You are here: Home / Cisco General / What is Cisco FHRP (First Hop Redundancy Protocol) Explained With Diagrams
Written By Lazaros Agapidis
When you configure a host with network parameters, one of the elements that you configure is the default gateway. But what happens if the device acting as the default gateway fails? Isn’t that a single point of failure? Well, yes, it is. To mitigate such failures, we can use what is known as a First Hop Redundancy Protocol (FHRP) to add resilience to our network.
In this article, I’ll be delving deeper into what FHRP is, how it operates, and how it provides network redundancy. We’ll also examine some of the various protocols that are available to achieve this network robustness (such as HSRP, VRRP, GLBP).
Table of Contents
What is the Default Gateway?
The default gateway which is configured on a network host is the IP address of the device, usually a router, through which communication with other network subnets can take place.
If the destination IP address of a particular communication from a host is outside of its own subnet, that host will forward the packet to the local default gateway for further routing to get to its intended destination.
Within an IP subnet, we usually have a single device acting as the default gateway. On a home or small office network, this would typically be our xDSL modem or our cable modem.
But in larger networks, where high network availability is crucial, it is necessary to eliminate this single point of failure by adding redundancy to the default gateway. That’s where FHRPs come in.
What is an FHRP?
FHRPs allow two or more physical devices to operate as redundant default gateways. If one physical device fails, the other takes over, and the hosts are none the wiser.
The key to FHRPs is that they create what is known as a “virtual IP address” that is used as the address of the default gateway on the hosts.
The physical device that acts as the active gateway adopts this virtual address. If this device fails, the backup device detects this and immediately adopts the virtual IP address, thus continuing to serve arriving packets. The switchover is almost instantaneous, and thus few or no packets are lost in the process.
There are various FHRPs which we’ll talk about shortly, and they may differ slightly in their operation, but the basic idea of functionality is essentially the same.
A closer look at FHRPs
What does a topology where FHRPs are deployed look like? Well, it looks something like this:
Here we have a network segment composed of a switch with three hosts all on the same subnet. We also have two routers, GW1, and GW2, acting as redundant default gateways.
The IP addresses of their physical interfaces are 192.168.10.2 and 192.168.10.3. Between the two GWs, you can see what is labeled as a “Virtual GW.”
This is not a real physical device, but it simply represents the virtual gateway IP address configured on the hosts on the network. This is the address that is automatically adopted by the gateway that is active.
Notice that the default gateway configured on Host 3 (and on all hosts) is the virtual gateway of 192.168.10.1.
FHRP operation
So that’s the topology. But what about the protocol in action? Well, let’s look again at our topology, but this time, we are told that GW1 is acting as the active gateway.
As we can see, GW1 has adopted the virtual gateway IP, and all packets destined for the default gateway of 192.168.10.1 go to GW1.
So, in a sense, GW1 has two IP addresses assigned to its interface. That’s not a completely accurate statement, but it is what it looks like from the point of view of the hosts.
The green line indicates the path that packets that have a destination outside of the local subnet take. In the meantime, GW2 is on standby, and is continuously monitoring the status of GW1.
Remember, these devices have their own IP addresses configured on their physical interfaces, so they can communicate directly with each other over the switch to coordinate FHRP mechanisms using control packets as defined by the FHRP protocol in use.
Now let’s say that GW1 fails. GW2 detects this and immediately adopts the virtual IP address and begins acting as the default gateway.
In the above diagram, you can see that GW2 has adopted the IP address of the virtual GW, and the new path that the packets take is via GW2.
In this fashion, if one physical device fails, the other device takes over, and thus redundancy is established. The hosts are completely oblivious to any changes that have been made.
Additional details of operation
What has been described so far is the fundamental operation of FHRPs. There are additional details of how this works as well as various ways in which its operation can be enhanced. These are briefly listed below:
Gratuitous ARP
When a gateway adopts a virtual IP address, it must inform all of the hosts on the network of the new MAC address that corresponds to that IP address.
Upon adoption of the virtual IP, a Gratuitous ARP or GARP is sent to all hosts on the network, immediately informing them of the change so that dropped frames will be kept to a minimum.
Layer 3 switches
The example above involved interfaces on routers, but FHRPs can be applied to any Layer 3 interfaces. When using multilayer switches for example, it is possible to create FHRP instances between SVIs on the same subnet.
