Deep Understanding of HSRP

Hot standby routing protocol is a Cisco proprietary used to provide redundancy in network. HSRP runs on top of UDP and uses 1985 as a port number. A virtual IP address is used to provide redundancy between the routers. For example if we have two routers configured with hsrp , then there will be one active and one standby router.

Routers send hello packets on multicast address 224.0.0.2 to communicate to other routers. If the primary router fails or there is any link issue on the primary router, the router with the next-highest priority or highest IP address in case of tie (Same priority) would take over the gateway IP address and answer ARP requests with the same mac address, thus achieving transparent default gateway fail-over with full redundancy.

Following are the states of a router when we configure hsrp on it:

1. Intial – HSRP is not running
2. Listen – Receives hello messages to know about virtual IP.
3. Speak – Send periodic hello messages and in this state router already has learned the virtual IP address . Router actively participates in the election of active router.
4. Standby – Candidate for Active router . In this state router send and receives the hello messages.
5. Active – Router which currently forwards the packets.

HSRP election Process:

HSRP active/standby router election process uses priority value (0-255) that is manually configured on the router (255 is the highest). By default , the priority is 100 . If all the routers are set to default value then the router with highest IP address on the hsrp interface becomes the active router.

By default, hsrp uses virtual IP address and virtual MAC Address. Virtual IP address in manually configured through hsrp configuration . However, virtual MAC address is automatically generated.

The virtual MAC-address is divided into three fields. For Example consider virtual MAC Address 00-10-0C-07-AC-0B
00-10-0C is the vendor code. (Cisco for example)
07-AC is a well-known HSRP code
0B is the HSRP group number (11 decimal and 0B in hexadecimal)

HSRP Preempt:

During failover from active router to standby router. If the first active router comes up again, the first standby router will continue to work as active router. To overcome this problem , we can use preempt configuration in hsrp to make the first active router active again once the router comes up or operational.

HSRP Timers:

HSRP Routers sends hello packets at regular intervals to each other.
Hello packets are sent by default every 3 second (Hello interval)
Holdtime is default 10 seconds and should be three times the hello interval.

HSRP Authentication:

HSRP uses message digest 5 (MD5) algorithm authentication to protects against HSRP-spoofing and uses the industry-standard MD5 algorithm for improved reliability and security.

HSRP Groups

We can also use hsrp groups to provide high redundancy and load sharing if we have multiple VLAN’s in our network . For example, we can create Group 10 for Vlan 10,20 to be active on R1 and Group 20 for vlan 30, 40 to be active on R2.