The Hot Standby Router Protocol (HSRP) is a Cisco proprietary first-hop redundancy protocol (FHRP) designed to allow for transparent fail-over of the first-hop IP router, and has been described in detail in RFC 2281.
HSRP provides high network availability by providing first-hop routing redundancy for IP hosts on Ethernet, Fiber Distributed Data Interface (FDDI), Bridge-Group Virtual Interface (BVI), LAN Emulation (LANE), or Token Ring networks configured with a default gateway IP address. HSRP is used in a group of routers for selecting an active router and a standby router. In a group of router interfaces, the active router is the router of choice for routing packets; the standby router is the router that takes over when the active router fails or when preset conditions are met. HSRP active and standby routers send hello messages to the multicast address 224.0.0.2 using UDP port 1985.
The virtual router is simply an IP and MAC address pair that end devices have configured as their default gateway. The active router processes all packets and frames sent to the virtual router address. The virtual router does not process physical frames and exists in software only. The active router physically forwards packets sent to the MAC address of the virtual router. The virtual router MAC address is a well know mac-address and it is 0000.0c07.acxx, where xx is the HSRP group member. For example, if the group is 20 the virtual MAC address is 0000.0c07.ac14 (remember that the number in the mac address is expressed in HEX!!!).
When the active router fails, the other HSRP routers stop seeing hello messages from the active router. So, the standby router will be the new active router and, if possible, a new standby router will be elected. Because the new active router assumes both the IP and MAC addresses of the virtual router, the end stations see no disruption in service. The end-user stations continue to send packets to the virtual router MAC address, and the new active router delivers the packets to the destination.
HSRP has 2 timers:
- Hello interval time: Interval between successive HSRP hello messages from given router. Default is 3 seconds.
- Hold interval time: Interval between the receipt of a hello message and the presumption that the sending router has failed. Default is 10 seconds.
In this example, there are 3 routers connected to the local segment 192.168.0.0/24. These routers belong to the HSRP group number 1 and each physical interfaces have different ip address (192.168.0.11, 192.168.0.12, 192.168.0.13).
When the HSRP is enabled, these routers will be represented by 1 virtual router; in this case the MAC address is 0000.0c07.ac01 (0000.0c07.acxx is the HSRP well-known MAC address and the 01 is the HSRP group number) and the virtual ip address is 192.168.0.1. Remember that the default gateway defined to the PC is 192.168.0.1 and NOT the IP of the physical interface of the routers.
What are the commands used to enable HSRP?
To enable HSRP you must:
- Define the physical ip address of the interface
- Define the HSRP virtual ip address
Ciscozine_1
Ciscozine_1#sh run interface fastethernet 0/0 Building configuration... Current configuration : 123 bytes ! interface FastEthernet0/0 ip address 192.168.0.11 255.255.255.0 standby 1 ip 192.168.0.1 end Ciscozine_1#
Ciscozine_2
Ciscozine_2#sh run interface fastethernet 0/0 Building configuration... Current configuration : 123 bytes ! interface FastEthernet0/0 ip address 192.168.0.12 255.255.255.0 standby 1 ip 192.168.0.1 end Ciscozine_2#
Ciscozine_3
Ciscozine_3#sh run interface fastethernet 0/0 Building configuration... Current configuration : 123 bytes ! interface FastEthernet0/0 ip address 192.168.0.13 255.255.255.0 standby 1 ip 192.168.0.1 end Ciscozine_3#
Remember: The standby ip interface configuration command enables HSRP and establishes 192.168.0.1 as the IP address of the virtual router. The configurations of routers include this command so that the 3 routers share the same virtual IP address. The 1 establishes Hot Standby group 1. (If you do not specify a group number, the default is group 0.) The configuration for at least one of the routers in the Hot Standby group must specify the IP address of the virtual router; specifying the IP address of the virtual router is optional for other routers in the same Hot Standby group.
Optional settings are: preempt, priority, authentication, timers, …
To display Hot Standby Router Protocol (HSRP) information, use the show standby command in privileged EXEC mode.
show standby [type number [group-number]] [active | init | listen | standby] [brief]
Syntax description:
- type number: (Optional) Interface type and number for which output is displayed.
- group-number: (Optional) Group number on the interface for which output is displayed.
- active: (Optional) Displays HSRP groups in the active state.
- init: (Optional) Displays HSRP groups in the initial state.
- listen: (Optional) Displays HSRP groups in the listen or learn state.
- standby: (Optional) Displays HSRP groups in the standby or speak state.
- brief: (Optional) Summarizes each standby group as a single line of output.
In this istance, the output of the show standby command is:
Ciscozine_2#sh standby FastEthernet0/0 - Group 1 State is Standby 6 state changes, last state change 00:11:12 Virtual IP address is 192.168.0.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.772 secs Preemption disabled Active router is 192.168.0.13, priority 100 (expires in 7.736 sec) Standby router is local Priority 100 (default 100) IP redundancy name is "hsrp-Fa0/0-1" (default) Ciscozine_2#
If the priority of the routers are the same, the active router (the router that forward the packets) will be the router with the highest ip address and the stanby router will be the router with the second highest IP address.
To debugging HSRP operations use the command debug standby.
References:
