Cisco IOS IPサービス – HSRPv2の設定 | ネットワークチェンジニアとして

HSRP versoin 2の設定についてまとめます。version 2ではgroup idが4095まで使用できるようになったりミリ秒単位のhelloをサポートしたりします。

概要
コマンド一覧
構成図
仕様説明
HSRPv1
1. 設定投入
2. 動作確認
HSRPv2
1. 設定投入
2. 動作確認
Object Tracking
1. 設定投入
2. 動作確認

概要

HSRP v2についてまとめます。

コマンド一覧

このシナリオで重要なコマンド一覧は以下の通りです。

Router(config-if)# standby version [{ 1 | 2 }]
Router(config-if)# standby [ <group-number> ] ip <ip-address>
Router(config-if)# standby [ <group-number> ] priority priority
Router(config-if)# standby [ <group-number> ] preempt [ delay { minimum | reload | sync } <seconds> ]
Router(config-if)# standby [ <group-number> ] track <object-number> [decrement <priority-decrement>] [shutdown] 
Router(config-if)# standby [ <group-number> ] authentication [{ md5 | text }] [{ key-string | key-chain }] <key>
Router(config-if)# standby [ <group-number> ] timers [msec] <hellotime> [msec] <holdtime>

構成図

以下の環境で動作確認を行います。

[ip address]
                    +--------+
              ┌----+   R2   +----┐
        e0/0  │  .2+--------+.2  │  e0/1
+--------+.1  │  e0/0      e0/1  │  .4+--------+
| Host 1 +----┤                  ├----+   R4   |
+--------+    │  e0/0      e0/1  │    +--------+
              │  .3+--------+.3  │
              └----+   R3   +----┘
  192.168.123.0/24  +--------+  192.168.234.0/24
        R2 Loopback0   R3 Loopback0   R4 Loopback0
        10.2.2.2/32    10.3.3.3/32    10.4.4.4/32

 [Host 1]
no ip routing
ip default-gateway 192.168.123.254
no ip domain-lookup

 [R2]
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0

 [R3]
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0

 [R4]
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0

設定全文は下記ファイルです。詳細設定は下記を参照ください。

Host1

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Host1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
!
!
no ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 ip address 192.168.123.1 255.255.255.0
 no ip route-cache
 half-duplex
!
interface Ethernet0/1
 no ip address
 no ip route-cache
 shutdown
 half-duplex
!
interface Ethernet0/2
 no ip address
 no ip route-cache
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 no ip route-cache
 shutdown
 half-duplex
!
!
ip default-gateway 192.168.123.254
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.123.2 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.234.2 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.3.3.3 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.123.3 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.234.3 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.4.4.4 255.255.255.255
!
interface Ethernet0/0
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.234.4 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end

仕様説明

HSRP v2

HSRP version 1とversion 2の違いは以下のとおりです。

key word	description
interval	HSRPv1では秒単位のadvertiseでしたが、HSRPv2ではミリ秒単位のadvertiseも可能になります。
group number	HSRPv1では0から255までのgroup idがサポートされていましたが、HSRPv2では0から4095までのgroup idがサポートされます。
virtual MAC address	HSRPv1はMACアドレス0000.0C07.ACXXを使用しますが、HSRPv2はMACアドレス0000.0C9F.FXXXを使用します。(Xはgroup idに対応したの16進数)
physical MAC address	HSRPの送信元を識別するために、HSRPv2からは送信元の物理MACアドレスを記録したフィールドが追加されました。
address	HSRPv1はCGMP leaveと重複する224.0.0.2を使用しますが、HSRPv2は224.0.0.102を使用します。

他のfirst hop redundancy protocolとの比較

他のfirst hop redundancy protocolとの比較すると以下のとおりです。

	HSRPv1	HSRPv2	VRRP	GLBP
standard	Cisco独自	Cisco独自	RFC 3768	Cisco独自
protocol	udp 1985	udp 1985	protocol number 112	udp 3222
ip address	224.0.0.2	224.0.0.102	224.0.0.18	224.0.0.102
mac address	0000.0C07.ACXX	0000.0C9F.FXXX	0000.5E00.01XX	0007.b400.XXYY
group id	256	4096	256	4096
mill second	非サポート	サポート	非サポート	サポート

HSRP設定

HSRPの基本的な設定コマンドは以下の通りです。あまり難しい内容ではないため、説明は省略します。

Router(config-if)# standby version [{ 1 | 2 }]
Router(config-if)# standby [ <group-number> ] ip <ip-address>
Router(config-if)# standby [ <group-number> ] priority priority
Router(config-if)# standby [ <group-number> ] preempt [ delay { minimum | reload | sync } <seconds> ]
Router(config-if)# standby [ <group-number> ] track <object-number> [decrement <priority-decrement>] [shutdown] 
Router(config-if)# standby [ <group-number> ] authentication [{ md5 | text }] [{ key-string | key-chain }] <key>
Router(config-if)# standby [ <group-number> ] timers [msec] <hellotime> [msec] <holdtime>

