FHRP Case 1
HSRP Approach
In this topology, there is a gateway device (R3) and it has two routes to go to internet. These two routes are below and first one is R1 HSRP group 1 virtual IP address and second one is R2 HSRP group 2 virtual IP address. One of the router (R1 or R2) if goes down, two IP addresses are reachable because of HSRP redundancy. In this way, we can use both ways actively.
When we go to internet addresses, we split the 0.0.0.0 0.0.0.0 route by two. For the first portion we use HSRP group 1 address, for the second portion we use HSRP group 2 address. So we use both ways, when our R1 and R2 is active. Also we can add track config what if R1 and R2 has connected to internet. If there is a fail to connect internet we can change HSRP active/standby status.
When we have traffic from internet, there is no case about asymetric routing even if we use a firewall on behalf of the R3 router.
!
hostname R1
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
standby 1 ip 192.168.0.3
standby 2 ip 192.168.0.4
standby 2 priority 90
!
interface Ethernet1/0
ip address 14.14.14.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 14.14.14.4
ip route 10.10.10.0 255.255.255.0 192.168.0.254
ip route 33.33.33.0 255.255.255.0 192.168.0.254
!
router bgp 3333
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
neighbor 14.14.14.4 remote-as 4444
!!
hostname R2
!
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.0
standby 1 ip 192.168.0.3
standby 1 priority 90
standby 2 ip 192.168.0.4
!
interface Ethernet1/0
ip address 24.24.24.2 255.255.255.0
!
router bgp 3333
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
neighbor 24.24.24.4 remote-as 4444
!
ip route 0.0.0.0 0.0.0.0 24.24.24.4
ip route 10.10.10.0 255.255.255.0 192.168.0.254
ip route 33.33.33.0 255.255.255.0 192.168.0.254
!
!
hostname R3
!
interface Loopback0
ip address 33.33.33.33 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.0.254 255.255.255.0
ip nat outside
!
interface Ethernet1/0
ip address 10.10.10.1 255.255.255.0
ip nat inside
!
ip nat inside source static 10.10.10.10 33.33.33.33
ip route 0.0.0.0 128.0.0.0 192.168.0.3
ip route 128.0.0.0 128.0.0.0 192.168.0.4
!!
hostname R4
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Ethernet0/0
ip address 14.14.14.4 255.255.255.0
!
interface Ethernet0/1
ip address 24.24.24.4 255.255.255.0
!
router bgp 4444
no synchronization
bgp log-neighbor-changes
neighbor 14.14.14.1 remote-as 3333
neighbor 24.24.24.2 remote-as 3333
no auto-summary
!VRRP Approach
We have changed HSRP to VRRP. We can also do redanduncy as we done using HSRP. Also we have two VRRP group, each router master for a group. Also now we have default route from R4 and we track the next-hop reachability and track VRRP group and decrement priority of the routers. Here is below our config. There is no change on R3.
hostname R1
!
track 1 ip sla 10
delay down 5 up 10
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
vrrp 1 ip 192.168.0.3
vrrp 1 track 1 decrement 20
vrrp 2 ip 192.168.0.4
vrrp 2 priority 90
!
interface Ethernet1/0
ip address 14.14.14.1 255.255.255.0
!
router bgp 3333
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
neighbor 14.14.14.4 remote-as 4444
!
ip route 10.10.10.0 255.255.255.0 192.168.0.254
ip route 33.33.33.0 255.255.255.0 192.168.0.254
!
ip sla auto discovery
ip sla 10
icmp-echo 14.14.14.4
threshold 1000
timeout 1000
frequency 1
ip sla schedule 10 life forever start-time now
!!
hostname R2
!
track 1 ip sla 10
delay down 5 up 10
!
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.0
vrrp 1 ip 192.168.0.3
vrrp 1 priority 90
vrrp 2 ip 192.168.0.4
vrrp 2 track 10 decrement 20
!
interface Ethernet1/0
ip address 24.24.24.2 255.255.255.0
!
router bgp 3333
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
neighbor 24.24.24.4 remote-as 4444
!
ip route 10.10.10.0 255.255.255.0 192.168.0.254
ip route 33.33.33.0 255.255.255.0 192.168.0.254
!
ip sla auto discovery
ip sla 10
icmp-echo 24.24.24.4
threshold 1000
timeout 1000
frequency 1
ip sla schedule 10 life forever start-time now
!!
hostname R4
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Ethernet0/0
ip address 14.14.14.4 255.255.255.0
!
interface Ethernet0/1
ip address 24.24.24.4 255.255.255.0
!
router bgp 4444
no synchronization
bgp log-neighbor-changes
network 0.0.0.0
neighbor 14.14.14.1 remote-as 3333
neighbor 24.24.24.2 remote-as 3333
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Null0
!
When we lost our R1 or R2, we can reach both 192.168.0.3 and 192.168.0.4 due to VRRP. Also we track internet reacablity to change VRRP master.
GLBP Approach
What if we want to use GLBP? When we use GLBP, active virtual gateway responds one of the active virtual forwarders. From the R3 perspective, we can go to only one AVF everytime. If we use more than one GLBP group, also we cannot be sure which AVF meet our traffic. So, we cannot use GLBP on this type of topology.