Virtual Router Redundancy Protocol (VRRP) and Hot Standby Router Protocol (HSRP) are both protocols designed to provide high availability and redundancy for networked environments by allowing multiple routers to work together in a way that ensures continuous network service even if one or more routers fail.
What is VRRP? #
VRRP is an open standard protocol defined in RFC 5798. It enables several routers to form a virtual router group, with one router elected as the Master router and the others as Backups. The Master router is responsible for forwarding packets sent to the virtual router. VRRP routers communicate through VRRP advertisements to decide which router will take the role of the Master. If the Master router fails, a Backup router takes over as the new Master router, ensuring minimal disruption in network service.
How VRRP Works #
- Election of Master: VRRP routers within a group elect one Master router based on router priorities. The router with the highest priority becomes the Master router. If priorities are equal, the router with the highest IP address wins.
- Advertisements: The Master router sends VRRP advertisements at regular intervals to announce its presence.
- Backup Taking Over: If the Backup routers stop receiving advertisements from the Master router within a pre-configured time, the router with the next highest priority takes over as Master.
- Virtual IP: The virtual router group is represented by a virtual IP address, which is configured on all VRRP routers in the group but is only used by the Master router to forward IP packets.
VRRP vs. HSRP #
- Standardization: VRRP is an open standard protocol, which means it is supported on routers from different vendors. HSRP, on the other hand, is a Cisco proprietary protocol and primarily supported on Cisco devices.
- Operation: Both protocols achieve similar goals but use slightly different mechanisms and terminologies. For instance, HSRP refers to routers as active and standby, while VRRP uses master and backup terminologies.
- Configurations: HSRP allows for more granular configurations specific to Cisco devices, whereas VRRP, being a standard protocol, offers configurations that are more universally applicable but might not support some vendor-specific enhancements.
- Virtual IP Address: In HSRP, the virtual IP address used by the group is separate from the real IP addresses of the routers in the group. In VRRP, the virtual IP address can be one of the router’s real IP addresses.
- Version Support: HSRP has evolved to support IPv6 in its later versions (HSRP version 2), while VRRP also supports IPv6 in VRRP version 3.
Despite these differences, the choice between VRRP and HSRP often comes down to the network equipment being used (e.g., vendor-specific or mixed environments) and specific network design requirements.
VRRP Virtual Mac Address #
In VRRP (Virtual Router Redundancy Protocol), the virtual gateway IP address is associated with a unique MAC address to ensure that the virtual IP address can be resolved to a physical address on the local network. This MAC address is a standardized format, designed to be recognized by network participants as belonging to a virtual router rather than a physical device.
The MAC address format for VRRP is as follows:
-
For IPv4, the MAC address is
00-00-5E-00-01-{VRID}, where{VRID}is the Virtual Router Identifier, a value between 1 and 255. This identifier is unique within the local network to distinguish between different virtual routers. -
For IPv6, the MAC address format used by VRRP version 3 is
00-00-5E-00-02-{VRID}, with the{VRID}again being the Virtual Router Identifier, which provides uniqueness for the virtual router on the local network segment.
The use of a standardized MAC address format allows devices on the same network segment to correctly identify and forward packets to the virtual router, regardless of which physical router is currently acting as the master router for the virtual IP address. This mechanism ensures seamless failover and redundancy, as the actual master router can change without needing to update the ARP cache of other devices on the network.
HSRP Virtual Mac Address #
For HSRP (Hot Standby Router Protocol), the virtual MAC address associated with the virtual IP address is constructed in a specific format that allows network devices to uniquely identify the HSRP group and forward traffic to the active router serving as the gateway.
The HSRP virtual MAC address format is:
00-00-0C-07-AC-{HSRP group number in hexadecimal}
In this format:
00-00-0Cis the Cisco’s Organizationally Unique Identifier (OUI).07-ACis the fixed identifier for HSRP.- The last part (
{HSRP group number in hexadecimal}) represents the HSRP group number, which is configured by the administrator and can range from 0 to 255. This group number is converted to a hexadecimal value and used to complete the MAC address.
For example, for an HSRP group number 1, the virtual MAC address would be 00-00-0C-07-AC-01, and for group number 255, it would be 00-00-0C-07-AC-FF.
