When configuring high availability gateways between multiple routers you only have a couple of options to choose from. If you have all Cisco routers chances are you will be configuring and using HSRP to provide redundancy between your routers. If you have Juniper, Foundry (Brocade), or any another router you’ll most likely use VRRP. In summary, the debate HSRP vs VRRP is always a valid one!
HSRP, VRRP and GLBP are known as FHRP or “First Hop Redundancy Protocols”. You can read more about FHRP in this new RouterFreak article.
So which one is best? Or does it really matter?
HSRP stands for Hot Standby Routing Protocol. VRRP stands for Virtual Route Rendundancy Protocol. The differences between HSRP versus VRRP are very slight especially when looking at the basic configuration side by side. But under the covers there are some significant differences. The end result, however is still the same.
If a router fails you need a standby router to become the active gateway and forward packets to the next hop.
Here’s a break down that compares the major differences between the two protocols.
HSRP Versus VRRP Comparison Table
| HSRP | VRRP |
| Propietary | Standards based |
| RFC 2281 | RFC 3768 |
| Separate IP Address needed for the Virtual | Can use the physical IP Address of the Virtual, if needed, saving IP space. |
| One Master, One Standby, all others are listening | One Master, all other routers are backup |
| More familiar to most network engineers | Less familiar – yet very similar |
| Can track an interface for failover | Can track an interface for failover (depending on operating system and version, it can also track the reachability of an IP address) |
| All HSRP routers use multicast hello packets to 224.0.0.2 (all routers) for version 1 or 224.0.0.102 for version 2. | All VRRP routers use IP protcol number 112 (vrrp) to communicate via multicast IP address 224.0.0.18 |
| All virtual router must use MAC address 0000.0c07.acXX where XX is the group ID. | All virtual routers must use 00-00-5E-00-01-XX as its Media Access Control (MAC) address |
Configuration differences in HSRP vs VRRP
The differences between both VRRP and HSRP, especially on a Cisco router are very slight. If your familiar with Configuring HSRP you can easily understand VRRP commands. Configuring VRRP on Juniper as well as other network equipment can vary significantly depending on the devices. Many load balancers also support VRRP and their configuration is specific to each of these devices.
Here are some configuration examples as seen on a Cisco router:
HSRP Configuration Example
R1(config)# interface GigE 0/1
R1(config-if)# ip address 192.168.1.2 255.255.255.0
R1(config-if)# standby 1 ip 192.168.1.1
R1(config-if)# standby 1 priority 200
R1(config-if)# standby 1 preempt
R2(config-if)# ip address 192.168.1.3 255.255.255.0
R2(config-if)# standby 1 ip 192.168.1.1
R2(config-if)# standby 1 preempt
VRRP Configuration Example
R1(config)# interface GigE 0/1
R1(config-if)# ip address 192.168.1.2 255.255.255.0
R1(config-if)# vrrp 1 ip 192.168.1.1
R1(config-if)# vrrp 1 priority 110
R2(config)# interface GigE 0/1
R2(config-if)# ip address 192.168.1.3 255.255.255.0
R2(config-if)# vrrp 1 ip 192.168.1.1
Notice the lack of a preempt command. This isn’t necessary for VRRP. It’s enabled by default.
As you can see there sin’t a big difference between the two protocols. The primary difference between HSRP versus VRRP would be that HSRP is proprietary to Cisco and can only be used on Cisco devices. VRRP is a standards based protocol and is vendor independent allow some flexibility when choosing network devices.
13 Responses
you can also used their default hello and hold timers as a difference. HSRP default hello timer is 3sec and hold timer is 10sec, whiles VRRP default hello timer is 1sec and hold timer is 3sec.
vrrp take interface ip not need to another ip ,so check configuration
i believe there is another difference is load sharing, am i right?
I don’t think so, with both VRRP and HSRP you have to create multiple virtual IPs to do load sharing controlled by routing.
Glbp does load balancing
One of the glaring difference seems to be in trouble-shooting. As an end-user, we don’t have access to the standby VRRP router. We do have access to master vrrp router. If the link between the two breaks down, we can’t tell that just by checking vrrp status on master router, since it doesn’t give any status of standby ( Unlike HSRP, which sends out hellos from active and standby devices)
I was working with HSRP and VRRP in last 1 year and now only got the major difference between.
Joe its a nice article… 🙂
There’s an error in the comparison table (cell 4 from the top). Swap the texts – they should be the other way around as follows
– VRRP: One Master router, all others are backup routers
– HSRP: One Master router and one Standby router – all other routers are listening
Here’s the definition from RFC 2281 (HSRP), chapter 5.3 States, p. 5 Standby and p. 3 Listen:
5. Standby
The router is a candidate to become the next active router and
sends periodic Hello messages. Excluding transient conditions,
there MUST be at most one router in the group in Standby state.
and
3. Listen
The router knows the virtual IP address, but is neither the active
router nor the standby router. It listens for Hello messages from
those routers.
Thanks Hank, very true!
We fixed the error.
There is a quite a difference in their out of the box default timers – i believe HSRP is 3 second hello and VRRP is 1 second, so if you don't mess with their timers, then in theory VRRP will failover faster. But timers are easily adjusted in HSRP.
Thanks for the info really helpful!
Thanks for the article. I personally try to stick with the standards-based approach just in case we introduce non-Cisco devices into the network someday.
By the way, looks like you have a typo in the last line of the R2 VRRP stanza. It should be 192.x.x.x vice 193.x.x.x.
Thanks G for catching that typo. It's been fixed!