Hi today I am going to talk about FHRP (First Hop Redundancy Protocol), and the protocols within it such as VRRP (Virtual Router Redundancy Protocol), HSRP (Hot Standby Redundancy Protocol), and GLBP (Gateway Load Balancing Protocol). FHRP is a default gateway redundancy protocol that provides a backup for the main default gateway. In setups like HSRP and VRRP, there is one active/master router responsible for forwarding packets like a normal topology but FHRP logically has a router on standby/backup waiting to take over the default gateways role if it were to fail for any reason. FHRP does this by creating a FHRP group that shares a virtual IP and MAC address.
VRRP- The first FHRP that I am going to talk about is VRRP which is an open standard meaning this protocol can be applied across different vendors. The name of the router that is responsible for actively forwarding packets for the default gateway is called “Master.” The master router is chosen within the VRRP group by selecting the router with the highest priority, and if there is a tie then the highest IP address will be chosen as a tie-breaker. The rest of the routers will serve as a backup router ready to take over the master router if it were to fail. If there are more than 2 backup routers, then the router with the second highest priority in the VRRP group will be the next runner up. The default priority for a VRRP router is 100. In VRRP, there is a virtual IP and virtual MAC address, every router in the group shares the exact same virtual IP and virtual MAC address. The format for a VRRP mac address is 0000.5e00.01XX. Every gateway redundancy protocol has a unique MAC address so whenever you see a pattern of 5e00.01XX for the last 32 bits you know for certain that VRRP is currently being used. Once a virtual IP and MAC are chosen, every host in that LAN will be assigned the same exact VIP and virtual MAC. The host technically has no idea of the concept that there is a backup but it just knows to forward packets to that address.
Advertisements- VRRP uses advertisements to select master/backup roles, and to monitor the health of the master in the VRRP group. VRRP sends advertisements every second to a multicast address of 224.0.0.18, and this will send advertisements to all VRRP routers. Another timer that works together with the advertisement timer is the Master Down Timer and this is usually about 3 times the advertisement timer so about 3 to 4 seconds. If it has been 3-4 seconds without the backup router receiving any advertisement packet from the master router, then the next backup router will assume that the master router is no longer active and take over that role. Once it takes over that role, it will flood a gratuitous ARP so that the hosts ARP cache entries will be refreshed and the switches CAM table will be updated with the new port. The gratuitous ARP is vital because even though it still uses the same MAC address, the ethernet frame will be forwarded to a completely different port (the port where the new master router is connected).
Preemption- When configuring VRRP preemption is enabled by default unlike HSRP. When preemption is enabled it means that if the master router fails, and the backup router takes over when the former master router comes back online it will take over the master default gateway router again. If preemption is disabled, then the topology will stay as it is. One last thing about VRRP is “IP address owner,” and this is when the VIP matches the IP address of a VRRP router in the group, that router will be called the IP address owner and have a priority of 255 which makes it automatically the master when active.
Leave a Reply