HSRP VRRP GLBP

What is HSRP

HSRP (Hot Standby Router Protocol) is a redundancy protocol developed by Cisco Systems to provide high availability for default gateways in a network. It allows two or more routers (or Layer-3 switches) to work together as a group and present a single virtual IP address and virtual MAC address to end devices. From the user’s point of view, there is only one gateway, but behind the scenes multiple routers are ready to take over if one fails. This prevents network downtime when the main router goes down.

In an HSRP group, one router is elected as the Active router and another as the Standby router. The Active router forwards all traffic for the virtual IP address, while the Standby router stays ready to take control if the Active router fails. The routers continuously exchange hello messages (by default every 3 seconds) to check each other’s status. If the Standby router stops receiving hello messages from the Active router for a certain time (default 10 seconds), it assumes the Active router has failed and immediately becomes the new Active router. This process is automatic and usually takes only a few seconds, keeping the network running without user interruption.

HSRP works by using a virtual IP and virtual MAC address that are configured as the default gateway on client devices. Even if the physical router changes (Active to Standby), the virtual IP and MAC remain the same, so PCs and servers do not need to update their gateway settings. HSRP also uses a priority value (default 100) to decide which router becomes Active; the router with the higher priority wins. An optional feature called preemption allows a router with higher priority to take back the Active role when it comes online after a failure.

There are different versions of HSRP. HSRPv1 supports IPv4 and uses multicast address 224.0.0.2, while HSRPv2 supports IPv6 and larger group numbers and uses multicast address 224.0.0.102. HSRP can also be combined with tracking, where the router monitors important interfaces (like WAN links). If a tracked interface goes down, the router can lower its priority so another router becomes Active, improving overall network reliability.

In simple terms, HSRP creates a backup gateway. One router works actively, another waits in standby, and if the active one fails, the standby router takes over automatically using the same IP address. This makes HSRP very important in company and enterprise networks where continuous internet and internal network access are critical.

Why Need HSRP in Company Network

HSRP is needed in a company network to provide high availability and reliability for the default gateway, which is one of the most critical points in any network. In most office networks, all computers, servers, and IP phones use a single router or Layer-3 switch as their gateway to reach other networks and the internet. If that gateway device fails due to hardware fault, power issue, or maintenance, the entire company network can lose connectivity. HSRP prevents this single point of failure by allowing two or more routers to share one virtual gateway IP address, so that if the active router goes down, a standby router automatically takes over without users noticing any interruption.

With HSRP, business operations remain continuous because applications such as email, cloud services, ERP systems, VoIP phones, and video conferencing do not disconnect when a router fails. This is especially important for companies that depend on 24/7 connectivity. HSRP also improves network stability during maintenance, because network administrators can take one router offline for upgrades while the other router continues to forward traffic. Without HSRP, changing or restarting a gateway device would cause downtime and require manual reconfiguration of client gateway settings, which is risky and time-consuming.

In simple terms, HSRP is needed in company networks to avoid gateway failure, ensure nonstop connectivity, reduce downtime, and protect business productivity. It creates a backup router that automatically takes over, so users always have a working gateway even if one device fails

What is VRRP

VRRP (Virtual Router Redundancy Protocol) is a standard gateway redundancy protocol used in computer networks to ensure high availability and uninterrupted connectivity for end devices. It allows two or more routers to form a logical group called a virtual router, which is identified by a shared virtual IP address (VIP) and virtual MAC address. Hosts on the network use this virtual IP as their default gateway instead of a physical router address. Within the VRRP group, one router is elected as the Master based on priority value, and it actively forwards traffic, while the remaining routers stay in Backup mode and monitor the Master’s status. The Master router sends periodic advertisement messages to confirm it is operational. If these advertisements stop due to router failure, power loss, or link issues, a Backup router with the highest priority immediately takes over the role of Master and assumes control of the virtual IP and MAC address. This failover process is automatic and usually happens within a few seconds, so users experience little or no network disruption.

VRRP is defined by open standards (RFC 3768 for IPv4 and RFC 5798 for IPv6), making it vendor-independent and widely supported across different networking devices. It improves network reliability by eliminating the single point of failure at the default gateway, which is critical in enterprise, campus, and data center networks. VRRP also supports features such as priority-based election, preemption (allowing a higher-priority router to regain Master status when it comes back online), and interface tracking (reducing priority if a monitored link fails). Because end devices do not need any special configuration and remain unaware of the router switch-over, VRRP provides a transparent, simple, and effective solution for achieving high availability and fault tolerance in IP networks.

What is GLBP

GLBP (Gateway Load Balancing Protocol) is a Cisco pr oprietary redundancy and load-balancing protocol designed to provide both high availability and traffic load sharing for default gateways in a network. Unlike other gateway redundancy protocols that use only one active router and keep others on standby, GLBP allows multiple routers to actively forward traffic at the same time while still protecting against router failure. It creates a single virtual gateway IP address that hosts use as their default gateway, but behind this virtual gateway, several routers share the forwarding responsibility.

