How to configure and verify first-hop redundancy protocols

The first hop redundancy is the capability for 1 or more device to share a same IP address in order to give multidevice resiliency in the default gateway scenarios. Normally, it involves 1 device owning an IP address when the other devices stand by, ready to assume the control of an address must the owner fail. The Cisco proprietary HSRP is what most of the Cisco shops used to accomplish it, however outside of a Cisco World the VRRP is a standard one. Then the other one which is used is the GLBP which is the load balancing protocol. All the 3 first hop redundancy protocol - FHRP is discussed in the below section.

3.1.a HSRP

The HSRP stands for hot standby router protocol. It is the Cisco proprietary redundancy protocol for accomplishing the fault tolerant default gateway. This HSRP is the FHRP which allows the transparent failover of a first-hop IP router. This HSRP offers the first-hop routing redundancy for the IP host on an Ethernet network configured with the default router IP address. If the HSRP used in the group of router for selecting the active router and the standby router. In the group of router, an active router is a router which route packets and a standby router is a router which takes over while an active router fail or when the pre-set condition is met.

Many of the host implementation do not support any discovery mechanisms of dynamic router, but it can be configured with the default router. Running discovery mechanism of the dynamic router on each host is not at all practical for so many reasons such as security issues, processing overhead, and administrative overhead. The HSRP offers the failover service to the host.

When HSRP is used, configure an HSRP virtual IP address as a host default router. Then the virtual IP address is the IPv6 or IPv4, which is shared among the group of the router that runs HSRP. While configuring HSRP on the network segment, give the virtual MAC address as well as virtual IP addresses in an HSRP group. Configure the unique IP address on every interface which acts as a real address. The HSRP selects any one of the interfaces to be an active router. An active router receives as well as the router packet destined for a virtual MAC address group. The HSP detects when a designated active router fails. Here, at this point, the selected standby routers assume control of an IP address and virtual MAC address of an HSRP group. The HSRP selects the new standby router at the same time.

The HSRP uses the priority designators to analyze which configured interface- HSRP become a default active router. Then, to configure the interface as an active router, assign it with the priority which is higher than all other configured interfaces- HSRP in a group. A default priority is normally 100, hence to configure with only one interface with the highest priority, then that interface can be a default active router.

The interfaces which run HSRP receive and send multicast UDP based hello message to determine the failure as well as to assign standby and active routers. When an active router fails to send the hello messages within the configurable time period, a standby router with a higher priority will turn as an active router. Transition of the packet forwarding function between a standby and active router is moreover completely transparent to the entire host networks. You can also configure the multiple HSRP group on the interface. The below figure is the network topology which is configured HSRP with 2 enabled router.

A virtual router cannot physically exist, however, represents a common default router for the interface which are configured to give backup to the each router. No need to configure a host on a LAN with an IP addresses of an active router. Rather, configure it with an IP addresses of the virtual router as its default router. Suppose, an active router fails to send the hello messages within a configurable time period, then a standby router takes over it, and responds to a virtual address and also become an active router by assuming an active router duty. A virtual router remains same for a host perspective.

Take a simple circuit to configure the HSRP with only 2 routers. To configure R2 and R1 for the HSRP by using the virtual IP address of 10.1.20.1.

Here, R1 is configured as an active HSRP default gateway & R2 is configured as the standby. Here, the command preempt is configured on the both routers.

HSRP on R1 as follows:

HSRP on R2 as follows:

Verify the HSRP:

After the configuration, provide some moment and then use the commands show standby brief and show standby on R2 and R1 to verify it. Here, R2 must be standby and R1 must be active router.

3.1.b VRRP

The VRRP stands for virtual router redundancy protocol. It is the computer networking protocol, which gives for automatic assignment of the available IP router to participating host. It is the election protocol which dynamically allots responsibility for 1 or more virtual router to a virtual router on the LAN, simply allowing several router on the multi-access links to utilize a same virtual IP address. The VRRP routers are configured to run a VRRP protocol in the conjunction with 1 or more routers attached to the LAN. In the VRRP configuration, 1 router is selected as a virtual router master, with another router acts as the backup in case a master fails in the virtual router.

There are several methods the LAN client can find out that routers must be a first hop to the specific remote destination. A client may use the static configuration or dynamic process. The best example of dynamic router discovery are such as proxy ARP, ICMP IRDP client and routing protocol.

An alternative to the dynamic discovery protocol is to configure the default router statically on a client. That this approach will simplify the client configuration as well as processing, though creates the single point of failure. Suppose, the default gateway fails, a LAN client is always limited to communicates only on a local IP network segment and it is cut off from a rest of a network. The VRRP solve a static configuration issue. The VRRP enable the group of router to form the single virtual router. A LAN client can be configured with a virtual router as its default gateway. A virtual router which represents the group of router is called as VRRP group. Given below is the LAN topology where the VRRP is configured.

