Hot Standby Router Protocol (HSRP)
HSRP is Cisco proprietary, but defined in RFC 2281.
HSRP routers multicast to the all-routers address 224.0.0.2 on UDP port 1985.
HSRP group numbers (0 – 255) are only significant to an interface.
HSRP group configuration:
HSRP virtual interfaces are assigned a MAC in the range 0000.0c07.acXX where the last 8 bits represent the standby group.
Router Election
HSRP priority ranges from 0 to 255; default is 100.
The highest priority wins; highest IP wins a tie.
HSRP interface states:
Disabled
Init
Listen
Speak
Standby
Active
The default hello timer is 3 seconds; holddown timer is 10 seconds.
Timers can be adjusted:
By default a router with higher priority cannot preempt the current active router; this can be allowed:
Minimum defines the time the router must wait after it becomes HSRP-capable for the interface. Reload defines the time it must wait after reloading.
Authentication
Cisco devices by default use the plaintext string "cisco" for authentication.
Plaintext or MD5 authentication can be used
Conceding the Election
A router can be configured to withdraw from active status if one or more of its other interfaces fail:
The router’s priority will be decremented by the associated value (default 10) if the tracked interface fails.
If another router now has a higher priority and has been configured to preempt, it will take over as the active router for the group.
Verification
show standby [brief] [interface]
Virtual Router Redundancy Protocol (VRRP)
Standards-based alternative to HSRP, defined in RFC 2338.
VRRP refers to the active router as the master router; all others are in the backup state.
VRRP virtual interfaces take their MAC from the range 0000.5e00.01XX where the last eight bits represent the group number.
VRRP advertisements are multicast to 224.0.0.18, using IP protocol 112.
VRRP advertisements are sent in 1-second intervals by default; backup routers can optionally learn the interval from the master router.
VRRP routers will preempt the master by default if they have a higher priority.
VRRP is unable to track interfaces and concede an election.
VRRP Configuration
VRRP configuration is very similar to HSRP configuration:
Verification
show vrrp [brief]
Gateway Load Balancing Protocol (GLBP)
GLBP is Cisco proprietary, and acts like HSRP/VRRP with true load-balancing capability: all routers in a group forward traffic simultaneously.
GLBP group numbers range from 0 to 1023. Priorities range from 0 to 255 (default is 100).
IP address(es), router preemption, and hello/hold timers (default 3/10 seconds) can be configured like for HSRP:
Timers only need to be configured on the AVG; other routers will learn from it.
Active Virtual Gateway (AVG)
The AVG has the highest priority in the GLBP group (or the highest IP address in the event of a tie); it answers all ARP requests for the group’s virtual IP address.
Active Virtual Forwarder (AVF)
All routers sharing load in GLBP are AVFs.
If an AVF fails, the AVG reassigns its virtual MAC to another router.
Two timers are used to age out the virtual MAC of a failed AVF:
Redirect timer (default 600 seconds) – Determines when the AVG will stop responding to ARP requests with the MAC of the failed AVF
Timeout timer (default 4 hours) – Determines when the failed AVF is no longer expected to return, and its virtual MAC will be flushed from the GLBP group
Configuring the timers:
AVFs are assigned a maximum weight (1-254; default is 100).
Interfaces can be tracked and the AVF’s weight adjusted when interfaces go down:
When the upper or lower threshold is reached, the AVF enters or leaves the group, respectively.
Load Balancing
Up to four virtual MACs can be assigned by the AVG.
Traffic can be distributed among AVFs using one of the following methods:
Round robin (default) – Each new ARP request is answered with the next MAC address available; traffic is distributed evenly among AVFs
Weighted – AVFs are assigned load in proportion to their weight
Host-dependent – Statically maps a requesting client to a single AVF MAC
Configuring load balancing:
Verification
show glbp [brief]
Switch Chassis Redundancy
Redundant supervisor modes:
Route Processor Redundancy (RPR) (> 2 minutes) – The standby supervisor is only partially initialized; when the active sup fails, the standby must reload all modules and finish initializing itself.
Route Processor Redundancy Plus (RPR+) (>30 seconds) – The standby supervisor boots but does not operate; when the active sup fails, the standby can take over without reloading the modules.
Stateful Switchover (SSO) (>1 second) – Configuration and layer 2 information are stored on both supervisors; the standby sup takes over immediately.
Configuring supervisor redundancy:
If configuring redundancy for the first time, it must be configured manually on both supervisors.
Redundant operation can be verified with show redundancy states.
Non-Stop Forwarding (NSF)
When a standby supervisor takes over, it must populate its RIB; this can be achieved quickly with Cisco’s proprietary NSF. NSF-aware neighbors provide routing information to quickly populate the new RIB.
BGP, EIGRP, OSPF, and IS-IS support NSF, but it must be enabled through manual configuration under the relevant protocol:
Redundant Power Supplies
Switches with multiple power supplies can operate in one of two power modes:
Combined mode – The load for a single power supply may be exceeded; does not provide redundancy.
Redundant mode (default) – Load is shared but may not exceed the output of a single power supply.
Configuring power mode:
Power may be administratively removed from or applied to individual modules:
Verification:
show power [redundancy-mode | status | available | used | total]
show power inline – Displays power drawn from PoE interfaces