In GLBP, one router is elected as the Active Virtual Gateway (AVG). The AVG is responsible for assigning virtual MAC addresses to the other routers in the group, which are called Active Virtual Forwarders (AVFs). Each AVF owns a virtual MAC address and forwards traffic for clients mapped to it. When a host sends an ARP request for the default gateway IP, the AVG responds with one of the virtual MAC addresses based on a load-balancing algorithm (such as round-robin, weighted, or host-dependent). This way, different clients use different routers as their gateway, achieving true load balancing instead of leaving backup routers idle.

GLBP also provides strong fault tolerance. If one AVF router fails, another router in the group automatically takes over its virtual MAC address and continues forwarding traffic without requiring hosts to change their default gateway configuration. If the AVG itself fails, another router with the next highest priority becomes the new AVG and manages the group. GLBP supports features such as priority-based election, preemption, and interface tracking (where a router’s priority can decrease if a critical link goes down).

In summary, GLBP is an advanced gateway redundancy protocol that not only prevents a single point of failure at the default gateway but also efficiently uses multiple routers at the same time to balance traffic load. It is commonly used in enterprise networks where both high availability and optimal bandwidth utilization are required.

GLBP supports different types of load balancing

GLBP supports different types of load balancing to distribute network traffic across multiple routers. GLBP was developed by Cisco and it allows several routers to forward packets at the same time, improving gateway performance and availability.

Types of GLBP Load Balancing

1. Round-Robin Load Balancing
In this method, the Active Virtual Gateway (AVG) assigns different virtual MAC addresses to each host in sequence. Each router (called Active Virtual Forwarder – AVF) gets traffic from different clients one after another. This distributes traffic equally across all routers.

2. Weighted Load Balancing
In weighted load balancing, traffic is distributed based on the weight value assigned to each router. Routers with higher weight handle more traffic, while routers with lower weight handle less traffic. This is useful when routers have different performance or capacity.

3. Host-Dependent Load Balancing
In this method, a specific host is always mapped to the same virtual MAC address and router. This ensures the same client always uses the same gateway router, which is helpful for maintaining session consistency.

Summary:
GLBP provides three load balancing methods: Round-Robin, Weighted, and Host-Dependent. These methods help distribute traffic across multiple routers while still providing gateway redundancy.

Why Need GLBP In Company Network

GLBP (Gateway Load Balancing Protocol) is needed in a company network to provide both high availability and load balancing for the default gateway, which is critical for business continuity and performance. In many company environments, all users and servers depend on a single gateway router to reach other networks and the internet. If that gateway fails, the entire office or data center can lose connectivity, causing downtime, productivity loss, and possible financial impact. Traditional redundancy protocols keep one router active and others idle, but GLBP allows multiple routers to be used simultaneously, making better use of network resources.

One major reason companies use GLBP is to avoid a single point of failure while also improving traffic distribution. GLBP shares the gateway load across multiple routers by assigning different virtual MAC addresses to clients, so network traffic is evenly balanced. This prevents one router from becoming overloaded while another sits unused. If one router or link fails, GLBP automatically shifts traffic to the remaining routers without requiring any change on user devices, so employees and applications continue working without interruption.

GLBP is especially useful in enterprise and campus networks where there are many users, VoIP phones, servers, and cloud applications generating heavy traffic. It improves network performance, reliability, and scalability by ensuring that gateway services remain available and that bandwidth is efficiently utilized. In short, companies need GLBP to maintain nonstop network access, reduce downtime risk, optimize router usage, and provide a stable and resilient network infrastructure for business operations.

Comparison between HSRP Vs VRRP Vs GLBP

HSRP and VRRP are very similar. Both have one active and one standby router at any given time.
GLBP is the only one which provides load balancing of traffic among the devices in the group.
HSRP and GLBP are Cisco proprietary.
VRRP is an IETF standard (RFC 3768) so it is supported by all router vendors.
If you have a mixed vendor environment (e.g Cisco, Juniper etc) than its better to use VRRP.
All protocols support more than 2 routers in a group.
All protocols support tracking. This means that you can track an interface of the router (or other network conditions) and if something goes wrong (e.g interface goes down or a destination tracked host does not respond) then a failover action is triggered.
HSRP and GLBP support IPv6. The original VRRP does not support IPv6 but you need a special version of VRRPv3 for this

HSRP	VRRP	GLBP
Cisco Proprietary	Standardized	Cisco Proprietary
Active and Standby mode only	Active and Standby mode only	Multiple routers pass traffic thus achieving load balancing
Must configure a separate IP for the Virtual.	Virtual IP can be same as physical IP of one of the routers	Must configure a separate IP for the Virtual.
Default priority = 100	Default priority = 100	Default priority = 100
Higher priority (above 100) makes router active. Otherwise, higher IP makes router active.	Higher priority (above 100) makes router active. Otherwise, higher IP makes router active.	Higher priority (above 100) makes router primary forwarder. Otherwise, higher IP makes router primary forwarder.
Tracking supported (e.g interface state, routing info, reachability of remote host etc)	Tracking supported (e.g interface state, routing info, reachability of remote host etc)	Tracking supported (e.g interface state, routing info, reachability of remote host etc)
Supports IPv6	No support for IPv6 on the original VRRP implementation. However, VRRPv3 (RFC 5798) now supports it.	Supports IPv6
Supports timer and delay adjustments for failover	Supports timer and delay adjustments for failover	Supports timer and delay adjustments for failover

HSRP vs VRRP vs GLBP are first-hop redundancy protocols (FHRP) used in company networks. These protocols provide default gateway redundancy, meaning if one router fails, another router automatically takes over so the network continues working without interruption.

