Layer 3 Redundancy with HSRP

By Sunset Learning Instructor Andrew Stibbards

Downloadable PDF: HSRP Informative

Hot Standby Router Protocol (HSRP) is a Cisco proprietary protocol which allows several routers or multilayer switches to appear as a single gateway IP address. It provides redundancy for the layer 3 functions in our networks. Other protocols that provide the same redundancy include Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP). VRRP is a standard protocol, but is very similar to HSRP in operation. GLBP becomes advantageous when you start load balancing, which I will discuss later. But why do we need these?

The figure below is a given network, the user’s machines are assigned a default gateway. They use ARP to acquire the layer 2 address of the default gateway. As far as the user’s machine is concerned, this is all they know. They have no backup or alternate default gateway. When the router that is the default gateway goes down, or the physical path to the router, your machine no longer has a default gateway. Even if there is another router present on that network segment, its information does not match what the user’s machine is assigned. This is where layer 3 redundancy comes in.

Layer 3 Redundancy with HSRP - 1 copyFigure 1: Network With No Layer 3 Redundancy

HSRP Function Overview

HSRP groups multiple physical routers or multilayer switches into a single virtual router. All of the routers participating in the HSRP group share a single virtual IP address and a single virtual MAC address. This is what is advertised into our networks. So when a router goes down or the link into the router fails, there is a second physical device ready to respond to the same default gateway address information. From the user’s perspective, there is no loss in connectivity. From an administrator’s perspective, this means they can focus on fixing the problem without fielding tickets from users complaining about network loss.

 Layer 3 Redundancy with HSRP - 2

Figure 2: Network With Layer 3 Redundancy.

Internal Mechanics

Within HSRP there is a concept of an active router and a standby router. The active router is responsible for responding to ARP requests and handling packet forwarding. It is also sending hello messages via multicast every 3 seconds to the standby router. HSRP uses multicast address 224.0.0.2 or 224.0.0.102, for versions one and two respectively. The standby router does not take any action except to listen for the hello messages from the active router. The default hold timer (how long it will wait after missing hello packets) is 10 seconds. So if a standby router misses 3 hello intervals, it will assume the active status, and begin using the virtual IP address and MAC address. Because these are the exact same addresses that the previous active router was using, there is no need to reconfigure the user’s machines. The virtual IP address is chosen by the administrator, and the MAC address is auto generated. For version 1, a MAC address of 0000.0c07.acXX is used, where XX is the group number in hex format. Version 2 uses MAC address 0000.0c9f.fXXX, with the last 3 digits again representing group number in hex format.

Interface Tracking

Another fun thing you can do with HSRP is interface tracking. Even if your active router is operational, and the user’s traffic can reach the router, what happens if the active router’s upstream connection goes down? This could be a link to the internet, or a link to your network core, like in the figure above. If you are running a dynamic routing protocol, it should be able to redirect your traffic to another router that has a good upstream link. But what if we could skip the redirection, and just have all traffic immediately start using the second router as the default gateway? By using interface tracking, HSRP decrements a router’s priority if an interface goes down. A router with a higher priority in a HSRP group will assume the active role. When the interface comes back up, HSRP will resume its original priority level. Using this we can keep our network operating at best possible speed at all time.

Load Balancing

The last thing I want to talk about with HSRP is load balancing. Using multiple HSRP groups for multiple subnets, you can have both routers be active for different subnets, and passive for the subnets the other router is active for. By influencing this decision, you are able to utilize all available resource, while still providing the redundancy we wanted in the first place. In the case of a router or link failure, normal HSRP operation will have the remaining router assume the active role for all subnets. But when the problem is resolved, the routers will resume load balance operations. GLBP does this for us without the administrative burden of creating multiple groups.

Configuring HSRP

Now the fun part. How do you configure HSRP? The first step is to determine where on your network you want to implement HSRP, specifically the interfaces of your routers. Make sure they are both facing the same network segment you are providing redundancy for, otherwise this will not work. Once you have determined which interfaces will participate, add the interfaces into the HSRP group and assign the virtual IP address they will use. Verify the interfaces are operational, and then verify your HSRP group. Below are the commands and a sample configuration for this process.

Configuration Commands

Step 1: Enter global configuration mode: configure terminal

Step 2: Enter interface configuration mode, specifically the interface you want to enable HSRP on: interface interface-id

Step 3: (Optional) Set the HSRP version to be used (default is version 1): standby version {1 | 2}

Step 4: Create a HSRP group number (0-255, default is 0) the interface will associate with, and set the virtual IP address: standby [group-number] ip [ip-address]

Step 5: End configuration mode and return to privileged EXEC mode: end

Step 6: Verify the configuration: show standby [interface-id [group]]

Step 7: Save your work: copy running-configuration startup-configuration

Sample Configuration:

Router# configure terminal

Router(config)# interface gigabitethernet 0/0

Router(config-if)# standby version 2

Router(config-if)# standby 1 ip 10.1.1.1

Router(config-if)# end

Router# show standby

Router# copy running-configuration startup-configuration

Once you have verified the configuration on one router, you will then configure the second router in the HSRP group with the exact same group number. Verify your configuration with the “show standby” command. You should see both routers aware of each other in the group, with one listed as active and the over as standby. In order for HSRP to work, both interfaces added into the process must be using the same HSRP version, the same group number, and the same IP address. If any of that information does not match, they will not act as a group. And please verify before you save over the existing startup-configuration. It does not help to save a faulty configuration.

Other Technologies

In addition to HSRP, we have VRRP and GLBP, which I mentioned earlier. VRRP is a standard protocol, while HSRP is a Cisco proprietary. You can use either on a Cisco router, and in function they provide the same service. One of the major differences between the two protocols is that in VRRP, you can use the physical interface IP address as the virtual IP address for the VRRP group. If conserving IP addresses is a concern VRRP will be better suited for your network. GLBP is another Cisco proprietary protocol. Its major advantage is its ability to automatically support load-balancing of multiple uplinks. HSRP and VRRP only have one router active at any time, per group. In order to take advantage of all links at all times, you have to configure multiple groups. In a GLBP group the devices automatically share frame forwarding duties. It also provides full redundancy in case of a line or device failure, like HSRP and VRRP.

Summary

In summary, HSRP provides layer 3 redundancy in our network through active and standby router assignment, interface tracking, and load balancing. A group of physical routers, acting as a single virtual router, advertise a single IP address and MAC address into our network. By tracking interfaces and managing multiple groups, we can optimize speed as well as add redundancy to our networks. And we can use VRRP or GLBP based on our individual network needs. The services that HSRP provides are a great addition to any network.

To see other helpful articles and videos by SLI Instructors,

please visit the SLI Blog Page

Click Here to Learn More About Sunset Learning Routing & Switching Authorized Training Courses