FHRP (First Hop Redundancy Protocol) is the family of Layer 3 protocols that lets a group of routers share a virtual IP and MAC address so end hosts have a single, stable default gateway even when the underlying router fails. The three protocols in the family - HSRP (Cisco), VRRP (IETF standard), and GLBP (Cisco) - all solve the same problem with slightly different mechanics. Without FHRP, end host default gateways become single points of failure; with FHRP, the failure of a primary router becomes a sub-second event invisible to users.
This is the cluster overview for the full PingLabz FHRP series: the protocol family, HSRP, VRRP, GLBP, and the design patterns that integrate FHRP with STP, Layer 2 VLANs, and the rest of a Cisco campus design. We will work through what FHRP solves, the three protocols in the family and how they differ, the configuration patterns, and the alignment with STP that is critical for clean failover.
What FHRP Solves
End hosts use a default gateway IP for any traffic destined outside their local subnet. Traditionally that gateway is a single router. If the router goes down, the gateway becomes unreachable, and the host has no path off the subnet. The user sees connectivity loss until DHCP renews to a new gateway (which never happens automatically) or someone reconfigures the host.
FHRP solves this by letting a group of routers share a virtual IP/MAC. The hosts use the virtual IP as their default gateway. The router currently active for that virtual IP forwards traffic; if it fails, another router takes over the virtual IP/MAC and traffic continues with sub-second interruption. The hosts never know anything changed.
The three FHRP protocols differ in details but share the architecture: a group of routers, a virtual IP and MAC, election of an active forwarder, and failover when the active fails.
The Three Protocols
| Protocol | Vendor | RFC | Default Hello | Default Hold | Active election |
|---|---|---|---|---|---|
| HSRP (v1) | Cisco | 2281 (informational) | 3 sec | 10 sec | Highest priority; tiebreak by IP |
| HSRP (v2) | Cisco | 2281 | 3 sec (sub-second tunable) | 10 sec | Same as v1 |
| VRRP (v2) | IETF standard | 3768 / 5798 | 1 sec | 3 sec | Highest priority; tiebreak by IP |
| VRRPv3 | IETF standard | 5798 | 1 sec (sub-second tunable) | 3 sec | Same as v2 + IPv6 support |
| GLBP | Cisco | None (proprietary) | 3 sec | 10 sec | AVG (Active Virtual Gateway) elects; AVFs (Active Virtual Forwarders) load-balance |
HSRP and VRRP do active/standby - one router forwards, the others wait. GLBP does active/active - multiple routers forward simultaneously, sharing the load via different virtual MAC addresses for the same virtual IP.
HSRP: Cisco's Default
HSRP (Hot Standby Router Protocol) is Cisco's proprietary FHRP and the dominant protocol in Cisco-only campuses. The version 1 group number is 0-255 (limited); version 2 supports group 0-4095 and is the modern default.
HSRP states each router walks through:
| State | Meaning |
|---|---|
| Initial | HSRP just started; not yet sending hellos |
| Learn | Waiting to learn the virtual IP from a Hello (rare; typically configured) |
| Listen | Heard from active and standby; not active or standby itself |
| Speak | Sending hellos; participating in active/standby election |
| Standby | Backup; will take over if active fails |
| Active | Currently forwarding traffic for the virtual IP |
Healthy steady state: one active, one standby, others in listen. For full configuration walkthrough including priority manipulation, preemption, and tracking, see HSRP High Availability: Configure Cisco HSRP Step-by-Step.
VRRP: The Open Standard
VRRP (Virtual Router Redundancy Protocol) is the IETF standard. RFC 5798 defines VRRPv3 for both IPv4 and IPv6. Functionally similar to HSRP with a few differences:
- Master/Backup terminology (instead of Active/Standby)
- Default master is the router whose interface IP matches the virtual IP (a feature that can simplify designs but causes confusion when not understood)
- Faster default timers (1-second Hello, 3-second hold)
- Vendor-neutral - works between Cisco, Juniper, Arista, Nokia, etc.
For details, see VRRP Explained.
GLBP: Active/Active Load Balancing
GLBP (Gateway Load Balancing Protocol) is Cisco-proprietary and unique among FHRPs in that it actively load-balances across multiple routers. One router is the AVG (Active Virtual Gateway) which manages the protocol; up to four AVFs (Active Virtual Forwarders) actually forward traffic, each with its own virtual MAC.