1. HSRP (Hot Standby Router Protocol)

Developed by: Cisco
Type: Cisco proprietary protocol
Working:
In HSRP, two or more routers form a group. One router becomes the Active router, and another becomes the Standby router. The active router handles all traffic for the virtual gateway IP. If the active router fails, the standby router immediately takes over.
Default port: UDP 1985
Load balancing: Not supported (only one active router).

Example:
If Router-1 fails, Router-2 automatically becomes active and continues forwarding traffic.

2. VRRP (Virtual Router Redundancy Protocol)

Standard: Defined by Internet Engineering Task Force
Type: Open standard protocol
Working:
VRRP works similarly to HSRP. Multiple routers share a virtual IP address, and one router becomes the Master router while others are Backup routers. If the master fails, a backup router takes over the gateway function.
Default port: IP protocol number 112
Load balancing: Not supported by default.

Example:
In a company network with routers from different vendors, VRRP is used because it is vendor-independent.

3. GLBP (Gateway Load Balancing Protocol)

Developed by: Cisco
Type: Cisco proprietary protocol
Working:
GLBP allows multiple routers to share traffic simultaneously. One router becomes the Active Virtual Gateway (AVG) and others become Active Virtual Forwarders (AVF). The AVG distributes different virtual MAC addresses to hosts so traffic is balanced across multiple routers.
Default port: UDP 3222
Load balancing: Supported.

Example:
If three routers are configured, all three can forward traffic at the same time, improving network performance.

Comparison Table

Feature	HSRP	VRRP	GLBP
Full Form	Hot Standby Router Protocol	Virtual Router Redundancy Protocol	Gateway Load Balancing Protocol
Standard	Cisco Proprietary	Open Standard	Cisco Proprietary
Router Roles	Active / Standby	Master / Backup	AVG / AVF
Load Balancing	No	No	Yes
Vendor Support	Cisco only	Multi-vendor	Cisco only
Default Port	UDP 1985	IP Protocol 112	UDP 3222
Gateway Redundancy	Yes	Yes	Yes
Traffic Distribution	Single active router	Single master router	Multiple routers

Simple Summary:

HSRP: Cisco redundancy protocol (Active–Standby).
VRRP: Standard redundancy protocol supported by multiple vendors.
GLBP: Cisco protocol that provides redundancy + load balancing at the same time.

How HSRP Work

What is HSRP?

Hot Standby Router Protocol (HSRP) is a Cisco proprietary FHRP protocol that enables two or more routers to work together, acting as a highly available default gateway to local hosts. HSRP operates in an active/standby model and implements the concept of a Virtual IP address (VIP), as shown in the diagram below.

Notice that R1’s physical interface has an IP address of 10.1.1.2, and R2’s physical interface has 10.1.1.3. However, both routers run HSRP and share the virtual IP address 10.1.1.1. The VIP is a normal IP address in the same local subnet but is not configured on any physical router interface (hence “virtual”).

How does HSRP work?

This was the protocol’s high-level overview. Now, let’s examine the protocol’s most important aspects and operation in more detail.

Virtual IP (VIP) and Virtual MAC address (VMAC)

HSRP creates a virtual IP address (VIP) and a virtual MAC address (VMAC) that hosts in the network use as their gateway. The active router acts as if the virtual IP address is configured on its physical interface that connects to the local subnet, as shown in the diagram below.

				
					R1(config)# interface GigabitEthernet0/1
R1(config-if)# standby 1 ip 10.1.1.1
R1(config-if)# standby 1 priority 110

In the end, the device with the highest priority becomes the active router. Pay attention to the following arguments in the configuration commands shown above:

The protocol is configured per interface. This example is configured under GigabitEthernet0/1.
The group number is 1. It must match all devices participating in the group and sharing the same VIP address.
The command standby 1 ip 10.1.1.1 specifies the VIP address. It must be in the same subnet as the interface’s IP address and the same value on all routers in the group.
The command standby 1 priority 110 specifies the priority of this router. Higher is better.

Active router election

Based on the priority values of every router, the HSRP election process determines which router will become active and which will be the standby router in an HSRP group. The process works in two steps:

Priority Comparison—All HSRP routers send each other hello messages containing their priority values and IP addresses. The device with the highest priority is elected as the active router.
Tiebreaker Using IP Address—If two routers have the same priority, the one with the highest IP address becomes the active router.

Once an active router has been elected, the router with the second-highest priority (or IP address in case of a tie) is elected as the standby router. It will take over if the active router fails.

States

A router interface that runs HSRP does not immediately become an Active or Standby router. It first goes through the protocol’s state machine to determine how many routers participate in the HSRP group and what its state should be. The following diagram explains the purpose of each state.

