In networking, redundancy is not optional — it’s foundational. You can have redundant links, redundant switches, redundant power, and redundant ISPs, but if your default gateway fails, the network still goes dark.
This is exactly the problem First Hop Redundancy Protocols (FHRPs) were designed to solve.
End devices — desktops, servers, phones, printers, IoT devices — are typically configured with a single default gateway. That IP address rarely changes, and most operating systems are not designed to dynamically fail over between gateways gracefully. Without intervention, a failed gateway interface can isolate an entire VLAN instantly.
FHRPs solve this by introducing a virtual default gateway that can move between devices automatically, without requiring any configuration changes on end hosts.
What Is a First Hop Redundancy Protocol?
A First Hop Redundancy Protocol is not a protocol itself — it’s a category of protocols that provide redundancy for the first hop in a routed network, which is typically the default gateway.
At a high level, FHRPs:
- Create a virtual IP address used as the default gateway
- Assign ownership of that IP to one router (or switch) at a time
- Monitor device and interface health
- Automatically transfer gateway responsibility if a failure occurs
From the host’s perspective, nothing changes — traffic keeps flowing.
Why Not Just Configure Multiple Gateways on Hosts?
In theory, you could configure:
- Primary gateway
- Secondary gateway
- Tertiary gateway
In practice:
- Most operating systems handle this poorly
- Failover is inconsistent and slow
- Troubleshooting becomes a nightmare
- Mobile and IoT devices often support only one gateway
FHRPs solve this at the network layer, where it belongs.
The Big Three: HSRP, VRRP, and GLBP
The three most common FHRPs you’ll encounter are:
- HSRP – Hot Standby Router Protocol
- VRRP – Virtual Router Redundancy Protocol
- GLBP – Gateway Load Balancing Protocol
They are conceptually similar but differ in vendor support, failover behavior, and load balancing capabilities.
Hot Standby Router Protocol (HSRP)
Overview
HSRP was the first FHRP ever created and remains widely used today. It is Cisco proprietary, meaning it only works on Cisco devices.
HSRP operates on the idea of:
- One Active router
- One or more Standby routers
- A shared virtual IP and virtual MAC address
Only the Active router forwards traffic. If it fails, the Standby router takes over.
How HSRP Works Internally
- Routers exchange hello messages
- The router with the highest priority becomes Active
- If priorities tie, the highest IP address wins
- Failover occurs when hellos stop being received
From the host’s perspective, the gateway IP and MAC remain consistent.
Basic HSRP Configuration (Conceptual)
interface vlan 10
standby 10 ip 192.168.10.1
standby 10 priority 110
standby 10 preempt
Interface Tracking (Critical in Production)
One of the most important — and often misunderstood — HSRP features is interface tracking.
standby 10 track GigabitEthernet0/1 decrement 20
Without tracking:
- The gateway stays Active even if upstream connectivity is lost
- Traffic black-holes silently
In real networks, interface tracking is not optional — it’s mandatory.
Key HSRP Characteristics
- Cisco proprietary
- States: Active / Standby
- Preemption disabled by default
- Timers: Hello 3s, Hold 10s (do not need to match)
- Very stable, very predictable
Virtual Router Redundancy Protocol (VRRP)
Overview
VRRP is the open, industry-standard alternative to HSRP. It is supported by:
- Cisco
- Juniper
- Fortinet
- MikroTik
- Many others
If you operate in a multi-vendor environment, VRRP is usually the safest choice.
How VRRP Differs from HSRP
While the concepts are similar, VRRP terminology changes slightly:
- Master instead of Active
- Backup instead of Standby
One notable difference:
Preemption is enabled by default in VRRP.
This behavior surprises many engineers during failback events.
VRRP Behavior in Practice
- Highest priority becomes Master
- If the Master fails, a Backup takes over
- When the higher-priority router returns, it immediately reassumes control
This can cause brief traffic disruption if not planned correctly.
Basic VRRP Configuration
interface vlan 10
vrrp 10 ip 192.168.10.1
vrrp 10 priority 110
VRRP Interface Tracking
VRRP uses explicit tracking objects:
track 1 interface GigabitEthernet0/1 line-protocol
vrrp 10 track 1 decrement 20
As with HSRP, tracking is essential for meaningful redundancy.
Key VRRP Characteristics
- Open standard (RFC 5798)
- States: Master / Backup
- Preemption enabled by default
- Single active forwarder
- Excellent for multi-vendor networks
Gateway Load Balancing Protocol (GLBP)
Overview
GLBP was created to address a key limitation of HSRP and VRRP:
Only one router actively forwards traffic at a time.
GLBP is Cisco proprietary and allows true gateway load balancing — not just redundancy.
How GLBP Actually Works
GLBP introduces two new roles:
- Active Virtual Gateway (AVG) – controls the group
- Active Virtual Forwarders (AVFs) – forward traffic
Each router:
- Shares the same virtual IP
- Uses a different virtual MAC address
- Is assigned clients via ARP responses
From the client’s perspective:
- Gateway IP is the same
- MAC address differs
This allows multiple routers to actively forward traffic simultaneously.
Why GLBP Is Rare in Real Networks
Despite its elegance, GLBP is surprisingly underused.
Reasons include:
- Cisco proprietary
- Harder to troubleshoot
- Load balancing is per-host, not per-flow
- Modern designs often prefer ECMP or L3 access
In practice, GLBP shines in legacy campus networks, but less so in modern leaf-spine architectures.
Basic GLBP Configuration
interface vlan 10
glbp 10 ip 192.168.10.1
glbp 10 priority 110
glbp 10 preempt
Key GLBP Characteristics
- Cisco proprietary
- True load balancing
- Active Virtual Gateway + Forwarders
- More complex operational model
- Less common in modern designs
Choosing the Right FHRP: Real-World Guidance
Use HSRP when:
- You are all-Cisco
- You want predictability
- You value operational simplicity
Use VRRP when:
- You run multi-vendor networks
- You need standards-based design
- You want predictable failover across vendors
Use GLBP when:
- You need gateway load balancing
- You understand the operational complexity
- You are in a Cisco-only environment
Common FHRP Design Mistakes (Seen in the Wild)
- Forgetting interface tracking
- Leaving preemption misconfigured
- Assuming “redundant gateway” means “redundant path”
- Using GLBP where ECMP would be better
- Not aligning FHRP priority with routing preference
FHRP solves gateway availability, not poor network design.
Modern Alternatives and the Future of FHRP
In modern data centers:
- L3 access
- Anycast gateways
- ECMP
- VXLAN/EVPN
These approaches often replace traditional FHRP entirely.
However, in campus, branch, and enterprise LANs, FHRP remains:
- Relevant
- Reliable
- Widely deployed
It’s not going away anytime soon.
Final Thoughts: FHRP Is Simple — Until It Isn’t
First Hop Redundancy Protocols look simple on paper, but their real value comes from understanding the failure scenarios, not memorising configurations.
When designed correctly, FHRP:
- Prevents outages
- Improves resilience
- Disappears into the background (the highest compliment in networking)
When designed poorly, it creates silent failures that are hard to diagnose.
Mastering FHRP is less about syntax — and more about thinking like traffic.
From my early days on the helpdesk through roles as a service desk manager, systems administrator, and network engineer, I’ve spent more than 25 years in the IT world. As I transition into cyber security, my goal is to make tech a little less confusing by sharing what I’ve learned and helping others wherever I can.