Everything you need to know about FHRP (First Hop Redundancy Protocol)
Before learning about FHRP (First Hop Redundancy Protocol), a network engineer must understand why redundancy is even required in networking.
Redundancy plays a vital role in networking. Network redundancy assures business continuity by avoiding failure of the network. By keeping operations running all the time, it boosts productivity.
To have a dependable network, we must build a redundant one. In local area networks (intranet), we use multiple switches for redundancy. But is it possible for multiple routers too?
Yes, it is also possible to have redundant topology to connect different networks together.
Every host connected to the organization's network must use a router, which acts as the host's default gateway to the Internet. But what happens if the gateway router is unavailable?
Hosts can have only one default gateway configured at a time, so when that router fails, hosts will lose connectivity.
We need to replace the gateway router and also need to configure default gateway on every host. This approach is ineffective because it will result in longer service interruptions for the organization's users. That is where FHRP steps in.
What is FHRP in Networking?
First Hop Redundancy Protocol (FHRP) is a hop redundancy protocol designed to provide redundancy to the gateway router within the organization's network by using a virtual IP address and virtual MAC address. So, in case of a failure of the gateway, the backup router will become active, usually within a few seconds.
- Two or more routers should be utilized as a gateway router in order to deploy FHRP.
- Each router's physical interfaces have a unique IP address.
- Additionally, both routers will have virtual MAC and IP addresses.
- The virtual IP address will serve as the organization's network's default gateway IP address for all connected devices.
- One router will be used as a default (gateway router), and the other will be a backup router.
If the default router goes offline, the backup router will take its place to be the gateway router for all the hosts without changing the default gateway address of every host.
The below diagram is an example of a network topology without FHRP implementation:
The below diagram is an example of network topology with FHRP implemented:
There are three ways to implement FHRP. Examples of these protocols are:
- Hot Standby Router Protocol (HSRP) - Initial and proprietary standard of Cisco
- Virtual Router Redundancy Protocol (VRRP) - An open standard protocol
- Gateway Load Balancing Protocol (GLBP) - A more recent proprietary standard from Cisco that permits load balancing as well as redundancy
Let's discuss each one of these, one by one. Let's start with HSRP.
Hot Standby Router Protocol
Hot Standby Router Protocol or HSRP is a Cisco-proprietary router redundancy protocol that enables a group of routers to cooperate to have a redundant network. All the routers within the group will have the same virtual IP address and virtual mac address.
The Two router states of Hot Standby Router Protocol (HSRP) are:
- Active Router – The router that actively (default) sends and receives a packet to the host within the organization is the default gateway router. From the group of routers, only one will be selected as an active router.
- Standby Router – The router that, in case the current active router will go offline, among the standby router will be chosen as the active router.
- Exchange Hello messages every 3 sec.
- Multicast IP for HSRP version 1 = 220.127.116.11
- Multicast IP for HSRP version 2 = 18.104.22.168
- UDP port number = 1985
- Group number = 0-255
- The default priority is 100, and the range is 0-255
- Election of active router
- Highest priority
- If priority is same, then the highest IP address configured on the interface
- Virtual MAC address of HSRP is 0000.0c07.acxx
Where, 0000.0c = Cisco ID
07.ac = HSRP ID
xx= Group Number
For Example - For HSRP group number 10, the virtual MAC address will be 0000.0c07.ac0A
HSRP's problem is that at any given time, only one router will be active. The other router is on standby until the active router fails. This plan of action is not particularly effective because all of the extra bandwidth offered by redundant uplinks connected to standby routers will not be utilised.
VRRP stands for Virtual Router Redundancy Protocol. It is a vendor-neutral redundancy protocol that groups two or more routers to produce a new single virtual router. It allows for redundancy by assigning the same virtual gateway IP address and MAC address to all physical routers in the VRRP group.
Currently, VRRP is at version 2. It's almost the same idea as HSRP. The only difference is that on VRRP, preemption is enabled by default, whereas on HSRP, it must be configured manually.
Note - If we want a specific router to always assume the role of an Active HSRP Router whenever it's up and running, then we can use HSRP Preempt.
Two states of Virtual Router Redundancy Protocol (VRRP) are:
It is currently the organization's default gateway for all hosts. It is constantly sending and receiving packets to and from the hosts.
During a failover or when the master router goes offline, the backup router will take over as the master router.
GLBP stands for Gateway Load Balancing Protocol. It prevents a single point of failure, like HSRP and VRRP. Still, it also allows load-sharing among a group of redundant routers so that all the routers will take an active part in packet forwarding, and no uplink will be unused. This is the additional feature of GLBP protocol with redundancy.
- All the routers taking part in GLBP form a group. After that, they elect one router to serve as the group's AVG (active virtual gateway).
- Other members of the group serve as backup for the AVG if it fails.
- The AVG has control over all group members by assigning each one a virtual MAC address.
- Each router is responsible for forwarding packets sent to the AVG-assigned virtual MAC address.
- For their virtual MAC address, these routers are referred to as AVF (active virtual forwarder).
- ARP (Address Resolution Protocol) requests for the virtual IP address are also handled by the AVG. This is critical to GLBP operation because load balancing is achieved by the AVG responding to ARP requests from different hosts with different virtual MAC addresses.
- When a client requests the IP address of its default gateway via ARP, the AVG responds with the virtual MAC address of one of the AVFs.
- When another client sends an ARP message to resolve the default gateway address, the AVG responds with the virtual MAC address of the next AVF. As a result, each client receives a unique virtual MAC address for the same virtual IP address as the default gateway.
- As a result, despite having the same default gateway configured, each client will send its traffic to a different router.
- GLBP is Cisco proprietary protocol, introduced in Cisco IOS software release 12.2(14)s for routers.
- All the routers in the group forward the data.
- AVG (Active Virtual Gateway) is assigned to one of the routers in the group
- Highest priority router
- If priority is the same, then the highest IP address configured on the interface
- Maximum number of virtual MACs supported per group = 4
- GLBP group number = 0 –1023
- Priority Value= 1-255
- Hello Timer = 3sec, Dead Timer = 10sec
- Multicast IP address=22.214.171.124
- Virtual MAC address = 0007.b4xx.xxyy
Where, xx.xx = GLBP group Number and yy = virtual Forwarder number.
For Example - GLBP group number 1 and forwarder 1 has virtual MAC address: 0007.b400.0101
There are several such technologies in the market, but today we focused on FHRP. If you are interested in learning more about network protocols, you can check out PyNet Labs' blogs.
We hope you like the information in this blog. You can comment in the comment box below if you have any complaints/suggestions for its betterment.
If your goal is to master these protocols, you should enrol in our CCNA 200-301 training. This training course will not only introduce you to the networking world but also help you master most of the networking protocols. Check out by visiting the CCNA 200-301 training page to find out more.