In the HSRP configuration lab, we will discuss the states in more detail. Using debug messages, we will observe how a device moves through the states before it becomes active or standby. Keep in mind that the HSRP states are a common drag-and-drop question on the CCNA exam. Although they are pretty easy to figure out using simple logic, it is good to spend time understanding each state.

Versions

Cisco devices support two HSRP versions: version 1 and version 2. These versions differ in several aspects, such as multicast IP addresses and message formats. Because of these differences, all routers within the same group must run the same version. If two routers in the same group are mistakenly configured with different versions, they will be unable to communicate and will ignore each other.

Table 1. HSRPv1 vs HSRPv2.
Capability	Version 1	Version 2
Hello timer units	Seconds	Milliseconds
Supports both IPv4 and IPv6	No (only IPv4)	Yes
Number of groups supported	256 (from 0 to 255)	4096 (from 0 to 4095)
Virtual MAC (– or — is the HSRP group number in HEX)	0000.0C07.AC–	0000.0C9F.F—
Multicast address	224.0.0.2	224.0.0.102

Version 2 offers several advantages over version 1. It introduced support for IPv6 and enables faster convergence during changes by using shorter Hello timers. In contrast, HSRPv1 typically had a minimum Hello timer of 1 second. The table above outlines the key differences between the two protocol versions. Even though version 2 is superior to v1, HSRPv1 is far more common in real-world deployments than HSRPv2.

The virtual MAC address

The HSRPv1 virtual MAC address is a Layer 2 address associated with the virtual IP address (VIP) configured for the HSRP group. It has the following format:

				
					0000.0C07.AC01

				
					The MAC address for Group 5
0000.0C07.AC05

The MAC address for Group 10
000.0C07.AC0A

The MAC address for Group 150
0000.0C07.AC96

The MAC address for Group 255
0000.0C07.ACFF

Notice that the Group number is converted to a hexadecimal number in the MAC address (in red). Also, notice that the largest possible HEX number with two HEX digits is FF, which is 255 in decimal. That’s why Cisco routers support a maximum of 256 HSRP groups per interface (depending on the platform and software version).

The HSRPv2 uses a different MAC address 0000.0C9F.Fxxx, where xxx is the group number in HEX. However, the logic is exactly the same. Obviously, it supports more group numbers – 4096.

HSRP Data Plane

Once the protocol state machine has gone through the states, the protocol is converged and ready to forward traffic. Let’s quickly examine how traffic forwarding happens in the data plane. How does host traffic end up on the Active router? The following diagram explains how the data plane works.

				
					Microsoft Windows [Version 10.0.22631.4317]
(c) Microsoft Corporation. All rights reserved.
C:\Users\ivan> arp -a
Interface: 10.1.1.150 --- 0x7
  Internet Address      Physical Address      Type
  10.1.1.1              00-00-0c-07-ac-01     dynamic
  10.1.1.32             70-da-01-aa-3c-3f     dynamic
  239.255.255.250       01-00-5e-7f-ff-fa     static
  255.255.255.255       ff-ff-ff-ff-ff-ff     static

				
					Router(config-if)# standby 1 preempt

				
					IMPORTANT: Preemption is disabled by default in HSRP.

Now that we have reviewed how the protocol works let’s look at the most common use cases in real-world scenarios.

HSRP Use cases

There are a few very common scenarios when we use the Hot Standby Routing Protocol in production networks.

Resilient Default Gateway

Of course, the protocol’s most common use case is providing a resilient default gateway to hosts by allowing two or more routers to share a virtual IP address. One router is active, and the others are on standby. A standby router takes over if the active router fails, ensuring uninterrupted gateway availability.

This capability is used in 99.9% of all modern networks because default gateway redundancy is essential for the overall availability of host connectivity.

Load balancing

We have said that the protocol is configured per interface, which is effectively per subnet. When a device has many interfaces connected to many subnets, it typically participates in many HSRP groups. Suppose we have two routers (R1 and R2) that connect to multiple host subnets. In such a scenario, If we configure R1 to be the active router for every subnet, we end up in the following situation:

R1 (active) is overutilized because all hosts use it as their default gateway.
R2 (standby) is underutilized because none of the hosts use it as their default gateway.

A better design is distributing traffic across the two routers by making one device active for some subnets and the other active for others, as shown in the diagram below.

Notice that we configure multiple HSRP groups on a single interface. Each group has its own virtual IP address, which different hosts can use as their default gateway.

In group 1, R1 is the active device because it has a priority of 110, while R2 has the default value of 100.
In group 2, R2 is the active device because it has a priority of 110, while R1 has the default value of 100.

Although this design is not very common, it can be useful in scenarios where large subnets have many hosts transmitting high data volumes. If we don’t balance the traffic to both routers, one can easily be overutilized while the other is underutilized.

VIP as IP next hop

Another common use case is using HSRP VIP as the next-hop IP address in static routing. A static route can point to a virtual IP instead of a physical router IP, ensuring continuity in routing even if a next-hop device fails.

For example, we can configure a static route on R1 to point to either of the next-hop devices (R2 and R3). However, if that device fails, we will lose the static route. A better design is configuring the static route to point to a virtual IP address, as shown in the diagram above. In that case, even if one of the next-hop devices fails, the other takes over, and the static route still provides connectivity to the destination network.