Thus, two switches that share the same VLANs can create dozens or even hundreds of FHRP pairings, one for each of the SVIs they share.
Tracking interfaces
In the example shown, the failure of GW1 triggers GW2 into becoming the active router. But what happens if GW1 doesn’t fail, but its link to the Internet fails like so?
GW1 will continue to act as the active gateway because GW2 still detects that it is up. But packets are dropped because of the failed link.
To deal with such eventualities, it is possible to track specific interfaces or reachability to particular destinations using IP SLAs.
You can configure what will happen if a particular SLA fails. In the above scenario, if you can configure an SLA on GW1 that will examine the reachability of a particular IP address on the Internet. As long as the SLA is met, GW1 remains the active gateway. If the SLA fails, it will hand off the active status to GW2.
Even more details
Some additional features that are available from some or all FHRPs include:
- Authentication – providing secure communication between gateways
- Preemption – the ability of one gateway to assume the role of the active device over another even if the other is healthy
- Priority settings – preemption can take place using priority values that can change dynamically based on various real-time conditions (such as SLAs for example)
- Proprietary and open protocols – some protocols are proprietary to Cisco while others are open standards
Popular FHRPs
There are several FHRPs that are supported by Cisco routers and Layer 3 switches that can be deployed. Below is a brief description of each and of their capabilities. A comparison table that summarizes these characteristics follows.
Hot Standby Redundancy Protocol (HSRP)
HSRP is a Cisco proprietary protocol that provides network redundancy for IP networks, ensuring high availability of the default gateway in a network.
Multiple routers participate in HSRP by creating a virtual router with a virtual IP address. One router is elected as the active router and another as the standby router. If the active router fails, the standby router takes over, ensuring continuous network availability.
Virtual Router Redundancy Protocol (VRRP)
VRRP is a standards-based protocol (defined in RFC 5798) similar to HSRP but not limited to Cisco devices.
It allows multiple routers to participate in a virtual router group, sharing a virtual IP address. The protocol designates one router as the master, which handles traffic sent to the virtual IP address. If the master router fails, another router in the group takes over as the master, maintaining network continuity.
Gateway Load Balancing Protocol (GLBP)
GLBP is another Cisco proprietary protocol that not only provides redundancy but also load balancing. GLBP allows multiple routers to share the load of being the default gateway for a subnet.
Unlike HSRP and VRRP, where only one router actively forwards traffic, GLBP can distribute traffic among multiple routers.
This enhances both redundancy and efficient use of network resources by balancing the load among all participating routers.
Comparison Table of Various FHRP Protocols
Feature | HSRP | VRRP | GLBP |
Protocol Type | Proprietary (Cisco) | Open Standard (RFC 5798) | Proprietary (Cisco) |
Redundancy | Yes | Yes | Yes |
Load Balancing | No | No | Yes |
Master/Active Router Terminology | Active and Standby Routers | Master and Backup Routers | Active Virtual Gateway (AVG) and Active Virtual Forwarders (AVFs) |
Virtual IP Address | Yes | Yes | Yes |
Preemption | Optional | Yes | Yes |
Priority Setting | Yes | Yes | Yes |
Authentication | Yes | Yes | Yes |
Number of Routers Supported | Multiple, but only one active at a time | Multiple, but only one active at a time | Multiple, with load balancing |
Failover Time | Typically within seconds | Typically within seconds | Typically within seconds |
Configuration Complexity | Moderate | Simple | More complex due to load balancing |
Support for Multivendor Environment | Limited to Cisco devices | Yes | Limited to Cisco devices |
Conclusion
FHRPs play a critical role in ensuring network availability and reliability by providing seamless failover capabilities.
While HSRP and VRRP offer robust redundancy, GLBP extends these benefits with added load balancing, making it ideal for optimizing network performance.
Understanding the differences and strengths of each protocol allows network administrators to choose the most suitable solution for their specific network requirements.
Related Posts
- Comparison of BGP Confederations vs Route Reflectors
- What are BGP Confederations-Explanation and Discussion (With Cisco Example)
- What is BGP Route Reflector – Explanation and Discussion (with Cisco Example)
- What is a Wildcard Mask – All About Wildcard Masks Used in Networking