With this post, we’re starting our discussion about First Hop Redundancy Protocols.
WE’ll discuss all 3 main FHRP’s namely – Cisco HSRP aka Hot Standby Routing Protocol, VRRP aka Virtual Router Redundancy Protocol and GLBP aka Gateway Load Balancing Protocol.
What are First Hop Redundancy Protocols?
Looking from the perspective of endpoint IP Hosts connected to an Ethernet LAN, First Hop is the IP Router acting as the default gateway. In order to have default gateway failure protection & to allow transparent fail over in case of failure, First Hop Redundancy Protocols are required & used. It is important as the Default Gateway is the only point of contact for outside network and if the default gateway router fails, the network stops working.
What are the popular FHRP’s?
There are multiple FHRP’s (First Hop Redundancy Protocols) & The three most popular ones are
- HSRP (Cisco Proprietary | RFC)
- VRRP (IETF Standard)
- GLBP (Cisco Proprietary)
There are other vendor proprietary protocols as well. e.g.
- ESRP (Extreme Standby Routing Protocol) by Extreme Networks
- NSRP (NetScreen Standby Routing Protocol) by Juniper Networks
However HSRP & VRRP are the most popular ones.
Brief Working Overview of FHRP’s
First Hop Redundancy Protocols enable two or more devices (Routers) to work together as a group. They’ll sharing a common IP address called “Virtual IP address“. This virtual IP address is configured as the default gateway address for the end hosts.
Depending on the FHRP in use, a MAC address will be mapped to this Virtual IP address; in the ARP cache of the end hosts. A Virtual MAC is used in case of HSRP/VRRP. GLBP will be discussed later.
In HSRP / VRRP, one router is elected to own the Virtual IP address & is responsible to handle all requests sent to the virtual IP address. All other routers are inactive. This active router owns that Virtual IP address & MAC address. To maintain the state information of the Active router, keepalives are exchanged periodically between all Routers participating in a group.
- In HSRP, the elected router is called as the active router. Any HSRP group can has at most one active router, one standby router, and more than one listening router.
- In VRRP, the elected router is called as the master router and one or more inactive routers are known as a backup router.
As we discussed, in HSRP/VRRP, a Virtual MAC address will be mapped to the Virtual IP address; in the ARP cache of the end hosts. But this is not the case with GLBP. GLBP uses actual MAC addresses corresponding to same Virtual IP address.
In GLBP, we do load sharing. Different MAC Addresses are distributed to different hosts in may be round robin or some other fashion. So All routers are put on work.
- In GLBP, the routers are doing load sharing & there is no concept of Inactive routers.
- We do have a concept of AVG (Active Virtual Gateway) & AVF (Active Virtual Forwarder)
- AVF’s are regular forwarding routers. AVG is responsible for distribution of MAC addresses. AVG is an AVF with additional responsibility.
Alternate Solutions to FHRP’s?
Many alternate solutions were designed & proposed over many years.
- Solution 1 Re-configuring Default Gateway on end hosts – Most obvious & most terrible solution for many reasons. Lack of Scalability, Human Error, Downtime, Fitness for unattended devices & …to list a few.
- Solution 2 is bit better but still not up to the mark. Run a routing protocol on the end hosts. Now many Operating Systems don’t support them. Even if all did support them, there are limitations of Routing Protocols like convergence period increases with increase in devices. From design standpoint, it is a poor idea to let end user devices affect network routing tables. This one just didn’t fit.
- Solution 3 IRDP is another interesting concept & was somewhat acceptable. ICMP Router Discovery Protocol (IRDP), described in RFC 1256, allows end hosts to find a new router in case of default gateway failure. Routers periodically send multicast “hello” messages on the LAN. End devices use these messages to build their network info. If no messages are heard for a certain time, the router is considered dead. Hosts will look for a new router to take over. It was doable but needed special software on the end devices. it never got widely accepted & very few devices support IRDP. Cisco routers do support IRDP
- Solution 4 The end devices are not configured with a default gateway at all. They use ARP for all addresses. Configure the routers to run Proxy ARP, so that they’ll respond to ARP requests on behalf of the remote device. Hosts will send packets to the remote IP with the MAC address of the local router. This is what we want. Problem is that the fail over time is too much. Devices will wipe out a stale ARP entry, if the device fails to respond for several minutes. This is clearly not fast enough. To speed this up, we need to either reboot or manually clear the ARP cache. Other limitation include potentially large amount of broadcast traffic & a huge arp cache on local router.
Well, before I wrap this up, I’d like to say “Don’t be concerned if You didn’t get it completely, We’ll be discussing them in much more details.” Till then, take care.
Thank You for Visiting & Supporting this Network Blog.