29. FIRST HOP REDUNDANCY PROTOCOLS

THE PURPOSE OF FHRPS

Click to enlarge

What happens when the configured DEFAULT GATEWAY for network HOSTS goes down ?

What happens to the routed traffic?

How can we route our traffic to the functional GATEWAY at R2 (.253) ?

This is what the FIRST HOP REDUNDANCY PROTOCOL is designed to fix

FIRST HOP REDUNDANCY PROTOCOL (FHRP)

Computer networking protocol
Designed to PROTECT the DEFAULT GATEWAY used on a SUBNET by allowing TWO or MORE ROUTERS to provide BACKUP for that ADDRESS
In the event of a FAILURE of the ACTIVE ROUTER, the BACKUP ROUTER will take over the ADDRESS (usually within seconds)

HOW DOES FHRP WORK?

TWO (or more) ROUTERS share a VIP (A Virtual IP ADDRESS)
THIS VIP is used by HOSTS as the DEFAULY GATEWAY IP
The ROUTERS communicate with each other by sending “Hello” messages
One ROUTER becomes the ACTIVE ROUTER, the other(s) STANDBY
When a HOST sends traffic to an ADDRESS outside of the NETWORK, it sends an ARP REQUEST (Broadcast Flood) to the VIP to find out it’s MAC ADDRESS
- Spanning Tree prevents BROADCAST STORM due to Broadcast Flood
The ACTIVE ROUTER sends the ARP REPLY back (it’s VIRTUAL MAC ADDRESS) to the HOST
The HOST now sends traffic OUTSIDE of the NETWORK with:
- Source IP (HOST IP)
- Destination IP (External IP ADDRESS)
- Source MAC (HOST MAC ADDRESS)
- Destination MAC (GATEWAY VIP MAC ADDRESS)

Click to enlarge

IF R1 goes down, R2 will switch from STANDY to ACTIVE after not receiving “Hello” messages from R1

Click to enlarge

The HOST ARP TABLE doesn’t need to change since the MAC ADDRESS of the VIP is already known and traffic flows externally via R2

R2 DOES need to update the SWITCHES with a GRATUITOUS ARP

GRATUITOUS ARP is an ARP REPLY sent without being REQUESTED (no ARP REQUEST received)
GRATUITOUS ARP uses BROADCAST (FFFF.FFFF.FFFF) - Normal ARP REPLY is Unicast

Click to enlarge

What happens is R1 comes back ONLINE again?

It becomes a STANDBY ROUTER

R2 remains the ACTIVE ROUTER

<aside> 💡 FPRPs are “non-preemptive”. The current ACTIVE ROUTER will not automatically give up its role, even if the former ACTIVE ROUTER returns.

*** You CAN change this setting to make R1 ‘preempt’ R2 and take back it’s ACTIVE role, automatically ***

</aside>

HSRP (HOT STANDBY ROUTER PROTOCOL)

Cisco proprietary
An ACTIVE and STANDBY ROUTER are elected
There are TWO VERSIONS :
- version 1
- version 2 : adds IPv6 support and increases # of groups that can be configured
Multicast IPv4 ADDRESSES :
- v1 : 224.0.0.2
- v2 : 224.0.0.102
VIRTUAL MAC ADDRESSES :
- v1 : 0000.0c07.acXX (XX = HSRP GROUP NUMBER)
- v2 : 0000.0c9f.fXXX (XXX = HSRP GROUP NUMBER)
In a situation with MULTIPLE SUBNETS / VLANS, you can configure a DIFFERENT ACTIVE ROUTER in EACH SUBNET / VLAN to LOAD BALANCE

Click to enlarge

VRRP (VIRTUAL ROUTER REDUNDANCY PROTOCOL)

Open Standard
A MASTER and BACKUP ROUTER are elected
Multicast IPv4 ADDRESSES :
- 224.0.0.18
VIRTUAL MAC ADDRESSES :
- 0000.5e00.01XX (XX = VRRP GROUP NUMBER)
  - for GROUP NUMBERS > 99, you need to convert the number to HEX
  - Example: 200 = “c8” in Hex so the MAC would be 0000.5e00.01c8
In a situation with MULTIPLE SUBNETS / VLANS, you can configure a DIFFERENT MASTER ROUTER in EACH SUBNET / VLAN to LOAD BALANCE

Click to enlarge

GLBP (GATEWAY LOAD BALANCING PROTOCOL)

Cisco Proprietary
LOAD BALANCES among MULTIPLE ROUTERS within a SINGLE SUBNET
An AVG (Active Virtual Gateway) is elected
Up to FOUR AVFs (Active Virtual Forwarders) are assigned BY the AVG (the AVG can be an AVF, too)
Each AVF acts as the DEFAULT GATEWAY for a portion of the HOSTS in the SUBNET
Multicast IPv4 ADDRESSES :
- 224.0.0.102
VIRTUAL MAC ADDRESSES :
- 0007.b400.XXYY (XX = GLBP GROUP NUMBER, YY = AVF NUMBER)

MEMORIZE THIS CHART and the differences between the FHRPs

Click to enlarge

BASIC HSRP CONFIGURATION

R1s configuration

Click to enlarge

NOTE : group number has to match ALL ROUTERS being configured in a given SUBNET

Click to enlarge

R2’s configuration

Click to enlarge

NOTE : HSRP versions are not cross-compatible. All ROUTERS must use the same HSRP Version

Output of the “show standby” command

Click to enlarge

29. FIRST HOP REDUNDANCY PROTOCOLS

THE PURPOSE OF FHRPS

Click to enlarge

What happens when the configured DEFAULT GATEWAY for network HOSTS goes down ?

