FHRP Concepts
Upon completion of this chapter, you will be able to answer the following questions:
What is the purpose and operation of first hop redundancy protocols?
How does HSRP operate?
This chapter uses the following key terms. You can find the definitions in the Glossary.
First Hop Redundancy Protocols (FHRP) Page 262
Hot Standby Router Protocol (HSRP) Page 262
Virtual Router Redundancy Protocol (VRRP) Page 266
Your network is up and running. You’ve conquered Layer 2 redundancy without any Layer 2 loops. All your devices get their addresses dynamically. You are good at network administration! But, wait. One of your routers, the default gateway router in fact, has gone down. None of your hosts can send any messages outside of the immediate network. It’s going to take a while to get this default gateway router operating again. You’ve got a lot of angry people asking you how soon the network will be “back up.”
You can avoid this problem easily. First Hop Redundancy Protocols (FHRPs) are the solution you need. This module discusses what FHRP does, and all the types of FHRPs that are available to you. One of these types is a Cisco-proprietary FHRP called Hot Standby Router Protocol (HSRP). You learn how HSRP works and then complete a Packet Tracer activity where you configure and verify HSRP. Don’t wait, get started!
If a router or router interface (that serves as a default gateway) fails, the hosts configured with that default gateway are isolated from outside networks. A mechanism is needed to provide alternate default gateways in switched networks where two or more routers are connected to the same VLANs.
In this section you will learn how FHRPs are used to provide default gateway redundancy.
If a router or router interface that serves as a default gateway fails, the hosts configured with that default gateway are isolated from outside networks. A mechanism is needed to provide alternate default gateways in switched networks where two or more routers are connected to the same network or VLANs. That mechanism is provided by first hop redundancy protocols (FHRPs).
In a switched network, each client receives only one default gateway. There is no way to use a secondary gateway, even if a second path exists to carry packets off the local segment.
In Figure 9-1, R1 is responsible for routing packets from PC1.
If R1 becomes unavailable, the routing protocols can dynamically converge. R2 now routes packets from outside networks that would have gone through R1. However, traffic from the inside network associated with R1, including traffic from workstations, servers, and printers configured with R1 as their default gateway, are still sent to R1 and dropped.
Note
For the purposes of the discussion on router redundancy, there is no functional difference between a Layer 3 switch and a router at the distribution layer. In practice, it is common for a Layer 3 switch to act as the default gateway for each VLAN in a switched network. This discussion focuses on the functionality of routing, regardless of the physical device used.
End devices are typically configured with a single IPv4 address for a default gateway. This address does not change when the network topology changes. If that default gateway IPv4 address cannot be reached, the local device is unable to send packets off the local network segment, effectively disconnecting it from other networks. Even if a redundant router exists that could serve as a default gateway for that segment, there is no dynamic method by which these devices can determine the address of a new default gateway.
Note
IPv6 devices receive their default gateway address dynamically from the Internet Control Message Protocol version 6 (ICMPv6).
One way to prevent a single point of failure at the default gateway is to implement a virtual router. To implement this type of router redundancy, multiple routers are configured to work together to present the illusion of a single router to the hosts on the LAN, as shown in Figure 9-2. By sharing an IP address and a MAC address of the virtual router, two or more routers can act as a single virtual router.
The IPv4 address of the virtual router is configured as the default gateway for the workstations on a specific IPv4 segment. When frames are sent from host devices to the default gateway, the hosts use ARP to resolve the MAC address that is associated with the IPv4 address of the default gateway. The ARP resolution returns the MAC address of the virtual router. Frames that are sent to the MAC address of the virtual router can then be physically processed by the currently active router within the virtual router group. A protocol is used to identify two or more routers as the devices that are responsible for processing frames that are sent to the MAC or IP address of a single virtual router. Host devices send traffic to the address of the virtual router. The physical router that forwards this traffic is transparent to the host devices.
A redundancy protocol provides the mechanism for determining which router should take the active role in forwarding traffic. It also determines when the forwarding role must be taken over by a standby router. The transition from one forwarding router to another is transparent to the end devices.
The ability of a network to dynamically recover from the failure of a device acting as a default gateway is known as first-hop redundancy.
When the active router fails, the redundancy protocol transitions the standby router to the new active router role, as shown in Figure 9-3.
These are the steps that take place when the active router fails:
Step 1. The standby router stops seeing Hello messages from the forwarding router.
Step 2. The standby router assumes the role of the forwarding router.
Step 3. Because the new forwarding router assumes both the IPv4 and MAC addresses of the virtual router, the host devices see no disruption in service.
The FHRP used in a production environment largely depends on the equipment and needs of the network. Table 9-1 lists all the options available for FHRPs.