Interface Tracking

Another capability available in all FHRPs monitors the status of other IOS functions. Cisco devices support tracking the state of interfaces, routes in the IP routing table, and various other objects. If a tracked interface fails, the protocol lowers the configured priority value.

The example below shows the most common use case of this capability. We have a dual-homed network with two WAN routers. The routers run HSRP to provide a resilient default gateway to hosts.

At this point, traffic from hosts still goes to R1 (because it is still the active device). However, R1 is not connected to the external world because its uplink is down. Depending on the routing design, this could lead to a complete outage for the hosts. Even if there is no outage, the traffic path becomes inefficient. This is where the interface tracking feature comes into play.

HSRP interface tracking monitors the status of a specific interface and dynamically adjusts the HSRP priority based on the operational state of the tracked interface. For example, R1 is the active device, and its tracked interface fails. The protocol immediately decreases the HSRP priority of the router with the configured value (50). At this point, the standby router’s priority becomes higher than R1’s current priority of 60 (110-50). Hence, R2 preempts the active role for the time being until R1’s uplink goes up again.

How VRRP Work

The Virtual Router Redundancy Protocol (VRRP) is the second first-hop redundancy protocol (FHRP) we will examine in this course section. If you don’t know why a resilient network needs a FHRP protocol, I would suggest going through our lesson on FHRP first. Also, make sure to go through the lessons in order so that you are familiar with HSRP before going into VRRP and the next protocol we are going to examine – GLBP.

What is VRRP?

Hosts on the LAN, such as servers, PCs, laptops, mobile phones, etc., typically have a single default gateway address. This introduces a single point of failure in the network. If the default gateway becomes unavailable, the hosts can only communicate within their local LAN and lose access to the rest of the network. Similarly to HSRP, VRRP provides a solution to this problem.

VRRP allows multiple routers to operate as a single virtual router, which hosts can then use as their default gateway.

At first glance, you can notice a few major differences between VRRP and HSRP, as shown in the diagram above.

The routers that share a virtual IP address are called the “Virtual router group” (not the HSRP group).
The virtual IP address is called the “Virtual router group IP address.“
The virtual router address (the VIP) can be the IP address of the physical interface of one of the routers. For example, R1’s physical interface is 10.1.1.1, and the virtual router group IP address is 10.1.1.1.
The active router is called the “Master virtual router.”
The standby routers are called “Backup virtual routers.”

When the virtual router address uses R1’s physical interface’s IP address, R1 assumes the role of the master virtual router and is also known as the IP address owner. As the master virtual router, R1 controls the virtual router IP address 10.1.1.1 and is responsible for forwarding packets sent to this IP address.

R2 functions as a backup virtual router. If the master virtual router fails, the backup router becomes the master virtual router and provides uninterrupted service for the LAN hosts. In VRRP, preemption is enabled by default. When R1 recovers, it becomes the master virtual router again.

The history of VRRP

HSRP and VRRP were introduced at the same time in the 1990s when organizations started relying heavily on their corporate networks. Cisco identified the need for first-hop router redundancy but, in the absence of a standards-based solution, developed HSRP as a proprietary protocol. Later, the IETF introduced VRRP, which offers similar features but as an open-standard protocol.

VRRP provides the same functionality as HSRP. Both protocols aim to offer redundancy for hosts’ default gateway and optional preemption.

Versions

The protocol has evolved into three major versions: VRRPv1, VRRPv2, and VRRPv3. However, Version 1 is now completely obsolete and not supported by modern network devices. It has been completely replaced by VRRPv2 and VRRPv3 for enhanced features and security. The following table compares the two modern versions.

Table 1. VRRPv2 vs. VRRPv3.
Feature	VRRPv2	VRRPv3
IP Protocol Support	Only IPv4	IPv4 and IPv6
Authentication	Does not support authentication	IPsec-based authentication
Multicast address	Uses 224.0.0.18 for IPv4	Uses 224.0.0.18 for IPv4 and FF02::12 for IPv6
Priority	1–255, where higher is better	1–255, where higher is better
Virtual MAC address	0000.5E00.01xx for IPv4	0000.5E00.01xx for IPv4 and 0000.5E00.02xx for IPv6
RFC	RFC3768	RFC5798

In summary, VRRPv3 is an improvement over VRRPv2. It primarily adds support for IPv6 and enhances security with IPsec authentication. In this lesson, when we say “VRRP,” we refer to VRRPv3.

VRRPv3 vs HSRPv2

The following table compares the differences between the most modern versions of HSRPv2 and VRRPv3.

Table 2. VRRPv3 vs. HSRPv2.
	HSRP	VRRP
Cisco-propriatary	Yes	No (open standard)
The virtual IP must be different from routers’ physical IPs?	Yes	No
Preemption disabled by default	Yes	No
Supports IPv4 and IPv6	Yes	Yes
Multicast address	224.0.0.102	224.0.0.18
Virtual MAC	0000.0c9f.fxxx	0000.5e00.01xx
Max group numbers supported	4096 (0-4095)	255 (1-255)
Transport	UDP/1985	IP/112
Default Hello timer	3 seconds	1 second

In summary, the essential difference is that HSRP is Cisco-proprietary, while VRRP is open-standard. You can safely use either one as a first-hop redundancy protocol and have a resilient default gateway. Typically, the design choice of which one to use depends on the type of network equipment. If the network is 100% Cisco-based, you use HSRP. If it is another vendor, you use VRRP.

