Hot Standby Router Protocol - HSRP
Why First Hop Gateway Redundancy is required?
LAN users are configured with Default-Gateway IP address, which is IP of their Local router, which acts as a Proxy, and helps them communicate with remote/distant users. LAN users resolve MAC address of Gateway router using Proxy ARP method. If the gateway router fails, the LAN users would be affected. This means that Specifying a default gateway for LAN Users leads to a single point of failure. Instead of making the LAN users responsible for choosing a new gateway, First Hop Redundancy protocols enable two or more routers to support a shared MAC address (virtual) and advertise to ARP queries of LAN users. If the primary router fails, the backup router assumes control of traffic forwarded to that MAC. Hot Standby Router Protocol helps us building the Gateway Redundancy.Protocols that provide First Hop Gateway redundancy
- HSRP (Hot Standby Router Protocol)
- VRRP (Virtual Router Redundancy Protocol)
- GLBP (Gateway Load Balancing Protocol)
How HSRP works?
- HSRP is a Cisco-proprietary protocol developed to provide redundancy to LAN Users at network layer defined as per RFC 2281.
- Using HSRP, the gateway routers or Multi Layer switches(MLS) are configured to behave as single gateway (with Virtual IP) to the LAN users.
- HSRP works on top of UDP (port 1985) i.e. at application layer.
- HSRP gateways/routers/Multi layer Switches send hello messages on "All-Routers" Multicast address 224.0.0.2.
- The gateways routers/MLS for a given gateway address are made member of a common HSRP group.
- LAN users are configured with the Virtual IP (also called Phantom IP) of the Gateway Running HSRP.
- In a two gateway setup, One router is elected as Primary (Active) and another acts as Backup (Standby). More details in one of the points below.
- In a topology with more than two gateways, one router is elected as Primary (Active), one is elected as Backup (Standby) and other remains in Listen state.
- Only the Primary router (with 'active' role) responds to the ARP queries(for virtual IP) raised by LAN users with Virtual MAC 0000.0c07.acxx where xx is the group number in Hex.
- All these gateway routers exchange Hello messages at regular intervals (Default timer 3 seconds and Default hold time 10 seconds) to remain aware of each other's state and existence. If Primary router fails, Standby becomes active and start responding to the ARP queries raised by LAN users.
- Group number can be any value from 0-255. Most Cisco Catalyst Multi layer Switches support only up to 16 unique HSRP group numbers.If you configure HSRP on Multi layer Switches, on VLAN interfaces, redundancy can only be provided for on 16 VLANs as you can only use 16 unique group numbers. Solution to this problem is to use same group number for all VLAN interfaces because HSRP group numbers are locally significant to interfaces.
- The active/primary router is chosen based on highest HSRP priority (default priority is 100). In case of a tie, the router with the highest configured IP address becomes primary. A new router with a higher priority does not cause an election unless it is configured to preempt—that is, take over from a lower priority router. Configuring a router to preempt also ensures that the highest priority router regains its active status if it goes down and comes back online again.
- Interface tracking reduces the active router’s priority if a specified link is down. This enables the standby router to take over even though the active router is still up.
HSRP States
- Initial: HSRP is not running.
- Learn: The router does not know the virtual IP address and is waiting to hear from the active router.
- Listen: The router knows the IP and MAC of the virtual router, but it is not the active or standby router.
- Speak: Router sends periodic HSRP hellos and participates in the election of the active router.
- Standby: Router monitors hellos from active router and assumes responsibility if active router fails.
- Active: Router forwards packets on behalf of the virtual router.
HSRP - Sample Lab and Commands
Gateway Router R1 F0/0 (LAN) Interface Config:
R1#sh run int f0/0interface FastEthernet0/0
ip address 10.10.123.11 255.255.255.0
standby 20 ip 10.10.123.1 >> Group number 20, Virtual IP 10.10.123.1
standby 20 timers 1 3 >> Hello/Holdown timers changed to speed convergence
standby 20 priority 120 >>> Router with Highest Priority becomes "Active"
standby 20 preempt delay minimum 50 >> Delays preemption by 50 seconds
standby 20 authentication md5 key-string cisco >>Only authorized routers involve in HSRP election
standby 20 track 10 decrement 30 >> To track WAN interface and decrement priority if down.
end
'Preempt' command is configured to enable a router to take over if the active router has lower priority, as shown in the following commands. This helps lead to a predictable data path through the network.
