FHRP

First Hop Redundancy Protocol (FHRP) are a group of protocols that allow a router on a LAN segment to automatically take over if another one fails. They were developed to solve a common problem in shared networks such as Ethernet or Token Ring. The devices on this shared network segment are usually configured with a single default gateway address that points to the router that connects to the rest of the network. The problem is that even if there is a second router on the segment that is also capable of being the default gateway, the end devices don't know about it. Therefore, if the first default gateway router fails, the network stops working. The three main First Hop Redundancy Protocols discussed in this chapter are HSRP Versions 1 and 2, VRRP and GLBP.

Many methods for addressing this problem have come and gone over the years. The most obvious and seriously flawed solution is to have the end users reconfigure the default gateway address in their workstations. This is a terrible solution for several reasons. There is a large chance of typographical errors. The conversion is slow and laborious, and often requires a reboot of the workstation. It relies on users noticing the problem in a timely manner, and it is unlikely that anybody will bother to change the address back when the original router recovers. And it also requires that there is a human handy to make the change, which is not always the case because many devices such as printers and servers don't usually have somebody sitting beside them when problems appear.

A slightly better solution that many organizations have used is to run a dynamic routing protocol such as RIP or OSPF directly on the servers and workstations. Unix-based operating systems have access to good routing protocol implementations, such as the routed and gated programs. However, many popular desktop and server operating systems do not support these protocols. Even if every device in the network could run a routing protocol, this is not a very good solution to the problem for several reasons. Routing protocols tend not to converge well when the number of devices gets too large. So this technique would, at the very least, require a major network redesign. It is also generally a bad idea to let end devices affect the global routing tables throughout the network. If one of these devices is not configured properly, it could cause serious routing problems. And, more philosophically, it is a good principle of network design to keep network functions on network devices. Workstations and servers have enough to do already without having to worry about doing a router's job as well.

ICMP Router Discovery Protocol (IRDP), which is described in RFC 1256, represents still another interesting idea for allowing end devices to find a new router when their default gateway fails. This protocol requires routers to periodically send multicast "hello" messages to the LAN segment. End devices listen for these messages and use them to build their internal routing tables. If an end device doesn't hear these hello messages for a while, it assumes that the router must have failed. The end device then sends a multicast query looking for a new router to take over. Again, this method requires special software on the end devices. Few devices support IRDP, and it has never enjoyed particularly wide acceptance.

Cisco routers do support IRDP. If you want to use it, you can enable it by simply using the interface command ip irdp as follows:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet 0/1
Router(config-if)#ip irdp
Router(config-if)#exit
Router(config)#end
Router#

We do not recommend using IRDP, however, because it is unlikely that all of the devices on a segment will be able to use and react to it appropriately. HSRP, which we will turn to in a moment, provides a much more robust and flexible router redundancy mechanism. The one exception is clients running IP Mobility require IRDP to work properly. For more information on IP Mobility, see Chapter 24.

As an aside, there is another protocol, also called Interdomain Routing Protocol (IDRP), which is part of the OSI protocol suite that provides similar functionality to BGP. The similarity of the names is just an accident. There is no relation between these protocols, although it is easy to get the acronyms confused.

One of the more popular solutions to the problem of router redundancy uses Proxy ARP, which is enabled by default on Cisco routers. In this configuration, the end devices are not configured with a default gateway at all. Instead, they discover the path to remote devices the same way that they find devices on the local LAN segment, using Address Resolution Protocol (ARP). You would then configure the routers to run Proxy ARP, which means that they respond to ARP requests on behalf of the remote device. Then the originating device simply sends a packet to the remote destination IP address using the MAC address of the local router, which is exactly the desired behavior.

The problem with the Proxy ARP solution, is that it doesn't switch to a backup router very quickly when the primary router fails. End devices don't tend to change their MAC addresses very often. The whole ARP cache procedure assumes that if an entry was once valid, it will remain valid unless it is explicitly changed by means of a gratuitous ARP from the other device declaring a new address. Most devices will remove a stale ARP entry if the device fails to respond for several minutes, but this is clearly not fast enough for a reliable fail-over mechanism. The only ways to speed this procedure up are to reboot or manually clear the ARP cache on the end device. Proxy ARP is also a rather messy solution because it requires a potentially large number of ARP requests on the local segment. Since ARP requests are broadcasts, this can cause serious problems on a busy segment.

