FHRPs
FHRPs
✅ First Hop Redundancy Protocols (FHRPs) – Technical Notes
🔹 1. What Are FHRPs?
First Hop Redundancy Protocols (FHRPs) are network protocols that provide gateway redundancy for end hosts in a LAN. They eliminate single points of failure by enabling multiple routers to act as a single virtual default gateway.
🔹 1.1 Why Redundancy Is Important
- Prevents downtime in case the default gateway router fails.
- Maintains connectivity for end hosts to external networks.
- Crucial for business continuity in modern enterprises.
🔹 1.2 The Problem Without FHRP
- Hosts rely on a single default gateway (via static IP or DHCP).
- They ARP for the gateway’s MAC and send traffic to it.
- If the default gateway (e.g., R1) fails:
- Hosts continue sending packets to its MAC (which is now offline).
- No automatic failover occurs → network outage.
- Manual intervention would be needed — not acceptable in modern networks.
🔹 1.3 The FHRP Solution – Virtual Gateway
- Routers share a Virtual IP (VIP) and Virtual MAC address.
- Hosts use the VIP as their default gateway.
- Roles:
- Active router replies to ARP with the virtual MAC.
- Standby router takes over automatically if active fails.
- Failover is seamless to end hosts (they don’t notice the change).
🔹 1.4 Types of FHRPs (Cisco Supported)
| Protocol | Type | Standard | Load Balancing |
|---|---|---|---|
| HSRP | Cisco-proprietary | No | Per subnet |
| VRRP | Industry-standard | RFC 3768 (IETF) | Per subnet |
| GLBP | Cisco-proprietary | No | Per host |
🔹 2. Key FHRP Concepts
🔸 2.1 Router Roles
| Role | Protocol | Description |
|---|---|---|
| Active | HSRP | Forwards traffic for VIP |
| Standby | HSRP | Takes over if Active fails |
| Master | VRRP | Same role as Active |
| Backup | VRRP | Monitors Master |
| AVG (GLBP) | GLBP | Answers ARP requests |
| AVF (GLBP) | GLBP | Forwards traffic |
🔸 2.2 FHRP Communications
- Routers send Hello messages (multicast).
- If no hello is received within the Hold Time, failover occurs.
- Multicast is used instead of broadcast to reduce unnecessary LAN traffic.
| Timer | Default Value |
|---|---|
| Hello | HSRP: 3s / VRRP: 1s |
| Hold | HSRP: 10s / VRRP: 3s |
🔸 2.3 Failover Process
- Active router fails.
- Standby/Backup router takes over.
- Sends Gratuitous ARP (GARP) to update MAC tables in switches.
- End hosts continue using the same VIP and virtual MAC.
🔸 2.4 Preemption
- Allows a higher-priority router to re-take the active role upon recovery.
- Must be explicitly enabled (except in VRRP where it’s default).
- Optional preempt delay can be configured to wait for convergence.
🔹 3. FHRP Comparison: HSRP vs VRRP vs GLBP
| Feature | HSRP | VRRP | GLBP |
|---|---|---|---|
| Type | Cisco-proprietary | Open Standard (RFC 3768) | Cisco-proprietary |
| Terminology | Active / Standby | Master / Backup | AVG / AVFs |
| Multicast Address | v1: 224.0.0.2 / v2: 224.0.0.102 | 224.0.0.18 | 224.0.0.102 |
| Virtual MAC Format | 0000.0c07.acXX / 0c9f.fXXX | 0000.5e00.01XX | 0007.b400.XXYY |
| IPv6 Support | v2 only | Yes | Yes |
| Load Balancing | Per subnet | Per subnet | Per host (unique) |
| Preemption (Default) | Disabled | Enabled | AVG: Disabled / AVF: Enabled |
| Authentication | Plaintext / MD5 | RFC: No (MD5 possible) | MD5 |
🔹 4. Detailed Protocol Overview
🔸 4.1 HSRP (Hot Standby Router Protocol)
- Versions:
- v1 (IPv4 only): 224.0.0.2, MAC:
0000.0c07.acXX - v2 (IPv4 + IPv6): 224.0.0.102, MAC:
0000.0c9f.fXXX
- v1 (IPv4 only): 224.0.0.2, MAC:
- No compatibility between v1 and v2.
- Load balancing is per subnet.
- Preemption is disabled by default.
- Uses UDP port 1985.
