HSRP
What is HSRP?
HSRP is an automatic failover system that is used to balance the traffic across multiple routers and allows the network to automatically switch the data traffic to the standby router without the need for any manual configuration changes. HSRP is usually used to keep the connectivity between two devices even if the router fails.
Router Failover
What is Router Failover? Router failover is the process of switching the traffic from one router to another router when the current router fails. This may be done manually or automatically. In the case of manual failover, the administrator will manually change the IP address information of the failed router. The automatic failover is done by using the HSRP protocol.
What is the Failover Time?
The failover time refers to the time from the moment when the active router fails until the moment when the standby router becomes active. The failover time depends on the type of router and its protocol. For example, with the HSRP protocol, the failover time is the time required for a switch to change the active router to the standby router. The time is measured in seconds.
How to set up HSRP?
To set up HSRP, you will need to set up the two routers as active and standby routers. The routers must be able to talk to each other. To do this, you will need to enable multicast on the routers. You can enable the multicast on both the routers.
How HSRP Works ?
When a router receives a packet with an IP address, it checks the local routing table to determine which interface to forward the packet. HSRP operates in the same way as IP routing, but it works with the VRF (Virtual Routing and Forwarding) instead of the IP routing. The difference is that HSRP only works with a particular VRF, which is selected by default. An IP address that belongs to a specific VRF is called a virtual address.
What are the advantages?
There are a number of advantages to using HSRP:
- In a nutshell, it uses two routers as active and standby VIPs, respectively.
- If the active router fails, the standby router becomes active without any reconfiguration of IP address information.
- It is common to use multiple VRFs in a campus network, and HSRP is a common Layer 3, hardware-based redundancy protocol used in campus networks with multiple VRFs.
What are the disadvantages?
As mentioned, the HSRP protocol has a security problem. To solve this problem, it is possible to prevent this attack. For example, when an attacker finds the IP address of the standby router, he can change it to the IP address of the active router. If the active router fails, the standby router becomes active without any reconfiguration of IP address information.
HSRP Vulnerability
As mentioned, the HSRP protocol has a security problem. To solve this problem, it is possible to prevent this attack. For example, when an attacker finds the IP address of the standby router, he can change it to the IP address of the active router. If the active router fails, the standby router becomes active without any reconfiguration of IP address information.
HSRP Vulnerability Solution
To sum up, it is possible to prevent the attack of a passive intruder by using the HSRP protocol. The attack is also prevented by setting the failover time to a relatively short period of time.
0 Comments