Let us discuss about Hot Standby Router Protocol, advantages, disadvantages, applications, types and How HSRP Works.
In order to offer network redundancy and high availability, Cisco’s patented Hot Standby Router Protocol (HSRP) removes single points of failure at the default gateway for both IPv4 and IPv6 networks.
Hot Standby Router Protocol
Two or more physical routers in a subnet can work together and function as a single logical default router with HSRP. This logical router is referred to as a virtual router since it has a virtual MAC address and virtual IP address of its own. The default gateway for end devices is set to this virtual IP address. IPv6 networks are supported by HSRP, which enables transparent failover of a first-hop IPv4 device.
How HSRP Works
An active/standby (or active/passive) model is used by HSRP.
Virtual Router Representation: With a virtual IP address and virtual MAC address, a virtual router is displayed to every client device. The host computers’ default gateway is set up with this virtual IP address.
Role Assignment: The HSRP protocol chooses which physical router stays in a standby position and which takes on the active job of forwarding traffic. At any given time, only the active router supports end-user traffic by using the virtual IP and MAC addresses.
HSRP Messages: In order to negotiate roles, communicate their status and priorities, and preserve neighbour connections, routers in a HSRP group send each other multicast Hello messages.
- Hello messages: The local router’s state, priority, group ID, timer values, version, and authentication details can be found. The standard hello time is three seconds.
- Coup messages: sent when a standby router wants to assume control of the active role.
- Resign messages: sent by the active router when it is no longer performing its function, like when it shuts down or when a Hello or Coup message is sent by a higher-priority router.
Failover Process: When the active router malfunctions (for example, by ceasing to deliver Hello messages), the standby router recognizes the disturbance. The standby router subsequently takes over as the new active router by assuming the virtual IP and MAC addresses. For the purpose of updating switches’ MAC address tables to reflect the right port for the virtual MAC address, the newly active router sends out a gratuitous ARP.
Transparent to End Devices: Since end devices don’t need to adjust their settings and keep using the same virtual IP address as their default gateway, the failover is transparent to them.
HSRP States: HSRP interfaces go through the following states: Standby, Active, Listen, Speak, Init, and Disabled.
- Initial (INIT): HSRP is not operating, usually as a result of an interface availability issue or configuration update.
- Listen: The active gateway’s Hello messages are monitored by the gateway, which assumes the active gateway is down if none are received within the hold time (by default, 10 seconds).
- Speak: The active gateway communicates with the standby gateway.
- Standby: It is prepared to take over as the active router in the event that the primary router fails.
- Active: The router periodically broadcasts Hello messages and actively routes packets to the virtual MAC address.
Benefits of HSRP
High Availability and Redundancy: Even in the event of a router failure, HSRP ensures uninterrupted network function by offering a redundant gateway for hosts on a local subnet. As a result, the network becomes more resilient.
Transparent Failover: As end devices switch between active and standby routers, apps don’t notice any changes because their default gateway settings don’t change.
Simplified Client Configuration: The default gateway of hosts is a single, static virtual IP address, which makes administration easier.
Load Balancing (with specific configuration): Although HSRP usually employs an active/standby approach for a single group, it is possible to accomplish a type of load sharing by setting up several HSRP groups in several VLANs and switching between the active routers for each VLAN. As a result, routers and their WAN links are used more efficiently.
Drawbacks of HSRP
Resource Inefficiency: A single router is always actively forwarding traffic for a particular group in a typical HSRP setup, with the others sitting idle in standby mode. As a result, standby router resources may be underutilized.
Limited True Load Balancing: Genuine per-packet load balancing is not provided by HSRP. Although load sharing can be set up per VLAN, it is not as reliable as GLBP or other similar solutions.
Preemption Requirement: A router with a higher priority won’t take over the active role automatically if it comes online or recovers from a failure unless preemption is specifically enabled.
Types/Versions of HSRP
Cisco IOS is compatible with two HSRP versions:
HSRP Version 1 (HSRPv1)
- Multicast Address: Uses 224.0.0.2.
- Virtual MAC Address: 0000.0C07.ACxx, where ‘xx’ is the HSRP group number in hexadecimal. The well-known HSRP ID is 07.ac.
