The document discusses first hop redundancy protocols (FHRPs) including Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP). HSRP uses a virtual IP address shared between devices to provide redundancy. It elects an active router while others act as standbys. HSRP version 2 supports more groups and milliseconds timers. Link tracking prioritizes routers based on monitored links. FHRPs ensure network availability if a device or path fails.

1. TOPICS COVERED:
IP SERVICES
- FHRP
- HSRP
- VRRP
- GLBP
- NTP
- NAT

2. FIRST HOP REDUDANCY PROTOCOL (FHRP)
Redundancy:
• Redundancy, Failover, High Availability, Clustering, RAID, Fault-tolerance, Stackwise, VSS
• A good network design provides the redundancy in devices and network links.
• Redundancy is basically extra hardware or software that can be used as backup.
• If the main hardware or software fails or link fail or unavailable in case of emergency.
• It is method for ensuring network availability in case of network device or path failure.
• It is method for ensuring network availability in case of network device unavailability.
• Network redundancy is process through which additional or alternate instances of network
• Redundancy can be achieved via failover, load balancing & high availability in automatic way.
• High availability is a feature which provides redundancy and fault tolerance automatically.
• High Availability is a number of connected devices processing and providing a services.
• The goal is to ensure this service is always available even in the event of a failure or down.
• Clustering is similar to redundant servers & provides fault tolerance in case of emergency.
• A group of servers are logically combined into a cluster and seen as one device to work.
• If a device fails within cluster services continue because other devices continue services.
• One link process traffic & second link remains in standby until primary link fails.
• Set up to allow company to connect their device to more than one Internet connection.
• If one connection goes down, all traffic would failover to the other Internet connection.
• This would eliminate single point of failure and would re-assure availability and reliability.
• RAID is a fault tolerance solution for hard drives usually implemented in the servers/storage.
• Redundant Array of Independent Disks providing redundancy and fault tolerance.
• Automatic failover is process of moving active services from primary device to backup.
• Usually backup device continues these services until primary device has come back up.
• When a device fails another device takes over this process which is referred to as a failover.
• Services failover to backup device which will continue from where primary device left off.
• Failover feature allows for hardware firewalls to have some redundancy and backup.
• Have two or more hardware device configured if primary fails, the backup take over.
• It is implemented on the high-end hardware devices for networks require redundancy.
• HSRP is a Cisco proprietary protocol for establishing a fault-tolerant default gateway.
• Redundancy, Fault-tolerance, & High-availability, all refer to some sort of failover of backup.
ETHERCHANNEL

3. FAULT TOLERANCE
REDUNDANT POWER SUPPLY UNIT

4. - Network resiliency is a key component of network design.
- Resiliency with Layer 2 forwarding is accomplished by adding multiple Layer 2 switches into
a topology.
- Resiliency with Layer 3 forwarding is accomplished by adding multiple Layer 3 paths or
routers.
- The PC could configure its gateway as 172.16.1.2, but what happens when that device fails?
The same problem occurs if the other gateway was configured. How can a host be
configured with more than one gateway?
The deployment of first-hop redundancy protocols (FHRPs) solves the problem of hosts configuring
multiple gateways. FHRPs work by creating a virtual IP (VIP) gateway instance that is shared between
the Layer 3 devices. This course covers the following FHRPs:
• Hot Standby Router Protocol (HSRP)
• Virtual Router Redundancy Protocol (VRRP)
• Gateway Load Balancing Protocol (GLBP)

5. Hot Standby Router Protocol (HSRP)
• HSRP stands for Hot Standby Router Protocol & Cisco proprietary protocol.
• There are two versions of Hot Standby Router Protocol (HSRPv1 & HSRPv2).
• Two or more Cisco Routers or Switches on LAN segment form an HSRP group.
• In HSRP, one Cisco Router or Switch assumes the function of “Active” Device.
• In HSRP, other Routers or Switches is known as “Standby” Router or Switch.
• In HSRP, the highest priority gateway is elected as active gateway of group.
• In HSRP the active gateway is the owner of Virtual MAC & Virtual IP address.
• In HSRP, the default priority is set to 100 but it can be easily modify (0-255).
• Highest interface IP becomes Master Switch and preempt option is disabled by default.
• HSRP Version 1 uses Multicast Address 224.0.0.2 for sending the Hello traffic.
• HSRP Version 2 uses Multicast Address 224.0.0.102 for sending the Hello traffic.
• In HSRP, the messages can be authenticated using the clear text or the MD5.
• HSRP Version 1 allows for group numbers ranging from 0 – 255 not more then.
• HSRP Version 2 allows for group numbers ranging from 0 – 4095 which is more.
• HSRP Version 1 virtual MAC 0000. 0c07.acXX. (XX is group no. {0-255}).
• HSRP Version 2 virtual MAC 0000. 0c9f.fXXX. (XXX is group no. {0-4095}).
• HSRP Version 2 support IPv6 address but HSRP version 1 doesn’t support IPV6.
• HSRP Version 1 and HSRP Version 2 are not compatible with each other.
• Load sharing using multiple groups and virtual IP with priority modification.
• In HSRP Version 1 & 2 Default Hello time is 3 seconds, Hold time is 10 seconds.
• On Cisco Router or Switches By default, version 1 is enable until version 2 enabled.
• By default, in all Cisco Routers or Cisco Switches have priority 100.
HSRP does not support preemption by default, so when a router with lower priority becomes
active, it does not automatically transfer its active status to a superior router.
HSRP VERSION 1:

8. HSRP-enabled interfaces send and receive multicast UDP-based hello messages to detect any failure
and designate active and standby routers.
If a standby device does not receive a hello message or the active device fails to send a hello
message, the standby device with the second highest priority becomes HSRP active.
The transition of HSRP active between the devices is transparent to all hosts on the segment
because the MAC address moves with the virtual IP address.
STEPS TO CONFIGURE HSRP version 1:
Step 1. Define the HSRP instance by using the command standby instance-id ip vip-address.
Step 2. (Optional) Configure HSRP router preemption to allow a more preferred router to take the
active router status from an inferior active HSRP router. Enable preemption with the
command standby instance-id preempt.
Step 3. (Optional) Define the HSRP priority by using the command standby instance-
id prioritypriority. The priority is a value between 0 and 255.
Step 4. Define the HSRP MAC Address (Optional).
The MAC address can be set with the command standby instance-id mac-address mac-address.
Most organizations accept the automatically generated MAC address, but in some migration
scenarios, the MAC address needs to be statically set to ease transitions when the hosts may have a
different MAC address in their ARP table.
Step 5. (Optional) Define the HSRP timers by using the command standby instance-
id timers {seconds | msec milliseconds}. HSRP can poll in intervals of 1 to 254 seconds or 15 to 999
milliseconds.
HSRPv1 HSRPv2
Timers Does not support millisecond timer values Supports millisecond timer
values
Group range 0 to 255 0 to 4095
Multicast
address
224.0.0.2 224.0.0.102
MAC address
range
0000.0C07.ACxy, where xy is a hex value representing the HSRP
group number
0000.0C9F.F000 to
0000.0C9F.FFFF

9. Step 6. (Optional) Establish HSRP authentication by using the command standby instance-
id authentication {text-password | text text-password | md5 {key-chain key-chain | key-string key-
string}}.
It is possible to create multiple HSRP instances for the same interface. Some network architects
configure half of the hosts for one instance and the other half of the hosts for a second instance.
Setting different priorities for each instance makes it possible to load balance the traffic across
multiple routers.
EXAMPLE TO CONFIGURE HSRP:
Device1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device1(config)# interface vlan 10
03:55:35.148: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
Device1(config-if)# ip address 172.16.10.2 255.255.255.0
Device1(config-if)# standby 10 ip 172.16.10.1
03:56:00.097: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Speak -> Standby
Device1(config-if)# standby 10 preempt
Device2(config)# interface vlan 10
03:56:04.478: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state
to down
Device2(config-if)# ip address 172.16.10.3 255.255.255.0
Device2(config-if)# standby 10 ip 172.16.10.1
Device2(config-if)# standby 10 preempt
03:58:22.113: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Standby -> Active
Verify:
show standby [interface-id] [brief]
Device1# show standby
Vlan10 - Group 10
State is Standby
9 state changes, last state change 00:13:12
Virtual IP address is 172.16.10.1
Active virtual MAC address is 0000.0c07.ac0a (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.736 secs
Preemption enabled
Active router is 172.16.10.3, priority 100 (expires in 10.032 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl10-10" (default)

10. HSRP LINK (OBJECT) TRACKING:
HSRP provides the capability to link object tracking to priority. For example, assume that traffic
should flow through SW2’s WAN connection whenever feasible. Traffic can be routed by SW3 to
SW2 and then on to SW2’s WAN connection; however, making SW2 the VIP gateway streamlines the
process. But when SW2 loses its link to the WAN, it should move the HSRP active speaker role to
SW3.
This configuration is accomplished as follows:
• Configure a tracked object to SW2’s WAN link (in this example, VLAN 1).
• Change SW2’s priority to a value higher than SW3 (in this case, 110).
• Configure SW2 to lower the priority if the tracked object state changes to down. This is
accomplished with the command standby instance-id track object-id decrement decrement-value.
The decrement value should be high enough so that when it is removed from the priority, the value
is lower than that of the other HSRP router.
Device1(config)# track 1 interface vlan 1 line-protocol
Device1(config-track)# interface vlan 10
Device1(config-if)# standby 10 priority 110
04:44:16.973: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Standby -> Active
Device1(config-if)# standby 10 track 1 decrement 20
Device2# show standby
! Output omitted for brevity
Vlan10 - Group 10

11. State is Active
10 state changes, last state change 00:06:12
Virtual IP address is 172.16.10.1
Preemption enabled
Active router is local
Standby router is 172.16.10.3, priority 100 (expires in 9.856 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
HSRP VERSION 2:
HSRP version 2 is designed to address the following restrictions in HSRP version 1:
• In HSRP version 1, millisecond timer values are not advertised or learned. HSRP version 2 advertises
and learns millisecond timer values. This change ensures stability of the HSRP groups in all cases.
• In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands
the group number range from 0 to 4095.
• HSRP version 2 provides improved management and troubleshooting. With HSRP version 1, you
cannot use HSRP active hello messages to identify which physical device sent the message because
the source MAC address is the HSRP virtual MAC address. The HSRP version 2 packet format includes
a 6-byte identifier field that is used to uniquely identify the sender of the message. Typically, this
field is populated with the interface MAC address.
• The multicast address 224.0.0.2 is used to send HSRP hello messages. This address can conflict with
Cisco Group Management Protocol (CGMP) leave processing.
Version 1 is the default version of HSRP.

12. • HSRP version 2 uses the new IP multicast address 224.0.0.102 to send hello packets instead of
the multicast address of 224.0.0.2, used by HSRP version 1. This new multicast address allows
CGMP leave processing to be enabled at the same time as HSRP.
• HSRP version 2 permits an expanded group number range, 0 to 4095, and consequently uses a
new MAC address range 0000.0C9F.F000 to 0000.0C9F.FFFF. The increased group number range
does not imply that an interface can, or should, support that many HSRP groups. The expanded
group number range was changed to allow the group number to match the VLAN number on
subinterfaces. Dec to Hexa converter -> http://decimal-to-binary.com/decimal-to-binary-
converter-online.html
• When the HSRP version is changed, each group will reinitialize because it now has a new virtual
MAC address.
• HSRP version 2 has a different packet format than HSRP version 1. The packet format uses a
type-length-value (TLV) format. HSRP version 2 packets received by an HSRP version 1 device will
have the type field mapped to the version field by HSRP version 1 and subsequently ignored.
• A new command will allow changing of the HSRP version on a per-interface level standby version
[1 | 2]. Note that HSRP version 2 will not interoperate with HSRP version 1. However, the
different versions can be run on different physical interfaces of the same router.
TLV is a way of storing data to facilitate quick parsing of that data.
Its mainly used in transferring data in binary format in network communications.
T = Tag/Type , 2 Byte hex value
L = Length , 2 Byte hex value
V = Value, L ASCII characters.
STEPS TO CONFIGURE HSRP VERSION 2:
Device1(config)# interface vlan 350
Device1(config-if)# standby version 2
Device1(config-if)# standby 350 priority 110
Device1(config-if)# standby 350 preempt
Device1(config-if)# standby 350 timers 5 15
Device1(config-if)# standby 350 ip 172.20.100.10