Critically compare HSRP to VRRP or GLBP, discussing the benefits and potential weaknesses of each

The driving force in implementing First Hop Redundancy Protocols (FHRP) in a Cisco centric High Availability Campus network design has been the reducing cost of Layer 3 devices and more importantly the potential loss of revenue in the event of a network outage to an Enterprise (Pavlik et al, 2014).
To prevent a single point of failure thereby isolating an entire network, multilayer devices need to be employed to offer high availability so that packets can be diverted and forwarded through a stand-in device for a failed Router, with minimal disruption to users and systems.
The FHRP offers a solution for redundancy and is made up of the following group of protocols, HSRP (Hot Standby Router Protocol), VRRP (Virtual Router Redundancy Protocol) and GLBP (Gateway Load Balancing Protocol).

The main factors in selecting GLBP over VRRP has been that it provides load balancing capabilities, better throughput performance and security which VRRP no longer supports as published in RFC 5798 section 9 (Nadas, S., 2010). HSRP and GLBP are Cisco proprietary protocols whereas VRRP is an open standard which allows for different vendors to co-exist on the same network and they all incorporate IPv6 making them resilient in the long term.

The diagram below is a visual representation of how the traffic flows and terms used for both protocols.

HSRP Routers in the same group elect the router with the highest priority value as the Active Router responsible for handling all packets and selecting a single Standby Router which will transition to the active router state should the Active Router fail. The Standby Router will either transition permanently to an Active State or revert back when the active router comes back online. If it remains in the active state a router with the highest priority in the listening state will be promoted to the standby router state.
The HSRP mechanism creates a single virtual Default Gateway IP and Mac address that will be used by all hosts on the downstream subnet, this virtual router acts as the go between for the hosts and the Active Router masking its real IP and Mac address.
Hello messages are sent every 3 seconds to the multicast address of on UDP port 1985 (Li et al, 1998) which is only monitored by the standby router. If no hello messages are received in a 10 second Hold-Time timer window, it will assume the role of the Active Router and a re-election process will be triggered.

A maximum of four routers in the same GLBP group can be in the active state and forwarding traffic, whilst you may have up to 1024 permissible virtual routers within the same group. The Router with the largest priority or the highest IP address will be chosen as the AVG (Active Virtual Group), its main function is to assign each active router a different virtual mac address. Each of these routers are known as the Active Virtual Forwarders (AVF’s), so one router in the group will be both an AVG and an AVF.
The AVG responds to ARP (Address Resolution Protocol) requests and will assign the mac address of one of the AVFs to the hosts based on a round robin algorithm.
The AVG router transmits messages to the multicast address of on UDP port 3222 (Cisco, 2008). The Hello and Hold-Time Timer messages have the same default values and election process as HSRP however all AVF routers are listening unlike in HSRP where only the Standby Router is in the listening state.

In an organization with thousands of hosts, GLBP will distribute the workload to all the active routers on a round robin basis but this can be altered to either being host dependent or weighted traffic, where the packets are divided between the routers as a percentage of the total amount of traffic.
In Cisco proprietary networks you are able to modify the hello and hold down timers from the default in seconds to milliseconds. With using sub-second times you almost ensure that not a single packet is lost when there is an outage (Lammle,T. and Tedder,W., 2014).

Not all Cisco IOS versions support GLBP and unlike HSRP which does support IPsec VPN Tunnels, then from the fact there is no written documentation in the creation of IPsec Tunnels for GLBP and numerous unsolved cases on Cisco’s support forum, we are able to deduce that it doesn’t support GLBP.
The Standby Router’s resources in HSRP are not fully utilized, nor is load balancing supported in the same group. A workaround is to implement VLANs and assign them to different gateways but in the event of an upstream link failure suboptimal routing will result where a packet is routed back to the active forwarding router from the standby router before being routed back out of the network.

A caveat to implementing cisco proprietary protocols, in this case HSRP and GLBP is that they are not vendor neutral. The ever increasing encroachment by other vendors, like Juniper Networks which do not support either HSRP or GLBP, have seen a year-on-year growth (Haranas, M., 2015) in market share, resulting in a dramatic reduction of Cisco’s market share.


