Here i came with a great article regarding the Cisco HSRP, it was a good experience while writing this article in Advance and Deep Level, so let’s get started.
Hot Standby Routing Protocol (HSRP) is Cisco’s Proprietary Protocol which is used to provide redundancy in network. HSRP used port 1985 of UDP. A virtual IP address is used to provide redundancy between the routers. For example if we have two routers configured with HSRP , then there will be one active and another standby router. The single IP address will be shared among all the network appliances so there will only one exit point but redundant.
Routers send hello packets on multicast address 220.127.116.11 to communicate to other routers. If the primary router fails or there is any link issue on the primary router, the router with the next-highest priority or highest IP address in case of tie (Same priority) would take over the gateway IP address and answer ARP requests with the same mac address, thus achieving transparent default gateway fail-over with full redundancy.
HSRP States are as follow:
1. Intial – HSRP is not running
2. Listen – Receives hello messages to know about virtual IP.
3. Speak – Send periodic hello messages and in this state router already has learned the virtual IP address . Router actively participates in the election of active router.
4. Standby – Candidate for Active router . In this state router send and receives the hello messages.
5. Active – Router which currently forwards the packets.
HSRP election Process:
HSRP active/standby router election process uses priority value (0-255) that is manually configured on the router (255 is the highest). By default , the priority is 100 . If all the routers are set to default value then the router with highest IP address on the HSRP interface becomes the active router.
By default, HSRP uses virtual IP address and virtual MAC Address. Virtual IP address in manually configured through HSRP configuration . However, virtual MAC address is automatically generated.
The virtual MAC-address is divided into three fields. For Example consider virtual MAC Address 00-01-0B-07-AC-0B
- 00-01-0B is the vendor code.
- 07-AC is a well-known HSRP code
- 0B is the HSRP group number (11 decimal and 0B in hexadecimal)
During failover from active router to standby router. If the first active router comes up again, the first standby router will continue to work as active router. To overcome this problem , we can use preempt configuration in HSRP to make the first active router active again once the router comes up or operational.
HSRP Routers sends hello packets at regular intervals to each other. Hello packets are sent by default every 3 second (Hello interval)
Holdtime is default 10 seconds and should be three times the hello interval.
HSRP uses message digest 5 (MD5) algorithm authentication to protects against HSRP-spoofing and uses the industry-standard MD5 algorithm for improved reliability and security.
We can also use HSRP groups to provide high redundancy and load sharing if we have multiple VLAN’s in our network . For example, we can create Group 10 for Vlan 10,20 to be active on R1 and Group 20 for vlan 30, 40 to be active on R2.