Table 9-1 Options for Implementing an FHRP
FHRP Options |
Description |
Hot Standby Router Protocol (HSRP) |
|
HSRP for IPv6 |
|
Virtual Router Redundancy Protocol version 2 (VRRPv2) |
|
VRRPv3 |
|
|
|
GLBP for IPv6 |
|
|
Check Your Understanding—First Hop Redundancy Protocols (9.1.5)
Refer to the online course to complete this activity.
In this section you will learn how to implement HSRP.
Cisco provides HSRP and HSRP for IPv6 as a way to avoid losing outside network access if your default router fails.
HSRP is a Cisco-proprietary FHRP that is designed to allow for transparent failover of a first-hop IP device.
HSRP ensures high network availability by providing first-hop routing redundancy for IP hosts on networks configured with an IP default gateway address. HSRP is used in a group of routers for selecting an active device and a standby device. In a group of device interfaces, the active device is the device that is used for routing packets; the standby device is the device that takes over when the active device fails, or when pre-set conditions are met. The function of the HSRP standby router is to monitor the operational status of the HSRP group and to quickly assume packet-forwarding responsibility if the active router fails.
The role of the active and standby routers is determined during the HSRP election process. By default, the router with the numerically highest IPv4 address is elected as the active router. However, it is always better to control how your network will operate under normal conditions rather than leaving it to chance.
HSRP priority can be used to determine the active router. The router with the highest HSRP priority will become the active router. By default, the HSRP priority is 100. If the priorities are equal, the router with the numerically highest IPv4 address is elected as the active router.
To configure a router to be the active router, use the standby priority interface command. The range of the HSRP priority is 0 to 255.
By default, after a router becomes the active router, it will remain the active router even if another router comes online with a higher HSRP priority.
To force a new HSRP election process to take place when a higher priority router comes online, preemption must be enabled using the standby preempt interface command. Preemption is the ability of an HSRP router to trigger the reelection process. With preemption enabled, a router that comes online with a higher HSRP priority will assume the role of the active router.
Preemption only allows a router to become the active router if it has a higher priority. A router enabled for preemption, with equal priority but a higher IPv4 address, will not preempt an active router. Refer to the topology in Figure 9-4.
R1 has been configured with the HSRP priority of 150, and R2 has the default HSRP priority of 100. Preemption has been enabled on R1. With a higher priority, R1 is the active router and R2 is the standby router. Due to a power failure affecting only R1, the active router is no longer available and the standby router, R2, assumes the role of the active router. After power is restored, R1 comes back online. Because R1 has a higher priority and preemption is enabled, it will force a new election process. R1 will reassume the role of the active router, and R2 will fall back to the role of the standby router.
Note
With preemption disabled, the router that boots first will become the active router if there are no other routers online during the election process.
A router can either be the active HSRP router responsible for forwarding traffic for the segment, or it can be a passive HSRP router on standby, ready to assume the active role if the active router fails. When an interface is configured with HSRP or is first activated with an existing HSRP configuration, the router sends and receives HSRP hello packets to begin the process of determining which state it will assume in the HSRP group.
Table 9-2 summarizes the HSRP states.
Table 9-2 HSRP States
HSRP State |
Description |
Initial |
This state is entered through a configuration change or when an interface first becomes available. |
Learn |
The router has not determined the virtual IP address and has not yet seen a hello message from the active router. In this state, the router waits to hear from the active router. |
Listen |
The router knows the virtual IP address, but the router is neither the active router nor the standby router. It listens for hello messages from those routers. |
Speak |
The router sends periodic hello messages and actively participates in the election of the active and/or standby router. |
Standby |
The router is a candidate to become the next active router and sends periodic hello messages. |
The active and standby HSRP routers send hello packets to the HSRP group multicast address every 3 seconds by default. The standby router will become active if it does not receive a hello message from the active router after 10 seconds. You can lower these timer settings to speed up the failover or preemption. However, to avoid increased CPU usage and unnecessary standby state changes, do not set the hello timer below 1 second or the hold timer below 4 seconds.
Check Your Understanding—HSRP (9.2.4)
Refer to the online course to complete this activity.
The following is a summary of each section in the module.
If a router or router interface that serves as a default gateway fails, the hosts configured with that default gateway are isolated from outside networks. FHRP provides alternate default gateways in switched networks where two or more routers are connected to the same VLANs. One way to prevent a single point of failure at the default gateway is to implement a virtual router. With a virtual router, multiple routers are configured to work together to present the illusion of a single router to the hosts on the LAN. When the active router fails, the redundancy protocol transitions the standby router to the new active router role. These are the steps that take place when the active router fails:
Step 1. The standby router stops seeing hello messages from the forwarding router.
Step 2. The standby router assumes the role of the forwarding router.
Step 3. Because the new forwarding router assumes both the IPv4 and MAC addresses of the virtual router, the host devices see no disruption in service.
