Adjacent Node

Are you down with FHRP? Yeah, you know me!

You can’t spell redundancy without FHRP…ok well maybe you can, but you really shouldn’t. I was interviewing a candidate for one of our Network Engineer I positions, and they couldn’t recall anything about FHRP, and I had to stop myself from wanting to pause the interview right away and geek out on how amazing this…

adjacentnode
4 minutes
, , , , , , , ,

You can’t spell redundancy without FHRP…ok well maybe you can, but you really shouldn’t. I was interviewing a candidate for one of our Network Engineer I positions, and they couldn’t recall anything about FHRP, and I had to stop myself from wanting to pause the interview right away and geek out on how amazing this protocol is and how he should definitely get to know it. I figured this would be a great place to start my first blog post.

So, what is FHRP? FHRP stands for First Hop Redundancy Protocol, and in its simplest definition, a way to have a redundant gateway for VLANs. Redundancy and the need for it is universally understood by both networkers and users as being pretty darn important for the network. But what is the point of having redundant L3 devices, if the networks that they route aren’t redundant as well? With FHRP, the same subnet can exist on two different L3 devices all sharing a single gateway IP address. This IP address, also often referred to as a VIP (virtual IP), will be negotiated between the routers to which one is actively using it as the gateway for the VLAN. When the primary goes down, the secondary takes over and send a Gratuitous ARP to tell the other devices on the network that they are the captain now active gateway. There are 3 different flavors of FHRP: HSRP, VRRP, and GLBP. I’ll break down each one below.

A bare bones FHRP configuration would look something like this:

R1#int config vlan 10
R1(config-if)#ip address 10.10.0.253 255.255.255.0
R1(config-if)#standby 1 ip 10.10.0.254

R2#int config vlan 10
R2(config-if)#ip address 10.10.0.252 255.255.255.0
R2(config-if)#standby 1 ip 10.10.0.254

Note: 1 in this configuration represents the group number, which tells the L3 devices that the VIP’s are together.

HSRP – Hot Standby Router Protocol (Cisco proprietary)

Quick Facts

  • There are two version of HSRP, v1 and v2.
    • v1
      • allows for 256 groups
      • VMAC of 0000.0c07.acXX (xx is group id)
      • MCAST of 224.0.0.2
    • v2
      • allows for 4096 groups.
      • VMAC of 0000.0c9f.fXXX (xxx is group id)
      • MCAST of 224.0.0.102
  • Whichever interface has the highest priority between 0-255 takes over. If tied, the highest IP address of the interface wins.
  • Hello timer sends a multicast keep alive every 3 seconds
  • Hold timer is 10 seconds, if there’s no response to the hello, it assumes its neighbor is down. (v2, this can be changed to MS for faster switchover)
  • Supports authentication via clear text and MD5 passwords.

VRRP – Virtual Router Redundancy Protocol (open standard)

Quick Facts

  • There are two versions of VRRP, v2 and v3. v3 supports IPv6 addresses.
  • 256 groups
  • VMAC of 0000.5e00.01XX (xx is group id)
  • MCAST of 224.0.0.18
  • Functions the same way as HSRP except:
    • Master and Backup designations instead of Active and Standby
    • Priorities range from 0-254
    • Preemption is on be default
    • Allows you to re-use the same address for the VIP

The biggest reason to use VRRP over HSRP in my opinion if you’re running a Cisco network is if IP addresses are in short supply, you can re-use the same IP address for both interfaces.

GLBP – Gateway Load Balancing Protocol (Cisco proprietary)

GLBP works differently than HSRP and VRRP in that it load balances the VLAN traffic between two or more L3 devices. Instead of one interface being active while the other is disabled and not responding to requests, GLBP has one interface as an active virtual gateway (AVR) and the rest (including itself) designated as an active virtual forwarder (AVF). Each device will have its own VMAC which is assigned by the AVR. When a client sends an ARP request to its gateway, the AVR will always receive this ARP request, however in its response it will include the VMAC of one of the interfaces in the group depending on how load balancing is setup. This allows up to four L3 devices to be the gateway to one subnet for multiple clients.

Quick Facts

  • 1024 groups
  • VMAC 0007.b40X.XXYY (xxx is group id, yy is AVF id)
  • MCAST of 224.0.0.102
  • Load balanced
    • Round robin
    • Weights
    • Host-dependent by MAC address

Design Note

While GLBP is the only FHRP that does true load balancing, I would be amiss if I didn’t tell you how some real-world networks use HSRP and still load balance (sorta). GLBP while great for many large environments, can get very expensive. An easy way of load balancing traffic between multiple VLANS using HSRP/VRRP is by having a mix of active/master and standby/backup interfaces on each L3 device.

For example, if you have two routers with four different SVIs, router 1 could be the active for two of the VLANs, while router 2 could be the active for the other two VLANs. This way traffic is handled by both devices and split as even as possible given the technical restraints.

It’s also recommended to reduce and tune the hello and hold timers to best suit the environment, use md5 authentication, and use object-tracking if your L3 uplinks are different. Object tracking allows switching of the active interface by tracking values that impact the network. For instance, it can track routes, line protocols, reachability, and IP-SLA. You can learn more about object tracking and it’s configuration here.

Leave a comment

Trending

Create a website or blog at WordPress.com