Barker, K., (2010) ‘HSRP vs GLBP’, The Cisco Learning Network [Online] Available at https://learningnetwork.cisco.com/thread/14776 (Accessed 22 July 2017)

Bryant, C. CCIE No12933 (2015) ‘CCNP Success Series: CCNP Switch 300-115 Study Guide’, Published in Great Britain for Amazon

Cisco (2008) ‘GLBP – Gateway Load Balancing Protocol’, Cisco IOS Software Releases 12.2T, [Online] Available at http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html (Accessed 13 July 2017)

Dubey, P., Sharma, S., Sachdev, A. (May 2013) ‘Review of First Hop Redundancy Protocol and Their Functionalities’, International Journal of Engineering Trends and Technology (IJETT), Volume 4, Issue 5, pp.1085-1088 [Online] Available at http://ijcttjournal.org/Volume4/issue-5/IJCTT-V4I5P26.pdf (Accessed 15 July 2017)

Haranas, M. (2015), ‘Report: Juniper Is Eating Cisco’s Lunch in U.S. Service Provider Routing Market’, CRN Magazine, November 24 [Online]. Available at
http://www.crn.com/news/networking/300078939/report-juniper-is-eating-ciscos-lunch-in-u-s-service-provider-routing-market.htm (Accessed 17 July 2017)

Hucaby, D. (2015) ‘CCNP Routing and Switching SWITCH 300-115 Official Cert Guide’, Indianapolis, Indiana: Cisco Press.

Huawei Technologies Co., Ltd. (2015) ‘GLBP Replacement Technology White Paper’, Huawei Technologies Co., Ltd., November 11, 2015, Issue 01 [Online] Available at http://support.huawei.com/de/marketing-material/global/products/enterprise_network/switches/S6720/interconnect%20with%20cisco/20151116090241 (Accessed 15 July 2017)

Lammle, T. and Tedder, W. (2014) ‘CCNA Routing and Switching, Deluxe Study Guide’, Sybex

Lemeshko, O., Yeremenko, O., Tariki, N. (2017) ‘Solution for the Default Gateway Protection within Fault-Tolerant Routing in an IP Network’, Preliminary Communication, Vol 8, No. 1 [Online] Available at http://www.etfos.unios.hr/ijeces/wp-content/uploads/2017/07/08-01-03.pdf (Accessed 13 July 2017)
Li, T., Cole, B., Morton, P., Li, D. (1998) ‘Cisco Hot Standby Router Protocol (HSRP)’, The Internet Society, Network Working Group, RFC 2281, March 1998 [Online] Available at https://tools.ietf.org/html/rfc2281 (Accessed 13 July 2017)

Nadas, S. (2010) ‘Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6’, Internet Engineering Task Force, Standards Track, RFC 5798, March 2010 [Online] Available at http://www.faqs.org/rfcs/rfc5798.html (Accessed 13 July 2017)

NewsRx (2014) ‘Patents; “Performing Failover in a Redundancy Group” in Patent Application Approval Process’, Computer Weekly News; Atlanta, June 12, p.698, [Online] Available at https://search-proquest-com.libezproxy.open.ac.uk/printviewfile?accountid=14697 (Accessed 14 July 2017)

Pavlik, J., Komarek, A., Sobeslav, V., Horalek, J. (2014) ‘Gateway Redundancy Protocols’, 15th IEEE International Symposium on Computational Intelligence and Informatics (CINTI), [Online] Available at http://ieeexplore.ieee.org.libezproxy.open.ac.uk/document/7028719/?part=1 (Accessed 10 July 2017)

Singh, R., Kalyani, G., Nir, Y., Sheffer, Y., Zhang, D. (2011) ‘Protocol Support for High Availability of IKEv2/IPsec’, Internet Engineering Task Force, Standards Track, RFC 6311, July 2011 [Online] Available at https://tools.ietf.org/html/rfc6311 (Accessed 23 July 2017)

Leave a Reply

Your e-mail address will not be published. Required fields are marked *