First Hop Redundancy Protocols

HSRP

Hot Standby Router Protocol

Cisco Proprietary

RFC 228

Virtual IP can be the same as an interface IP (good for existing environments). This device will automatically be the master with priority 255.
The virtual and interfaces IPs must all be in the same subnet.

VRRP

Virtual Router Redundancy Protocol

Open standard similar to HSRP

RFC 3768

Preemption enabled by default

VRRPv2 supports only IPv4, but v2 also supports IPv6.

Virtual IP can be the same as an interface IP (good for existing environments).
The device with this interface is called the 'IP address owner'.
This device will automatically be the master with priority 255.
The virtual and interfaces IPs must all be in the same subnet.

GLBP

Gateway Load Balancing Protocol

Cisco proprietary redundancy protocol preconfigured for load balancing with advanced load–balancing features.

Load-balances round-robin style by default, but weighted balancing may be configured.

Preemption disabled by default; the SVG will only takeover for the AVG if the AVG fails, despite priority changes.

The virtual and interfaces IPs must all be in the same subnet.
The virtual IP cannot be the same as an interface IP.

HSRP Roles

Elects highest priority, then highest IP.

Active router:
>Listens on virtual IP.
>Services 100% of traffic.

Standby router:
>Waits for active router to fail.
>Doesn't service any traffic.

VRRP Roles

Elects highest priority, then highest IP.

Master:
>Held by the active router that forwards traffic for a virtual IP address.
>Services 100% of traffic.

Backup:
>A standby router ready to take over the master role if the active router fails
>Periodically sends VRRP advertisements to monitor the master.

GLBP Roles

Elects on highest priority, then highest IP.

AVG (Active Virtual Gateway) - responds to each ARP request with a different MAC each time, to distribute dataflows between each device, identified by an AVF (active virtual forwarder) number.

SVG (Standby Virtual Gateway) - monitors AVG status, and takes over AVG role if AVG fails.

AVF forwarder numbers are assigned by the order routers are configured.

HSRPv1 MAC

0000.0c07.acXX (XX group # in hexadecimal)

0000.0C - a Cisco OUI

Lucky AC cools off that ‘HOT’ standby.

HSRPv2 MAC

0000.0c9f.fXXX (XXX group # in hexadecimal)

0000.0C - a Cisco OUI

9F.F = New Fun Features

VRRP MAC

0000.5E00.01XX (XX group # in hexadecimal)

0000.5E - OUI for IANA

5E = 5tandard Ethos - as it’s an open protocol

GLBP MAC

0007.b400.xxyy

(XX group # in hexadecimal)
(YY AVF # in hexadecimal)

0007.b4 - Cisco GLBP OUI - Remember b4 you had load balancing? That sucked.

HSRP States

Init: Awaits start event.

Learn: Waits to learn the virtual IP from other HSRP routers when it’s not manually configured.

Listen: Knows its virtual IP; listens to hellos from active/standby routers to monitor their status. Remains in this state if not Active or Standby.

Speak: Router is a candidate for Active or Standby. It may go to Listen if it receives hellos from at least two other routers of higher priority.

VRRP States

Initialize: awaits a startup event, such as an interface coming up, before electing a role based on priorities.

Master/Backup: (see roles)

GLBP States

Listen: listens for hello packets to monitor status of SVG and AVG. Still an AVF candidate.

Standby: Standby Virtual Gateway - tracks AVG status and takes over AVG role if it fails.

Active: Active Virtual Gateway - respond to ARP requests and assigns virtual MAC address to AVFs (Active Virtual Forwarders) in the group

Configure HSRP

conf–if# standby [id] ip [virtual IP] <=best practice: [id]=VLAN #

conf–if# standby [id] preempt

conf–if# standby [id] priority # <= (1-255, default=100)

config-if# standby [id] authentication text [password]
conf–if# standby [id] authentication md5 {key-chain (key-chain) | key-string [text]}

conf-if# standby version {1|2}

Verify:
# show standby [id]
# show standby [interface ID]

Configure VRRP

conf–if# vrrp [id] ip [virtual IP]

conf-if# no vrrp [id] preempt

config-if# vrrp [id] authentication text [password]
config-if# vrrp [id] authentication md5 {key-chain (key-chain) | key-string [text]}

config-if# vrrp [id] priority # <= (1-254, default =100, 255 reserved for router that owns the IP)

config# fhrp version vrrp {v2|v3}

Verify: #show vrrp

Configure GLBP

conf–if# glbp # ip [virtual IP]

Load balancing:
Configure on AVG:
conf–if# glbp # load–balancing weighted

config-if# glbp [id] authentication text [password]
config-if# glbp [id] authentication md5 {key-chain (key-chain) | key-string [text]}

Configure on each router:
conf–if# glbp # weighting [%]

Verify: #show glbp

Configure Object Tracking w/ HSRP/VRRP

Track interface for going down:
conf# track # [interface ID] line–protocol <= # = locally unique ID

Set HSRP reaction:
conf–if# standby [id] track # decrement [priority change]|

Set VRRP reaction:
conf–if# vrrp [id] track # decrement [priority change]

HSRP v1 v. v2

There’s no reason to use v1 over v2.
Only if a device only supports v1.
Preemption disabled by default in v1, but enabled in v2.

v1 group #s: 0–255

v2 group #s: 0–4095

v2 is not backwards compatible and uses a different packet format for a more more stable, scalable, and manageable high-density networks by including a 6 byte identifier field in hello packets to uniquely identify the source.