Providing uninterrupted communications and sustaining stable network behavior are the most important goals in each enterprise network. They make the whole environment more productive for the enterprise and less prone to financial losses.
A Layer 3 redundancy protocol must be implemented to achieve such goals. The protocol helps when the network devices fail and when links go down. As a result, the network stays active from the users’ point of view, even though many failovers might happen in the background.
Download the guide and refer back to it at any time!
In this article, we will compare three First Hop Redundancy Protocols (FHRP), namely, Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP). Additionally, we provide more information regarding their behavior, the features supported, and some of their advantages and disadvantages.
Be sure to check out some of our other articles discussing different protocols:
Many things can go wrong without FHRP implementation. Let’s look at the example in the image below. R1 is the default gateway for PC1. However, when R1 fails, PC1 cannot exit from the local network even with another redundant link through R2. The problem is that a single default gateway can be configured on the endpoints, and this setting does not automatically update.
FHRP is a concept where several Layer 3 devices, such as routers or Layer 3 switches, work together to present the illusion of a single virtual device. The main idea is to add the devices in a single logical group where one device is given the active role and takes all the responsibility for the data traffic. At the same time, another device functions as a backup and waits to take over the active role if the active device fails.
As you can see from the image above, when R2 detects a failure on the active device, it takes over the active role. It continues processing the data traffic from PC1. As a result, the default gateway stays active, and no interruptions are experienced at the endpoints.
Explore your options here at PivIT. Click below to learn more about the router solutions we can bring to your network, whether it be the hardware itself, maintenance, or the field services you need to get online.
Let’s dive into three protocols you could choose from, namely, HSRP, VRRP, and GLBP. They all work more or less similar and bring the same benefits.
However, selecting a Layer 3 redundancy protocol is not an easy task. You should always consider several aspects, such as the network’s topology, requirements, goals, and the knowledge required to implement. Only then can you start implementing the desired protocol and tune it with the extra features it supports.
HSRP is a Cisco proprietary protocol developed in 1994. It can be deployed on Cisco routers and Layer 3 switches like the other protocols. VRRP is an open standard redundancy protocol developed in 1998. It is heavily based on HSRP, so there are a lot of similarities between them.
It is best suited for networks with mixed vendor hardware. GLBP is the newest proprietary protocol from Cisco that overcomes the limitations of HSRP and VRRP and provides better optimization by default.
Implementing all three FHRP protocols for basic functionality is relatively straightforward. HSRP and VRRP are more or less implemented in the same way with just a few configuration differences because one is a standard protocol, and the other is a Cisco proprietary. GLBP is a more complex protocol. Its approach requires a more advanced configuration than the other two protocols.
All three protocols use multicast IP addresses for communication. Because HSRP is available in two versions, two different IP addresses are used. Version 1 uses IP 224.0.0.2, also known as the IP on which all routers communicate, while version 2 uses IP 224.0.0.102. VRRP uses a different multicast IP address than HSRP, 224.0.0.18, and GLBP uses the same IP as HSRP v2 or 224.0.0.102.
All three protocols support a different range of groups. HSRPv1 and VRRP support up to 256 groups, while HSRPv2 supports up to 4096. Finally, GLBP supports up to 1024 groups. Remember that supporting more groups provides better optimization and load balancing capabilities.
Although multiple devices can be added to a group, not all are functional simultaneously. When using HSRP and VRRP, just one device operates as active, and another takes over the active role when conditions for that action are met.
With HSRP, there are two roles, one active and one standby device, while with VRRP, there is one active and several backup devices. With GLBP, things are a little different, and several devices function as active simultaneously.
They are known as Active Virtual Forwarders (AVF) and serve as a backup to one another. As a result, the resource consumption is more optimized, and load balancing is enabled by default.
When using HSRP, one virtual IP address and one virtual MAC address are shared between the devices in the group. The same approach applies to VRRP. However, this protocol supports a unique approach, where one of the real IP addresses of the devices can be used as a virtual IP address for the group.
This approach always gives that device the highest priority when selecting the active device for that group. Finally, GLBP uses just a single virtual IP address. However, different virtual MAC addresses are used for each AVF in the group.
The timers are essential in FHRPs because the failover action is based on them. The lower the timers, the faster the failover happens when an issue is discovered. However, lower timers also introduce higher resource consumption.
Therefore, selecting balanced timers is the key to providing the best optimization and fast failover simultaneously. For HSRP and GLBP, each hello packet is sent every 3 seconds, while the hold time is 10 seconds or three hello packets missed before failover.
VRRP has shorter timers by default, where hello packets are exchanged each second, and the hold time is just a little over 3 seconds. Keep in mind that the timers are adjustable, and you can always change them according to your requirements.
By implementing tracking features, the redundancy protocol keeps track of the overall network behavior, so failover always happens when necessary. HSRP is more advanced and can track interfaces and objects. In contrast, VRRP and GLBP can track only objects (tracking different criteria, including tracking of interfaces).
Authentication is preferred when unwanted participation of some devices in the FHRP groups is not allowed. For that reason, you can always implement appropriate authentication and allow only a selected set of devices to participate in the group.
Although both HSRP and GLBP support authentication, VRRP no longer does. However, you can still implement VRRP authentication on Cisco devices because it is still supported.
View the table below for a summary of the similarities and differences between HSRP, VRRP, and GLBP.
Feature |
HSRP |
VRRP |
GLBP |
Support |
Cisco |
Open standard |
Cisco |
Year |
1994 |
1998 |
2005 |
Implementation |
Easy |
Easy |
Moderate |
Multicast IP |
HSRPv1 uses 224.0.0.2; HSRPv2 uses 224.0.0.102 |
224.0.0.18 |
224.0.0.102 |
Groups supported |
HSRPv1: 0-255 HSRPv2: 0-4095 |
0-255 |
0-1023 |
Active routers |
One active, one passive |
One active, one passive |
Several active routers |
Virtual IP & MAC |
One virtual IP address and one virtual MAC address |
One virtual IP address or real IP address from a router and one virtual MAC address |
One virtual IP address, many different virtual MAC addresses |
Default timers |
Hello: 3 seconds Hold time: 10 sec |
Hello: 1 second Hold time: 3 sec + skew time |
Hello: 3 seconds Hold time: 10 sec |
Tracking features |
Tracking interfaces and tracking objects |
Tracking objects |
Tracking objects |
Authentication |
Supported |
Not supported (still supported on Cisco devices) |
Supported |
As part of PivIT's EXTEND, we offer a secure, isolated, and remote environment to pre-configure your network, compute, and storage hardware prior to deployment to your locations around the world using our out-of-band (OOB) management platform. Find out more about how our Remote Staging Environment works.
Now that you are familiar with the three redundancy protocols, you probably wonder which one is the best choice for your network. Well, that depends on your use case and feature preferences. The most popular protocol today is still HSRP, even though VRRP is the best choice in mixed network environments.
However, suppose your goal is to fully use the resources on all devices in the group without the administrative burden of creating multiple groups to achieve the same goal. In that case, GLBP is the best option. On top of that, you will get a better optimization and benefit from the load-balancing feature.
____________
Still have no idea which protocol is best for your network? Ask yourself the following questions:
If you answered "No" to either of these questions, consider PivIT's SmartHands through EXTEND. Hire an expert routing engineer to take on these configurations and more. Click below to learn more about SmartHands.
____________