HSRPv1

設定投入

HSRPv1による基本的な冗長化設定を投入します。

 [R2]
interface Ethernet0/0
 standby 123 ip 192.168.123.254
 standby 123 timers 1 3
 standby 123 priority 110
 standby 123 preempt delay minimum 5
 standby 123 authentication md5 key-string cisco

 [R3]
interface Ethernet0/0
 standby 123 ip 192.168.123.254
 standby 123 timers 1 3
 standby 123 priority 100
 standby 123 preempt delay minimum 5
 standby 123 authentication md5 key-string cisco

動作確認

R2側がActive, R3側がStandbyになっている事を確認します。また、mac addressの末尾2オクテットがid番号123(=0x7b)と一致している事も確認します。

 [R2]
R2#show standby
Ethernet0/0 - Group 123
  State is Active
    2 state changes, last state change 00:06:05
  Virtual IP address is 192.168.123.254
  Active virtual MAC address is 0000.0c07.ac7b
    Local virtual MAC address is 0000.0c07.ac7b (v1 default)
  Hello time 1 sec, hold time 3 sec
    Next hello sent in 0.152 secs
  Authentication MD5, key-string
  Preemption enabled, delay min 5 secs
  Active router is local
  Standby router is 192.168.123.3, priority 100 (expires in 2.188 sec)
  Priority 110 (configured 110)
  IP redundancy name is "hsrp-Et0/0-123" (default)
R2#

 [R3]
R3#show standby
Ethernet0/0 - Group 123
  State is Standby
    4 state changes, last state change 00:02:45

 <omitted>

Host1からR4への疎通可能である事を確認します。

Host1#traceroute 10.4.4.4

Type escape sequence to abort.
Tracing the route to 10.4.4.4

  1 192.168.123.2 88 msec 36 msec 20 msec
  2 192.168.234.4 40 msec *  84 msec
Host1#

HSRPv2

設定投入

HSRPv1からHSRPv2へバージョン変更し、HSRPv2からの新機能を設定します。256以上のid付与と、msec単位のhello設定を行います。

interface Ethernet0/0
 no standby 123
 standby version 2
 standby 1123 ip 192.168.123.254
 standby 1123 timers msec 50 msec 200
 standby 1123 priority 110
 standby 1123 preempt delay minimum 5
 standby 1123 authentication md5 key-string cisco

interface Ethernet0/0
 no standby 123
 standby version 2
 standby 1123 ip 192.168.123.254
 standby 1123 timers msec 50 msec 200
 standby 1123 priority 100
 standby 1123 preempt delay minimum 5
 standby 1123 authentication md5 key-string cisco

動作確認

R2側がActive, R3側がStandbyになっている事を確認します。また、mac addressの末尾2オクテットがid番号1123(=0x463)と一致している事も確認します。

 [R2]
R2#show standby
Ethernet0/0 - Group 1123 (version 2)
  State is Active
    2 state changes, last state change 00:06:11
  Virtual IP address is 192.168.123.254
  Active virtual MAC address is 0000.0c9f.f463
    Local virtual MAC address is 0000.0c9f.f463 (v2 default)
  Hello time 50 msec, hold time 200 msec
    Next hello sent in 0.000 secs
  Authentication MD5, key-string
  Preemption enabled, delay min 5 secs
  Active router is local
  Standby router is 192.168.123.3, priority 100 (expires in 0.152 sec)
  Priority 110 (configured 110)
  IP redundancy name is "hsrp-Et0/0-1123" (default)
R2#

 [R3]
R3#show standby
Ethernet0/0 - Group 1123 (version 2)
  State is Standby
    1 state change, last state change 00:05:09

 <omitted>

packet captureを行い、HSRPv1, HSRPv2のパケットを比較します。HSRPv2では宛先アドレスが224.0.0.102となっており、Hostを識別するための物理MACアドレスを記録するフィールドが存在する事が分かります。

