Filter
Top Products
27-2
Cisco ASR 901 Series Aggregation Services Router Software Configuration Guide
OL-23826-09
Chapter27 Hot Standby Router Protocol and Virtual Router Redundancy Protocol
Information About HSRP and VRRP
• Feature Information for HSRP and VRRP, page 27-11
Information About HSRP and VRRP
• Overview of HSRP and VRRP
• Text Authentication
• Preemption
Overview of HSRP and VRRP
HSRP provides network redundancy for IP networks, which helps maximum network uptime. By sharing
an IP address and a MAC (Layer 2) address, two or more routers can act as a single virtual router. The
members of the virtual router group continuously exchange status messages. This way, one router can
assume the routing responsibility of another, should it go out of commission for either planned or
unplanned reasons. Hosts continue to forward IP packets to a consistent IP and MAC address, and the
changeover of devices doing the routing is transparent.
A VRRP router is configured to run the VRRP protocol in conjunction with one or more other routers
attached to a LAN. In a VRRP configuration, one router is elected as the virtual router master, with the
other routers acting as backups in case the virtual router master fails. VRRP enables you to configure
multiple routers as the default gateway router, which reduces the possibility of a single point of failure
in a network. You can configure VRRP in such a way that traffic to and from LAN clients can be shared
by multiple routers, to balance the load on available routers.
Text Authentication
HSRP and VRRP ignore unauthenticated protocol messages. The default authentication type is text
authentication. HSRP or VRRP authentication protects against false hello packets causing a
denial-of-service attack. For example, Router A has a priority of 120 and is the active router. If a host
sends spoof hello packets with a priority of 130, then Router A stops being the active router. If Router
A has authentication configured such that the spoof hello packets are ignored, Router A will remain the
active router. Packets will be rejected in any of the following cases:
• The authentication schemes differ on the router and in the incoming packets.
• Text authentication strings differ on the router and in the incoming packets.
Preemption
Preemption occurs when a virtual router backup with a higher priority takes over a virtual router backup
that was elected to become a virtual router master and a preemptive scheme is enabled automatically.
When a newly reloaded router becomes active, despite an active router already existent on the network,
it may appear that preemption is not functioning but it is not true. The new active router did not receive
any hello packets from the current active router, and the preemption configuration never factored into
the new routers decision making.
In general, we recommend that all HSRP routers have the following configuration:
standby delay minimum 30 reload 60