Wednesday, 3 August 2016

Hot Standby Routing Protocol (HSRP)

è       HSRP is cisco proprietary protocol developed RFC 2281 to allow several router or multilayer switches to appear as a single gateway ip address.

è      Each and every routers to participate in HSRP assigned to a common HSRP group (0 to 255).
è      One router is elected as the primary or active HSRP router and another is elect as the standby HSRP router and all others are listen HSRP state. Primary or active router elected based on highest priority value (0 to 255) by default all router have HSRP priority 100.

If the all router’s priority is equal, then it elected HSRP active router based on highest IP address on the HSRP interface.

è      HSRP sends its hello message to the multicast destination using UDP port 1985.
è      When HSRP is configured on an interface, the router progress through a series of states before becoming active. This forces a router to listen for others in a group and see where it fits into the pecking order. Device participating in HSRP must progress their interfaces through the following state sequence:
1.       Disabled
2.       Init
3.       Listen
4.       Speak
5.       Standby
6.       Active

è      Only the standby (second highest priority) router monitors the hello messages from the active router. By default, are sent every 3 second. If hellos are missed for the duration of the hold-down timer (default 10 second) the active router is presumed to be down. The standby router is then clear to assume the active role.

We can change hello timer (1 to 254 second or 15 to 999 milisecond) and hold down timer (1 to 255 second or 50 to 3000 millisecond).
Switch(config-if)# standby <group> timers msec <millisecond for hello timer> msec <millisecond for holdtime>
è         Each router has a common gateway IP address, the virtual router address. For the virtual router address, HSRP defines a special MAC address of the form 0000.0c07.acXX ,Where 0000.0c is CISCO vendor ID and is HSRP ID and XX represent HSRP group no.

è       We can also configure a router to preempt or immediately take over the active role if its priority is the highest at any time.
Switch(config-if)# standby <group> preempt

è       Plaint-text HSRP Authentication
HSRP message are sent with a plain-text key string (up to eight characters) as a simple method to authenticate HSRP peers. If the key string in a message matches the key configured on an HSRP peer, the message is accepted.
Cisco device use default key string.

We can configure a plain text authentication key for an HSRP group with the following interface configuration command:
Switch(config-if)# standby <group> authentication <string>

Note : we can also use MD5 authentication for HSRP message, for using key-chain and key-string value.