- Security: Basic MD5/Plaintext — vulnerable to LAN attacks.
🔸 4.2 VRRP (Virtual Router Redundancy Protocol)
- Standardized by IETF (RFC 3768).
- Interoperable between vendors.
- MAC format:
0000.5e00.01XX. - Preemption is enabled by default.
- Authentication not required per RFC, but MD5 is often supported.
🔸 4.3 GLBP (Gateway Load Balancing Protocol)
- Cisco-proprietary.
- Load balancing on per-host basis:
- Each AVF has its own virtual MAC.
- AVG responds to ARP using round-robin, weighted, or host-dependent mode.
- Can support up to 4 AVFs per group.
- Preemption:
- AVG: Disabled by default
- AVF: Enabled by default
- Multicast:
224.0.0.102
🔹 5. Basic HSRP Configuration (CCNA Level)
🔸 Configuration Requirements
- Each router needs its own unique IP for internal communication.
- All routers in the group share the same Virtual IP (VIP).
- HSRP group number and VIP must match on all routers.
🔸 Key Commands (Interface Mode)
1
2
3
4
5
6
7
8
9
10
interface GigabitEthernet0/1
ip address 10.0.0.2 255.255.255.0
standby version 2
standby 1 ip 10.0.0.1
standby 1 priority 120
standby 1 preempt
standby 1 authentication md5 key-string myHSRPkey
standby 1 timers 1 3
standby 1 preempt delay minimum 30
no shutdown
🔸 Explanation
standby version 2: Enables HSRPv2.
standby 1 ip: Sets VIP.
priority: Higher = preferred active.
preempt: Enables role reclaim.
timers: Custom hello/hold timers.
authentication: Optional security.
preempt delay: Prevents premature failover during reconvergence.
🔸 Verification Commands
1
2
show standby brief
show standby
show standby brief: Quick overview.
show standby: Detailed HSRP state, VIP, timers, preemption, etc.
🔹 6. VRRP & GLBP Configuration (Notes)
Syntax is similar to HSRP.
VRRP and GLBP use a similar structure to HSRP.
Replace standby with vrrp or glbp in the commands.
Use vrrp or glbp instead of standby.
E.g., vrrp 1 ip 192.168.1.1 or glbp 1 ip 192.168.1.1
🔸 VRRP Example
1
2
3
4
5
interface GigabitEthernet0/1
ip address 192.168.1.2 255.255.255.0
vrrp 1 ip 192.168.1.1
vrrp 1 priority 120
vrrp 1 preempt
🔸 GLBP Example
1
2
3
4
5
6
interface GigabitEthernet0/1
ip address 192.168.1.3 255.255.255.0
glbp 1 ip 192.168.1.1
glbp 1 priority 120
glbp 1 preempt
glbp 1 load-balancing round-robin
Note: VRRP and GLBP configurations are not typically required on CCNA, but understanding concepts is essential.
✅ Summary Comparison Table
| Feature | HSRP | VRRP | GLBP |
|---|---|---|---|
| Proprietary | ✅ Yes | ❌ No | ✅ Yes |
| Standard | ❌ No | ✅ RFC 3768 | ❌ No |
| Load Balancing | Per-subnet | Per-subnet | ✅ Per-host |
| Preemption | ❌ Disabled by default | ✅ Enabled by default | AVG: ❌ / AVF: ✅ |
| Default Hello/Hold | 3s / 10s | 1s / 3s | 3s / 10s |
| Authentication | ✅ Plaintext / MD5 | ❌ Not per RFC (but MD5 works) | ✅ MD5 |
| IPv6 Support | ✅ (HSRPv2) | ✅ | ✅ |
| Use Case Focus | High availability | Interoperability | Load balancing + redundancy |
| Multicast Addr | v1: 224.0.0.2 / v2: 224.0.0.102 | 224.0.0.18 | 224.0.0.102 |
📌 Final Notes for Interview Prep
Understand router roles (Active/Standby/Master/Backup/AVG/AVF).
Know how failover and preemption work.
Be ready to compare HSRP, VRRP, and GLBP in terms of:
Proprietary vs Standard
Load balancing capability
Configuration ease and use case
Know key default values and behaviors.
For CCNA: Focus on HSRP configuration, conceptual understanding of VRRP and GLBP.
🙌 Connect With Me
This post is licensed under CC BY 4.0 by the author.