Cisco developed Hot Standby Router Protocol (HSRP) to address the problem of router redundancy in a more reliable way. It provides a nondisruptive automatic failover method that doesn't require end devices to run any special software. HSRP is documented in RFC 2281, although it is a Cisco proprietary standard.

It works by allowing two routers to share the same virtual IP and MAC addresses. End devices simply send their off-segment packets to these addresses, as a standard default gateway. One of the routers will receive and forward the packets, so either can fail without disrupting traffic flow. One router is always active, and the other acts as a standby, in case the first one should fail. In fact, you can configure many standby routers for extreme high-availability situations. The HSRP routers that share a virtual IP address send multicast packets back and forth periodically. If the primary router ever stops sending these packets for any reason, one of the standby routers immediately takes over both the IP and MAC addresses, and continues to forward packets.

Figure 22-1 shows a simple example of an HSRP network that will make a good reference point for many of the examples in this chapter. If Host A uses Router1 as its default gateway, then it will lose access to the network if Router1 fails. This is true even if there is a second router, Router2, on the same segment.

In the HSRP configuration shown in this diagram, Router1 and Router2 share the virtual IP address 172.22.1.1. These two routers also have their own IP addresses, 172.22.1.3 and 172.22.1.2, respectively. We note in passing that this is a relatively common and useful way of allocating IP addresses in a /24 network. All end devices use the .1 address for their default gateway, which is the virtual router. The two physical routers then use the .2 and .3 addresses for their real addresses.

Figure 22-1. An HSRP-enabled network segment

HSRP sends multicast packets between routers on the common LAN segment using multicast address 224.0.0.2 and UDP port 1985. By default, these packets are exchanged every 3 seconds, and if they are not seen for 10 seconds, the standby router takes over. Each router in a group has a priority that defines whether it is active or standby. Both the timers and the priority values are configurable.

You can use up to 256 HSRP groups, numbered 0 through 255, on Ethernet and FDDI type networks. This can be useful in network designs in which a central backbone connects many distinct network segments carrying different subnets. For Token Ring LANs, however, you can only configure three distinct HSRP groups, numbered 0 through 2. For Token Rings, you can configure additional groups if you use the Burned In Address (BIA) on the router's Token Ring port, as we discuss in Recipe 22.7. The limitation of three HSRP groups applies to the default configuration mode, which uses a common MAC address for the virtual IP address on both routers.

It is important to note that the HSRP group number is only significant on the local LAN segment. You can use the same group number on different interfaces on the same router if the segments do not connect. However, many network administrators find that it helps to avoid confusion if they use different group numbers on different interfaces. Recipe 22.4 shows a good example of a case in which having multiple HSRP groups on a single LAN segment is extremely useful.

For Ethernet LANs, HSRP uses a standard set of MAC addresses from the range allocated to Cisco. The virtual Ethernet MAC addresses are 00-00-0C-07-AC-XX, where the XX represents the HSRP group number in hex (00FF). The following output shows an HSRP packet captured by using the popular Ethereal packet analyzer package:

Ethernet II
Destination: 01:00:5e:00:00:02
Source: 00:00:0c:07:ac:01
Type: IP (0x0800)
Internet Protocol
Version: 4
Header length: 20 bytes
Total Length: 48
Protocol: UDP (0x11)
Source: 172.22.1.3
Destination: ALL-ROUTERS.MCAST.NET (224.0.0.2)
User Datagram Protocol
Source port: 1985 (1985)
Destination port: 1985 (1985)
Length: 28
Cisco Hot Standby Router Protocol
Version: 0
Op Code: Hello (0)
State: Active (16)
Hellotime: Default (3)
Holdtime: Default (10)
Priority: 120
Group: 1
Reserved: 0
Authentication Data: Non-Default (OREILLY)
Virtual IP Address: 172.22.1.1

For Token Ring LANs, however, HSRP uses so-called Functional MAC addresses, which are reserved for special purpose applications. HSRP uses C0-00-00-01-00-00, C0-00-00-02-00-00, and C0-00-00-04-00-00 for groups 0, 1, and 2 respectively. However, as we will discuss in Recipe 22.7, many organizations actually use the BIA of the Token Ring interface card with HSRP instead of these functional addresses. As we mentioned a moment ago, when you use the BIA, you can configure additional groups. But it's important to remember that they will all use the same MAC address. This is only really useful, however, when you want to configure several IP subnets on the same physical ring, and use HSRP on all of them.