VRRP Concept

Now, let’s zoom into VRRP a little bit more and examine the most fundamental aspects of the protocol.

Basic Configuration

Let’s start with the basic configuration. Although it is not part of the CCNA blueprint, knowing how to configure the protocol helps a lot in understanding how it works. The following diagram shows the most basic configuration setup.

				
					R1# show run interface e0/0
interface Ethernet0/0
 ip address 10.1.1.1 255.255.255.0
 vrrp 1 ip 10.1.1.1
end

This configuration simplifies the Master/Backup election process, as you can see in the next section of the lesson.

The election process

The VRRP Master/Backup election process is based on priority. The priority value is between 0 and 255, where 100 is the default value. If there is a tie, the highest IP address wins.

There are two special priority values that cannot be configured explicitly with the vrrp 1 priority [value] command, 0 and 255:

Priority 255 – If the virtual router IP address is one of the router’s physical interface IP addresses, it automatically has a priority of 255. You cannot configure 255 with the priority command.
Priority 0 – A value of 0 (zero) is reserved for the Master router to signal to other routers in the VRRP group that it is stepping down and no longer participating as the Master. This triggers a re-election process among the backup routers to select a new Master based on their configured priority values.

The values from 1 to 254 are available for explicit configuration on VRRP routers, as you can see in the output below.

				
					R1(config-if)# vrrp 1 priority ?
  <1-254>  Priority level(default 100)

Higher values indicate higher priority and a higher likelihood of becoming the master virtual router. The default priority value is 100 (same as HSRP).

Timers

In VRRP, only the Master virtual router sends periodic VRRP advertisement packets (Hellos) to indicate its availability and status. The advertisement timer is 1 second by default. (In HSRP, it is 3 seconds by default). The advertisements are encapsulated in IP/112 and sent to the VRRP link-local multicast address 224.0.0.18.

Backup routers simply listen for these advertisements from the Master. If a backup router does not receive 3xAdvertisements from the Master within a specific timeout period (Master Down Interval), it assumes the Master has failed. The backup routers then initiate an election process to select a new Master based on their priority values.

Preemption

Preemption is enabled by default in VRRP. This is a big difference from HSRP, where preemption is disabled by default.

Notice in the output below that we haven’t configured preemption explicitly, but it is enabled by default.

				
					R1# show run int e0/0
interface Ethernet0/0.20
 encapsulation dot1Q 20
 ip address 10.1.1.1 255.255.255.0
 vrrp 1 ip 10.1.1.

				
					R1# show vrrp
Ethernet0/0 - Group 1
  State is Master
  Virtual IP address is 10.1.1.1
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 255
  Master Router is 10.1.1.1 (local), priority is 255
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.003 sec
  FLAGS: 1/1

Okay, but let’s ask ourselves: What are the consequences of preemption being on by default in VRRP?

During the configuration and reconfiguration of VRRP routers, if multiple routers are not explicitly assigned different priorities, the one with the highest IP address will immediately preempt the master role. This may be undesirable. Configuring each one with a different priority value is a recommended practice. For example, one with priority 130, another with 120, another with 110, and so on. This approach helps achieve faster convergence.

Also, recall that the “IP address owner” has a priority value of 255. During the configuration process, the router with a priority of 255 will immediately preempt any lower-priority routers upon startup. Only one router on the link should be assigned this priority.

Use Cases

The Virtual Router Redundancy Protocol is commonly used in the same scenarios where we use HSRP or any other first-hop redundancy protocol. The most common use cases include:

Redundancy for the default gateway router.
Redundancy for the next hop in static routing.
Conditional next hop router (Tracking of an uplink interface or IP route).

The design choice when to use VRRP instead of HSRP is primarily based on the network equipment vendor. In Cisco environments, engineers prefer to use HSRP. In non-Cisco environments, VRRP is the only standard choice for first-hop redundancy.

Gateway Load Balancing Protocol (GLBP)

The Gateway Load Balancing Protocol (GLBP) is the last first-hop redundancy protocol (FHRP) we discuss in this section. It serves the same function as the HSRP and VRRP—it provides redundancy for the default gateway. However, GLBP supports load balancing, while HSRP and VRRP only support load sharing.

HSRP/VRRP Load Sharing

To provide context around this lesson and understand why Cisco has introduced GLBP, let’s discuss the difference between load sharing and load balancing.

Load Sharing refers to distributing traffic across multiple routers based on predefined static configuration. For example, we have a subnet with many hosts and two routers running HSRP. Suppose we want to load balance the traffic between the two local routers. Since HSRP does not support true load balancing, the only way to achieve it is to configure two different HSRP groups (say groups 1 and 2) and make a different router Active for each group. For example, R1 is the Active router for HSRP group 1, and R2 is the active group for HSRP group 2.

However, this is still not enough. We also need to configure one-half of the hosts with a default gateway pointing to HSRP 1’s VIP and the other half of the hosts with a default gateway pointing to HSRP 2’s VIP, as shown in the diagram below.