WAN Interface Tracking can be done in 2 ways:
1.) Directly tracking WAN interface (Serial/ATM/POS):
R2(config-if)# standby 20 track Serial0/0 30 >> Decrements the current priority with value of 30
2.) Tracking using IP SLA (Useful for Ethernet Interfaces) :
Below is Output from Gateway Router R1. Interface F0/1 is tracked using an IP SLA and Track commands.
ip sla 1
icmp-echo 10.10.17.7 source-ip 10.10.17.1
frequency 5
ip sla schedule 1 life forever start-time now
track 10 rtr 1 reachability
HSRP related Commands
R1#show standby
FastEthernet0/0 - Group 20
State is Active
2 state changes, last state change 01:18:29
Virtual IP address is 10.10.123.1
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.456 secs
Authentication MD5, key-string "cisco"
Preemption enabled, delay min 50 secs
Active router is local
Standby router is 10.10.123.12, priority 110 (expires in 2.852 sec)
Priority 120 (configured 120)
Track object 10 state Up decrement 30
Group name is "hsrp-Fa0/0-20" (default)
FastEthernet0/0 - Group 20
State is Active
2 state changes, last state change 01:18:29
Virtual IP address is 10.10.123.1
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.456 secs
Authentication MD5, key-string "cisco"
Preemption enabled, delay min 50 secs
Active router is local
Standby router is 10.10.123.12, priority 110 (expires in 2.852 sec)
Priority 120 (configured 120)
Track object 10 state Up decrement 30
Group name is "hsrp-Fa0/0-20" (default)
R2#show standby
FastEthernet0/0 - Group 20
State is Standby
6 state changes, last state change 01:10:05
Virtual IP address is 10.10.123.1
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.480 secs
Authentication MD5, key-string "cisco"
Preemption enabled, delay min 50 secs
Active router is 10.10.123.11, priority 120 (expires in 2.160 sec)
Standby router is local
Priority 110 (configured 110)
Track interface Serial0/0 state Up decrement 30
Group name is "hsrp-Fa0/0-20" (default)
R3#show standby
FastEthernet0/0 - Group 20
State is Listen
2 state changes, last state change 01:10:25
Virtual IP address is 10.10.123.1
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 1 sec, hold time 3 sec
Authentication MD5, key-string "cisco"
Preemption enabled, delay min 50 secs
Active router is 10.10.123.11, priority 120 (expires in 2.404 sec)
Standby router is 10.10.123.12, priority 110 (expires in 2.800 sec)
Priority 100 (default 100)
Track interface Serial0/0 state Up decrement 30
Group name is "hsrp-Fa0/0-20" (default)
FastEthernet0/0 - Group 20
State is Listen
2 state changes, last state change 01:10:25
Virtual IP address is 10.10.123.1
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 1 sec, hold time 3 sec
Authentication MD5, key-string "cisco"
Preemption enabled, delay min 50 secs
Active router is 10.10.123.11, priority 120 (expires in 2.404 sec)
Standby router is 10.10.123.12, priority 110 (expires in 2.800 sec)
Priority 100 (default 100)
Track interface Serial0/0 state Up decrement 30
Group name is "hsrp-Fa0/0-20" (default)
R3#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 20 100 P Listen 10.10.123.11 10.10.123.12 10.10.123.1
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 20 100 P Listen 10.10.123.11 10.10.123.12 10.10.123.1
Output from Switch:
Switch#show mac vlan 1 | i 0000.0c07.ac14 >> HSRP Virtual MAC0000.0c07.ac14 Dynamic 1 FastEthernet1/2 >> Only R1 (active) replies to ARP Queries.
Output from Host4. See the HSRP MAC address learned for the Virtual IP 10.10.123.1.
Host4#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.123.1 0 0000.0c07.ac14 ARPA FastEthernet0/0
Internet 10.10.123.4 - ca04.16b0.0000 ARPA FastEthernet0/0
If you understood the concept and liked this article, kindly share it with your friends.
