This is the second of a two-part series on First Hop Redundancy Protocols (FHRP). In Part 1 of this topic, we reviewed the fundamentals of networking, the importance of the Default Gateway to an endpoint, and how to solve redundancy of Default Gateway by using an FHRP such as Hot Standby Router Protocol (HSRP)
This article (Part 2) will compare HSRP to Virtual Router Redundancy Protocol (VRRP) and look at optional features in both.
Similarities and Differences between HSRP and VRRP
In Figure 1 below, you can see a comparison between the most common FHRPs. HSRP was created by Cisco, and VRRP is a standard (RFC). However, they both work in a similar way. HSRP v2 and VRRP support IPv4 and IPv6 but, for the purpose of simplicity, this article will focus on IPv4 and the Cisco IOS.
Figure 1: Comparisons between HSRP v1, HSRP v2 and VRRP
Let’s Begin with a Recap of FHRPs
In order to understand the differences between HSRP and VRRP, let’s first recap the terminology and basic configuration of FHRPs
A brief recap of FHRP:
Endpoints (PCs, laptops, etc.) typically connect to the Access layer and the Servers are typically located in another subnet in the data center, reachable via the Distribution and Core network.
FHRPs Create Redundant Paths from Endpoints to all other Subnets
FHRPs are configured on the Layer 3 interface that connects down toward the endpoints at the access layer. Because a Multi-Layer Switch (MLS) is most typically used at the enterprise distribution layer, the Layer 3 interface that connects toward the endpoints is a Switch Virtual Interface (SVI). In figure 2, the SVI is “interface VLAN 2.”
The only command required to enable HSRP:
(config-if)# standby # ip x.x.x.x
where # = group number, x.x.x.x = Virtual IP
It is considered best practice to make the group number the same as the VLAN number (the default group number = 0).
In figure two, notice the identical mandatory command (shown in red) has been configured on both SVIs. This is essential, because in order for HSRP to work the following has to match between the routers:
HSRP Version (default = v1)
Virtual IP (V.IP)
Good to know: There is also a virtual MAC address (V.MAC) that has to match between the routers, but it is derived automatically from the HSRP version and group number and will be shown later. What’s more, the default gateway on the endpoint PC A is configured to be the V.IP (10.2.2.254).
Figure 2: Configuring HSRP and Priority
What You Need to Know About HSRP
HSRP uses its own HELLO packets for the routers to discover each other. Any interface with HSRP enabled will automatically start sending HELLO packets by default every three seconds.
When the HSRP routers receive the HELLO packets there will be an election. One of the routers will transition to the active state, and the other will transition to the standby state. Remember: The HSRP states of “ACTIVE” and “STANDBY” only relate to the interfaces that HSRP is enabled on. For all other functions, the routers still work separately.
If the HSRP-enabled interfaces come up at approximately the same time, then the router with the highest priority will transition to the ACTIVE state and the other will transition to the STANDBY state.
As shown in figure 2 above, Rtr 1 has become ACTIVE (priority = 110), Rtr 2 has become STANDBY (priority = 90). The default priority is 100.
What You Need to Know about VRRP
The only required command to enable VRRP:
(config-if)# vrrp # ip x.x.x.x
where # = group number, x.x.x.x = Virtual IP
It is considered best practice to make the group number the same as the VLAN number.
VRRP uses its own HELLO packets for the routers to discover each other. Any interface with VRRP enabled will automatically start sending HELLO packets by default every second.
When the VRRP routers receive the HELLO packets there will be an election. One of the routers will transition to the Master state, and the other will transition to the Backup state. Remember: The VRRP states of “MASTER” and “BACKUP” only relate to the interfaces that VRRP is enabled on. For all other functions, the routers still work separately.
As shown in figure 3 below, Rtr 1 has become MASTER (priority = 110), Rtr 2 has become BACKUP (priority = 90). The default priority is 100.
