Skip to Content

How to configure HSRP/GLBP/VRRP?

How to configure HSRP/GLBP/VRRP?

The Redundancy protocol is very common in any enterprise network that you look at it. When it comes to providing layer3 redundancy there are multiple protocols available for you to choose from, each provides its own advantages and disadvantages.

Based on your requirement, there are redundancy protocols such as HSRP, GLBP, and VRRP, let’s look at each of them in detail.

First, we will look at the real-life examples, and then we can take a look at where do we use HSRP, GLBP, and VRRP and their differences then we will fix the network. Instead of showing labs right away.

So let’s begin.

We have Customer A , they are using a simple network topology as below.

A router that is connected to the internet that has wan IP address of 172.16.1.0/24 network, though it’s an internet link we are not using a public IP for this example 🙂 . And a layer 2 switch serving the LAN network that are in 10.1.1.0/24 network

In this example PC has default gateway 10.1.1.1, which it can use to go out of it’s local area network, is configured on the Router-1. However the issue with the current setup is that the default gateway doesn’t have redundancy in place meaning if the router-1 were to go down then we don’t have a backup router to send the traffic from LAN users out to the internet.

So as a network engineer how do we design such a way that the default Gateway should be available at all times?
And when Router 1 were to go down then there should be redundancy in place to take care of the default gateway

This is where you could use First Hop Redundancy Protocol, we could use HSRP or GLBP if the customer is using a Cisco devices or we could use VRRP if it is a non Cisco device or multi-vendor environment.

In this blog, lets look at each of them.

Differences between HSRP GLBP and VRRP

The HSRP – ( The Hot Standby Router Protocol ), GLBP (Global Load Balancing protocol) and VRRP ( Virtual Router Redundancy Protocol) functions the same way but there are some differences between them.
Lets discuss that now.

What is HSRP ?

HSRP- Hot Standby Redundancy protocol is a Cisco proprietary redundancy protocol that provide redundancy or high availability for your local subnet, With HSRP you could add two or more routers to act as a single router with its virtual IP, however only one router would be active at a time and others would be in standby mode. The router that is active would act as a virtual gateway for the specified subnet. When the active router goes down the standby router would kick in and becomes the active router.

  • HSRP version 1 uses multicast IP address 224.0.0.2 and the version2 usees 224.0.0.102.
  • On HSRP version 1 allows groups of 0-255 and the version 2 0-4095.
  • Preemption is not enabled by default.
  • The virtual MAC address used by HSRP look like this 0000.00 07.ac02 where the last digits represents the group number.

What is GLBP ?

GLBP – Global Load Balancing Protocol is also Cisco Proprietary first hop redundancy protocol but it works little different as compared to HSRP, while the HSRP can have one Active physical router at a time as the name suggests the GLBP can load balance between two or more physical routers and you can have up-to Four routers in the GLBP group.
You could also manipulate how you would want to load balance the traffic that goes off to the default gateway.

  • GLBP uses the multicast IP address of 224.0.0.102
  • Unlike HSRP and VRRP, GLBP load balance across all the routers.

What is VRRP ?

Virtual Router Redundancy Protocol is RFC standard first hop redundancy protocol, It works almost similar to HSRP but there some minor advantages of using VRRP, like for instance if your network is multi vendor environment not just Cisco then you must use VRRP.
Instead of Active and standby for the HSRP groups in VRRP its called Master and backup

  • The multicast address used by VRRP is 224.0.0.18 with the port number 112.
  • Preempt is enabled by default.
  • The MAC address used by VRRP is 0000.5e00.0102 where the last digits represents again the group numbers.

We just discussed different types of First hop redundancy protocol, lets see How to configure HSRP on Cisco routers.

How to configure HSRP on Cisco router?

In the same customer A network, let’s suppose that they are using only cisco devices and you decided to run HSRP in it, to implement HSRP you would have to redesign the network as below.

hsrp configuration

In the diagram, we just added a secondary router also it has an up-link towards the internet, and the switch has connectivity to both routers too.

And the IP that you see in Red color is the Virtual IP that we are going to configure on both routers. You have to remember to change the default gateway from 10.1.1.1 to 10.1.1.254 on all the end-users machines post the change.

In your network, if you are using DHCP then all you got to do is change the default gateway configuration on the DHCP server. While the users are in DHCP and for some reason they are not able to access the network it is because they have cached DHCP entry on their devices. Inform the users to do ipconfig /release and renew to wipe out the old config and get the new IP configuration from the DHCP server and it should work fine.

Note: It is assumed that you already have basic IP routing configured for this network.

HSRP configuration on R1.

Step 1. First, we need to find out the default gateway interface that is connected to the switch, in our case for R1 it is GigabitEthernet 0/2

TIP# This is the interface that HSRP uses to send a hello message every 3 seconds, at any point if the HSRP shows its status as unknown, which means there is an issue on layer 2.

Step 2. The configuration that we are going to do for the HSRP is on the interface level not at the global level, so let’s begin.

On the privilege, mode get into the down-link interface which in our case GigabitEthernet 0/2

R1#configure terminal 
R1(config)#interface gigabitEthernet 0/2

Step 3. Once you are at the interface level configure HSRP with the below parameters.

  • Standby –> which specifies that the configuration is HSRP
  • Group number –> HSRP group you will have to define from 1-255
  • Virtual IP –> As per the diagram we need to assign the virtual IP which is 10.1.1.254

And this is what the configuration looks like.

R1(config-if)#standby version 2
R1(config-if)standby 1 ip 10.1.1.254
*Feb  6 16:09:16.435: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 1 state Standby -> Active      

As you can see above after a few seconds you made the changes of HSRP, a message that appeared on the screen which says the current router state has become Active. Which is of course as expected.

  • Lets check the current status of the HSRP by issuing the command show standby brief
R1#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/2       1    100   Active  local           unknown         10.1.1.254
R1#

Why is it standby is showing unknown ?, because we have not configured the other side with HSRP.

Step 4. I already pointed my PC default gateway from 10.1.1.1 to 10.1.1.254. let’s ping from the PC and see if we are able to reach the virtual gateway or not.

PC1#ping 10.1.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/213/1020 ms
PC1#

Great!, that work’s let’s configure the HSRP on the R2.

HSRP configuration on R2.

Step 1. For Router two the switch is connected to the GigabitEthernet 0/1, so the configuration looks like below.

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#interface gigabitEthernet 0/1
R2(config-if)#standby version 2
R2(config-if)#standby 1 ip 10.1.1.254
R2(config-if)#
*Feb  6 16:20:08.031: %HSRP-5-STATECHANGE: GigabitEthernet0/1 Grp 1 state Speak -> Standby

Step 2. Just like before you can see that the Router-2 recognized itself as Standby, lets see the status from both routers.

  • HSRP status on Router one
R1#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/2       1    100   Active  local           10.1.1.2        10.1.1.254
R1#

Router-1 shows its HSRP state as Active which means R1 is the primary and Standby shows R2 IP address.

  • Status on Router two
R2#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/1       1    100   Standby 10.1.1.3        local           10.1.1.254
R2#

Router-2 shows its status as Standby and Active as Router-1’s IP address.

Congrats! you just configured HSRP on the network, let’s verify from the user’s end.

HSRP Verification.

Step 1. start sending continuous ping towards the internet IP 8.8.8.8 from the end-user machine.

Step 2. Shutdown the interface that is connected to the switch. which is Gi0/2

As soon as I shut down the interface you could see an HSRP state change message which says the HSRP state changed from Active to Init.

R1(config)#int g0/2
R1(config-if)#shut
*Feb 29 13:58:46.029: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 1 state Active -> Init

Step 3. Let’s check the status of the HSRP state now.

R1#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/2       1    100   Init    unknown         unknown         10.1.1.254
R1#

As you can see both the Active and Standby status on Router one went to unknown, because there is no Layer 2 connectivity to the other end. By default HSRP would send hello messages every 3 seconds on the layer 2 link to its neighbors, in this case it is down.

  • You can also notice from the end user machine that there are three packet drops and it recovered after that, which means the configuration is working as expected and router two had taken over.
PC1#ping 8.8.8.8 repeat 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 98 percent (163/166), round-trip min/avg/max = 12/19/31 ms
PC1#
  • And the Router two become the Active router for the traffic. Let’s check the status on both the Routers.

The Router-2 as you can see below has become the active router on the setup.

R2#sh standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/1       1    100   Active  local           unknown         10.1.1.254
R2#

Step 4. Let’s un-shut the port on the Router-1 and check the status.

The status now shows Router 1 as standby and R2 is Active

R1#sh standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/2       1    100   Standby 10.1.1.2        local           10.1.1.254
R1#
R2#sh standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/1       1    100   Active  local           10.1.1.3        10.1.1.254
R2#

Everything is good and the customer is happy with the new setup.

HSRP with Preemption and priority.

After a few days, you got a new request from a customer like below.

  1. At any point when the WAN link that connected to the internet on R1 goes down the R2 should become Active.
  2. Also R1 should be the primary router always when everything is up and running.

You can resolve this request in two options that are available in HSRP.

  • To monitor WAN link and make HSRP state change you could use HSRP tracking.
  • To make R-1 to be the Active at all times, you could use preempt with higher priority Lets look at this in more details.

HSRP priority

HSRP decides which router to be active based on its priority. The higher the priority number the better it is.

By default, HSRP uses priority value 100.

let’s suppose you configured R1 with higher priority 110 and enabled the HSRP and Configured R2 with default priority which is 100 and enabled the HSRP.

Now, who do you think would become active, R1 or R2?

Of course, R1, as we enabled the router one first.

HSRP Preempt

However what would happen, If the R1 ever becomes standby and R2 takes over, and when the R1 becomes available again who do you think become the active router?

The R2 stays active irrespective of the R1 state changes, R1 would only become the active one, only when the R2 goes down.

how to override the situation and make the R1 to be active every time it is online?

That’s where you use preempt with priority.

Let’s configure HSRP with preempt and higher priority on R1.

R1(config)#interface gigabitEthernet 0/2
R1(config-if)#standby 1 priority 110
R1(config-if)#standby 1 preempt 

No configuration is required on the R2 side.

HSRP preempt test.

When you set the preempt with higher priority on R1 this is what happens.

R1 always be the active router because of it’s highest priority and R2 to standby and the moment R1 goes down R2 becomes Active. As soon as R1 becomes online and since it has higher priority R1 force itself to be the Active router.

Lets check this in the lab

Step 1. Lets check the status of HSRP in detail. As you can see the preemption is enabled and the R1 is the active router.

R1#show standby 
GigabitEthernet0/2 - Group 1
  State is Active
    2 state changes, last state change 00:37:40
  Virtual IP address is 10.1.1.254
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.232 secs
  Preemption enabled
  Active router is local
  Standby router is 10.1.1.2, priority 100 (expires in 8.336 sec)
  Priority 110 (configured 110)
  Group name is "hsrp-Gi0/2-1" (default)
R1#

R2 is the standby and you can also see more details here.

R2#show standby 
GigabitEthernet0/1 - Group 1
  State is Standby
    1 state change, last state change 00:37:36
  Virtual IP address is 10.1.1.254
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.344 secs
  Preemption disabled
  Active router is 10.1.1.3, priority 110 (expires in 11.024 sec)
  Standby router is local
  Priority 100 (default 100)
  Group name is "hsrp-Gi0/1-1" (default)
R2#

Step 2. Send continues ping to the internet from PC1

Step 3. Shutdown R1 HSRP interface

R1#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/2       1    110 P Active  local           10.1.1.2        10.1.1.254
R1(config)#interface gigabitEthernet 0/2
R1(config-if)#shut
*Mar 17 18:00:58.448: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 1 state Active -> Init
R1(config-if)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/2       1    110 P Init    unknown         unknown         10.1.1.254
  • As you can see the HSRP lost its active state and went to unknown, and R2 taken over as soon as R1 becomes unavailable.
R2#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/1       1    100 P Standby 10.1.1.3        local           10.1.1.254
R2#
*Mar 17 18:01:48.767: %HSRP-5-STATECHANGE: GigabitEthernet0/1 Grp 1 state Standby -> Active
R2#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/1       1    100 P Active  local           unknown         10.1.1.254
R2#

Step 4. Let’s un-shut the port and see what happens.

R1(config-if)#no shut
R1(config-if)#
*Mar 17 18:07:10.205: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 1 state Listen -> Active
R1(config-if)#
  • As soon as I un-shut the port the router one becomes the active again, because of the higher priority and the preemption set.
  • You can notice there are only three packet drops from the PC during continues ping and when we did the fail-over testing.
PC1#ping 8.8.8.8 rep 100000
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

TIP# Just keep in mind that at any point if you would like the R2 to be the active always (Opposite to the current setup), all you got to do is change the priority from default to 120, which is higher than the R1’s priority 110.

HSRP with IP SLA object tracking

Everything is working well and then one fine day you realized that the end-user cannot access the internet. Further checking you came to know that the link is up and running but on the provider end the internet is down.

Now you have to come up with a different strategy.

Along with the current interface line tracking you would also want to track any of the critical Internet IPs or ISP peer IP. That way when the internet is out on the primary router it would fail over to the secondary.

Is this possible?

Yes, you could use IP SLA for this purpose. And track the IP SLA object in HSRP.

HSRP IP SLA tracking configuration.

Step 1. First, create IP SLA like below.

R1(config)#ip sla 2
R1(config-ip-sla)#icmp-echo 8.8.8.8
R1(config-ip-sla-echo)#frequency 5
R1(config-ip-sla-echo)#exit
R1(config)#ip sla schedule 2 life forever start-time now

The ICMP-ECHO would let you ping the IP address and the same can be tracked using track command. Based on its availability you can manage the HSRP status.

Step 2. Like you tracked the interface before, you can track the IP SLA object that you just created.

R1(config)#track 2 ip sla 2 reachability 
R1(config-track)#exit

Step 3. Add the IP SLA object tracking in HSRP like below.

Here you tell the router interface that, anytime when the tracked object were to go down you can decrement the value 30 from its priority.

R1(config)#int g0/2
R1(config-if)#standby 1 track 2 decrement 30 

When the R1 decrements the value, R1’s priority would change from 110 to 80 (110 – 30 = 80)

At this time R2 (default priority 100) would realize that it has higher priority then R1 (80) and the HSRP state changes happens.

HSRP IP SLA Testing

We have now configured IP sla tracking in hsrp, let’s test the same.

Step 1. Go to the wan interface on the router one and shut it off.

R1(config-if)#shut
R1(config-if)#
*Mar 17 18:36:08.569: %TRACK-6-STATE: 10 interface Gi0/0 line-protocol Up -> Down
R1(config-if)#
R1(config-if)#
*Mar 17 18:36:10.560: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
*Mar 17 18:36:11.560: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
R1(config-if)#
*Mar 17 18:36:14.609: %TRACK-6-STATE: 2 ip sla 2 reachability Up -> Down
R1(config-if)#
*Mar 17 18:36:17.187: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 1 state Active -> Speak
R1(config-if)#
*Mar 17 18:36:29.183: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 1 state Speak -> Standby
R1(config-if)#

As you can see the HSRP state on Router one went from Active->Speak->Standby
Router one is no longer an Active router.

R1(config-if)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/2       1    80  P Standby 10.1.1.2        local           10.1.1.254
R1(config-if)#

You can also see that the R2 has taken over the virtual IP and become the active Router.

R2#
*Mar 17 18:38:21.996: %HSRP-5-STATECHANGE: GigabitEthernet0/1 Grp 1 state Standby -> Active
R2#
R2#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/1       1    100 P Active  local           10.1.1.3        10.1.1.254
R2#

Step 2. Let’s un-shut the port and see what happens.

R1(config-if)#no shut
R1(config-if)#
*Mar 17 18:39:32.841: %TRACK-6-STATE: 10 interface Gi0/0 line-protocol Down -> Up
R1(config-if)#
*Mar 17 18:39:33.488: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Mar 17 18:39:34.489: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
R1(config-if)#
R1(config-if)#
*Mar 17 18:39:49.630: %TRACK-6-STATE: 2 ip sla 2 reachability Down -> Up
R1(config-if)#
*Mar 17 18:39:50.590: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 1 state Standby -> Active
R1(config-if)#do show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/2       1    110 P Active  local           10.1.1.2        10.1.1.254
R1(config-if)#

After a few seconds we shutdown the wan link on R1. As per the HSRP tracking R1 priority has back to normal and R1 takes its status as Active.

Superb!! your HSRP is working as expected. We now have Router One as the primary router and we also have R1’s Uplink and the Downlink being monitored as well.

How to configure GLBP on Router?

You have been asked by the customer, hey.. I see that you are running HSRP on both routers and the standby router just sitting there idle waiting for the R1 to go down, is there a way can you load balance them?

The answer for that is If you are running HSRP then you cannot load balance the traffic but if you are still running Cisco devices then you could run GLBP in it.

Configuration of GLBP

The configuration of GLBP is similar to the HSRP, instead of using standby in the command, you have to use GLBP.

GLBP configuration on R1

You get into the interface configuration mode and enable GLBP with the command GLBP group number IP address.

After a few seconds you would get a notification that says the current router has become the Active one.

R1(config)#int g0/2  
R1(config-if)#glbp 1 ip 10.1.1.254
R1(config-if)#
*Mar 19 13:23:21.834: %GLBP-6-STATECHANGE: GigabitEthernet0/2 Grp 1 state Speak -> Active
R1(config-if)#
*Mar 19 13:23:31.935: %GLBP-6-FWDSTATECHANGE: GigabitEthernet0/2 Grp 1 Fwd 1 state Listen -> Active
R1(config-if)#

GLBP configuration on R2

Just like on the R1 you would also get the notification message as soon as you entered the command.
Do you remember in HSRP when we did the second router configuration it had become standby but here it is Active again? That’s because GLBP works differently than the HSRP.

R2(config)#int g0/1
R2(config-if)#glbp 1 ip 10.1.1.254
R2#
*Mar 19 13:24:26.386: %GLBP-6-FWDSTATECHANGE: GigabitEthernet0/1 Grp 1 Fwd 2 state Listen -> Active
R2#

GLBP verificaiton

You can run the command show glbp to check the status of GLBP.
As you can see there are two forwarders in each router.

R1#show glbp
GigabitEthernet0/2 - Group 1
  State is Init (interface down)
    4 state changes, last state change 01:52:27
  Virtual IP address is 10.1.1.254
  Hello time 3 sec, hold time 10 sec
  Redirect time 600 sec, forwarder timeout 14400 sec
  Preemption disabled
  Active is unknown
  Standby is unknown
  Priority 100 (default)
  Weighting 100 (default 100), thresholds: lower 1, upper 100
  Load balancing: round-robin
  Group members:
    0ce3.f12c.cd02 (10.1.1.3) local
  There are 2 forwarders (0 active)
  Forwarder 1
    State is Init
      4 state changes, last state change 01:52:27
    MAC address is 0007.b400.0101 (default)
    Owner ID is 0ce3.f12c.cd02
    Preemption enabled, min delay 30 sec
    Active is unknown
    Client selection count: 1
  Forwarder 2
    State is Init
      2 state changes, last state change 01:52:27
    MAC address is 0007.b400.0102 (learnt)
    Owner ID is 0ce3.f14b.dd01
    Time to live: 7574.624 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is unknown
R1#
R2#show glbp
GigabitEthernet0/1 - Group 1
  State is Active
    4 state changes, last state change 01:51:47
  Virtual IP address is 10.1.1.254
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.272 secs
  Redirect time 600 sec, forwarder timeout 14400 sec
  Preemption disabled
  Active is local
  Standby is unknown
  Priority 100 (default)
  Weighting 100 (default 100), thresholds: lower 1, upper 100
  Load balancing: round-robin
  Group members:
    0ce3.f14b.dd01 (10.1.1.2) local
  There are 2 forwarders (2 active)
  Forwarder 1
    State is Active
      3 state changes, last state change 01:51:47
    MAC address is 0007.b400.0101 (learnt)
    Owner ID is 0ce3.f12c.cd02
    Redirection disabled
    Time to live: 7530.656 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is local, weighting 100
  Forwarder 2
    State is Active
      3 state changes, last state change 01:51:47
    MAC address is 0007.b400.0102 (default)
    Owner ID is 0ce3.f14b.dd01
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 100
R2#

How to configure VRRP?

This time you have received another request where the customer network in the future would move out to a different vendor. Since non-cisco devices don’t support either HSRP or GLBP, you have to run VRRP.

To make the transition smoother you have requested to run VRRP in the existing setup. Then later you could add different vendors in.

The VRRP is not so different when it comes to the configuration of HSRP.

While in HSRP you cannot use physical interface IP as the virtual IP. In VRRP you can. This would be useful when you have only two public IP’s available and you would want to use the virtual IP between them. But for internal network IP availability is no longer an issue, we can use the same way how we had set up for the HSRP.

Configuration of VRRP

Enabling VRRP doesn’t require many steps. On the interface level, you just need to add the command vrrp group number IP group IP address

Enable VRRP on R1

R1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#interface gigabitEthernet 0/2
R1(config-if)#vrrp 1 ip 10.1.1.254         
R1(config-if)#

Enable VRRP on R2

R1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#interface gigabitEthernet 0/1
R2(config-if)#vrrp 1 ip 10.1.1.254

TIP# Preemption is enabled by default in VRRP.

You can check the status on both the routers using the command show vrrp brief.

R1#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/2              1   100 3609       Y  Master  10.1.1.3        10.1.1.254     
R1#
R2#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/1              1   100 3609       Y  Backup  10.1.1.3        10.1.1.254     
R2#

To see the in more details

R1#show vrrp 
GigabitEthernet0/2 - Group 1  
  State is Master  
  Virtual IP address is 10.1.1.254
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100 
  Master Router is 10.1.1.3 (local), priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec
R1#
R2#show vrrp 
GigabitEthernet0/1 - Group 1  
  State is Backup  
  Virtual IP address is 10.1.1.254
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100 
  Master Router is 10.1.1.3, priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec (expires in 3.097 sec)
R2#

VRRP Testing

Similar to the HSRP test let’s start to ping the IP address 8.8.8.8 from the PC and fail-over the VRRP.

Step 1. On the Master router (R1), let’s shut down the VRRP interface.
As soon as we shut down the interface the master status would go to init.

R1(config-if)#interface gigabitEthernet 0/2
R1(config-if)#shut   
*Mar 18 15:19:47.750: %VRRP-6-STATECHANGE: Gi0/2 Grp 1 state Master -> Init
R1#show vrrp brief 
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/2              1   100 3609       Y  Init    0.0.0.0         10.1.1.254     
R1#
  • And in R2 you would get the notification that saying R2 moved from backup to Master.
R2#
*Mar 18 15:19:48.201: %VRRP-6-STATECHANGE: Gi0/1 Grp 1 state Backup -> Master
R2#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/1              1   100 3609       Y  Master  10.1.1.2        10.1.1.254     
R2#
  • We don’t see much packet drop in the ping results from PC1.
PC1#ping 8.8.8.8 rep 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (379/382), round-trip min/avg/max = 3/4/46 ms
PC1#

Step 2. Let’s un-shut the port to see the status change from both Routers.

R1(config)#int gigabitEthernet0/2
R1(config-if)#no shut
*Mar 18 15:24:30.203: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
R1(config-if)#
*Mar 18 15:24:30.205: %VRRP-6-STATECHANGE: Gi0/2 Grp 1 state Init -> Backup
R1(config-if)#
*Mar 18 15:24:31.204: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up
R1(config-if)#
*Mar 18 15:24:33.814: %VRRP-6-STATECHANGE: Gi0/2 Grp 1 state Backup -> Master
R1(config-if)#

R1 becomes master again and R2 backup the backup as before.

R2#
*Mar 18 15:24:33.732: %VRRP-6-STATECHANGE: Gi0/1 Grp 1 state Master -> Backup
R2#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/1              1   100 3609       Y  Backup  10.1.1.3        10.1.1.254     
R2#

Hold on! I understand that preemption is set by default but the priority remains the same as 100 on both routers, How did R1 decide itself as the master again.

The VRRP has a different election process as compared to the HSRP.

  • If you wanted to manipulate the master backup in VRRP, you could still use the priority to make changes.
  • However, if you have multiple routers with the same priority then the router with highest physical IP address would become the master. That’s the same thing happend on this case.