HSRP
HSRP (Hot Standby Router Protocol) provides first-hop gateway redundancy for IP networks on NX-OS, enabling automatic failover between active and standby routers to maintain uninterrupted traffic forwarding for connected hosts. Global HSRP settings control BFD integration for fast failure detection and extended hold interval tuning for timer-based failover behavior, configured under the system section. HSRP interface-level configuration supports version 1/2, group definitions with IPv4/IPv6 address families, priority-based election, preemption with configurable delays, md5 or text authentication, hello/hold interval tuning, and MAC address customization across VLAN, Ethernet, port-channel interfaces, and Ethernet/port-channel subinterfaces.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”system (nxos.devices.configuration)
Section titled “system (nxos.devices.configuration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| hsrp_bfd | Boolean | true, false | No | |
| hsrp_timers_extended_hold | Integer | min: 10, max: 255 | No |
vlans (nxos.devices.configuration.interfaces)
Section titled “vlans (nxos.devices.configuration.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| hsrp | Class | [hsrp] | No |
ethernets (nxos.devices.configuration.interfaces)
Section titled “ethernets (nxos.devices.configuration.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| hsrp | Class | [hsrp] | No |
port_channels (nxos.devices.configuration.interfaces)
Section titled “port_channels (nxos.devices.configuration.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| hsrp | Class | [hsrp] | No |
subinterfaces (nxos.devices.configuration.interfaces.ethernets)
Section titled “subinterfaces (nxos.devices.configuration.interfaces.ethernets)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| hsrp | Class | [hsrp] | No |
hsrp (nxos.devices.configuration.interfaces.vlans)
Section titled “hsrp (nxos.devices.configuration.interfaces.vlans)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| version | Integer | min: 1, max: 2 | No | |
| bfd | Boolean | true, false | No | |
| use_bia | Boolean | true, false | No | |
| use_bia_scope | Choice | global, local | No | |
| delay_minimum | Integer | min: 0, max: 10000 | No | |
| delay_reload | Integer | min: 0, max: 10000 | No | |
| mac_refresh | Integer | min: 0, max: 10000 | No | |
| groups | List | [groups] | No |
groups (nxos.devices.configuration.interfaces.vlans.hsrp)
Section titled “groups (nxos.devices.configuration.interfaces.vlans.hsrp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| id | Integer | min: 0, max: 4095 | Yes | |
| address_family | Choice | ipv4, ipv6 | Yes | |
| authentication_md5_compatibility | Boolean | true, false | No | |
| authentication_md5_key_chain | String | No | ||
| authentication_md5_key_string | String | No | ||
| authentication_md5_key_string_type | Choice | unencrypted, hidden | No | |
| authentication_md5_timeout | Integer | min: 0, max: 32767 | No | |
| authentication_md5_type | Choice | key-chain, key-string | No | |
| authentication_text | String | No | ||
| authentication_type | Choice | simple, md5 | No | |
| follow | String | No | ||
| forwarding_threshold_lower | Integer | min: 0, max: 255 | No | |
| timers_hello_interval | Integer | min: 250, max: 254000 | No | |
| timers_hold_interval | Integer | min: 750, max: 255000 | No | |
| ip | String | No | ||
| mac_address | String | No | ||
| name | String | No | ||
| preempt | Boolean | true, false | No | |
| preempt_delay_minimum | Integer | min: 0, max: 3600 | No | |
| preempt_delay_reload | Integer | min: 0, max: 3600 | No | |
| preempt_delay_sync | Integer | min: 0, max: 3600 | No | |
| priority | Integer | min: 0, max: 255 | No |
Examples
Section titled “Examples”Example 1: Basic HSRP on tenant SVIs with BFD and active/standby pair
nxos: devices: - name: LEAF1 configuration: system: hsrp_bfd: true interfaces: vlans: - id: 1010 vrf: BLUE hsrp: version: 2 groups: - id: 10 address_family: ipv4 ip: 192.168.1.1 priority: 110 preempt: trueExample 2: Dual-SVI HSRP with BFD, preempt delays, and authentication
nxos: devices: - name: LEAF1 configuration: system: hsrp_bfd: true interfaces: vlans: - id: 1010 vrf: BLUE hsrp: version: 2 delay_minimum: 5 delay_reload: 10 groups: - id: 10 address_family: ipv4 ip: 192.168.1.1 priority: 110 preempt: true preempt_delay_minimum: 30 authentication_type: md5 authentication_md5_type: key-string authentication_md5_key_string: HSRP-BLUE - id: 1020 vrf: GREEN hsrp: version: 2 groups: - id: 20 address_family: ipv4 ip: 192.168.2.1 priority: 110 preempt: true preempt_delay_minimum: 30 authentication_type: md5 authentication_md5_type: key-string authentication_md5_key_string: HSRP-GREENExample 3: HSRP standby peer with BFD, extended hold timer, and IPv6 group
nxos: devices: - name: LEAF2 configuration: system: hsrp_bfd: true hsrp_timers_extended_hold: 30 interfaces: vlans: - id: 1010 vrf: BLUE hsrp: version: 2 groups: - id: 10 address_family: ipv4 ip: 192.168.1.1 priority: 90 preempt: true preempt_delay_minimum: 30 authentication_type: md5 authentication_md5_type: key-string authentication_md5_key_string: HSRP-BLUE - id: 10 address_family: ipv6 ip: 2001:db8:1::1 priority: 90 preempt: trueExample 4: HSRP on Ethernet subinterfaces with BFD for multi-tenant L3 gateway redundancy
nxos: devices: - name: BORDER1 configuration: system: hsrp_bfd: true interfaces: ethernets: - id: 1/1 switchport: false subinterfaces: - id: 100 vrf: TENANT-A encapsulation: "100" hsrp: version: 2 groups: - id: 1 address_family: ipv4 ip: 192.168.1.1 priority: 110 preempt: true - id: 200 vrf: TENANT-B encapsulation: "200" hsrp: version: 2 groups: - id: 2 address_family: ipv4 ip: 192.168.2.1 priority: 110 preempt: true