What happens to the routed traffic?

How can we route our traffic to the functional GATEWAY at R2 (.253) ?

This is what the FIRST HOP REDUNDANCY PROTOCOL is designed to fix

FIRST HOP REDUNDANCY PROTOCOL (FHRP)

Computer networking protocol
Designed to PROTECT the DEFAULT GATEWAY used on a SUBNET by allowing TWO or MORE ROUTERS to provide BACKUP for that ADDRESS
In the event of a FAILURE of the ACTIVE ROUTER, the BACKUP ROUTER will take over the ADDRESS (usually within seconds)

HOW DOES FHRP WORK?

TWO (or more) ROUTERS share a VIP (A Virtual IP ADDRESS)
THIS VIP is used by HOSTS as the DEFAULY GATEWAY IP
The ROUTERS communicate with each other by sending “Hello” messages
One ROUTER becomes the ACTIVE ROUTER, the other(s) STANDBY
When a HOST sends traffic to an ADDRESS outside of the NETWORK, it sends an ARP REQUEST (Broadcast Flood) to the VIP to find out it’s MAC ADDRESS
- Spanning Tree prevents BROADCAST STORM due to Broadcast Flood
The ACTIVE ROUTER sends the ARP REPLY back (it’s VIRTUAL MAC ADDRESS) to the HOST
The HOST now sends traffic OUTSIDE of the NETWORK with:
- Source IP (HOST IP)
- Destination IP (External IP ADDRESS)
- Source MAC (HOST MAC ADDRESS)
- Destination MAC (GATEWAY VIP MAC ADDRESS)

Click to enlarge

IF R1 goes down, R2 will switch from STANDY to ACTIVE after not receiving “Hello” messages from R1

Click to enlarge

The HOST ARP TABLE doesn’t need to change since the MAC ADDRESS of the VIP is already known and traffic flows externally via R2

R2 DOES need to update the SWITCHES with a GRATUITOUS ARP

GRATUITOUS ARP is an ARP REPLY sent without being REQUESTED (no ARP REQUEST received)
GRATUITOUS ARP uses BROADCAST (FFFF.FFFF.FFFF) - Normal ARP REPLY is Unicast

Click to enlarge

What happens is R1 comes back ONLINE again?

It becomes a STANDBY ROUTER

R2 remains the ACTIVE ROUTER

<aside> 💡 FPRPs are “non-preemptive”. The current ACTIVE ROUTER will not automatically give up its role, even if the former ACTIVE ROUTER returns.

*** You CAN change this setting to make R1 ‘preempt’ R2 and take back it’s ACTIVE role, automatically ***

</aside>

HSRP (HOT STANDBY ROUTER PROTOCOL)

Cisco proprietary
An ACTIVE and STANDBY ROUTER are elected
There are TWO VERSIONS :
- version 1
- version 2 : adds IPv6 support and increases # of groups that can be configured
Multicast IPv4 ADDRESSES :
- v1 : 224.0.0.2
- v2 : 224.0.0.102
VIRTUAL MAC ADDRESSES :
- v1 : 0000.0c07.acXX (XX = HSRP GROUP NUMBER)
- v2 : 0000.0c9f.fXXX (XXX = HSRP GROUP NUMBER)
In a situation with MULTIPLE SUBNETS / VLANS, you can configure a DIFFERENT ACTIVE ROUTER in EACH SUBNET / VLAN to LOAD BALANCE

Click to enlarge

VRRP (VIRTUAL ROUTER REDUNDANCY PROTOCOL)

Open Standard
A MASTER and BACKUP ROUTER are elected
Multicast IPv4 ADDRESSES :
- 224.0.0.18
VIRTUAL MAC ADDRESSES :
- 0000.5e00.01XX (XX = VRRP GROUP NUMBER)
  - for GROUP NUMBERS > 99, you need to convert the number to HEX
  - Example: 200 = “c8” in Hex so the MAC would be 0000.5e00.01c8
In a situation with MULTIPLE SUBNETS / VLANS, you can configure a DIFFERENT MASTER ROUTER in EACH SUBNET / VLAN to LOAD BALANCE

Click to enlarge

GLBP (GATEWAY LOAD BALANCING PROTOCOL)

Cisco Proprietary
LOAD BALANCES among MULTIPLE ROUTERS within a SINGLE SUBNET
An AVG (Active Virtual Gateway) is elected
Up to FOUR AVFs (Active Virtual Forwarders) are assigned BY the AVG (the AVG can be an AVF, too)
Each AVF acts as the DEFAULT GATEWAY for a portion of the HOSTS in the SUBNET
Multicast IPv4 ADDRESSES :
- 224.0.0.102
VIRTUAL MAC ADDRESSES :
- 0007.b400.XXYY (XX = GLBP GROUP NUMBER, YY = AVF NUMBER)

MEMORIZE THIS CHART and the differences between the FHRPs

Click to enlarge

BASIC HSRP CONFIGURATION

R1s configuration

Click to enlarge

NOTE : group number has to match ALL ROUTERS being configured in a given SUBNET

Click to enlarge

R2’s configuration

Click to enlarge

NOTE : HSRP versions are not cross-compatible. All ROUTERS must use the same HSRP Version

Output of the “show standby” command

Click to enlarge

First Hop Redundancy Protocol

29. FIRST HOP REDUNDANCY PROTOCOLS

First Hop Redundancy Protocol

29. FIRST HOP REDUNDANCY PROTOCOLS