Internet Failover Using Cisco HSRP
I have a very unique internet setup at my house, I currently have two Road Runner connections. One is for all the roommates and the other is for me, paid out of pocket for my consulting work. There are plenty of products out there that would allow failover but my version of failover, is like I said, unique.
I want both connections active, at all times. The problem is that sometimes only one of the connections goes down or I am doing maintenance on one but don’t want to disconnect everyone. The solution for me was a combination of static routes, two layer 3 Cisco switches and IPCop.
Below is the quick overview of steps. I will add a network diagram later.
- Add static route on each Cisco switch pointing to an IPCop
- Place green IPCop segment in isolated Vlan accessing only one switch.
- Configure IP address on isolated vlan
- Add static route on IPCop to point the internal network to the linked switch
- Configure 2nd IPCop and switch in the same manner
- Setup IP Standby on Cisco switches
I did this set up a month or so ago so the exact steps are hazy but this should get you through assuming you have worked with IPCop and Cisco switches before.
The configuration for the direct vlan. Notice the subnet mask. We only need 2 hosts in this vlan so there is no use wasting a full 256 addresses. This mask gives us addresses at .1 and .2, we can then use the same again and have .5 and .6 for use with IPCopB and SwitchB, as show in the 2nd snippet.
ip route 0.0.0.0 0.0.0.0 10.0.255.1 interface Vlan255 description Direct to IPCopA ip address 10.0.255.2 255.255.255.252
ip route 0.0.0.0 0.0.0.0 10.0.255.5 interface Vlan256 description Direct to IPCopB ip address 10.0.255.6 255.255.255.252
This code provides ‘up’ status checking. With just one check things failed over too often so I adjusted to an OR statement of two hosts. Both must be unreachable before the link is considered down. The two IPs are a RR DNS server and an IP of the Google website cluster that was returned by a ping of Google.
track 101 rtr 101 reachability ! track 102 rtr 102 reachability ! track 200 list boolean or object 101 object 102 ! ip sla 101 icmp-echo 22.214.171.124 frequency 120 ip sla schedule 101 life forever start-time now ip sla 102 icmp-echo 126.96.36.199 frequency 120 ip sla schedule 102 life forever start-time now
Here is the code for the HSRP on Switch A
standby 1 ip 10.0.1.1 standby 1 priority 200 standby 1 preempt standby 1 authentication password standby 1 name Consulting-Gateway standby 1 track 200 decrement 150 standby 11 ip 10.0.1.11 standby 11 preempt standby 11 authentication password standby 11 name Roommate-Gateway
Here is the code for the HSRP on Switch B
standby 1 ip 10.0.1.1 standby 1 preempt standby 1 authentication password standby 1 name Consulting-Gateway standby 11 ip 10.0.1.11 standby 11 priority 200 standby 11 preempt standby 11 authentication password standby 11 name Roommate-Gateway standby 11 track 200 decrement 150
More information and explanations to follow.
Cisco 3560 – HSRP Manual