Is your salary on par with others in your field? Learn more in Skillsoft's 2024 IT Skills and Salary Report. Click Here.

Checkout

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:

    $

Contact Sales

Building Toward Your ’99.999%’ Availability Goal with a First Hop Redundancy Protocol

Date:
March 09, 2021
Author:
Annette Smallworth

Many companies have a so-called five-nines goal, meaning that the network needs to be available to the users at least 99.999% of the time. To achieve that goal, IT professionals must consider high availability in the network design, including both physical and logical redundancy.

It’s relatively easy to build physical redundancy in the enterprise network, but network engineers must not overlook logical redundancy.

Most enterprise network designs rely on Routing protocols to give logical redundancy at Layer 3 and Spanning Tree Protocol (STP) to give logical redundancy at Layer 2; but what about redundancy from an endpoint — like a phone, computer or another device — to its default gateway?

 

The solution is to implement a First Hop Redundancy Protocol (FHRP). Cisco’s Internetwork Operating System (IOS) supports three different FHRPs:

  • Hot Standby Router Protocol (HSRP)
  • Virtual Router Redundancy Protocol (VRRP)
  • Gateway Load Balancing Protocol (GLBP)

HSRP was created by Cisco, and VRRP is a standard. However, they both work in a similar way. GLBP was also created by Cisco, but it’s only supported on a limited range of devices, so the focus of this article is on HSRP. In part two this series, we’ll compare HSRP and VRRP, and explore advanced options in both.

 

Use this Article As Your Introduction to First Hop Redundancy Protocols (FHRP)
This two-part series on FHRPs will provide an overview of the implementation requirements, the basics of HSRP, along with additional information to help draw comparisons between HSRP v1 and HSRPv2 Let’s get started.

 

Let’s Begin with the Fundamentals of Networking

In order to understand an FHRP, let’s first review the fundamentals of networking.

A brief explanation of networking:

The purpose of a router is to forward IP packets between two devices that are not on the same IP subnet. In order to achieve this, the default gateway on an endpoint (e.g., computer or phone) must specify the IP address of the local router that will forward the packets.

Referring to the simple, no redundancy network in figure one below :

The endpoints shown bottom left both have 10.1.1.1 (Rtr1) configured as their default gateway. The endpoints shown bottom right both have 10.3.3.1 (Rtr2) configured as their default gateway.

Figure 1: Data Encapsulation

 

Without Redundancy, You Risk Failed Connections

Takeaways from Figure One:
When the HTTP client (PC A on the left) in figure one encapsulates the data that will send to the HTTP server (“Server D” on the right), the destination IP (D.IP) in the Layer 3 header will become the final destination (10.3.3.3). However, the destination MAC in the Layer 2 header will become the MAC address of the local Router (MAC R1).

In order to build the Layer 2 ethernet header, the sender needs to ensure the default gateway address corresponds to the appropriate MAC address.

In the example in figure 1, PC A would have sent an address resolution protocol (ARP) request for 10.1.1.1 and received an ARP reply from Rtr1 given that it is 10.1.1.1 and its MAC address is MAC R1. However, there is no redundancy built into figure 1, so if Rtr1 fails then the clients on the 10.1.1.0/24 subnet will not be able to reach any other subnets.

 

Enterprise Network Designs

A typical hierarchical design for an enterprise network with physical redundancy has three layers:

  1. Access (ASW)
  2. Distribution (DSW)
  3. Core

Clients typically connect to the access layer and the servers are typically located in the datacenter, reachable via the core network.

See figure two for an example.

Figure 2: Access, Distribution, Core; Switch Virtual Interface (SVI)

 

For the purposes of this example:

Multilayer switches (MLS), or Layer 3 switches, are often used at the distribution layer. MLSs are a Layer 2 switch and a Layer 3 router in the same physical box. For this example, will focus on the routing element of the MLS, which is illustrated in figure two as Rtr 1 and Rtr 2.

In figure two, redundancy has been built in at Layers 2 and 3: Distribution and Core.

Although, there is still an issue with PC A regarding the default gateway. If we configure the default gateway on PC A to be 10.2.2.1 (Rtr 1), what happens if Rtr 1 fails?

Even though there is an alternate path via Rtr 2, the problem is that PC A is not aware of the alternate path.

Vice versa, if we configure the default gateway on PC A to be 10.2.2.2 (Rtr 2), what happens if Rtr 2 fails? The same logic holds true. PC A wouldn’t know there is an alternative path.

What’s the solution for this scenario? Enable an FHRP, such as an HSRP on Rtr1 or Rtr2.

 

Cisco’s HSRP Creates Redundant Paths from Endpoints to all other Subnets

HSRP is a protocol that allows two routers to appear as one to an endpoint’s default gateway, even though the routers remain and function independently. Each router still has its own routing table, routing protocol, static routes, and running-config and startup-config. They remain totally separate.

HSRP is configured on the Layer 3 interface that connects down toward the endpoints at the access layer. Because an MLS is most typically used at the enterprise distribution layer, the Layer 3 interface that connects toward the endpoints in an MLS is a Switch Virtual Interface (SVI). In figure two, the SVI is “interface VLAN 2.”

 

How to Configure the Basics of HSRP

In the IOS, all the HSRP commands are at interface mode and all start with the command “standby.” There are many optional HSRP commands but only one mandatory command is required to enable HSRP.

