Using FHRP for GRE redundancy

Using the following topology:

In this lab I’m going to configure GRE tunnel between R5 to R1-R2 HSRP VIP for redundancy purposes, if R1, which is the active router, fails R2 will establish the tunnel with R5. 

Also I will use OSPF as a dynamic routing protocol between R1-R2-R5.

First let’s start with the FHRP configuration, here is the relevant configuration of R1:

interface FastEthernet0/0  ip address 10.1.123.2 255.255.255.0  duplex auto  speed auto ! interface FastEthernet0/1  ip address 10.1.124.1 255.255.255.0  standby version 2  standby 1 ip 10.1.124.254  standby 1 priority 150  standby 1 preempt  duplex auto  speed auto

And R2:

interface FastEthernet0/0  ip address 10.1.123.2 255.255.255.0  duplex auto  speed auto ! interface FastEthernet0/1  ip address 10.1.124.2 255.255.255.0  standby version 2  standby 1 ip 10.1.124.254  standby 1 priority 110  standby 1 preempt  duplex auto  speed auto

A GRE tunnel is configured between R1 and R2 to R5, here is R1 configuration:

interface Tunnel1  ip address 172.16.0.1 255.255.255.0  ip mtu 1476  ip ospf network point-to-multipoint  ip ospf dead-interval 6  ip ospf hello-interval 2  keepalive 2 4  tunnel source 10.1.124.254  tunnel destination 10.1.45.5  tunnel path-mtu-discovery

And R2:

interface Tunnel1  ip address 172.16.0.2 255.255.255.0  ip mtu 1476  ip ospf network point-to-multipoint  ip ospf dead-interval 6  ip ospf hello-interval 2  keepalive 2 4  tunnel source 10.1.124.254  tunnel destination 10.1.45.5  tunnel path-mtu-discovery

Note that both routers are using the HSRP VIP as tunnel source for the GRE tunnel.

R5 configuration:

interface Tunnel1  ip address 172.16.0.5 255.255.255.0  ip mtu 1476  ip ospf network point-to-multipoint  ip ospf dead-interval 6  ip ospf hello-interval 2  keepalive 2 4  tunnel source FastEthernet0/1  tunnel destination 10.1.124.254  tunnel path-mtu-discovery

Tunnel destination on R5 is pointing R1-R2 HSRP VIP.

Now few more notes regarding the tunnels configuration, first all tunnel interfaces are using 1476 bytes as the correct MTU value (1500-24 (GRE+IP)), then I have configured keepalive for tunnel failure detection, I also changed OSPF hello and dead-interval values for fast re-convergence.

Now let’s configure the routing protocol - OSPF is configured on the tunnel interfaces using point-to-multipoint network mode, R5 advertise network 192.168.51.0/24 while R3 advertise network 192.168.31.0/24, this is the OSPF configuration:

R1:

router ospf 1  router-id 1.1.1.1  network 10.1.123.1 0.0.0.0 area 0  network 172.16.0.1 0.0.0.0 area 0

R2:

router ospf 1  router-id 2.2.2.2  network 10.1.123.2 0.0.0.0 area 0  network 172.16.0.2 0.0.0.0 area 0

R3:

router ospf 1  router-id 3.3.3.3  network 10.1.123.3 0.0.0.0 area 0  network 192.168.31.1 0.0.0.0 area 0

R5:

router ospf 1  router-id 5.5.5.5  network 192.168.51.1 0.0.0.0 area 0  network 172.16.0.5 0.0.0.0 area 0

R5 establish OSPF adjacency with R1 but not with R2 due to tunnel keepalive which prevents R2 to respond to the keepalive hellos:

R5#show ip ospf neighbor Neighbor ID     Pri   State           Dead Time   Address         Interface 1.1.1.1           0   FULL/  -        00:00:04    172.16.0.1      Tunnel1

R1 establish adjacency with R5 through the tunnel interface and with R2 and R3 through the internal network:

R1#show ip ospf neighbor Neighbor ID     Pri   State           Dead Time   Address         Interface 5.5.5.5           0   FULL/  -        00:00:05    172.16.0.5      Tunnel1 2.2.2.2           1   FULL/DROTHER    00:00:39    10.1.123.2      FastEthernet0/0 192.168.31.1      1   FULL/DR         00:00:39    10.1.123.3      FastEthernet0/0

Now let’s start continues ping from R5 loopback 1 to R3 loopback 1 while disconnecting R1 Fa0/1 in the middle:

R5#ping 192.168.31.1 source lo1 repeat 1000 Type escape sequence to abort. Sending 1000, 100-byte ICMP Echos to 192.168.31.1, timeout is 2 seconds: Packet sent with a source address of 192.168.51.1 !!!!!!!!!!!!!!!!!!!!!!!!!!... *Dec  3 12:28:57.311: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Tunnel1 from FULL to DOWN, Neighbor Down: Dead timer expired.. *Dec  3 12:29:00.355: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down... *Dec  3 12:29:06.371: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up *Dec  3 12:29:07.143: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Tunnel1 from LOADING to FULL, Loading Done........!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!. Success rate is 80 percent (68/85), round-trip min/avg/max = 88/200/368 ms

As we can see R5 has lost some packets but then re-establish OSPF adjacency with R2 and continue to ping R3 loopback 1. We can fine tune HSRP and OSPF timers to sub-second and to make the switchover much quicker.