HSRP est un protocole de redondance de niveau 3, Active/Standby Failover, propriétaire cisco, créé en 1994.
Le principe est d’avoir une IP/mac virtuelle partagée entre plusieurs routeurs. Seul un routeur est actif (Active) à la fois, celui qui a la priorité la plus élevée. Les autres sont en état « Standby ».
Le principe est d’envoyer pédiodiquement des messages « Hello » à une adresse multicast: 224.0.0.2 pour HRSPv1 et 224.0.0.102 pour HSRPv2.
Configuration sur un c2621XM Cisco IOS 12.4(15)T14:
philb@core2:~$ ssh router Password: Authorized router>enable Password: router#conf t Enter configuration commands, one per line. End with CNTL/Z. router(config)#interface FastEthernet0/1.2 router(config-subif)#standby version 2 router(config-subif)#standby 1 ip 192.168.100.33 router(config-subif)#standby 1 priority 110 router(config-subif)#standby 1 preempt router(config-subif)#standby 1 authentication md5 key-string 0 motdepasse router(config-subif)#standby 1 name hsrpPhilbLocal router(config-subif)#^Z router#
Configuration sur un c1803 Cisco IOS 15.1(2)T1
philb@core2:~$ ssh c1803 Password: c1803>enable Password: c1803#conf t Enter configuration commands, one per line. End with CNTL/Z. c1803(config)#interface Vlan2 c1803(config-if)#standby version 2 c1803(config-if)#standby 1 ip 192.168.100.33 c1803(config-if)#standby 1 preempt c1803(config-if)#standby 1 authentication md5 key-string 0 motdepasse c1803(config-if)#standby 1 name hsrpPhilbLocal c1803(config-if)#^Z c1803#
Vérification en analysant les trames réseaux:
root@core2:~# tcpdump -ni eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 22:00:18.713324 IP 192.168.100.62.1985 > 224.0.0.102.1985: HSRPv1 22:00:19.247917 IP 192.168.100.61.1985 > 224.0.0.102.1985: HSRPv1 22:00:21.713573 IP 192.168.100.62.1985 > 224.0.0.102.1985: HSRPv1 22:00:21.968158 IP 192.168.100.61.1985 > 224.0.0.102.1985: HSRPv1
Vérification par ping:
root@core2:~# ping 192.168.100.33 PING 192.168.100.33 (192.168.100.33) 56(84) bytes of data. 64 bytes from 192.168.100.33: icmp_req=1 ttl=255 time=3.45 ms 64 bytes from 192.168.100.33: icmp_req=2 ttl=255 time=2.04 ms 64 bytes from 192.168.100.33: icmp_req=3 ttl=255 time=2.01 ms ^C --- 192.168.100.33 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 2.014/2.503/3.450/0.669 ms root@core2:~#
Vérification de la table arp
root@core2:~# arp -an ? (192.168.100.61) at 00:21:a0:69:fa:80 [ether] on eth0 ? (192.168.100.62) at 00:0f:23:a1:57:41 [ether] on eth0 ? (192.168.100.33) at 00:00:0c:9f:f0:01 [ether] on eth0
Vérification de l’état HSRP sur les routeurs:
c1803#show standby
Vlan2 - Group 1 (version 2)
State is Standby
1 state change, last state change 00:09:01
Virtual IP address is 192.168.100.33
Active virtual MAC address is 0000.0c9f.f001
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.048 secs
Authentication MD5, key-string
Preemption enabled
Active router is 192.168.100.62, priority 110 (expires in 10.704 sec)
MAC address is 000f.23a1.5741
Standby router is local
Priority 100 (default 100)
Group name is "hsrpPhilbLocal" (cfgd)
c1803#
router#sh standby
FastEthernet0/1.2 - Group 1 (version 2)
State is Active
1 state change, last state change 00:14:36
Virtual IP address is 192.168.100.33
Active virtual MAC address is 0000.0c9f.f001
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.176 secs
Authentication MD5, key-string "motdepasse"
Preemption enabled
Active router is local
Standby router is 192.168.100.61, priority 100 (expires in 9.420 sec)
Priority 110 (configured 110)
Group name is "hsrpPhilbLocal" (cfgd)
router#
Commentaires