Sign in Subscribe

Gateway Redundancy Explained: How FHRP Keeps Your Network Connected

Munachimso Victor Nwaiwu

5 min read
Gateway Redundancy Explained: How FHRP Keeps Your Network Connected

Today, data centers are incredibly busy, processing countless online transactions and communicating with clients across the world. The gateway acts as the crucial link between the local network and external networks like the internet, making it a single point of failure that could disrupt these vital operations. To prevent this, First Hop Redundancy Protocols (FHRP) step in to orchestrate multiple gateways, ensuring continuous network availability. In this blog, we'll delve into the world of FHRP, exploring some of its protocols.

In this blog, we'll delve into the world of FHRP, exploring some of its protocols, each with its own unique approach to keeping your network connected.

Hot Standby Router Protocol (HSRP)

HSRP is Cisco's proprietary first-hop redundancy protocol. It ensures network availability by masking multiple physical routers into a single virtual router.

What is an HSRP Standby Group, and what are the roles within it?

An HSRP Standby Group is a set of routers that act as a virtual router, with two roles within the group:

  • Active Router: Forwards packets and serves as the default gateway. This active router responds to ARP requests from devices on the network.
  • Standby Router: Keeps in sync with the active router by exchanging hello messages, monitoring, and is always ready to take the position of the active router if it fails.

HSRPv1 is the default version on Cisco devices with a maximum of 255 groups. HSRPv2 allows up to 4095 groups. This allows the engineer to align the HSRP group to the VLAN number. This aids in effective load balancing of HSRP across VLANs. Only HSRPv2 is compatible with IPv6, and HSRPv1 and HSRPv2 are incompatible.

How does the Active Router get elected in an HSRP group?

Active Router election is preemptive, meaning a higher-priority device can become active even if the current active device is still operational. HSRP can be configured per VLAN, which is useful for load-balancing traffic.

Why are virtual IP and MAC addresses important in HSRP?

All devices in the HSRP group share a common virtual IP address and a common virtual MAC address (generated based on the HSRP group ID). This allows endpoints to see the gateway as a single logical device and allows for a smooth failover if a gateway fails, as the endpoint wouldn’t even notice a difference. When configuring HSRP, you cannot use the physical IP address of any device as the virtual IP address.

How do hello messages ensure communication in an HSRP group?

To ensure reliable communication within the HSRP group, HSRP uses a multicast address to communicate between active and standby devices and to monitor the state of the active router. Instead of broadcasting HSRP information to every device in the network, it sends the data to intended devices in a multicast group. The active router sends periodic multicast hello messages to the standby routers to signal its availability.

How does HSRP ensure a smooth transition during failover?

The active HSRP device is the only device that replies to ARP requests in the network. To prepare for a potential failover, the active router uses ARP Synchronization to share the details of its ARP table with the standby devices in the HSRP group. This shared ARP information is crucial for a smooth transition.

If a standby router doesn't receive a hello message within a specific timeframe, it assumes the active role. It takes over by sending a gratuitous ARP broadcast to switches in the network. This gratuitous ARP causes the switches to update their MAC Address tables, ensuring traffic is directed to the new active router and minimizing disruption.

Virtual Router Redundancy Protocol (VRRP)

VRRP is the industry-standard FHRP. It's similar to HSRP in configuration and operation.

How does VRRP terminology differ from HSRP terminology?

Here's a quick comparison of terminology between HSRP and VRRP:

HSRP Term

VRRP Term

Active Router 

Primary Router

Standby Router

Backup Router

Hello Messages

Advertisement messages

What is the key difference between HSRP and VRRP?

One key difference is that VRRP allows you to use an existing IP address on a physical device as the virtual IP address. This gives the device with that IP address the highest priority (255) in the primary router election.

How does priority work in VRRP, and how does it determine the primary router?

VRRP uses a priority mechanism to determine which router becomes the primary router. The priority range is 0-255.

  • A device with priority 0 means the device is currently not participating in VRRP.
  • A priority of 255 usually signifies that the device's physical IP is used as the virtual IP and would always be the primary device if available.

What are the different versions of VRRP, and what are their capabilities?

  • VRRPv2: VRRPv2 supports only IPv4.
  • VRRPv3: VRRPv3 supports IPv4 and IPv6. It is backward compatible with VRRPv2; however, compatibility is not perfect in all cases.

Gateway Load Balancing Protocol (GLBP)

Cisco also offers another FHRP called Gateway Load Balancing Protocol (GLBP), which can load balance traffic across all devices in a group.

GLBP achieves load balancing by having two types of roles in the group:

  • Active Virtual Gateway (AVG): Serves as the orchestrator in a GLBP group. It assigns virtual MAC addresses to AVFs and uses the assigned MAC address to respond to ARP requests.
  • Active Virtual Forwarder (AVF): Receives packets that have its virtual MAC as the default gateway as assigned by the AVG and forwards the packet to the appropriate destination.

GLBP load balances gateway access across members of a GLBP group by having one device act as the AVG. The AVG is the only device in the group that responds to ARP messages from other devices in the network. When the AVG receives an ARP request, it responds with the virtual IP of the group, but for the MAC address, it responds with the virtual MAC address of an AVF in the group. The AVG also acts as an AVF in the group.

What load balancing algorithms does GLBP use to distribute traffic?

The AVG uses three main algorithms to specify which MAC address to assign for an ARP response. These include:

  • Round Robin: With this algorithm, the AVG distributes traffic evenly by sequentially assigning virtual MAC addresses of AVFs when responding to ARP messages. This is the default way of setting up GLBP.
  • Device Specific: This algorithm allows you to ensure a specific AVF is assigned as the gateway to a particular device. This can be used to ensure critical clients use the same gateway at all times. For example, you might use this for a server that requires a high-bandwidth connection to a specific AVF.
  • Weighted: This algorithm is similar to round robin but allows for the addition of weights to specific AVFs to make them handle more traffic than other AVFs. This is useful when you have some newer and more powerful AVFs than others, and you would like them to take more load. For example, if you have one AVF with a 10 Gigabit Ethernet interface and another with a 1 Gigabit Ethernet interface, you might assign a higher weight to the AVF with the 10 Gigabit interface.

Conclusion

First Hop Redundancy Protocols are crucial for network availability because they eliminate the default gateway as a single point of failure. For example, financial institutions and hospitals where network uptime and availability is a necessity cannot afford a single point of failure at their network gateway. The GLBP flavor takes the extra step of load balancing gateways in a network, providing not just redundancy but removing bottleneck exits from the network.

Sign up for more like this.

Enter your email
Subscribe