 [HSRPv1]
Frame 18: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: cc:02:0c:d8:00:00 (cc:02:0c:d8:00:00), Dst: IPv4mcast_00:00:02 (01:00:5e:00:00:02)
Internet Protocol Version 4, Src: 192.168.123.3 (192.168.123.3), Dst: 224.0.0.2 (224.0.0.2)
User Datagram Protocol, Src Port: hsrp (1985), Dst Port: hsrp (1985)
Cisco Hot Standby Router Protocol
    Version: 0
    Op Code: Hello (0)
    State: Standby (8)
    Hellotime: Non-Default (1)
    Holdtime: Non-Default (3)
    Priority: 100
    Group: 123
    Reserved: 0
    Authentication Data: Non-Default ()
    Virtual IP Address: 192.168.123.254 (192.168.123.254)

 [HSRPv2]
Frame 5: 114 bytes on wire (912 bits), 114 bytes captured (912 bits)
Ethernet II, Src: cc:02:0c:d8:00:00 (cc:02:0c:d8:00:00), Dst: IPv4mcast_00:00:66 (01:00:5e:00:00:66)
Internet Protocol Version 4, Src: 192.168.123.3 (192.168.123.3), Dst: 224.0.0.102 (224.0.0.102)
User Datagram Protocol, Src Port: hsrp (1985), Dst Port: hsrp (1985)
Cisco Hot Standby Router Protocol
    Group State TLV: Type=1 Len=40
        Version: 2
        Op Code: Hello (0)
        State: Standby (5)
        IP Ver.: IPv4 (4)
        Group: 1123
        Identifier: cc:02:0c:d8:00:00 (cc:02:0c:d8:00:00)
        Priority: 100
        Hellotime: Non-Default (50)
        Holdtime: Non-Default (200)
        Virtual IP Address: 192.168.123.254 (192.168.123.254)
    MD5 Authentication TLV: Type=4 Len=28
        MD5 Algorithm: MD5 (1)
        MD5 Flags: 0
        Sender's IP Address: 192.168.123.3 (192.168.123.3)
        MD5 Key ID: 0
[Dissector bug, protocol HSRP: proto.c:1141: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"]
    [Expert Info (Error/Malformed): proto.c:1141: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"]
        [Message: proto.c:1141: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"]
        [Severity level: Error]
        [Group: Malformed]

Object Tracking

設定投入

HSRPはObject Trackingと併用される事が多いです。R2/R4間のリンクダウンの際に、HSRPが切り替わるようなObject Trackingを設定します。

 [R2, R3]
track 1 ip route 10.4.4.4/32 metric threshold
 threshold metric up 11 down 12
!
interface Ethernet0/0
 standby 1123 track 1 decrement 20

動作確認

R2 e0/1をリンクダウンさせます。

 [R2]
interface Ethernet0/1
 shutdown

しばらく待つと、R2のTrackがdown状態になり、HSRPがActiveからStandbyの状態になります。

 [R2]
R2(config)#int e0/1
R2(config-if)#shut
R2(config-if)#
*Mar  1 00:20:58.475: %OSPF-5-ADJCHG: Process 1, Nbr 10.3.3.3 on Ethernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar  1 00:20:58.479: %OSPF-5-ADJCHG: Process 1, Nbr 10.4.4.4 on Ethernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar  1 00:21:00.451: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down
*Mar  1 00:21:01.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down
*Mar  1 00:21:01.847: %TRACKING-5-STATE: 1 ip route 10.4.4.4/32 metric threshold Up->Down
*Mar  1 00:21:34.343: %HSRP-5-STATECHANGE: Ethernet0/0 Grp 1123 state Active -> Speak
*Mar  1 00:21:34.543: %HSRP-5-STATECHANGE: Ethernet0/0 Grp 1123 state Speak -> Standby
R2(config-if)#

Track Objectの状態がDownであり、HSRPがStandbyでpriorityが90になっている事を確認します。

 [R2]
R2#show track
Track 1
  IP route 10.4.4.4 255.255.255.255 metric threshold
  Metric threshold is Down (OSPF/21/21)
    6 changes, last change 00:02:32
  Metric threshold down 12 up 11
  First-hop interface is Ethernet0/0
  Tracked by:
    HSRP Ethernet0/0 1123
R2#
R2#
R2#show standby
Ethernet0/0 - Group 1123 (version 2)
  State is Standby
    4 state changes, last state change 00:03:12
  Virtual IP address is 192.168.123.254
  Active virtual MAC address is 0000.0c9f.f463
    Local virtual MAC address is 0000.0c9f.f463 (v2 default)
  Hello time 50 msec, hold time 200 msec
    Next hello sent in 0.006 secs
  Authentication MD5, key-string
  Preemption enabled, delay min 5 secs
  Active router is 192.168.123.3, priority 100 (expires in 0.140 sec)
  Standby router is local
  Priority 90 (configured 110)
    Track object 1 state Down decrement 20
  IP redundancy name is "hsrp-Et0/0-1123" (default)
R2#