HSRP is Cisco proprietary protocol that uses UDP port 1985 and multicast address 224.0.0.2. A router may be active or standby. A router with the highest priority will be active. The default priority is 100. Virtual MAC address reserved for HSRP is 0000.0c07.acXX where XX denotes an HSRP group number in hex. The active router answers ARP queries for a configured virtual router’s IP using this MAC address in its ARP replies. To enable HSRP in Cisco IOS:
config# key chain <name> config-keychain# key <key-number> config-keychain-key# key-string <password> config-keychain-key# exit config-keychain# exit config-if# standby <group-number> ip <virtual-ip-address> config-if# standby <group-number> authentication md5 key-chain <name> config-if# standby <group-number> priority <priority>
By default, preemption is disabled, meaning that when a router with higher priority appears on a network, it would not become active. This also applies to a failed active router that would come back online later. To enable preemption:
config-if# standby <group-number> preempt
If necessary, preemption can be delayed:
config-if# standby <group-number> preempt delay ? minimum Delay at least this long reload Delay after reload sync Wait for IP redundancy clients
When HSRP is enabled, it goes through this 6 states:
HSRP Hello interval is 3 sec by default, Dead interval is roughly 3 times of that - 10 sec. These timers can be modified:
config-if# standby <group-number> timers <sec>|msec <ms> <sec>|msec <ms>
HSRP can also track objects and react on object’s failure by lowering priority (default by 10).
config# track <object-number> interface <interface #> config-track# exit config-if# standby <group-number> track <object-number> [decrement <value>]
HSRP does not support load balancing genuinely. It is possible to do that by configuring two groups on an interface with different IP addresses and then use DHCP to assign one IP to one group of DHCP clients and another IP to another group.
VRRP is a standard (Old RFC 3768, new - 5798). It uses ip protocol 112 and multicast address 224.0.0.18. Virtual MAC address is 0000.5e00.01xx. Preemption is enable by default. Default priority is 100. Hello timer is 1 sec, Dead interval is 3.6 sec. It works the same way as HSRP. Load balancing can be done also the same way.
config-if# vrrp <group-number> ip <virtual-ip-address> config-if# vrrp <group-number> priority <number> config-if# vrrp <group-number> authentication md5 key-string <password>
Routers in one group must have the same Hello interval. When increasing Hello interval on a Master router
config-if# vrrp <group-number> timers advertise msec <value> Slave routers must be enabled for learning it (this is not a default!) via:
config-if# vrrp <group-number> timers learn
VRRP does not support advertising msec Hello interval in its packet due to field size limitation. Therefore, such msec timers must be configured manually on each router in a group.
GLBP is Cisco proprietary. It provides redundancy and per-host load balancing. Active Virtual Gateway (AVG) takes care of host-to-gateway allocations. There is only one AVG per group. It is elected by the highest priority or the highest IP. Preemption for this role is on by default. The gateways that do actual forwarding are called Active Virtual Forwarder (AVF). There may be maximum of 4 AVF per group. AVG is also AVF. AVG assigns each AVF a virtual MAC address 0007.b4xx.xxyy where xxxx is GLBP group number and yy is AVF number. AVG answers ARP requests for the configured virtual IP address with different virtual MAC addresses assigned to AVFs. Cisco IOS configuration commands:
config-if# glbp <group-number> ip <virtual-ip-address> config-if# glbp <group-number> priority <number> config-if# no glbp <group-number> preempt config-if# glbp <group-number> authentication md5 key-string <password>
config-if# glbp <group-number> load-balancing weighted | round | host
If weighted algorithm is configured on AVG, then on AVFs it may be further detailed:
config-if# glbp <group-number> weighting <value> lower <value> upper <value>
Upper and lower values are for tracking objects. When the weight falls below lower value, AVF gives up its role and the virtual MAC address. When the weight raises higher than upper value, it can continue to serve its role again.
config-if# glbp <group-number> timers <hello-interval> <dead-interval> config-if# glbp <group-number> timers redirect <redirect-interval> <timeout-interval>
Redirect interval sets the number of seconds AVG continues to provide the virtual MAC address of a failed AVF allocated to working AVF. After timeout interval expires, AVG will no longer provide this virtual MAC address to hosts.