HSRP (Hot Standby Router Protocol or Hot Standby Redundancy Protocol) is a protocol of the FHRP family (First Hop Redundancy Protocol) developed by Cisco Systems, which is described in RFC 2881. This protocol introduces a number of useful technologies – for example, interface tracking, object tracking and Cisco IP SLA.
The main purpose of the HSRP protocol is to achieve almost 100% availability, fault tolerance and redundancy for routing on the first hop for nodes in the IPv4 networks configured with the default gateway IPv4 address (also sometimes called the “Last hope gateway”). This is achieved by using two or more routers (or L3 switches) of one IP address and the MAC address of the so called virtual router.
All potential default gateways are combined into a HSRP-group. There may be several of such groups. At the same time only one router/switch in the group can be active through which all traffic goes. The group also has a standby router, which constantly monitors the active router (and if it fails, the standby gateway will immediately replace it).
How Active and Standby Routers Defined?
All the routers of the group communicate with each other via the multicast address 220.127.116.11 (UDP port 1985). This address is in conflict with the Cisco Group Management Protocol (CGMP). Simultaneous use of HSRP v1 and CGMP is not allowed. After the power is supplied, they begin the election to be the active router. The winner is the one with the higher priority (0 – 255). By default, it is equal to 100. If the priorities for all are equal, then the IP addresses are compared. The router with the big address wins and becomes active. The next router becomes Standby. All other routers are switched to the Listen state. They are waiting for the next election if the active router fails.
How Does the Standby Router Determine That the Active Router is No Longer Working?
Every 3 seconds an active router sends Hello packets that the standby router is listening to. If the Hello packet is not received after 3 seconds, the Dead timer starts, which is 10s. After this timer expires, the backup router switches to the Active state and a new standby router is selected.
What Happens When the Former Active Router Comes to Life?
There are 2 options:
- Nothing happens until the current active router fails;
- The “revived” router can switch to the Active state again. But for this, you need to configure the Preemption function on all devices in the group.
If the uplink is disabled on the active router, then all hosts will left without the Internet. But there is a solution. HSRP provides the ability to track the uplink interface. Once the router detects that its WAN/uplink interface is down, it immediately lowers the HSRP priority in its group. The standby device immediately recognizes and takes control, becoming an active gateway. But for this you need to activate the Preemption function.
HSRP is configured the same on routers and Layer 3 switches on the following interfaces:
- Physical L3 ports of the router;
- Physical switch ports transferred to L3 mode with the “no switchport” command;
- SVI/VLAN interfaces;
- EtherChannel ports in L3 mode.
The interface must be assigned an IP address.
An example of configuring of two HSRP groups for dyn1 and dyn3 routers (the settings are the same on both routers).
dyn1(config)# int fa0/0
With the standby version ver_num command, you can specify the version of the HSRP protocol (1 or 2). The default is HSRP 1.
The modern HSRPv2 can work with both IPv4 and IPv6, respond quickly to changes in the network, uses a separate multicast group 18.104.22.168 (and therefore is not compatible at the network level with HSRPv1).
Enable HSRP and create two groups:
dyn1(config-if)# standby 1 ip 192.168.1.3 dyn1(config-if)# standby 3 ip 192.168.1.13
You can specify a name for group 1 on the dyn1 router (this is local group name):
dyn1(config-if)# standby 1 name DYN1-HSRPAct
In order to influence the results of choosing of the active gateway, you can set the priority:
dyn1(config-if)# standby 1 priority 103
Preempt mode allows a router with a higher priority to intercept the active router role. By default, preempt mode is disabled.
Turn on the preempt mode:
dyn1(config-if)# standby 1 preempt
The Preemption function must be enabled on all routers.
To monitor the WAN/Uplink interface in case of its failure, you must run a command on all routers:
dyn1(config-if)# standby 1 track fa0/0 line-protocol
You can check the status of the active and standby gateways using the following commands:
dyn1(config)# show standby
View brief information about the groups:
dyn1(config)# show standby brief