HSRP, VRRP and GLBP are the three commonly used first hop redundancy protocols in local area networks and the data center.

In this post, I will briefly describe them and highlight the major differences. I will ask you a design question so we will discuss in the comment section below.

hsrp vrrp glbp

source: Orhan Ergun CCDE Study Guide – Workbook


I am explaining this topic in deep detail in my Onsite CCDE  Live/Webex CCDE  and  Self Paced CCDE  course.


HSRP and GLBP are the Cisco specific protocols but VRRP is an IETF standard. So if the business requirement states that more than one vendor will be used , then VRRP is the best choice to avoid any vendor interoperability issue.

For the default gateway functionality HSRP and VRRP uses one virtual IP corresponds one Virtual Mac address.

GLBP operates in a different way. Clients still use one virtual IP address but more than one virtual mac address is used. So each default gateway switch has its own virtual Mac address but same virtual IP address.

To illustrate this, lets look at the below picture.


hsrp virtual mac

source: Orhan Ergun CCDE Study Guide – Workbook

In the above picture, clients use same gateway mac address since the first hop redundancy protocol is HSRP.

If GLBP was in used, on the PC we would see different gateway mac addresses.

HSRP works as an active/standby , GLBP works as an active/active fashion.

Both nodes/gateways in any vlan can pass the traffic if GLBP is used. Bonus : This is called flow based load balancing.

Flow based load balancing is not possible in HSRP or VRRP. Maximum you can have with HSRP and VRRP is vlan based load balancing.

For some set of vlans, one switch is used as active node , for the different set of vlans,  standby node is used as an active node for those vlans.

For example, all the clients in Vlan 1 – 100 can use left switch as a default gateway ,for the  Vlan 101 – 200 right switch can be used as a default gateway. If you do this still all the physical links can be utilized in the topology and any switch doesn’t stay as an idle.

If you lose an active node in HSRP/VRRP network, all the hosts in a given vlan is effected. But in GLBP, since both nodes are active and only half of the traffic passes through failed node, only half of the clients in any given vlan notices the failure.

This is important network design criteria for the first hop redundancy protocols.

Question :

switch topology

source: Orhan Ergun CCDE Study Guide – Workbook


Question 1 : What is the name of this topology ?

Question 2 : Is HRRP or GLBP more suitable , Why ?

Share your answers with your name and email since the correct answers will receive a surprise prize.

By the way please share this post on social media.

35 Replies to “HSRP – VRRP – GLBP”

  1. Hi Orhan,

    Name of Topology – I guess I would just call it Layer 2 access (triangle)

    Suitable FHRP – HSRP is fine here in my opinion as both VLAN100/200 are primary on a single distribution switch for both HSRP and STP. GLBP would confuse matters by having to use the layer 2 switch to switch link thus burdening top left distro switch regardless. I think I’d rather have a L3 link between distro switches and remove the looped topology. Here we can make a good use of GLBP.

    Merry christmas by the way!

  2. Not sure if you’re looking for layer 2 looped dual distribution topology, or another name that I’m not sure of. GLBP doesn’t make sense due to the redundant link being blocked by STP and only having one forwarding path through the STP root anyway (so HSRP is more suitable).

  3. 1) This scenario is called a looped L2 topology.

    2) HSRP is more suitable in this scenario because STP will block the uplinks to the sec root, thus the primary hop will be one L2 hop away from the client, while the sec root will be two hops away.

  4. 1) Name is topology is Multigroup HSRP (MHSRP)

    2) MHSRP is more suitable in this scenario because different vlans will use different switch as it layer 3 gateway. left switch will be HSRP primary for group 1 (VLAN 1-100)and secondary for group 2 (VLAN 101-200). Right switch will be HSRP secondary for group 1 (VLAN 1-100)and primary for group 2 (VLAN 101-200). This way, load-sharing (not necessarily loadbalancing) is achieved.

    1. Edited**
      Orhan Sorry for the typo, my response to Question 1 is an inverted U topology.

      2) MHSRP is more suitable in this scenario because different vlans will use different switch as it layer 3 gateway. left switch will be HSRP primary for group 1 (VLAN 1-100)and secondary for group 2 (VLAN 101-200). Right switch will be HSRP secondary for group 1 (VLAN 1-100)and primary for group 2 (VLAN 101-200). This way, load-sharing (not necessarily loadbalancing) is achieved. – See more at: https://www.orhanergun.net/2015/12/08/hsrp-vrrp-glbp/#comment-1074

  5. 1. I think the name of the topology is L2 looped triangle
    2. HSRP is recommended because of the STP blocked links. If GLBP was be used, load balancing would not work because traffic can’t get to the Distribution switch on the right.

