First Hop Redundancy Protocol (FHRP)

The purpose of a default gateway is to provide first hop routing services to endpoints. The default gateway is an upstream router or Layer 3 switch for client and server endpoints. Any packets destined for a remote subnet are forwarded to the default gateway IP address. DHCP service is often enabled to automatically configure a default gateway address on each endpoint. There is only a single default gateway address on any host client or network server.

First Hop Redundancy Protocol (FHRP) is a routing configuration that creates a virtual router from at least two physical routers. The purpose is to enable default gateway redundancy or failover. All packets from a host are automatically forwarded to the standby default gateway when the primary gateway fails. As a result the standby router becomes the new default gateway for endpoints at the access layer. There are both open and Cisco proprietary protocols available. Cisco CCNP ENCOR certification exam includes HSRP and VRRP configuration topics.

The main usage for VRRP is firewall and load balancer failover. Consider that routing and path forwarding is always per hop between Layer 3 devices. It is the next hop neighbor that is identified for packet forwarding.

That continues until packets arrive at a destination. The default gateway is first hop from an endpoint in the forwarding path to a destination endpoint. The figure is an example of FHRP operation configured for endpoints in subnet. The router interface is assigned within that same subnet. Since there are often multiple host VLANs at the access layer, it is more common to use a Layer 3 switch. The VLAN interface, called an SVI, serves as default gateway for each host VLAN on Layer 3 switch. It is a logical interface and not physical interface.

FHRP Operation

    • FHRP creates a virtual shared router from at least two physical routers. The endpoints always forward packets to the same default gateway address.
    • The virtual router is based on a shared virtual IP address and virtual Ethernet MAC address. That enables redundancy for fast failover to the standby router. All Layer 3 communication requires an IP address and MAC address.
    • The active router is assigned the virtual IP address and MAC address for packet forwarding. The standby router is assigned the virtual address when the active router is not available.
    • FHRP virtual IP address is the default gateway for hosts on the common subnet.
    • FHRP is not a routing protocol and virtual IP address is not installed in the routing table. It is a default gateway address where packets are forwarded for routing services.
    • Hello packets are sent between active and standby router at fixed intervals to detect neighbor operational state (up/up).
    • Layer 3 switches configured with an SVI (default gateway address) for each host VLAN.