Hot Standby Router Protocol (HSRP) is a Cisco proprietary standard that allows a router on a LAN segment to automatically take over if another one fails. It was developed to solve a common problem in shared networks such as Ethernet or Token Ring. The devices on these shared network segments are usually configured with a single default gateway address that points to the router that connects to the rest of the network. The problem is that even if there is a second router on the segment that is also capable of being the default gateway, the end devices don't know about it. Therefore, if the first default gateway router fails, the network stops working.
Many methods for addressing this problem have come and gone over the years. The most obvious and most seriously flawed solution is to have the end users reconfigure the default gateway address in their workstations. This is a terrible solution for several reasons. There is a large chance of typographical errors: the conversion is slow, laborious, and often requires a reboot of the workstation; it relies on users noticing the problem in a timely manner, and it is unlikely that anyone will bother changing the address back when the original router recovers; it also requires that a human is handy to make the change, but devices such as printers and servers don't usually have anyone sitting beside them when problems appear.
A slightly better solution that many organizations have used is to run a dynamic routing protocol such as RIP or OSPF directly on the servers and workstations. Unix-based operating systems have access to good routing protocol implementations such as the routed and gated programs. However, many popular desktop and server operating systems do not support these protocols. Even if every device in the network could run a routing protocol, this is not a very good solution to the problem for several reasons. Routing protocols tend not to converge well when the number of devices gets too large. So this technique would, at the very least, require a major network redesign. It is also a generally bad idea to let end devices affect the global routing tables throughout the network. If one of these devices is not configured properly, it could cause serious routing problems. And, more philosophically, it is a good principle of network design to keep network functions on network devices. Workstations and servers already have enough to do without having to perform a router's job as well.
ICMP Router Discovery Protocol (IRDP), which is described in RFC 1256, represents still another interesting idea for allowing end devices to find a new router when their default gateway fails. This protocol requires routers to periodically send multicast "hello" messages to the LAN segment. End devices listen for these messages and use them to build their internal routing tables. If an end device doesn't hear these hello messages for a while, it assumes that the router must have failed. The end device then sends a multicast query looking for a new router to take over. Again, this method requires special software on the end devices. Few devices support IRDP, and it has never enjoyed particularly wide acceptance.
Cisco routers do support IRDP; enable it using the ip irdp interface command:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet 0/1
Router(config-if)#ip irdp
Router(config-if)#end
Router#
We do not recommend using IRDP, however, because it is unlikely that all of the devices on a segment will be able to use and react to it appropriately. HSRP, which we will turn to in a moment, provides a much more robust and flexible router redundancy mechanism.
As an aside, there is another protocol also called Inter-Domain Routing Protocol (IDRP), which is part of the OSI protocol suite that provides similar functionality to BGP. The similarity of the names is just an accident. There is no relation between these protocols, although it is easy to get the acronyms confused.
One of the more popular solutions to the problem of router redundancy uses Proxy ARP, which is enabled by default on Cisco routers. In this configuration, the end devices are not configured with a default gateway at all. Instead, they discover the path to remote devices the same way that they find devices on the local LAN segment: by using Address Resolution Protocol (ARP). With Proxy ARP, the routers will respond to ARP requests on behalf of remote device. Then the originating device simply sends a packet to the remote destination IP address using the MAC address of the local router, which is exactly the desired behavior.
The problem with the Proxy ARP solution is that it doesn't switch to a backup router very quickly when the primary router fails. End devices don't change their MAC addresses very often, and the whole ARP cache procedure assumes that if an entry was once valid, it will remain valid unless it is explicitly changed by means of a gratuitous ARP from the other device declaring a new address. Most devices will remove a stale ARP entry if the device fails to respond for several minutes, but this is clearly not fast enough for a reliable failover mechanism. The only ways to speed this procedure up are to reboot or manually clear the ARP cache on the end device. Proxy ARP is also a rather messy solution because it requires a potentially large number of ARP requests on the local segment. Because ARP requests are broadcasts, this can cause serious problems on a busy segment.
Cisco developed Hot Standby Router Protocol (HSRP) to address the problem of router redundancy in a more reliable way. It provides a non-disruptive automatic failover method that doesn't require end devices to run any special software. HSRP is documented in RFC 2281, although it is a Cisco proprietary standard that is not implemented by other vendors.
HSRP works by allowing two routers to share the same virtual IP and MAC addresses. End devices simply send their off-segment packets to these addresses as a standard default gateway. One of the routers will receive and forward the packets, so either can fail without disrupting traffic flow. One router is always active, and the other acts as a standby in case the first one should fail. In fact, you can configure many standby routers for extreme high-availability situations. The HSRP routers that share a virtual IP address send multicast packets back and forth periodically. If the primary router ever stops sending these packets for any reason, one of the standby routers immediately takes over both the IP and MAC addresses, and continues to forward packets.