HSRP is only used for IP networking. However, the fact that it allows two devices to use the same MAC address can cause serious problems for some other protocols. In particular, if you use DECNet or XNS on the same segment, you must use the BIA to avoid bad protocol interactions. The command for this is use-bia, which we discuss in Recipe 22.7.

Cisco introduced HSRP Version 2, beginning with IOS Version 12.3(4)T. According to Cisco, HSRP Version 2 was introduced to prepare for further enhancements and to expand the capabilities beyond that of HSRP Version 1. Specifically, HSRP Version 2 provides the following enhancements: expanding of the HSRP group number from 256 to 4096 to match VLAN numbers on subinterfaces, improved management and troubleshooting, and introduces a new multicast IP address.

HSRP Version 1 uses multicast IP address 224.0.0.2. This conflicts with Cisco Group Management Protocol (CGMP) leave processing. HSRP Version 2 uses a new multicast IP address 224.0.0.102, which allows CGMP to be enabled at the same time as HSRP Version 2.

To allow for the expanded number of HSRP group numbers, HSRP Version 2 also uses a new range of MAC addresses, ranging from 0000.0C9F.F000 to 0000.0C9F.FFFF, respectively. The last three hex characters map directly to the newly expanded HSRP group numbers, 0 to 4,095 (000 FFF).

Another similar solution to the same problem is the open standard Virtual Router Redundancy Protocol (VRRP), which is defined in RFC 2338. VRRP is currently supported by many vendors, but has not yet become an official IETF standard. Cisco added support for VRRP, beginning with IOS Version 12.2(15)T.

VRRP uses multicast IP address 224.0.0.18 to communicate between peers, and is assigned IP protocol number 112 by the IANA. Each VRRP packet must be sent with its TTL set to 255. Any VRRP packet received with a TTL not equal to 255 must be discarded according to the RFC.

VRRP supports up to 255 groups, from 1 to 255. For Ethernet LANs, VRRP uses a standard set of MAC addresses allocated to VRRP. The virtual Ethernet MAC addresses are 0000.5E00.01XX, where the XX represents the VRRP group number in hex (01 FF).

Although HSRP represents a useful alternative to Proxy ARP, as we have already mentioned, you can use them together. This is particularly useful when you are migrating from an old Proxy ARP configuration to HSRP. In this case, the router uses the HSRP virtual MAC address when it responds to ARP requests.

It is also worth noting that the router will disable ICMP redirects by default when you enable HSRP on routers running IOS versions earlier than 12.1(3)T. Normally when you have two routers on the same segments, ICMP redirection allows you to send a packet to either one. If the other router has a better path to the destination, the receiving router will forward the packet to the other router and send a special ICMP redirect packet back to the source device. The source device receives this packet and updates its internal routing table accordingly so that all future packets to this destination use the better router.

Normally you don't want to use ICMP redirection with HSRP because it would it would allow the end devices to learn the real physical MAC addresses for the routers. Since the end devices update their internal routing tables with this information, if one of the routers failed, it would prevent the other from taking over all routing functions.

However, in Recipe 22.5 we will show how to configure HSRP routers to use ICMP redirection so that they only use the HSRP virtual MAC address instead of any physical addresses.

Cisco introduced another interesting first hop router redundancy protocol in IOS version 12.2(15)T, Gateway Load Balancing Protocol (GLBP). This is another proprietary Cisco standard, and in many ways it is quite similar to HSRP. The main difference from HSRP is that with GLBP, all of the routers in a redundancy group are active and able to share the traffic load.

GLBP accomplishes this by electing a master router, called the Active Virtual Gateway (AVG) for the group. This election is weighted by a priority, like HSRP. The routers in the group are called Active Virtual Forwarders (AVF), and the AVG is itself an AVF.

The AVG distributes virtual MAC addresses to all of the AVF routers in the group. Then, when any end device on the network segment sends an ARP packet looking for the default gateway virtual IP address, the AVG responds, specifying the MAC address of one of the AVF routers. In this way, individual devices on the network segment will all use the same default gateway address, but different physical routers.

The GLBP routers communicate among themselves by using multicast group 224.0.0.102 with UDP source and destination ports both set to 3222. Note that this is the same multicast group number as HSRP Version 2.