standby 11 authentication password
standby 11 name Roommate-Gateway
standby 11 track 200 decrement 150

More information and explanations to follow.

Diagram:

Useful Links:
Cisco 3560 – HSRP Manual