- Group Numbers: Restricted to a range of 0 to 255.
- IPv6 Support: No.
- Timer Granularity: Timer values are always to the whole second.
HSRP Version 2 (HSRPv2)
- Multicast Address: Uses 224.0.0.102.
- Virtual MAC Address: Range is 0000.0C9F.F000 to 0000.0C9F.FFFF.
- Group Numbers: Extended range of 0 to 4095.
- IPv6 Support: Yes, required for HSRP with IPv6.
- Timer Granularity: Capable of advertising and learning millisecond timer values, allowing quicker failover.
- Enabling HSRPv2 can cause temporary packet loss as devices learn the new MAC address range.
HSRP Configuration and Verification
There is only one command needed to configure basic HSRP on the router interface: standby group-number ip virtual-ip-address. Every HSRP router in the group needs to have the same group number and virtual IP address.
Verification Commands:
show standby.show standby brief.
HSRP Priority and Preemption
- Priority: A priority value (0-255, with 100 as the default) is assigned to HSRP routers. The router that has the highest priority is the one that is in use. The router with the largest IP address in terms of numbers is chosen as the active router if priority are equal.
- Preemption: A router with a higher priority can take over the active function by force if it comes online or recovers from a failure with the
standby preemptcommand. Preemption has been turned off by default.
HSRP Interface Tracking
Interface tracking is supported by HSRP, which links the function of the active router to the state of an upstream interface (such as a WAN link). The priority of the active router is decremented by HSRP if a tracked interface fails (the default decrement is 10). since of this priority lowering, traffic may not be sent to a router that is unable to access distant networks since a standby router with a now-effectively higher priority may become operational.
HSRP Load Balancing (Load Sharing)
While HSRP does not carry out genuine per-packet load balancing, load sharing can be accomplished by setting up distinct HSRP groups for each VLAN. For example, one router may be running VLAN 10 and VLAN 20 standby, and another router may be running VLAN 20 and VLAN 10 standby. This makes it possible to use both routers and their WAN links at the same time.
Applications of HSRP
By default, HSRP offers gateway redundancy as an FHRP. In the case of a device failure, this guarantees that the network will continue to function and makes it robust. The advantages of HSRP are implicit for any application that depends on constant IP connectivity outside of its local subnet. This contains:
Business-critical applications: databases and software for customer relationship management (CRM) and enterprise resource planning (ERP).
Real-time communication: VoIP, or voice over IP, and video conferences.
Web-based services: websites and e-commerce systems.
General user connectivity: File transfers, email, and web browsing. When a default gateway fails, FHRPs make sure that apps don’t lose service because the failover is transparent to end devices.
Troubleshooting
Virtual MAC Address Details: The HSRP virtual MAC address for HSRPv1 is 0000.0C07.ACxx where xx is the hexadecimal group number. For HSRPv2, it’s in the range 0000.0C9F.F000 to 0000.0C9F.FFFF. The first 24 bits are the Cisco OUI, the next 16 bits (07.ac for v1 or 9f.f for v2) are a well-known HSRP identifier, and the last part is the group number.
HSRP Timers: Active and standby timers are available in addition to Hello and Hold timers. The active and backup routers are monitored by these timers, which reset when Hello packets are received and expire according to the hold time, which causes role shifts in the event that no Hellos are received. Ten seconds is the default hold time.
Authentication: HSRP facilitates secure message authentication, including MD5. HSRP packets are refused if authentication schemes are incompatible or do not work.
Common Troubleshooting Issues:
- Different HSRP virtual IP addresses: Causes hosts to lose connectivity since the standby router will use a different IP in the event that the current router fails.
- Different HSRP group numbers: In the event that both routers become active, duplicate IP address warnings may result.
- Different HSRP versions: can make both routers active, which would result in alerts about duplicate IP addresses.
- Blocked HSRP multicast packets: Redundancy will be broken if peers are unable to view one another due to firewalls or access lists blocking HSRP multicast messages (UDP port 1985 on 224.0.0.2 for v1 or 224.0.0.102 for v2).
- Incorrect default gateway on end devices: It is necessary to configure the virtual IP address on end devices.