  6. 1. L2 looped topology ( spam vlans)
    2. Using odd/even vlan load balance, so D1 gonna be hsrp/vrrp active and stp root for even vland and D2 stp root and hsrp/vrrp active forma odd vlans, this topo needs a l2 b2b lik to l2 voan extensión un order some aplica ions like VMmotion works.

  7. 1.) Looped Triangle Topology
    2.) I would use HSRP here, since STP is blocking ports to one of the distribution switches, and HSRP would line up the L2 and L3 forwarding paths.

  8. 1. Looped Triangle Topology
    2. Correction in the question though. HRRP (HSRP or VRRP)? Either HSRP (Cisco devices) or VRRP (different vendors) is preferred, since the VLANs are replicated on both switches, assuming appropriate STP priorities.

  9. It is L2 Only Access/Distribution with Extended VLANs topology.

    in My Opinion the HSRP is more suitable as per the Topology layout, as the Redudant links has been blocked by STP at L2.

  10. Q1: Looped layer2 topology (triangle).
    Q2: HSRP/VRRP is more preferred than GLBP
    IF we use GLBP, then the blocked link will cause the traffic to corss the Inter switch link for some traffic, which is not optimal.
    It is always better for the traffic to north and south than east and west.

    If we use HSRP/VRRP we should make the left distribution switch the default Gateway for VLANs that have the switch as STP root. And do the same for right distribution switch for the remaining VLANs.

  11. This type of network is called “classical hierarchal networks” because FHRP is working in conjunction with Spanning Tree Protocol (SPT). It’s also referred to as a U topology.
    In this type of design HSRP or VRRP is better than GLBP because with GLBP, the distribution of ARP (Address Resolution Protocol) responses will random, hence less deterministic.


  12. This is L2 Access & distribution topology.

    As these ( HSRP and GLBP) are First hop redundancy protocol so we need to think beyond the L2 traffic. I would say GLBP is most suitable when you want to share load of L3 traffic, also by using GLBP, we can utilize both the switches and their uplinks.

  13. 1. Looped Triangle topology
    2. HSRP only: in general, STP root and VIP should be aligned. Particularly, left switch handles all the traffic and if it fails, VIP on right will become available only after STP convergence.
    In case of GLBP in this design this your statement will not apply: “in GLBP, since both nodes are active and only half of the traffic passes through failed node, only half of the clients in any given vlan notices the failure” – all the traffic is passing failed node.

  14. Answer 1: This is STP Looped Topology.

    Answer 2: We should use GLBP because it will allow you Transparent Load Balancing (Source MAC address based), if we are using Servers or PCs on the access layer.

  15. 1- triangle looped access layer design
    2- It is preferred to use HSRP to optimizes all the traffic flows,Otherwise if we used GLBP some of the traffic flows can hop back and forth between distributions switches, creating undesirable conditions and difficulty in troubleshooting.
    also we can add tracking mechanisms between the the distributions switches to prevent the Traffic flow goes through distribution 2 and uses the inter-switch link to aggregation 1 to reach the active HSRP in case Access Layer Uplink Failure.
    and also we can tuning the distributions-core routing configuration such that the distributions 1 switch is the primary route advertised to the core so prevents asymmetrical connections and black holing in case Inter-Switch Link Failure .

  16. 1: It is one the STP-based L2 LAN design models called Looped Triangle topology.
    2: Answer is in the diagram 🙂 HSRP. As you are using Cisco icons in the diagram so i assume you are using Cisco equipment. Otherwise in multivendor VRRP is the only option. As we can not use all the links in STP based LAN designs so we have to pick from HSRP/VRRP depending on vendor plus requirements.