HSRP also supports version 2, which extends the group number range up to 4095. For HSRP version 2, the MAC address format is slightly different to accommodate the larger group numbers:
00-00-0C-9F-F{X}-{HSRP group number in hexadecimal}
Where {X} is part of the hexadecimal representation of the group number. This allows HSRP version 2 to support a larger number of groups for more granular control of redundancy configurations.
VRRP Data Path #
In VRRP (Virtual Router Redundancy Protocol), the virtual MAC address associated with the virtual IP address of the VRRP group is maintained in the MAC address tables of switches and other network devices using standard networking mechanisms. The process works as follows:
Advertisement Messages #
The Master router in a VRRP setup periodically sends VRRP advertisement messages. These messages are sent using the virtual MAC address as the source MAC address. When a switch receives a packet, it examines the source MAC address and updates its MAC address table, associating the MAC address with the incoming port. This mechanism ensures that the virtual MAC address remains in the switch’s MAC address table as long as the Master router continues to send advertisements.
Traffic Flow #
Any traffic directed to the virtual IP address will be resolved to the virtual MAC address through ARP (for IPv4) or Neighbor Discovery (for IPv6). When this traffic is forwarded by switches, the switches use their MAC address tables to determine the correct port to send the packets to. Because the virtual MAC address is associated with the port connected to the Master router, the traffic reaches the correct destination.
MAC Address Table Timeout #
Switches typically have a timeout for entries in their MAC address tables. If an entry is not “refreshed” by seeing frames with the source MAC address within a certain time period, the entry is removed from the table. The regular transmission of VRRP advertisement messages from the Master router ensures that the virtual MAC address is regularly refreshed in the switch’s MAC address table, preventing it from timing out.
Failover #
In the event of a failover where a Backup router takes over the role of the Master, the new Master starts sending VRRP advertisements using the same virtual MAC address. This transition is seamless to the switches and hosts on the network, as they continue to use the same virtual MAC address for the VRRP group. The switches will update their MAC address tables with the new port association for the virtual MAC address based on the advertisements from the new Master router.
This system allows VRRP to provide high availability and redundancy without requiring any changes to the host devices’ configurations or the need for network devices to be aware of the VRRP protocol specifics beyond standard MAC address handling procedures.
HSRP Data Path #
For HSRP (Hot Standby Router Protocol), the process of maintaining the virtual MAC address in the MAC address tables of switches and other network devices is similar to that of VRRP but with some protocol-specific details.
Advertisement and Hello Messages #
In HSRP, the active router sends periodic HSRP hello messages to announce its status and priority. These messages are sent using the virtual MAC address as the source MAC address. When a switch receives one of these packets, it looks at the source MAC address and updates its MAC address table, associating the MAC address with the port on which the packet was received. This ensures that the virtual MAC address is mapped to the correct port that leads to the active router.
Traffic Routing #
Traffic destined for the virtual IP address is mapped to the virtual MAC address through ARP (for IPv4) or Neighbor Discovery (for IPv6) processes. The switches use their MAC address tables to forward this traffic to the port associated with the virtual MAC address, effectively routing the traffic to the active HSRP router.
MAC Address Table Management #
Switches have a mechanism to age out old MAC address table entries that have not been seen for a certain period, typically a matter of minutes. The regular transmission of HSRP hello messages by the active router ensures that the virtual MAC address remains active in the switch’s MAC address table, preventing it from being aged out.
HSRP Failover #
If the active router fails or a higher-priority router takes over, the new active router begins sending HSRP hello messages with the virtual MAC address as the source. This ensures that the switch’s MAC address table is updated to reflect the change in the active router, with traffic now being directed to the new active router’s port. The switch updates its MAC address table entry for the virtual MAC address with the port connected to the new active router.
This mechanism of using the virtual MAC address in periodic messages ensures that the virtual MAC address is kept alive in the network’s MAC address tables, allowing HSRP to provide seamless failover and redundancy. Network devices like switches do not need to understand the specifics of HSRP; they simply need to manage MAC address tables based on the source MAC addresses seen on their ports, enabling them to correctly route traffic to the active HSRP router.