GLBP is the only protocol that can do proper load-balancing inside one virtual router group, as shown in the diagram above. Now, let’s see how.

What is GLBP?

GLBP is a first-hop redundancy protocol (FHRP) that provides redundancy for the default gateway router, similar to HSRP and VRRP. However, the main improvement that GLBP provides compared to HSRP/VRRP is that it supports proper load balancing. Look at the diagram below and compare it to Figure 1 above.

Also, notice that the virtual router IP address can be the IP address of the physical interface of R1. This is not possible with HSRP, where the VIP must be a different IP than the physical interfaces’ IP addresses.

When the VRRP VIP is configured, as shown in the output below, the router is called “IP owner” because its IP address 10.1.1.1 is configured as virtual router address 10.1.1.1.

Network Loade Balaencing

Server Loade Balaencing

You can see that host traffic is equally load-balanced between the two local routers. However, let’s highlight the big differences compared to the HSRP/VRRP load sharing:

There is only one GLBP group configured on the router interface, while in the case of HSRP load sharing, there are two HSRP groups on the same interface.
All servers are configured with the same default gateway address, 10.1.1.1, while in the case of HSRP load sharing, a subset of the servers is configured with another DGW address.

These improvements make GLBP much more efficient at scale if the organization wants to load balance the default gateway traffic. Let’s now zoom in and see how it works.

How does GLBP work?

GLBP works per subnet as all other FHRP protocols. When there are multiple GLBP routers on the same subnet, they must be configured with the same group number, the same virtual address, and different priorities, as shown in the output below (similarly to HSRP):

				
					interface Ethernet0/0
 glbp [group] ip [virtual address]
 glbp [group] priority [priority value]

				
					R1(config)# interface Ethernet0/0
 glbp 1 ip 10.1.1.1
 glbp 1 priority 120

				
					R2(config)# interface Ethernet0/0
 glbp 1 ip 10.1.1.1
 glbp 1 priority 110

				
					R3(config)# interface Ethernet0/0
 glbp 1 ip 10.1.1.1
 glbp 1 priority 100

				
					R1# show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Et0/0       1    -   120 Active   10.1.1.1        local           10.1.1.3
Et0/0       1    1   -   Active   0007.b400.0101  local           -
Et0/0       1    2   -   Listen   0007.b400.0102  10.1.1.3        -
Et0/0       1    3   -   Listen   0007.b400.0103  10.1.1.4

				
					R2# show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Et0/0       1    -   110 Standby  10.1.1.1        10.1.1.2        local
Et0/0       1    1   -   Listen   0007.b400.0101  10.1.1.2        -
Et0/0       1    2   -   Active   0007.b400.0102  local           -
Et0/0       1    3   -   Listen   0007.b400.0103  10.1.1.4

				
					R3# show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Et0/0       1    -   100 Listen   10.1.1.1        10.1.1.2        10.1.1.3
Et0/0       1    1   -   Listen   0007.b400.0101  10.1.1.2        -
Et0/0       1    2   -   Listen   0007.b400.0102  10.1.1.3        -
Et0/0       1    3   -   Active   0007.b400.0103  local

				
					R1# show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Et0/0       1    -   120 Active   10.1.1.1        local           10.1.1.3
Et0/0       1    1   -   Active   0007.b400.0101  local           -
Et0/0       1    2   -   Listen   0007.b400.0102  10.1.1.3        -
Et0/0       1    3   -   Listen   0007.b400.0103  10.1.1.4

				
					R2# show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Et0/0       1    -   110 Standby  10.1.1.1        10.1.1.2        local
Et0/0       1    1   -   Listen   0007.b400.0101  10.1.1.2        -
Et0/0       1    2   -   Active   0007.b400.0102  local           -
Et0/0       1    3   -   Listen   0007.b400.0103  10.1.1.4

				
					R3# show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Et0/0       1    -   100 Listen   10.1.1.1        10.1.1.2        10.1.1.3
Et0/0       1    1   -   Listen   0007.b400.0101  10.1.1.2        -
Et0/0       1    2   -   Listen   0007.b400.0102  10.1.1.3        -
Et0/0       1    3   -   Active   0007.b400.0103  local

Server Loade Balaencing

Basic Configuration HSRP, VRRP, and GLBP

HSRP Configuration
R1

interface Ethernet0/1
description LAN Interface of Active Router
ip address 192.168.1.1 255.255.255.0
standby 1 ip 192.168.1.254 <—- Create HSRP Group 1 and assign Virtual IP
standby 1 priority 101 <—- Assign priority above 100 to make this the primary router
standby 1 preempt <—- Makes router active if it has higher priority

interface Ethernet0/1
description LAN Interface of Standby Router
ip address 192.168.1.2 255.255.255.0
standby 1 ip 192.168.1.254 <—- Create HSRP Group 1 and assign Virtual IP
standby 1 preempt <—- Makes router active if it has higher priority

