First Hop Redundancy Protocols (FHRPs) are a set of protocols used in computer networking to ensure reliability and high availability of the network.
The primary purpose of these protocols is to manage the redundancy of the first hop in IP networks, which involves the gateway used by devices on a local network to reach external networks. By addressing the potential single point of failure at this gateway, FHRPs enhance the network’s resilience and ensure continuous availability for the devices connected to the network.
Purpose and Benefits of FHRPs
The main aim of FHRPs is to provide a mechanism for the automatic back up of the first-hop gateway in a local area network (LAN). This is achieved by allowing multiple routers or switches to work together as a group, portraying the appearance of a single virtual router or gateway to the hosts on the LAN.
The benefits of employing FHRPs include
Increased Reliability and Availability: By automatically switching to a backup gateway when the primary fails, FHRPs minimize downtime and ensure continuous network service.
Load Balancing: Some FHRPs support load sharing among multiple gateways, distributing traffic loads to optimize network performance.
Simplified Client Configuration: Hosts can be configured with a single default gateway (the virtual IP address), eliminating the need for manual reconfiguration in the event of a gateway failure.
Common Types of FHRPs
Several types of First Hop Redundancy Protocols are widely used in networking environments, each with its unique characteristics and operational mechanisms. The most common among these are:
i). Hot Standby Router Protocol (HSRP)
Developed by Cisco, HSRP creates a virtual router to which hosts send their traffic. The virtual router’s IP address and MAC address are shared among a group of routers, but only one router is the active router that forwards the traffic at any given time. If the active router fails, one of the standby routers takes over. The virtual MAC and IP addresses that are shared between two or more routers that belong to the same HSRP group.
HSRP can be classified as a redundancy protocol that provide a mechanism for determining which router should take the active role in forwarding traffic and determining when that role must be taken over by a standby router.
How HSRP works.
HSRP can be configured on a cisco router as a “virtual” router to be used in the routing of packets when the active router interface fails. Basically, what HSRP does is to stand in as a backup router, standing by for when the active router gateway interface fails.
This “virtual” router is configured with a single IP address (layer 3) and MAC address (layer 2) which is shared among two or more router on a LAN segment.
The IP address of the virtual router is configured as the default gateway for the clients on a specific IP / VLAN segment. When frames are sent from the clients to the default gateway, the clients will use ARP to resolve the MAC address that is associated with the IP address of the default gateway. The ARP then replies with the MAC address of the virtual router. Frames that are sent to the MAC address of the virtual router can then be physically processed by any active or standby router that is part of that virtual router group.
HSRP Terms.
Active router: The router that is currently forwarding packets for the virtual router
Standby router: The primary backup router
Standby group: The set of routers participating in HSRP that jointly emulate a virtual router
The primary function of the HSRP standby router (virtual) is to monitor the functioning status of the HSRP group and to quickly assume packet-forwarding responsibility if the active router fails.
These are the steps that take place when a router or Layer-3 device (switch) fails:
1. The standby router stops receiving hello messages from the forwarding router.
2. The standby router assumes the role of the forwarding router.
3. Because the new forwarding router (standby router) assumes both the IP and MAC addresses of the virtual router, the connected network devices see no disruption in service.
HSRP routers communicate with each other through Hello packets sent to the multicast address 224.0.0.2 (IPv4) or FF02::66 (IPv6) on UDP port 1985. These packets are sent periodically to announce each router’s presence and to elect the Active and Standby routers. The election process is based on priorities configured on the routers, with the router having the highest priority becoming the Active router. In the event of a tie, the router with the highest IP address wins the election.
HSRP States
An HSRP-enabled router can be in one of the following states:
Initial: The router is starting and has not yet received a Hello message from another router.
Learn: The router has not determined the virtual IP address and is waiting to hear from the active router.
Listen: The router knows the virtual IP address but is neither the active nor the standby router.
Speak: The router sends periodic HSRP Hello messages and participates in the election for the active or standby router.
Standby: The router is a backup to the current active router.
Active: The router is currently forwarding packets sent to the virtual IP address.
Configuration and Benefits
Configuring HSRP involves defining an HSRP group and assigning a virtual IP address to this group on each participating router. Routers within the same HSRP group must agree on the group number and the virtual IP address. You can also set the priority for each router to influence the Active router election and define the Hello and hold times that determine the frequency of Hello messages and the interval before the Standby router assumes the Active role in case of a failure.
The benefits of HSRP are significant in terms of network reliability and availability:
Redundancy: HSRP provides high network availability by allowing another router to automatically take over if the current active router fails.
Transparent Failover: The failover process is seamless to the end hosts, which continue to send packets to the same virtual IP address.
Load Sharing: While HSRP does not inherently distribute traffic load between multiple routers (unlike GLBP), it can be configured to do so across different subnets or VLANs by setting up multiple HSRP groups.
Example Configuration
Limitations and Considerations
Proprietary Protocol: HSRP is a Cisco proprietary protocol, which means it can only be used on Cisco devices unless interoperability with devices supporting the protocol has been specifically implemented by other manufacturers.
