Configuring HSRP and VRRP on Cisco routers

Have you ever heard the terms "four nines" or "five nines" when dealing with customers or providers? It's commonplace to hear these phrases which describe availability or uptime within various pieces of a network. Four nines means a network will be available for service 99.99% of the time within the Service Level Timeframe (SLT). Four nines equates to approximately 1 hour (53 minutes) of downtime per year. That's not an easy number to make in a lot of networks! There are many things that you can do to help you reach your "uptime" goals like putting in physical redundancy, using battery backups and having staff no more than a minute away to fix a problem. You can also configure logical redundancy or fault tolerance in the form of HSRP or VRRP on routers throughout your network. This article will go through a brief overview of each technology and show you how to configure it.

An Overview of HSRP
The Hot Standby Router Protocol (HSRP) is a Cisco protocol which, as detailed in

    Requires Free Membership to View

    Login

RFC 2281, allows multiple client gateways to be configured as one "virtual" router. This "virtual" router is configured with a single IP address which is shared among the group along with a virtual MAC address. The idea behind this is, of course, that the client sees its one gateway even if that gateway fails. HSRP elects an active router which forwards the client's IP packets. A backup or standby router can be configured to take over the forwarding of packets in the event that the active router fails. To track each other, HSRP uses multicast to send its HSRP updates and hellos. I could go on and on about HSRP, but I said this would be brief!

An Overview of VRRP
Chances are, if you have a multi-vendor environment and desire the same benefits of HSRP, you will configure the Virtual Router Redundancy Protocol (VRRP) to do this. VRRP, detailed in RFC 3768, operates in the same manner as HSRP does by electing an Active router called the Master among a group of routers and allowing it to be the "keeper" of a virtual IP and MAC. As with HSRP a failure would trigger the standby router (backup) to then become the Master and subsequently forward the client's traffic. VRRP also uses multicast for its hello mechanism and elections, but unlike HSRP* which uses 224.0.0.2 (This subnet) VRRP uses 224.0.0.18.

*Note: HSRPv2 uses 224.0.0.102

Configuration Time

Now that you have a basic understanding on how each protocol works, let's look at how to configure them on your Cisco router.


Diagram – 1

Using the diagram above we are going to configure R1 and R2 for HSRP using the virtual IP address of 171.16.6.100 using an authentication key of cisco.

R1

R1(config)# interface e0
R1(config-if)# description R1 Ethernet interface for HSRP example – Active
R1(config-if)# ip address 171.16.6.5 255.255.255.0
R1(config-if)# standby 1 ip 171.16.6.100
R1(config-if)# standby 1 priority 110
R1(config-if)# standby 1 preempt
R1(config-if)# standby 1 authentication cisco
R1(config-if)# no shut

R1(config)# router ospf 1
R1(config-router)# network 171.16.6.0 0.0.0.255 area 171.16.6.0
R1(config-router)# network 171.16.2.4 0.0.0.3 area 0.0.0.0

R2

R2(config)# interface e0
R2(config-if)# description R2 Ethernet interface for HSRP example – Standby
R2(config-if)# ip address 171.16.6.6 255.255.255.0
R2(config-if)# standby 1 ip 171.16.6.100
R2(config-if)# standby 1 preempt
R2(config-if)# standby 1 authentication cisco
R2(config-if)# no shut

R2(config)# router ospf 1
R2(config-router)# network 171.16.6.0 0.0.0.255 area 171.16.6.0 
R2(config-router)# network 171.16.7.4 0.0.0.3 area 0.0.0.0

We have now configured R1 and R2 for HSRP using the virtual IP address of 171.16.6.100 and the authentication key of cisco. Now let's take a look at how to configure VRRP using Diagram 1.

R1

R1(config)# interface ethernet0
R1(config-if)# description R1 Ethernet interface for VRRP example – Master
R1(config-if)# ip address 171.16.6.5 255.255.255.0
R1(config-if)# vrrp 1 ip 171.16.6.100
R1(config-if)# vrrp 1 priority 110
R1(config-if)# vrrp 1 authentication cisco
R1(config-if)# no shut

R1(config)# router ospf 1
R1(config-router)# network 171.16.6.0 0.0.0.255 area 171.16.6.0
R1(config-router)# network 171.16.2.4 0.0.0.3 area 0.0.0.0

R2

R2(config)# interface e0
R2(config-if)# description R2 Ethernet interface for VRRP example – Backup
R2(config-if)# ip address 171.16.6.6 255.255.255.0
R2(config-if)# vrrp 1 ip 171.16.6.100
R2(config-if)# vrrp 1 authentication cisco
R2(config-if)# no shut

R2(config)# router ospf 1
R2(config-router)# network 171.16.6.0 0.0.0.255 area 171.16.6.0 
R2(config-router)# network 171.16.7.4 0.0.0.3 area 0.0.0.0

We have now configured both HSRP and VRRP on R1 and R2. Notice in the VRRP example that I did not use the vrrp group preempt command as I did in the HSRP example. This is because preempt is enabled by default for VRRP. If there's a case when you need to turn preempting off, use the command no vrrp group preempt.

Doug Downer (CCIE #9848) is a Sr. Consultant with Callisma, INC, a wholly owned subsidiary of SBC Communications. Doug has over 7 years in the industry and currently provides high level business and technology consulting for various federal clients in the Washington D.C. area. He can be reached at ddowner@callisma.com.


This was first published in January 2005

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top