VRRP Configuration
R1

interface Ethernet0/1
description LAN Interface of Active Router
ip address 192.168.1.1 255.255.255.0
vrrp 1 ip 192.168.1.254 <—- Create VRRP Group 1 and assign Virtual IP
vrrp 1 priority 101 <—- Assign priority above 100 to make this the primary router
vrrp 1 preempt <—- Makes router active if it has higher priority

interface Ethernet0/1
description LAN Interface of Standby Router
ip address 192.168.1.2 255.255.255.0
vrrp 1 ip 192.168.1.254 <—- Create VRRP Group 1 and assign Virtual IP
vrrp 1 preempt <—- Makes router active if it has higher priority

GLBP Configuration
R1

interface Ethernet0/1
description LAN Interface of Primary Router
ip address 192.168.1.1 255.255.255.0
glbp 1 ip 192.168.1.254 <—- Create GLBP Group 1 and assign Virtual IP
glbp 1 priority 101 <—- Assign priority above 100 to make this the primary router
glbp 1 preempt <—- Makes router active if it has higher priority
glbp 1 load-balancing round-robin <—- Configure round-robin balancing of traffic

interface Ethernet0/1
description LAN Interface of Secondary Router
ip address 192.168.1.2 255.255.255.0
glbp 1 ip 192.168.1.254 <—- Create GLBP Group 1 and assign Virtual IP
glbp 1 preempt <—- Makes router active if it has higher priority
glbp 1 load-balancing round-robin <—- Configure round-robin balancing of traffic

1. What is HSRP?

Answer:
HSRP (Hot Standby Router Protocol) is a first-hop redundancy protocol developed by Cisco that provides gateway redundancy in a network. It uses an Active router and a Standby router. The active router handles traffic, and if it fails, the standby router automatically takes over.

2. What is VRRP?

Answer:
VRRP (Virtual Router Redundancy Protocol) is an open standard redundancy protocol defined by the Internet Engineering Task Force. It allows multiple routers to share a virtual IP address where one router becomes Master and the others become Backup routers.

3. What is GLBP?

Answer:
GLBP (Gateway Load Balancing Protocol) is a Cisco proprietary protocol that provides both redundancy and load balancing. Multiple routers can forward traffic simultaneously using Active Virtual Gateway (AVG) and Active Virtual Forwarder (AVF) roles.

4. Why are HSRP, VRRP, and GLBP needed in a company network?

Answer:
They are used to provide default gateway redundancy. If the main router fails, another router automatically takes over, preventing network downtime and ensuring continuous communication.

5. What is the main difference between HSRP and VRRP?

Answer:
HSRP is Cisco proprietary, while VRRP is an open standard supported by multiple vendors. Both provide gateway redundancy, but VRRP uses Master/Backup roles, while HSRP uses Active/Standby roles.

6. Which protocol supports load balancing?

Answer:
Only GLBP supports load balancing. HSRP and VRRP allow only one router to actively forward traffic.

7. What ports or protocol numbers are used?

HSRP: UDP port 1985
VRRP: IP protocol number 112
GLBP: UDP port 3222

8. What is a virtual IP address?

Answer:
A virtual IP address is a shared gateway IP configured on multiple routers. End devices use this IP as their default gateway, while the redundancy protocol manages which router actually forwards traffic.

9. What happens if the active router fails in HSRP?

Answer:
If the active router fails, the standby router automatically becomes active and starts forwarding traffic without changing the default gateway IP.

10. What are the router roles in each protocol?

Protocol	Roles
HSRP	Active / Standby
VRRP	Master / Backup
GLBP	AVG / AVF

11. Which protocol is best for multi-vendor networks?

Answer:
VRRP is best because it is an open standard and works with routers from different vendors.

12. What is AVG and AVF in GLBP?

Answer:

AVG (Active Virtual Gateway): Assigns virtual MAC addresses to routers.
AVF (Active Virtual Forwarder): Routers that forward traffic for clients.

furniture

lightings

accessories

Texture lab

what’s new

what’s new

Flash sales

Flash sales

HSRP VRRP GLBP

What is HSRP

Why Need HSRP in Company Network

What is VRRP

What is GLBP

GLBP supports different types of load balancing

Types of GLBP Load Balancing

Why Need GLBP In Company Network

Comparison between HSRP Vs VRRP Vs GLBP

1. HSRP (Hot Standby Router Protocol)

2. VRRP (Virtual Router Redundancy Protocol)

3. GLBP (Gateway Load Balancing Protocol)

Comparison Table

How HSRP Work

What is HSRP?

How VRRP Work

What is VRRP?

Gateway Load Balancing Protocol (GLBP)

Network Loade Balaencing

Server Loade Balaencing

Server Loade Balaencing

Basic Configuration HSRP, VRRP, and GLBP

Top interview questions and answers about HSRP, VRRP, and GLBP

1. What is HSRP?

2. What is VRRP?

3. What is GLBP?

4. Why are HSRP, VRRP, and GLBP needed in a company network?

5. What is the main difference between HSRP and VRRP?

6. Which protocol supports load balancing?

7. What ports or protocol numbers are used?

8. What is a virtual IP address?

9. What happens if the active router fails in HSRP?

10. What are the router roles in each protocol?

11. Which protocol is best for multi-vendor networks?

12. What is AVG and AVF in GLBP?