We all know in HSRP and VRRP we can track an interface, but what if the ISP doesnt give you a direct drop? What if its one of those fiber converter boxes, so the only way the HSRP tracking would take effect, is if the actual converer box would go down. That won’t help us since the ISP is down, but the box is up, thus HSRP will never do it’s job properly.
The box above, from StarTech, is one example of a Fiber to Copper converter box.
Let’s take a look at a basic HSRP config….if you aren’t familiar with FHRP, check out Rene Molenaar’s blog post here.
interface GigabitEthernet0/0 description TO_INTERNET ip address 192.168.1.1 255.255.255.0 standby 1 ip 192.168.1.10 standby 1 priority 150 standby 1 preempt standby 1 track GigabitEthernet0/1
Let’s say we have this configuration, a vIP of 192.168.1.10 and the two interfaces of R1 and R2 being 192.168.1.1.24 and 192.168.1.2/24.
Now the issue with this regular tracking config here is that if we loose that ISP link, and the we won’t get the decrement of 10 to 140 (10 by default) because that converter box is still up, and we’re only tracking the layer 1/2 interface of G0/1. Is there anyway for HSRP to be more intelligent….as in track layer 3?
YES we can!
I don’t think the CCNP Switch material covers this, but this is helpful to have if your in a situation that I ran into, or you want tracking based off an IP address and not an interface.
First, let’s create an IP SLA (I did this off an ASR router, for whatever reason Cisco has slightly different syntax for IP SLA per model/IOS. Consult your IOS documentation for the right syntax — or just ? mark it up.
ip sla responder ip sla 1 icmp-echo 220.127.116.11 timeout 2000 threshold 2000 frequency 10 ip sla schedule 1 life forever start-time now
And this command will track it for reliability…
track 1 ip sla 1 reachability
Perfect. Now we need to replace that standby 1 track G0/1 command with this line.
standby 1 track 1 decrement 50
This line says for HSRP group 1, track IP SLA 1, and decrement the priority by 50.
What I would recommend is for you to is to ping your ISP’s next hop, not 18.104.22.168 for a more accurate tracking. Of course — I’d verify also that the IP SLA is even working before you put this tracking into your config.
BTW, this config will also work with VRRP. Check out this Juniper (0ne of Cisco’s nemesis) link for more details on the config on JunOS…
VRRP can track whether a route is reachable (that is, the route exists in the routing table of the routing instance included in the configuration) and dynamically change the priority of the VRRP group based on the reachability of the tracked route, triggering a new master router election.