The FHRP used in a production environment largely depends on the equipment and needs of the network. These are the options available for FHRPs:
HSRP and HSRP for IPv6
VRRPv2 and VRRPv3
GLBP and GLBP for IPv6
IRDP
HSRP is a Cisco-proprietary FHRP designed to allow for transparent failover of a first-hop IP device. HSRP is used in a group of routers for selecting an active device and a standby device. In a group of device interfaces, the active device is the device that is used for routing packets; the standby device is the device that takes over when the active device fails, or when pre-set conditions are met. The function of the HSRP standby router is to monitor the operational status of the HSRP group and to quickly assume packet-forwarding responsibility if the active router fails. The router with the highest HSRP priority will become the active router. Preemption is the ability of an HSRP router to trigger the reelection process. With preemption enabled, a router that comes online with a higher HSRP priority will assume the role of the active router. HSRP states include initial, learn, listen, speak, and standby.
Packet Tracer—HSRP Configuration Guide (9.3.3)
Note: HSRP configuration is not a required skill for this module, course, or for the CCNA certification. However, we thought you might enjoy implementing HSRP in Packet Tracer. Completing this activity will help you better understand how FHRPs, and specifically HSRP, operate.
In this Packet Tracer activity, you learn how to configure Hot Standby Router Protocol (HSRP) to provide redundant default gateway devices to hosts on LANs. After configuring HSRP, you will test the configuration to verify that hosts are able to use the redundant default gateway if the current gateway device becomes unavailable.
Configure an HSRP active router.
Configure an HSRP standby router.
Verify HSRP operation.
The following activities provide practice with the topics introduced in this chapter. The Labs are available in the companion Switching, Routing, and Wireless Essentials Labs and Study Guide (CCNAv7) (ISBN 9780136634386). The Packet Tracer Activity instructions are also in the Labs & Study Guide. The PKA files are found in the online course.
Packet Tracer Activity
Packet Tracer 9.3.3: HSRP Configuration Guide
Complete all the review questions listed here to test your understanding of the sections and concepts in this chapter. The appendix “Answers to the ‘Check Your Understanding’ Questions” lists the answers.
1. Which statement about HSRP operation is true?
HSRP supports only clear-text authentication.
The active router responds to requests for the virtual MAC and virtual IP address.
The AVF responds to default gateway ARP requests.
The HSRP virtual IP address must be the same as one of the router’s interface addresses on the LAN.
2. Which statement about HSRP operation is true?
HSRP supports only clear-text authentication.
The active router responds to requests for the virtual MAC and virtual IP address.
The AVF responds to default gateway ARP requests.
The HSRP virtual IP address must be the same as one of the router’s interface addresses on the LAN.
3. Which statement regarding VRRP is true?
VRRP elects a master router and one or more other routers as backup routers.
VRRP elects a master router, one backup router, and all other routers are standby routers.
VRRP elects an active router and a standby router, and all other routers are backup routers.
VRRP is a Cisco proprietary protocol.
4. A network administrator is overseeing the implementation of first hop redundancy protocols. Which protocol is a Cisco proprietary protocol?
HSRP
IRDP
Proxy ARP
VRRP
5. What is the purpose of HSRP?
It enables an access port to immediately transition to the forwarding state.
It prevents a rogue switch from becoming the STP root.
It prevents malicious hosts from connecting to trunk ports.
It provides a continuous network connection when a default gateway fails.
6. Which is a characteristic of the HSRP Learn state?
The router actively participates in the active/standby election process.
The router has not determined the virtual IP address.
The router knows the virtual IP address.
The router sends periodic hello messages.
7. A network administrator is analyzing the features that are supported by different first-hop router redundancy protocols. Which statement describes a feature that is associated with VRRP?
VRRP assigns active and standby routers.
VRRP assigns an IP address and default gateway to hosts.
VRRP enables load balancing between a group of redundant routers.
VRRP is a non-proprietary protocol.
8. When HSRP is used in a network, what destination MAC address is used in frames that are sent from the workstation to the default gateway?
MAC address of the forwarding router
MAC addresses of both the forwarding and standby routers
MAC address of the standby router
MAC address of the virtual router
9. What happens to a host in an HSRP network when the active router fails?
The host initiates a new ARP request.
The host stops seeing hello messages from the active router.
The host uses the standby router IP and MAC addresses.
The host will notice little or no disruption of service.
10. Which of the following correctly describes GLBP?
It is a Cisco proprietary FHRP and provides redundancy and load sharing.
It is an open standard FHRP.
It uses virtual master routers and one or more backup routers.
It is a legacy open standard FHRP that allows IPv4 hosts to discover gateway routers.
11. Which HSRP preemption statement is true?
It enables a router that boots first to become the active router.
It is enabled by default.
It is enabled using the standby preempt interface command.
It is enabled using the standby priority interface command.
3.135.218.28