The only required command to enable HSRP:

                                 (config-if)# standby # ip x.x.x.x
                                  where # = group number, x.x.x.x = Virtual IP

It is considered best practice to make the group number the same as the VLAN number (the default group number = 0).

In figure three, notice the identical mandatory command (shown in red) has been configured on both SVIs. This is essential, because in order for HSRP to work the following has to match between the routers:

                                   HSRP Version (default = v1)
                                   Group Number
                                   Virtual IP (V.IP)

Good to know: There is also a virtual MAC address (V.MAC) that has to match between the routers, but it is derived automatically from the HSRP version and group number and will be shown later. What’s more, the default gateway on the endpoint PC A is configured to be the V.IP (10.2.2.254).

Figure 3: Configuring HSRP

 

What You Need to Know About HSRP

HSRP uses its own HELLO packets for the routers to discover each other. Any interface with HSRP enabled will automatically start sending HELLO packets by default every three seconds. The format of the HELLO packets depends on the HSRP version.

The differences between HSRP v1 and HSRP v2 are shown below in figure four.

 

  HSRP Version 1 HSRP Version 2
D.IP 224.0.0.2 224.0.0.102
D.Port UDP 1985 UDP 1985
Group Number range 0-255 0-4095
V.MAC 00-00-0C-07-AC-GG
(GG= Group Number in HEX)
00-00-0C-9F-FG-GG
(GGG=Group Number in HEX)

Figure 4: Differences between HSRPv1 and HSRPv2

 

When the HSRP routers receive the HELLO packets there will be an election. One of the routers will transition to the active state, and the other will transition to the standby state. Remember: The states of “ACTIVE” and “STANDBY” only relate to the interfaces that HSRP is enabled on. For all other functions, the routers are still working as two separate routers.

If the HSRP enabled interfaces come up at approximately the same time, then the router with the highest priority will transition to the ACTIVE state and the other will transition to the STANDBY state.

As shown in figure five below, Rtr 1 has become ACTIVE (priority = 110), Rtr 2 has become STANDBY (priority = 90). The default priority is 100.

Figure 5: HSRP and Priority configured

 

See How HSRP Adds Redundancy in this Step-by-Step Sequence

Now HSRP has been enabled, let’s refer back to the fundamentals of networking with a step-by-step example that reflects figure five:

  • PC A (10.2.2.99) needs to send HTTP data to “SERVER B” (10.10.10.3).
  • PC A encapsulates the data.
  • In the IP header the D.IP will be 10.10.10.3, the S.IP will be 10.2.2.99
  • PC A has a /24 subnet mask so the D.IP is on a different subnet. Therefore, PC A relies on its default gateway to forward the IP packet.
  • PC A has the IP address of the default gateway (10.2.2.254) but needs the MAC address of the default gateway in order to build the Layer 2 ethernet header.
  • PC A will first check the ARP cache for 10.2.2.254 but if no matching entry:
    • It will send out an ARP request

Recall that an ARP request is sent as a Layer 2 broadcast (D.MAC FF-FF-FF-FF-FF-FF) and inside the ARP request will be “10.2.2.254, what is your MAC Address?”

  • Both Rtr 1 and Rtr 2 will receive the ARP request but only the HSRP ACTIVE router (Rtr 1) will reply.
  • The Active router (Rtr 1) will reply with the V.MAC.
    • If HSRPv1, then V.MAC would be 00-00-0C-07-AC-02
    • If HSRPv2, then V.MAC would be 00-00-0C-9F-F0-02
  • PC A now has all the information required to complete the encapsulation and send the frame as in figure six.
  • The Active router (Rtr 1) will receive the frame, and then proceed as normal:
    • The router will strip off the Layer 2 header and trailer.
    • It will forward the packet to the outgoing interface based on the IP routing table
    • At the outgoing interface, the router will build a new Layer 2 header and trailer to pass the packet to the next hop.

 

At this point, all functions as intended. The active router (Rtr 1) is forwarding the packets from the 10.2.2.0/24 subnet, and the standby router (Rtr 2) is ready to take over if necessary.

 

Figure 6: Frame from PC A

 

How Does Failover Work in HSRP?

In the previous example, all traffic from the 10.2.2.0/24 subnet to any other subnet was forwarded by Rtr 1 (the active router). But what if Rtr 1 (or the path to Rtr 1) fails?

The key to failover in HSRP is the HELLO Packets.

If Rtr 1 fails, as seen in figure seven, then the standby router will no longer receive HELLO Packets. Consequently the standby router (Rtr 2) will promote itself to active after the HSRP hold timer expires; the default is 10 seconds.

 

Figure 7: Fallover in HSRP

 

The endpoints do not need to be updated because their default gateway is still correct (pointing to the V.IP), and the ARP cache of the endpoints is also still correct (V.IP resolved to V.MAC).

Therefore, for packets destined from the endpoints to another subnet, the frame will still have the correct V.MAC as the destination MAC in the Layer 2 header. The new active router (Rtr 2) will forward the packets normally.

 

You’re a Few Steps Closer to 99.999% Availability Thanks to HSRP

The desired first hop high availability goal has been achieved by building physical redundancy into the network and by configuring a protocol that gives logical redundancy for the default gateway of the endpoints, namely using HSRP.

Part two of this article will explore HSRP further, including the pre-empt command and modifying the timers to improve failover time. It will also look at similarities and differences between Cisco HSRP and VRRP.

If you want to truly achieve that five-nines goal, you should consider a more in-depth approach to learning about Cisco solutions. Take a look at these courses: