Hot Standby Router Protocol
| HSRP (Hot Standby Router Protocol) | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Family: | Internet protocol family | ||||||||||||||||||||||||
| Operation area: |
Increasing the availability |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||
| Standards: | RFC 2281 . March 1998. (English). | ||||||||||||||||||||||||
The Hot Standby Router Protocol ( HSRP ) is a method to increase the availability of important gateways in local networks for end devices using redundant routers .
The proprietary HSRP was developed by Cisco and was disclosed with RFC 2281 in version 1. HSRP was developed to enable end devices to access remote IP networks via several routers. End devices ("hosts") often do not support dynamic routing ; Instead, they do not deliver IP packets to destinations outside their own subnetwork directly, but rather via a default gateway IP address configured on the end device for the purpose of further switching by the end device. As a rule, the default gateway IP address is the IP address of the router in the same subnet as the end device. A failure of this router is usually not detectable for the end device (due to a lack of dynamic routing function between router and end device) and leads to loss of communication between the end device and destinations outside its own subnet.
This is where HSRP or other first-hop redundancy protocols come in. This combines at least two routers for the respective IP subnet to form a logical group. This group of routers presents itself to the end devices in the subnet as a logical router using a virtual IP address and a virtual MAC address in the respective IP subnet. So-called first-hop redundancy can also be provided for other network protocols outside of the IP family using the HSRP function. This includes, for example, Advanced Peer-to-Peer Networking ( APPN ), which uses the MAC address of the router (group).
The virtual MAC address - with the exception of HSRP use in the old token ring technology - is automatically derived from the prefix 00-00-0c-07-ac (or 00-00-0C-9f-f for HSRPv2) and the HSRP group number in hexadecimal notation (e.g. the MAC address 00-00-0c-07-ac- 0f / 00-00-0C-9f-f 0-0f ) is formed from the group ID 15 . For HSRP version 1, the HSRP group number can be specified in the range from 0 to 255 by the network administrator. HSRP version 2 allows group numbers in the value range from 0 to 4095.
By assigning priorities to the respective router, the router with the highest priority is defined as the primary router, which then binds the virtual MAC address and the virtual IP address to its network interface. In addition, it informs the other routers in the group at regular intervals (default: 3 seconds) by means of a multicast message (destination address 224.0.0.2, port UDP 1985 for HSRP version 1 or 224.0.0.102 for HSRP version 2) Secondary router act on its presence. If the end devices use the virtual IP address as the standard gateway in their IP configuration, only the primary HSRP router is used for the traffic from the end device to the remote destination. Traffic from remote networks to the end device does not necessarily have to be routed via the primary router.
If the multicast packets are absent for longer than the “holddown timer” (default: 10 seconds) (e.g. because the primary router has failed), the virtual IP address and the virtual MAC address are passed the secondary router with the next highest priority. From now on, this takes over the function of the primary router.
Thanks to the concerted transfer of both the virtual MAC address and the virtual IP address, this process is transparent for end devices, so that it is not necessary to update your ARP cache when you switch to the standby router. Furthermore, the multicast presence messages of the new primary router ensure that the MAC address table of the switches is updated accordingly if switches are used between HSRP routers and end devices.
There is the possibility of authenticating HSRP group memberships in order to B. to prevent that an incorrectly configured or unauthorized router with a higher priority takes over the primary function.
See also
- Common Address Redundancy Protocol (CARP)
- High availability
- Virtual Router Redundancy Protocol (VRRP)
Individual evidence
- ↑ HSRP configuration. May 25, 2006. Retrieved April 12, 2017 .
- ↑ HSRP Version 2. (PDF) Accessed April 12, 2017 .