  17. Hello Orhan,
    I’m commenting for the second time as my comment is not showing above
    Question 1 : What is the name of this topology ?
    It’s called “Looped Topology” layer 2 design with blocking STP traffic in secondary root switch.
    Question 2 : Is HRRP or GLBP more suitable , Why ?
    more suitable is HSRP ’cause if we look at L2 topology we are having layer 2 Looped topology where Spanning-tree blocking occurred on the secondary root switch. so based on the given design HSRP Active/Standby is the suitable option here
    as of GLBP if we are aiming Layer 2 Loop Free topology then GLBP is more suitable

  18. 1. Layer 2 Access and Distribution topology

    2. I would use HSRP here, since the half of the uplinks cannot be used at any time, there is no point in having GLBP where the both routers are active all the time

  19. Layer-2 Looped: Looped Triangle

    HRRP will be preferred as the HRRP gateways are aligned to only on the left distribution switch, while the right side one are remain inactive/standby mode due to STP.

  20. The topology is called “L2 Looped Triangle”.

    FSRP-HSRP is suitable for this topology because Distribution swich is STP root of vlan 100,200 also HSRP active. Host connected on access switch can forward traffic on HSRP active switch.

  21. The name is Looped Triangle.

    HSRP will be more suitable because spanning tree blocking the right side ports, there will not be any advantage in using GLBP.

  22. Hello,

    1 – This is a Looped Triangle Topology.
    2 – HSRP preferred. When GLBP is used the distribution of the ARP responses is going to be random.

    -H’mida Nazim

  23. 1- Layer 2 looped triangle topology 2- 2. I would use HSRP here, since the half of the uplinks cannot be used at any time, there is no point in having GLBP where the both routers are active all the time

  24. Hello Orhan,
    i love the 2nd question : very representative of the CCDE exam.
    We want all use HSRP instead of GLBP, BUT it is a down-top approach and we have to struggle again this reflex.
    The CCDE way is to test the Top-Down design approach with regard to the complete topology and requirements.

    Here are some questions that need to be answered :
    Which STP flavor is used ?
    Are we able to change STP configuration ?
    Where is the L2/L3 boundary ?
    Where is/are the L3 link(s) ?
    What do we want to implement : nominal/backup, load balancing, load sharing ?
    Is the 10 seconds repair delay acceptable ?

    Since we don’t have any requirements, i would say the answer is (as always) ‘it depends’.

  25. 1: Triangle Spanning Tree topology.
    2: HSRP. STP will look after the loop-free topology, and during an outage of one of the FHRP switches, the effects will not be as severe as it would be with GLBP.

  26. Hi Everyone,
    As I have seen there are a lot of correct answers. Thanks everyone for participation and there will be many more discussions like this. If you are an email subscriber please make sure my emails are not going to Junk box.

    Let me share my answer and provide some design recommendation.

    The topology is called Layer 2 looped topology since the connection between two distribution layer switches is layer2. Once it is layer2 , spanning tree has to block one link which is far from the root switch to prevent forwarding loop.

    Otherwise if you create a loop in Ethernet networks, since Ethernet doesn’t have TTL field in the header, unless you take manual action to stop loop, it continues to increase CPU of the device and the utilise the links.

    Different layer 2 protocols on Ethernet layer 1 media can work differently. Trill, Fabricpath , SPB are some of them which you can find an article about on the website can use all the links without blocking.

    GLBP provides flow based load-balancing. If you are working in design field, you might heard this term often.
    Two common load balancing techniques are in the Layer 2 networks; Vlan based and Flow based load balancing.

    Van based load balancing allow the switch to be active layer 3 gateway for only some set of Vlans. HSRP and VRRP works in this way.

    Van 100 HSRP active gateway can be left distribution switch, different Vlan let’s say Vlan 101 can be right distribution switch.
    In this way you can use both distribution switches as active-active and you can utilize all the links in the layer 2 networks but operation bring more complexity.

    If you want both right and left distribution switches to be used active-active for the same Vlan , let’s say Vlan 100 , then you need to use GLBP.

    But spanning tree shouldn’t block the layer 2 links. How you can achieve this ?

    One way to change the inter distribution link to Layer 3. In that way none of the access layer links between access and distribution layer switches will be block , thus you can use all the uplinks.

    On the above topology if you use GLBP, since the right access to distribution link will be blocked , all the user traffic from the right access switch will go first to left distribution switch then through the interconnect link traffic will go to the right distribution switch since right distribution switch as an Active GLBP virtual forwarder replies to eh ARP packets. you always use sub optimal path.

    Hope you enjoyed this and participate other discussions too.

Leave a Reply

Your email address will not be published.