The current config was as follows:
track 1 interface TenGigabitEthernet5/4 line-protocol
track 2 interface TenGigabitEthernet5/5 line-protocolinterface Vlan200
ip address 172.1.1.2 255.255.255.0
[snip]
standby 1 ip 172.1.1.1
standby 1 priority 105 [95 For The Other 6509]
standby 1 track 1 decrement 9
standby 1 track 2 decrement 9
During a recent aggregation supervisor swap, the technician flipped the two uplink connections. This caused each uplink to have physical connectivity to distribution, but the IP subnets didn't match on either ends of the link, resulting in no EIGRP neighbors. The lack of routing neighbors and physical link to distribution caused it to become a black hole for all downstream subnets.
In order to avoid this, I needed a way for HSRP to verify that the box had a good view of the network before it became the active router. The easiest way was to check the routing table. I started by identifying some routes in my network that were the sign of good connectivity:
0.0.0.0/0
172.16.0.0/14
10.0.0.0/8
I used these three routes to build tracking objects:
track 11 ip route 10.0.0.0 255.0.0.0 reachability
track 12 ip route 172.16.0.0 255.240.0.0 reachability
track 13 ip route 0.0.0.0 0.0.0.0 reachability
Then I tied these objects in to a fourth object, which would be used in HSRP.
track 10 list boolean and
object 11
object 12
object 13
delay down 3 up 3
This fourth object tracks the (3) major routes and waits for three seconds of stability before changing state to up or down. I opted for a delay on up/down transitions in order to not flip HSRP for fast blips in connectivity. In the event that I had a hard failure on both of my uplinks, I didn't want to wait 3 seconds for a failover, so I'm also tracking their link state, but without a delay:
track 1 interface TenGigabitEthernet5/4 line-protocol
track 2 interface TenGigabitEthernet5/5 line-protocol
Here is how all of the objects are applied to the interface:
interface Vlan200
ip address 172.1.1.2 255.255.255.0
[snip]
standby 1 ip 172.1.1.1
standby 1 priority 105 [95 For The Other 6500]
standby 1 preempt
standby 1 authentication md5 key-string 7 [SNIP]
standby 1 track 1 decrement 9
standby 1 track 2 decrement 9
standby 1 track 10 decrement 11
This config seems to satisfy all of our requirements:
-HSRP will not flip for the loss of one uplink
-HSRP will not flip for fast blips in routing table
-HSRP will flip quickly if both uplinks go down
-HSRP will flip, after 3 seconds, if the active router
has a poorer view of the network than the standby router
-HSRP will not flip if both the active and standby routers
lose the same major route(s).
