HSRP VRRP GLBP Comparison– In this post I am going to cover the similarities and the differences between HSRP VRRP and GLBP protocols.
All these technologies provide first hop redundancy for the hosts.
I will use the below table for HSRP VRRP GLBP Comparison and the design attributes listed in it.
HSRP VRRP GLBP Comparison
I will compare them from the suitability in the specific places in the network such as LAN, Datacenter and the Internet Edge aspects first and then will continue with the other design consideration listed in the table.
The difference between HSRP VRRP and GLBP protocols in the specific places in the network only occurs in the Internet Edge.
All three protocols are invented to be used in the Local Area Networks, but they are also commonly used in the Datacenters. Especially in today networks small and medium scale datacenter almost always have one of these three protocols.
GLBP uses 1 Virtual IP and several Virtual MAC address for the default gateway.
For the clients ARP requests, different virtual MAC addresses are replied by the Active Virtual Gateway.
Let’s look at the below topology to understand why GLBP is not suitable at the Internet Edge but HSRP and VRRP might be an option.
GLBP at the Internet Edge
When firewall sends an ARP request Active Virtual Gateway responds either R1 or R2 MAC address (VMAC). In this topology R2 is selected as the default gateway. Firewall cannot do load balancing between R1 and R2 for the egress traffic anymore. Always either Firewall to R1 or Firewall to R2 link is used. This is called polarisation. (Term is not new I think for those who remember CEF (Cisco Express Forwarding) polarisation).
We wouldn’t have this problem with HSRP or VRRP, since HSRP and VRRP allow multiple groups to be created. In that case, firewall could have two default route towards each group and both link could be used at the same time.
Are HSRP VRRP and GLBP Standard based protocols ?
One of the main difference between HSRP VRRP and GLBP from the design point of view is standardization.
HSRP and GLBP is Cisco Proprietary protocols.Thats why you cannot use HSRP and GLBP with the other vendor equipments together.
On the other hand, VRRP is IETF standard, thats why in multi vendor environment it is used commonly.
HSRP VRRP and GLBP Preemption
First, You need to understand the preemption. What is preemption ?
It is not only used in first hop redundancy protocols such as HSRP VRRP and GLBP but also in routing protocols, network convergence and many other places.
The idea is; when node fails and come back will it take the primary role again or not. If it takes the primary role responsibility automatically, then preemption is enabled.
HSRP and GLBP preemption is not enabled by default. So, If HSRP Active device fails and come back, it won’t take the active role responsibility unless you configure preemption manually.
Let’s see why preemption is important from the network design point of view.
Looped layer 2 access design
In the above topology, there are two Vlans; Vlan 100 and Vlan 200.Left distribution switch is STP root and HSRP active device. By the way always you should always make Spanning Tree Root and the HSRP active device same, otherwise what will happen you will see below.
In the topology, since the inter-link between the two distribution switches is also layer 2, left and right access switches to right distribution switch links have to be blocked from the spanning tree point of view ( Because all the ports have to be active of the Spanning tree root which is left distribution)
If left distribution switch fails,spanning tree will unblock the access switches to right distribution switch link. Also spanning tree root and the HSRP primary role is taken by the right distribution switch.
So far everything is normal. But when left distribution switch comes back the problem might occur if HSRP preemption is not enabled.
When left distribution switch comes back, it takes the spanning tree root responsibility back since spanning tree by default support preemption.
But if you don’t enable preemption, still HSRP active device stay as right distribution switch.
So, left distribution is Spanning Tree root, right distribution is HSRP active.
In that case, since all the links from the access switches to right distribution switch are blocked by the spanning tree, traffic from the access switches first have to go through left distribution and through the inter-link between the distribution switches to the right distribution switch.
This is obviously suboptimal and can be prevented by enabling preemption.
HSRP VRRP GLBP IPv6 Support
HSRP VRRP and GLBP, all of them support IPv6 with the latest enhancements. If the clients are dual stack or IPv6 only, first hop redundancy protocol IPv6 support is important if you want to have dual stack LAN or DC environment as well.
Does HSRRP VRRP and GLBP Support more than two devices ?
Yes, HSRP VRRP and GLBP, all of them supports more than two devices in the topology. This is generally the case in the datacenters where more than one POD is used or more than one data center with multiple default gateway devices in every datacenters. ( There are other design considerations though, such as FHRP filtering in case, egress traffic flow optimization is needed)
But you should keep in mind that, from the data plane point of view, only GLBP by default supports more than two devices to be active-active for given VLAN. Hosts in the same Vlan can use any of the GLBP gateways. This is called flow based load balancing which cannot be supported by the HSRP and VRRP.
HSRP and VRRP doesn’t support Flow based load balancing. Which mean, in a given Vlan, you can only have one device as an active. For different Vlan, other devices can be active but in that case, topology is called Vlan based load balancing.
Thats why HSRP and VRRP supports Vlan based load balancing, but GLBP supports flow based load balancing as well.
There is special concept which is invented by the Cisco, called Anycast HSRP. Anycast HSRP allows multiple HSRP devices to be used active-active in the network. For more information about Anycast HSRP click here.
As you can see there are many similarities and many differences between HSRP VRRP and GLBP. And as a network designer you should know at least the design criteria and best practices which I explained in this article.
You can pass the CCDE exam in your first attempt ! LEARN MORE