How it works: end hosts ARP for the virtual IP. The AVG responds with one of four virtual MACs, rotating across hosts. Each virtual MAC is owned by a different AVF, so different hosts naturally use different routers. Failover is per-AVF; if one AVF dies, the AVG redirects its virtual MAC to another AVF.
The benefit: utilization across redundant routers instead of one router idle as standby. The cost: more complex troubleshooting and Cisco-only.
For details, see GLBP for Active/Active Load Balancing.
FHRP Design with STP and VLANs
FHRP does not exist in isolation. In typical campus designs the active FHRP gateway should align with the STP root bridge, otherwise traffic from access switches takes a suboptimal path through the network: up to one distribution switch, across the inter-distribution trunk to the other, down to the actual gateway.
The pattern: per-VLAN, set the same router to be both the STP root bridge and the FHRP active gateway. For VLAN load balancing, alternate which distribution switch is root and active for each VLAN. With Rapid PVST+ this is straightforward; with MST it requires alignment of MST instances to FHRP groups.
Detail in Spanning Tree and First-Hop Redundancy: Aligning STP with HSRP/VRRP in the STP cluster.
HSRP vs VRRP vs GLBP
| Trait | HSRP | VRRP | GLBP |
|---|---|---|---|
| Vendor | Cisco | Open standard | Cisco |
| Active routers | 1 (others standby) | 1 (others backup) | Up to 4 (AVG + 3 AVFs) |
| Load balancing | Per-VLAN (different active per VLAN) | Per-VLAN | Per-host (within VLAN) |
| Default hello | 3 seconds | 1 second | 3 seconds |
| Multicast address | 224.0.0.2 (v1) / 224.0.0.102 (v2) | 224.0.0.18 | 224.0.0.102 |
| Virtual MAC range | 0000.0c07.acXX | 0000.5e00.01XX | 0007.b400.XXYY |
| Authentication | MD5, plain text | None (v3); plain text/MD5 (v2) | MD5, plain text |
| Use case | Cisco-only campus default | Multi-vendor environments | Cisco shops wanting load balancing without per-VLAN role assignment |
For the full comparison see HSRP vs VRRP vs GLBP.
FHRP Deep Dives in This Cluster
- HSRP High Availability: Configure Cisco HSRP Step-by-Step
- VRRP Explained: The Vendor-Neutral FHRP
- GLBP for Active/Active Load Balancing
- HSRP vs VRRP vs GLBP: Choosing the Right FHRP
- Spanning Tree and First-Hop Redundancy: Aligning STP with HSRP/VRRP
FAQ
What does FHRP stand for?
FHRP stands for First Hop Redundancy Protocol. It refers to the family of protocols (HSRP, VRRP, GLBP) that provide gateway redundancy for end hosts.
What is the difference between HSRP and VRRP?
Functionally similar. HSRP is Cisco-proprietary; VRRP is the IETF standard. HSRP has slightly slower default timers (3-second Hello vs 1-second); VRRP has slightly faster failover. In a Cisco-only environment, HSRP is the dominant choice; in mixed-vendor, VRRP is required.
What makes GLBP different from HSRP and VRRP?
HSRP and VRRP have one active router per group, with others on standby. GLBP has up to four active forwarders simultaneously, each with its own virtual MAC. ARP responses from the AVG distribute hosts across the AVFs, providing per-host load balancing without per-VLAN role tuning.
What is HSRP priority and how does it work?
HSRP priority is a 0-255 value (default 100). Higher priority wins the active election. With preemption enabled, a higher-priority router that comes up will take over from a lower-priority active. Track interface state to lower priority when uplinks fail, so the standby takes over.
What is the virtual MAC for HSRP?
HSRP virtual MACs are 0000.0c07.acXX where XX is the group number. So group 1 has MAC 0000.0c07.ac01; group 10 has 0000.0c07.ac0a. End hosts ARP for the virtual IP and receive this MAC; they use it as the destination for all upstream traffic.
Key Takeaways
FHRP is mandatory for any production network where users care about gateway uptime. Pick HSRP for Cisco-only environments, VRRP for multi-vendor, GLBP when you want active/active load balancing without per-VLAN tuning. Whichever you pick, align the active gateway with the STP root bridge per VLAN to avoid suboptimal traffic paths. Bookmark this page, work through the cluster articles in order, and lab every failover.