Single Point of Failure in Standby Mode: While HSRP significantly reduces the likelihood of network downtime, the presence of only one standby router can still pose a risk if both the active and standby routers fail.
ii). Virtual Router Redundancy Protocol (VRRP)
A standard protocol described in RFC 5798, VRRP also allows multiple routers to share the role of a default gateway. Unlike HSRP, which is Cisco proprietary, VRRP can be used on routers from different manufacturers. VRRP elects a master router and one or more backup routers to take over if the master fails.
VRRP as a non-proprietary redundancy protocol is designed to increase the availability of the default gateway servicing hosts on a LAN. It facilitates the automatic assignment of available routers to the role of a primary gateway, which manages traffic leaving a local network. This capability significantly enhances network reliability and availability by ensuring continuous network service in case of gateway failures. VRRP is defined in RFC 5798 and is designed to be vendor-neutral, allowing for its implementation across devices from various manufacturers.
Operational Principles
VRRP operates by electing a single router as the Master router from a group of routers participating in a VRRP election process. This group of routers shares a Virtual IP Address (VIP) that is configured as the default gateway by LAN hosts. Besides the Master router, one or more routers are designated as Backups. These Backup routers take over the routing responsibilities should the Master router become unavailable, ensuring a seamless transition and continuous network service.
Master Router: The router currently responsible for forwarding packets sent to the VIP. It is also responsible for sending periodic VRRP advertisement messages to inform the Backup routers that it is still functioning.
Backup Router(s): Routers in standby mode, ready to assume the role of the Master router if it fails or becomes unreachable.
The election of the Master router is based on a priority value assigned to each router. The router with the highest priority becomes the Master router. If there is a tie, the router with the higher IP address wins. Priority values can range from 1 (lowest) to 254 (highest), with a default typically set at 100.
VRRP States
A VRRP router can be in one of three states:
Initialize: The initial state before VRRP starts.
Master: In this state, the router sends advertisements and assumes responsibility for forwarding packets sent to the VIP.
Backup: In the Backup state, the router monitors VRRP advertisements from the Master router. If advertisements cease, indicating a failure of the Master router, the Backup with the highest priority transitions to the Master state.
Configuration and Benefits
Setting up VRRP involves configuring a VRRP group and assigning a VIP that will be shared among the routers in the group. Each router in the group is also assigned a priority to help determine which router will be elected as the Master. The configuration allows for fine-tuning parameters such as advertisement intervals and preempt settings, the latter dictating whether a higher priority Backup router should immediately assume the Master role if it comes online or recovers from a failure.
Configuration Example
The primary benefits of VRRP include:
High Availability: VRRP minimizes network downtime by ensuring that another router can quickly take over in the event of a gateway failure.
Seamless Failover: The transition from the Master router to a Backup router is seamless to end hosts, maintaining uninterrupted network service.
Flexibility and Scalability: VRRP supports multiple VRRP groups on the same physical network, allowing for flexible and scalable deployment scenarios.
Vendor Neutrality: Being a standardized protocol, VRRP can be implemented across a wide range of hardware, fostering interoperability in multi-vendor environments.
Considerations
Suboptimal Path: VRRP does not inherently load balance traffic. It may result in suboptimal path usage since all traffic is routed through the Master router until a failover occurs.
Security: Basic VRRP implementations lack authentication mechanisms, potentially exposing the network to vulnerabilities. Enhanced versions and best practices recommend securing VRRP traffic to prevent malicious disruptions.
iii). Gateway Load Balancing Protocol (GLBP)
Gateway Load Balancing Protocol (GLBP): Another Cisco-developed protocol, GLBP, provides automatic gateway load balancing in addition to redundancy. It allows all routers in a GLBP group to share traffic load, which can be distributed in several ways, such as round-robin or according to the bandwidth. Upon failure of one router, GLBP automatically redirects traffic to the remaining routers.
Implementation in Practice
In practice, the implementation of FHRPs involves configuring multiple routers or switches within a network to participate in a redundancy group. For instance, in an HSRP setup, two routers might be configured with the same virtual IP address, but only one (the active router) forwards traffic under normal conditions. The routers send periodic messages to each other to monitor availability. If the active router fails or becomes unreachable, one of the standby routers assumes the role of the active router, using the virtual IP address to ensure uninterrupted network access for the hosts.
Similarly, for VRRP, routers are configured in a VRRP group with one designated as the master and the others as backups. The master router advertises its presence through VRRP advertisements. If these advertisements cease (indicating a failure), a backup router is promoted to the master role, taking over the virtual IP address to maintain network availability.
GLBP goes a step further by allowing multiple routers to participate in packet forwarding. Each router in a GLBP group is assigned a unique virtual MAC address, which is used by the hosts as their gateway. This setup not only provides redundancy but also enhances the utilization of network resources through load balancing. Read More on GLBP
In conclusion, First Hop Redundancy Protocols play a crucial role in ensuring the reliability and high availability of network services. By eliminating the single point of failure at the network gateway and providing mechanisms for seamless failover and load balancing, FHRPs significantly enhance the robustness and efficiency of IP networks. Their implementation is a testament to the ongoing efforts in the field of networking to develop solutions that meet the demands for uninterrupted, high-performance network connectivity.