Figure 3: Configuring VRRP and Priority
An important difference between HSRP and VRRP is that in VRRP once the election has occurred, only the MASTER continues to send HELLOs. In HSRP, both the ACTIVE and the STANDBY continue to send HELLOs.
How Does Failover Work in FHRP?
The key to failover in FHRP is the HELLO packets.
In figure 2 (HSRP) or figure 3 (VRRP), if Rtr 1 or the path to Rtr 1 fails then the alternate router (Rtr 2) will no longer receive HELLO packets. Consequently, the alternate router (Rtr 2) will promote itself to ACTIVE (HSRP) or MASTER (VRRP) after the hold timer expires; the default hold timer is 10 seconds for HSRP and 3 seconds for VRRP.
Figure 4: Failover in HSRP
Figure 5: Failover in VRRP
With HSRP (figure 4) or VRRP (figure 5) the endpoints do not need to be updated because their default gateway is still correct (pointing to the V.IP), and the ARP cache of the endpoints is also still correct (V.IP resolved to V.MAC).
Therefore, for packets destined from the endpoints to another subnet, the frame will still have the correct V.MAC as the destination MAC in the Layer 2 header. The new active router (Rtr 2) will forward the packets normally.
Advanced Commands for HSRP and VRRP
You have seen the basics of HSRP and VRRP and that they function in a very similar way, so from this point on, for simplicity, we will just use HSRP in the examples and clarify similarities and differences between HSRP and VRRP.
HSRP Preempt and VRRP Preempt
Figure 6: Failover in HSRP
Previously we covered that the alternate router (HSRP Standby or VRRP Backup) will take over the forwarding role (HSRP Active or VRRP Master) in the absence of HELLO packets from the forwarding router. For example, in Figure 6 above, Rtr 2 has become the Active router because Rtr 1 has failed and stopped sending HELLO packets.
What will happen, though, when the original forwarding router (Rtr 1) comes back up again? Rtr 1 has the highest priority so will it become the forwarding router again? The answer to that question depends on the preempt command.
In short, for an FHRP router to take over from a currently-forwarding router, two parameters need to be True:
1. The router must have the highest priority.
2. The router must have PREEMPT enabled.
Is preempt enabled or disabled by default?
Here is another difference between HSRP and VRRP:
In HSRP, preempt is disabled by default; the command to enable preempt is :
(config-if)# standby # preempt
In VRRP, Preempt is enabled by default, the command to disable preempt is :
(config-if)# no vrrp # preempt
Will packets drop when the new forwarding router takes over?
When a router first comes up, it does not have a complete routing table. Consequently, if that router preempts immediately, it will become the forwarding router immediately but with an incomplete routing table, so packets will be dropped.
The solution to this problem is to configure a delay on the preempt command so that the router that has just come up will wait a number of seconds before taking over from the currently forwarding router:
In HSRP the command to configure a preempt delay is:
(config-if)# standby # preempt delay minimum <0-3600>
In VRRP the command to configure a preempt delay is:
(config-if)# vrrp # preempt delay minimum <0-3600>
Figure 7: Preempt delay in HSRP
In figure 7 above, Rtr2 is currently the Active router. When Rtr 1 comes back up, HSRP will start running on Rtr 1 but it will wait 300 seconds before sending the HSRP Coup message and, therefore, only take over the Active role at that time.
A 300-second delay is typically more than enough time for an Interior Gateway Protocol to build the routing table so Rtr 1 will forward IP packets as soon as it becomes the Active router. Then, no longer will packets drop when a new forwarding router takes over from a currently forwarding router.
Summary of Similarities and Differences between HSRP and VRRP
Figure 8: Comparison of HSRP and VRRP
What are the Takeaways of this Series
This article, the second of a two-part series, focused on the comparison of HSRP to VRRP. It then reviewed the fundamentals of HSRP. Read part one here.
The article also explained the reason for two advanced commands – the preempt command and the preempt delay command and then summarized further similarities between HSRP and VRRP.
If you want to truly achieve that five-nines uptime goal, you should consider a more in-depth approach to learning about Cisco solutions. Take a look at these courses: