First Hop Redundancy
Engineering High-Availability Gateways
The Virtualization of the Gatway
In a standard TCP/IP configuration, a host is assigned a static Default Gateway IP. If that router hardware fails, the host loses all off-link connectivity. FHRP solves this by creating a Virtual IP (VIP) that is shared between a group of routers.
Master Election
R1 (Pri 110) is the Master. If R1 fails, R2 (Pri 100) waits for the "Hold Timer" to expire before declaring itself Master.
Gratuitous ARP
Upon failover, R2 sends a GARP. Watch the pulse! This updates the L2 Fabric so frames are steered to the new physical port.
Click the router icons to simulate granular failures.
HSRP vs. VRRP: A Comparative Analysis
While both protocols achieve the same goal, their implementation and terminology differ:
- HSRP (Hot Standby Router Protocol): Cisco-proprietary (standardized in RFC 2281). Uses 'Active' and 'Standby' roles.
- VRRP (Virtual Router Redundancy Protocol): Open standard (RFC 5798). Uses 'Master' and 'Backup' roles.
The router with the highest priority becomes the Active/Master. In the event of a tie, the router with the highest physical IP address wins the election.
Virtual MAC Mechanics
To prevent hosts from needing to clear their ARP caches during a failover, FHRP uses a Virtual MAC address.
- HSRP VMAC: (where XX is the group ID).
- VRRP VMAC: (where XX is the VRID).
Object Tracking and WAN-Awareness
A router can be 'healthy' internally but have a failed upstream WAN link. Advanced FHRP implementations use Object Tracking. If the upstream link goes down, the router automatically decrements its priority, triggering a graceful failover to a redundant peer that still has internet access.
By combining sub-second timers with BFD (Bidirectional Forwarding Detection), modern FHRP deployments can achieve gateway failover in under 200 milliseconds, providing an uninterrupted experience for voice and real-time data services.