Content Overview A network with high availability provides alternative means by which all infrastructure paths and key servers can be accessed at all times. The Hot Standby Routing Protocol (HSRP) is one of those software features that can be configured to provide Layer 3 redundancy to network hosts. HSRP optimization provides immediate or link-specific failover and a recovery mechanism. Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP) evolved from HSRP, providing additional Layer 3 redundancy options. VRRP is a vendor-neutral Layer 3 redundancy protocol and GLBP is a Cisco-proprietary improvement to HSRP that provides intrinsic load balancing.
Content 5.1 Configuring Layer 3 Redundancy with HSRP 5.1.1 Describing Routing Issues When a default gateway is configured on a device, there is usually no means by which to configure a secondary gateway, even if a second route exists to carry packets off the local segment.For example, primary and secondary paths between the Building Access and Building Distribution submodules provide continuous access if of a link fails at the Building Access layer. Primary and secondary paths between the Building Distribution and Building Core layers provide continuous operations if a link fails at the Building Distribution layer. In Figure , router A is responsible for routing packets for subnet A, and router B is responsible for handling packets for subnet B. If router A becomes unavailable, routing protocols can quickly and dynamically converge and determine that router B will now transfer packets that would otherwise have gone through router A. However, most workstations, servers, and printers do not receive this dynamic routing information. End devices are typically configured with a single default gateway IP address that does not change when network topology changes occur. If the router whose IP address is configured as the default gateway fails, the local device is unable to send packets off the local network segment, effectively disconnecting it from the rest of the network. Even if a redundant router that could serve as a default gateway for that segment exists, there is no dynamic method by which these devices can determine the address of a new gateway. Cisco IOS software runs proxy Address Resolution Protocol (ARP) to enable hosts that have no knowledge of routing options to obtain the MAC address of a gateway that is able to forward packets off the local subnet. For example, if the proxy ARP router receives an ARP request for an IP address that it knows is not on the same interface as the request sender, it generates an ARP reply packet with its local MAC address as the destination MAC address of the IP address being resolved. The host that sent the ARP request sends all packets destined for the resolved IP address to the MAC address of the router. The router then forwards the packets toward the intended host, perhaps repeating this process along the way. Proxy ARP is enabled by default. With proxy ARP, the end-user station behaves as if the destination device were connected to its own network segment. If the responsible router fails, the source end station continues to send packets for that IP destination to the MAC address of the failed router, and the packets are therefore discarded. Eventually, the proxy ARP MAC address ages out of the workstation’s ARP cache. The workstation may eventually acquire the address of another proxy ARP failover router, but it cannot send packets off the local segment during this failover time. For further information on proxy ARP, refer to RFC 1027.
Content 5.1 Configuring Layer 3 Redundancy with HSRP 5.1.2 Identifying the Router Redundancy Process With this type of router redundancy and , a set of routers works in concert to present the illusion of a single virtual router to the hosts on the LAN. By sharing an IP address and a MAC (Layer 2) address, two or more routers can act as a single “virtual” router. The virtual router’s IP address is configured as the default gateway for the workstations on a specific IP segment. When frames are to be sent from the workstation to the default gateway, the workstation uses ARP to resolve the MAC address associated with the IP address of the default gateway. ARP returns the MAC address of the virtual router. Frames sent to the virtual router’s MAC address can then be physically processed by any active or standby router that is part of that virtual router group. Two or more routers use a protocol to determine which physical router is responsible for processing frames sent to the MAC or IP address of a single virtual router. Host devices send traffic to the address of the virtual router. The physical router that forwards this traffic is transparent to the end stations. This redundancy protocol provides the mechanism for determining which router should take the active role in forwarding traffic and determining when that role must be assumed by a standby router. The transition from one forwarding router to another is transparent to the end devices. Figure describes the steps that take place when the forwarding router fails.
Content 5.1 Configuring Layer 3 Redundancy with HSRP 5.1.3 Describing HSRP Hot Standby Router Protocol (HSRP) defines a standby group, with each router assigned to a specific role within the group. HSRP provides gateway redundancy by sharing IP and MAC addresses between redundant gateways. The protocol transmits virtual MAC and IP address information between two routers belonging to the same HSRP group. Figure describes some of the terms used with HSRP. An HSRP group consists of the following: HSRP active and standby routers send hello messages to the multicast address 224.0.0.2 using UDP port 1985.
Content 5.1 Configuring Layer 3 Redundancy with HSRP 5.1.4 Identifying HSRP Operations All the routers in an HSRP group have specific roles and interact in prescribed ways. The virtual router is simply an IP and MAC address pair that end devices have configured as their default gateway. The active router processes all packets and frames sent to the virtual router address. The virtual router does not process physical frames and exists in software only. Within an HSRP group, one router is elected to be the active router. The active router physically forwards packets sent to the MAC address of the virtual router. The active router responds to traffic for the virtual router. If an end station sends a packet to the virtual router MAC address, the active router receives and processes that packet. If an end station sends an ARP request with the virtual router IP address, the active router replies with the virtual router MAC address. In this example, router A assumes the active role and forwards all frames addressed to the well-known MAC address of 0000.0c07.acxx, where xx is the HSRP group identifier. The IP address and corresponding MAC address of the virtual router are maintained in the ARP table of each router in the HSRP group. As shown in the Figure , the show ip arp command displays the ARP cache on a multilayer switch. Figure describes the output for the show ip arp command. In the example illustrated in Figure , the output displays an ARP entry for a router that is a member of HSRP group 1 in VLAN10. The virtual router for VLAN10 is identified as 172.16.10.110. The well-known MAC address that corresponds to this IP address is 0000.0c07.ac01, where 01 is the HSRP group identifier for group 1. The HSRP group number is the standby group number (1) converted to hexadecimal (01). The HSRP standby router monitors the operational status of the HSRP group and quickly assumes packet-forwarding responsibility if the active router becomes inoperable. Both the active and standby routers transmit hello messages to inform all other routers in the group of their role and status. The routers use destination multicast address 224.0.0.2 with UDP port 1985 for