FHRP: First Hop Redundancy Protocols
Let’s imagine a simple network layout such as this…
What happens if R2 (the gateway) goes down? Well, all devices that have R2 as a default gateway will lose connection to external networks. We can fix the situation by changing the default gateway of all internal devices (unfeasible?) or add R2’s gateway IP to R1.
In any case, we have here a single point of failure that no network should ever have. The First Hop Redundancy Protocols are meant to handle this situation.
We have three such protocols:
• HSRP or Hot Standby Router Protocol
• VRRP or Virtual Router Redundancy Protocol
• GLBP or Gateway Load Balancing Protocol
The three protocols work along the same lines:
1. A new Virtual IP is created (e.g. 192.168.1.252) with a virtual MAC.
2. The router that assumes the master/active role will take ownership of it.
3. The master/active router will send gratuitous ARPs to the broadcast address to inform the whole subnet of the new IP and its associated MAC.
4. The routers will send Hello messages to each other at regular intervals (default 3 seconds).
5. If the master/active router goes down, the slave/standby will take ownership of the VIP, assume the master/active role and inform the subnet with a gratuitous ARP.
HSRP and VRRP work in practically the same manner. The biggest difference is that the former is Cisco proprietary whereas the latter is an open standard. Both of them are designed to provide redundancy to a single subnet. GLBP is Cisco proprietary and can provide redundancy to multiple subnets or VLANs.
Let’s view a summary of the differences:
The roles, multicast IPs and Virtual MACs differ but HSRP & VRRP have almost the same functionality and configuration steps:
R1(config)# interface g0/0 /* go to interface configuration mode */
R1(config-if)# standby version 2 /* default is version 1, but we change it */
R1(config-if)# standby 1 ? /* create redundancy group 1 and check options */
authentication Authentication
follow Name of HSRP group to follow
ip Enable HSRP IPv4 and set the virtual IP address
ipv6 Enable HSRP IPv6
mac-address Virtual MAC address
name Redundancy name string
preempt Overthrow lower priority Active routers
priority Priority level
timers Hello and hold timers
track Priority tracking
R1(config-if)# standby 1 ip 192.168.1.252 /* create the VIP */
R1(config-if)# standby 1 priority ?
<0-255> Priority value
R1(config-if)# standby 1 priority 200 /* give it a high priority so that it becomes master */
R1(config-if)# standby 1 preempt /* default behaviour is non-preemptive but we change that */
If we skipped setting the priority, then the router with the highest IP would be designated as master/active. In the example above we chose to use preemptive behaviour but that is not the default. It can be used though when for instance we have two links of different speeds, and we prefer using one as long as it is available.
In HSRP there are two major differences between versions 1 and 2 (beyond the multicast IPs and virtual Macs seen before):
• version 2 supports IPv6
• version 2 supports 4096 redundancy groups versus 256 in version 1
After completing the steps above, we would redo them in R2 just changing the priority to a lower value. And voilà… we have created a single redundancy group with HSRP! These is how the enabled settings would show:
R1# show standby
GigabitEthernet0/0 – Group 1 (version 2)
State is Active
2 state changes, last state change 00:15:23
Virtual IP address is 192.168.1.252
Active virtual MAC address is 0000.0c9f.f001
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.435 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.252, priority 50 (expires in 9.234 sec)
Priority 200 (configured 200)
Group name is “hsrp-Gi0/0-1” (default)
R2# show standby
GigabitEthernet0/0 – Group 1 (version 2)
State is Standby
2 state changes, last state change 00:15:37
Virtual IP address is 192.168.1.252
Active virtual MAC address is 0000.0c9f.f001
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.435 secs
Preemption enabled
Active router is 192.168.1.253, priority 200 (expires in 9.234 sec)
MAC address is 0c9f.6041.8800
Standby router is local
Priority 50 (configured 50)
Group name is “hsrp-Gi0/0-1” (default)
Now let’s move on to an example of VRRP configuration.
In the configuration, each group has the following properties:
Group 1: Virtual IP address is 10.1.0.10.
• Router A will become the master for this group with priority 120.
• Advertising interval is 3 seconds.
• Preemption is enabled.
Group 5: Router B will become the master for this group with priority 200.
• Advertising interval is 30 seconds.
• Preemption is enabled.
Group 100: Router A will become the master for this group first because it has a higher IP address (10.1.0.2).
• Advertising interval is the default 1 second.
• Preemption is disabled.
On RouterA:
Router(config)# interface GigabitEthernet 1/0/0
RouterA(config-if)# ip address 10.1.0.2 255.0.0.0
RouterA(config-if)# vrrp 1 priority 120
RouterA(config-if)# vrrp 1 authentication cisco
RouterA(config-if)# vrrp 1 timers advertise 3
RouterA(config-if)# vrrp 1 timers learn
RouterA(config-if)# vrrp 1 ip 10.1.0.10
RouterA(config-if)# vrrp 5 priority 100
RouterA(config-if)# vrrp 5 timers advertise 30
RouterA(config-if)# vrrp 5 timers learn
RouterA(config-if)# vrrp 5 ip 10.1.0.50
RouterA(config-if)# vrrp 100 timers learn
RouterA(config-if)# no vrrp 100 preempt
RouterA(config-if)# vrrp 100 ip 10.1.0.100
RouterA(config-if)# no shutdown
On RouterB:
Router(config)# interface GigabitEthernet 1/0/0
Router(config-if)# ip address 10.1.0.1 255.0.0.0
Router(config-if)# vrrp 1 priority 100
Router(config-if)# vrrp 1 authentication cisco
Router(config-if)# vrrp 1 timers advertise 3
Router(config-if)# vrrp 1 timers learn
Router(config-if)# vrrp 1 ip 10.1.0.10
Router(config-if)# vrrp 5 priority 200
Router(config-if)# vrrp 5 timers advertise 30
Router(config-if)# vrrp 5 timers learn
Router(config-if)# vrrp 5 ip 10.1.0.50
Router(config-if)# vrrp 100 timers learn
Router(config-if)# no vrrp 100 preempt
Router(config-if)# vrrp 100 ip 10.1.0.100
Router(config-if)# no shutdown
As regards to GLBP we already said that it can load balance among multiple routers within a single subnet. It does so by electing a single AVG (Active Virtual Gateway) and up to four AVFs (Active Virtual Forwarders). The AVG responds to all ARP requests by returning the MAC of one of the AVFs. So each ARP request to the AVG might get a different MAC thereby load balancing the connections.
GLBP can use 3 methods to load balance:
1. Round-Robin
2. Host dependent
3. Weighted