Another similar solution to the same problem is the open standard Virtual Router Redundancy Protocol (VRRP), which is defined in RFC 2338. VRRP is currently supported by many vendors, but has not yet become an official IETF standard. However, because Cisco had already developed HSRP when VRRP was announced, most Cisco devices do not implement VRRP. We say most because Cisco does have some VLAN switches that support VRRP. This leads us to suspect that Cisco may eventually provide VRRP on other products. However, because they continue to add useful features to HSRP, it seems unlikely that VRRP will ever completely replace HSRP on Cisco equipment:
Figure 22-1 shows a simple example of an HSRP network that will make a good reference point for many of the examples in this chapter. If Host A uses Router1 as its default gateway, then it will lose access to the network if Router1 fails. This is true even if there is a second router, Router2, on the same segment.
In the HSRP configuration shown in this diagram, Router1 and Router2 share the virtual IP address 172.22.1.1. These two routers also have their own IP addresses, 172.22.1.3 and 172.22.1.2, respectively. This is a relatively common and useful way of allocating IP addresses in a /24 network. All end devices use the .1 address for their default gateway, which is the virtual router address. The two physical routers then use the .2 and .3 addresses for their real addresses.
HSRP sends multicast packets between routers on the common LAN segment using multicast address 224.0.0.2 and UDP port 1985. By default, these packets are exchanged every 3 seconds, and if they are not seen for 10 seconds, the standby router takes over. Each router in a group has a priority that defines whether it is active or standby. Both the timers and the priority values are configurable.
You can use up to 256 HSRP groups, numbered 0 through 255, on Ethernet and FDDI type networks. This can be useful in network designs in which a central backbone connects many distinct network segments carrying different subnets. For Token Ring LANs, however, you can only configure three distinct HSRP groups, numbered 0 through 2. For Token Rings, you can configure additional groups if you use the Burned In Address (BIA) on the router's Token Ring port (as discussed in Recipe 22.7). The limitation of three HSRP groups applies to the default configuration mode, which uses a common MAC address for the virtual IP address on both routers.
It is important to note that the HSRP group number is significant only on the local LAN segment. You can use the same group number on different interfaces on the same router if the segments do not connect. However, many network administrators find that it helps to avoid confusion if they use different group numbers on different interfaces. Recipe 22.4 shows a good example of a case in which having multiple HSRP groups on a single LAN segment is extremely useful.
For Ethernet LANs, HSRP uses a standard set of MAC addresses from the range allocated to Cisco. The virtual Ethernet MAC addresses are 00-00-0C-07-AC-XX, where the XX represents the HSRP group number in hex (00-FF). The following output shows an HSRP packet captured using the popular Ethereal packet analyzer package:
Ethernet II
Destination: 01:00:5e:00:00:02
Source: 00:00:0c:07:ac:01
Type: IP (0x0800)
Internet Protocol
Version: 4
Header length: 20 bytes
Total Length: 48
Protocol: UDP (0x11)
Source: 172.22.1.3
Destination: ALL-ROUTERS.MCAST.NET (224.0.0.2)
User Datagram Protocol
Source port: 1985 (1985)
Destination port: 1985 (1985)
Length: 28
Cisco Hot Standby Router Protocol
Version: 0
Op Code: Hello (0)
State: Active (16)
Hellotime: Default (3)
Holdtime: Default (10)
Priority: 120
Group: 1
Reserved: 0
Authentication Data: Non-Default (OREILLY)
Virtual IP Address: 172.22.1.1
Token Ring LANs use so-called functional MAC addresses, which are reserved for special-purpose applications. HSRP uses C0-00-00-01-00-00, C0-00-00-02-00-00, and C0-00-00-04-00-00 for groups 0, 1, and 2, respectively. However, as discussed in Recipe 22.7, many organizations actually use the BIA of the Token Ring interface card with HSRP instead of these functional addresses. As we mentioned earlier, when you use the BIA, you can configure additional groups. But it's important to remember that they will all use the same MAC address. This is useful only when you want to configure several IP subnets on the same physical ring and use HSRP on all of them.
HSRP is only used for IP networking. However, the fact that it allows two devices to use the same MAC address can cause serious problems for some other protocols. In particular, if you use DECnet or XNS on the same segment, you must use the BIA to avoid bad protocol interactions. The command for this is use-bia, which we discuss in Recipe 22.7.
Although HSRP represents a useful alternative to Proxy ARP, as we have already mentioned, you can use them together. This is particularly useful when you are migrating from an old Proxy ARP configuration to HSRP. In this case, the router uses the HSRP virtual MAC address when it responds to ARP requests.
It is also worth noting that the router will disable ICMP redirects by default when you enable HSRP. Normally, when you have two routers on the same segments, ICMP redirection allows you to send a packet to either one. If the other router has a better path to the destination, the receiving router will forward the packet to the other router and send a special ICMP redirect packet back to the source device. The source device receives this packet and updates its internal routing table accordingly so that all future packets to this destination will use the better router.
Normally, you don't want to use ICMP redirection with HSRP because it would allow the end devices to learn the real physical MAC addresses for the routers. Since the end devices update their internal routing tables with this information, a failure by one of the routers would prevent the other from taking over all routing functions.
However, in Recipe 22.5, we show how to configure HSRP routers to use ICMP redirection so that they use only the HSRP virtual MAC address instead of any physical addresses.
|
|
|
| Top |