FHRP: First-Hop Redundancy Protocols

There are three different first hop redundancy protocols in common use today. Two of them, HSRP and GLBP are Cisco proprietary, where-as VRRP is an open protocol. VRRP and HSRP are both similar in that the Virtual IP is associated with a Virtual MAC address that one router maintains control of.
For GLBP however, there are multiple Virtual MAC addresses to load balance endpoints across multiple routers.

  • VRRP – Virtual Router Redundancy Protocol
  • HSRP – Hot Standby Router Protocol
  • GLBP – Gateway Load Balancing Protocol

There are other forms of first hop redundancy that don’t utilize a dedicated protocol, through other high availability mechanisms, such as switch-stacking or stateful-switchover.

VRRP – Virtual Router Redundancy Protocol

Uses the link-local multicast group, 224.0.0.18 for keep alive messaging.
Uses the virtual MAC address 00:00:FE:00:01:##
Where ## is the Group ID – This is important as two VRRP groups with the same Group ID will have the same virtual MAC address – which won’t work well.

To configure (Cisco):

int ###
ip address 192.0.2.253 255.255.255.0
vrrp 1 ip 192.0.2.254
vrrp 1 priority 100
vrrp 1 preempt
vrrp 1 authentication md5 key-string 0 Password

HSRP – Hot Standby Routing Protocol

For HSRP, stick with version 2, as it increases reliability and extensibility.
Version 1, uses the link-local multicast group, 224.0.0.2 (Overlaps with CGMP)
Version 2, uses the link-local multicast group, 224.0.0.102 (Overlaps with GLBP)
Version 1, uses the Virtual MAC address 00:00:0C:07:AC:##
Version 2, uses the Virtual MAC address 00:00:0C:9F:F0:##
Where ## is the Group ID.

To configure (Cisco):

int ###
ip address 192.0.2.253 255.255.255.0
standby version 2
standby 1 ip 192.0.2.254
standby 1 priority 100
standby 1 preempt
standby 1 authentication md5 key-string 0 Password

GLBP – Gateway Load Balancing Protocol

GLBP is different than the other protocols in that multiple gateways will be active at the same time – rather than one waiting to take over. So with GLBP you have the concept of the Active Virtual Gateway (AVG) and Active Virtual Forwarder (AVF). The AVG is elected from participating routers. It assigns virtual MAC addresses to AVFs for forwarding. The AVG is then in charge of responding to ARP requests from clients. GLBP can support up to 4 virtual MAC addresses per group, effectively supporting 4 AVFs. Remaining routers operate in a passive state, waiting to take over.

Uses the link-local multicast group, 224.0.0.102 (Overlaps with HSRPv2)
Uses the Virtual MAC address 00:07:B4:00:01:##
Where ## is the forwarder: 01, 02, etc…

To configure (Cisco):

int ###
ip address 192.0.2.253 255.255.255.0
glbp 1 priority 100
glbp 1 preempt
glbp 1 forwarder preempt
glbp 1 ip 192.0.2.254
glbp 1 authentication md5 key-string 0 Password

DavisSystem

Consolidated Notes From the Desk of Sean Davis.

FHRP: First-Hop Redundancy Protocols

By Sean, 2024-02-13

On this page: