HSRP is the Cisco standard method of providing high network availability by providing first-hop redundancy for IP hosts on an IEEE 802 LAN configured with a default gateway IP address. HSRP allows two or more HSRP-configured routers to use the MAC address and IP network address of a virtual router. The virtual router does not exist; it represents the common target for routers that are configured to provide backup to each other. One of the routers is selected to be the active router and another to be the standby router, which assumes control of the group MAC address and IP address should the designated active router fail.
HSRP has two versions:
HSRPv1—Version 1 of the HSRP, the default version of HSRP. It has these features:
–The HSRP group number can be from 0 to 255.
–HSRPv1 uses the multicast address 188.8.131.52 to send hello packets, which can conflict with Cisco Group Management Protocol (CGMP) leave processing. You cannot enable HSRPv1 and CGMP at the same time; they are mutually exclusive.
HSRPv2—Version 2 of the HSRP has these features:
–To match the HSRP group number to the VLAN ID of a subinterface, HSRPv2 can use a group number from 0 to 4095 and a MAC address from 0000.0C9F.F000 to 0000.0C9F.FFFF.
–HSRPv2 uses the multicast address 184.108.40.206 to send hello packets. HSRPv2 and CGMP leave processing are no longer mutually exclusive, and both can be enabled at the same time.
–HSRPv2 has a different packet format than HRSPv1.
A switch running HSRPv1 cannot identify the physical router that sent a hello packet because the source MAC address of the router is the virtual MAC address.
HSRPv2 has a different packet format than HSRPv1. A HSRPv2 packet uses the type-length-value (TLV) format and has a 6-byte identifier field with the MAC address of the physical router that sent the
I use again cisco website to compare these two vesions:
Standby group number
Standby MAC address
System assigned as: 0000.0c07.acXX, where XX is the HSRP group number
0 (no delay)
Standby track interface priority
Standby hello time
HSRPV1 —> 0000.0c07.ac** (where ** is the HSRP group number)
HSRPV2 —> 0000.0c9f.f0** (where ** is the HSRP group number)
HSRP consists of 6 states:
This is the beginning state. It indicates HSRP is not running. It happens when the configuration changes or the interface is first turned on
The router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router still waits to hear from the active router.
The router knows both IP and MAC address of the virtual router but it is not the active or standby router. For example, if there are 3 routers in HSRP group, the router which is not in active or standby state will remain in listen state.
The router sends periodic HSRP hellos and participates in the election of the active or standby router.
In this state, the router monitors hellos from the active router and it will take the active state when the current active router fails (no packets heard from active router)
The router forwards packets that are sent to the HSRP group. The router also sends periodic hello messages
router1# conf t
router1(config)# int fa0/1
router1(config-if)# standby 1 ip 172.16.0.1
router1(config-if)# standby 1 priority 150
router1(config-if)# standby 1 preempt
router2# conf t
router2(config)# int fa0/2
router2(config-if)# standby 1 ip 172.16.0.2
router2(config-if)# standby 1 priority 120
router2(config-if)# standby 1 preempt
router2(config-if)# standby 1 track fa0/1 60
router2(config-if)# standby 1 timers 1 3
track fa0/1 means if fa0/1 goes down, decrease priority 60 unit.
Standby 1 timers 1 (Hello-Second) 3(Dead-Second)
to see HSRP configuration:
2- Understanding VRRP
Virtual Router Redundancy Protocol(VRRP) is created by IETF in 1999. It is the same concept of HSRP except it has faster timer than HSRP. Hello timer is 1 second and hold timer is 3 seconds by default. VRRP uses master/backup instead of active/standby and VRRP group instead of standby group.
The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active gateway and used to forward traffic whilst the rest are unused until the active one fails. Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol and performs the similar function to HSRP and VRRP but it supports load balancing among members in a GLBP group.
When the routers are configured to a GLBP group, they first elect one gateway to be the Active Virtual Gateway (AVG) for that group. The election is based on the priority of each gateway (highest priority wins). If all of them have the same priority then the gateway with the highest real IP address becomes the AVG. The AVG, in turn, assigns a virtual MAC address to each member of the GLBP group. Each gateway which is assigned a virtual MAC address is called Active Virtual Forwarder (AVF). A GLBP group only has a maximum of four AVFs. If there are more than 4 gateways in a GLBP group then the rest will become Standby Virtual Forwarder (SVF) which will take the place of a AVF in case of failure. The virtual MAC address in GLBP is 0007.b400.xxyy where xx is the GLBP group number and yy is the different number of each gateway (01, 02, 03…).
Each AVF listens to others, if one AVF can no more forward traffic, all listening AVFs will compete to take the responsibility of the failed AVF vMAC along with its own (AVF with higher weighting wins).
To detect a gateway failure, GLBP members communicate between each other through hello messages sent every 3 seconds to the multicast address 220.127.116.11, User Datagram Protocol (UDP) port 3222.
GLBP supports up to 1024 virtual routers (GLBP groups) per physical interface of a router.
GLBP has three authentication types: + No authentication + MD5 authentication + Plain text authentication