In the above topology, 2 virtual routers are configured. For virtual router1, IP address 10.0.0.1 and the virtual router master, owner are Router A and the routerB is a virtual router backup to the router A. The clients 2 and 1 are also configured with a default gateway 10.0.0.2 IP address.

It is possible to configure nearly up to 255 virtual routers on the physical interface of the router. The number of the virtual routers that the router interfaces can support beased on the router processing capability, router interface supports of the multiple MAC address and router memory capability.

VRRP configuration:

Step 1:

Command: enable

This step enables privileged of EXEC mode. It enters the passwords if correct.

Ex: router> enable

Step 2:

Command: configure terminal

This step enters the global configuration mode.

Ex: router#configure terminal

Step 3:

Command: interface type number

This step enters an interface configuration

Ex:

Step 4:

This step configure the IP address for the interface

Command:

Ex:

Step 5:

It assigns the text description to a VRRP group.

Command:

Ex:

Step 6:

It sets a router priority level within the VRRP group. Here a default priority is 100.

Command:

Ex:

Step 7:

This step configures a router to take over as the virtual router master for the VRRP group if it has higher priority than a current virtual router master.

Command:

Ex:

Step 8:

This step configures an interval between the successive advertisement by a virtual router master in the VRRP master.

Command:

Ex:

Step 9:

It configures a router, when it acted as the virtual router backup for the VRRP group, that to learn an advertisement intervals used by a virtual router master.

Command:

Ex:

Step 10:

This exit interface configuration.

Command: exit

Ex:

Enable VRRP:

Step 1:

Command: enable

Step 2:

Command: configure terminal

Step 3:

Command: interface type number

Step 4:

Step 5:

Step 6:

Command: End

Step 7:

Command:

Step 8:

Configure VRRP in object tracking:

Step 1:

Enable

Step 2:

Configure terminal

Step 3:

Step 4:

Command: interface type number

Step 5:

Command: vrrp group ip ip-address

Step 6:

Command: vrrp group priority level

Step 7:

Step 8:

Command: end

Step 9:

Show track[object-number]

Example configuration:

Router A:

Router B:

To verify the configuration make use of the command router# show vrrp

3.1.c GLBP

The GLBP stands for gateway load balancing protocol. It gives the path redundancy for the IP by MAC address and sharing protocol between the redundant gateway. The GLBP allows the group of layer 3 router to share a load of a default gateway on the LAN. The GLBP router may automatically assume a forwarding function of the other router in a group suppose the other router fails. The GLBP performs the similar function to the HSRP, and a VRRP. The VRRP and HSRP allow multiple router to take place in the virtual group configured with the virtual IP address. The protocols elect the one member as an active router to just forward the packet to a virtual IP address for a group. The another router in a group is mostly redundant until an active router fails. The GLBP will perform the additional function of load balancing that another protocol do not offer. The GLBP load balance over the multiple routers by using the single virtual IP address as well as multiple virtual MAC address. It also shares a forwarding load among all routers in the GLBP group rather than allowing the single router to manage the whole load when the other router in a virtual group took place in the forwarding packets.

Given above is the GLBP topology. If the routerA becomes unavailable, then client 1 cannot access to a WAN because a router B also assumes responsibility for forwarding the packets sent to a virtual MAC address of the router A and also for responding to packets sent to their own virtual MAC addresses. The router B also assumes that the AVG role for all the GLBP group. The GLBP member communication continues despite router failure in a GLBP group. The GLBP has 3 authentication types such as ND5 authentication, no authentication, and plain authentication.

The GLBP is proposed to be easy to configure when compared to other protocols. Every gateway in the GLBP group has to be configured with a same group number and minimum 1 gateway in a GLBP has to be configured with a virtual IP address used by a group.

Step 1:

Command: enable

This step enables privileged the EXEC mode

Ex: router>enable

Step 2:

Command: configure terminal

This step enters the global configuration mode

Step 3:

Command: interface type number

It specifies the type of interface & number and also enters the interface configuration

Step 4:

Command: ip address ip-address mask [secondary]

It specifies the secondary or primary IP address for the interface

Step 5:

Command: glbp group ip [ip-address [secondary]]

It enables the GLBP on the interface and also identifies the virtual gateway primary Ip address.

Step 6:

Command: exit

It exits the interface configuration and also returns router to the global configuration.

The first hop redundancy protocol is the computer networking protocol that is proposed to protect a default gateway used on the subnetwork by permitting 2 or more routers to give backup for that address. If the active router fails, then the backup router or standby router will take care of the address within few seconds. The above discussed HSRP, VRRP and GLBp are some of the examples of the FHRP. The usage of protocols may vary based on the need and requirements.