VRRP and HSRP Redundancy for VLANs
Posted by Kevin Stange, Last modified by Kevin Stange on 13 March 2012 02:52 PM
This article explains how and why we use VRRP or HSRP on VLANs we assign to our customers, as well as the implications and limits this may impose on services.
What are VRRP and HSRP?
HSRP is the "Hot Standby Router Protocol" and VRRP is the "Virtual Router Redundancy Protocol." Both protocols allow two routers to be used to provide a single gateway address in a VLAN. If ever one of the routers should fail or lose its connection, the other router will take over the gateway and keep the VLAN operating. HSRP is a protocol that is proprietary to Cisco network equipment. VRRP is a standardized protocol supported by multiple vendors. Certain models of Cisco equipment support only HSRP.
We generally prefer to use VRRP, but we will use HSRP in situations where VRRP is not supported. Both provide an equivalent level of redundancy.
Due to the way VRRP and HSRP function, each router that participates in the protocol on a VLAN must have an IP address of its own, separate from the gateway. This means if VRRP is enabled, we will need to reserve an extra two IP addresses. Usually, we claim the two IPs that immediately follow the gateway, but we can use any addresses in the subnet. As the size of the subnet increases, the number of IPs used does not. Five IPs will always be reserved: the network identifier, gateway, broadcast and two router IPs. For each new subnet added to a VLAN, we will reserve 5 IPs in that subnet as well. All the remaining IPs will be usable for customer equipment.
In order to provide constant monitoring of the VLAN state, there will be continuous broadcast traffic between the two routers on the VLAN, checking to see if the other is still available. This broadcast traffic is usually harmless, but will be visible in network traffic monitoring on any system within the VLAN. You can feel free to filter or drop this traffic from your own equipment without affecting the redundancy of the routers.
Some equipment you use inside your VLAN may offer the ability to use VRRP to provide redundancy of its own. If you plan to set up redundant equipment using VRRP, it is important that you contact our network operations team first via a support ticket. Each VRRP instance in a VLAN has a unique identifier which determines the hardware address used by that IP address. If your equipment uses the same ID number as our routers, it may cause VRRP to fail or cause other equipment on your VLAN confusion as to which device is the router. We will be able to let you know which ID(s) you can use to prevent interference with the existing configuration. Only one device on a VLAN can use a specific hardware address safely.
What if I don't want VRRP or HSRP?
VRRP or HSRP are preconditions for our Service Level Agreement regarding network connectivity. While we can disable them on request, doing so will introduce a single point of failure into your VLAN. We will not be able to honor any compensation requests due to network outages that could have been avoided by having VRRP or HSRP enabled.