RFC relevance of addresses

As per Relevance of the word addresses, we have this rfc below:

Network Working Group T.
Request for Comments: 2281 Juniper
Category: Informational B.
Juniper
P.
Cisco
D.
Cisco
March 1998

Cisco Hot Standby Router Protocol (HSRP

Status of this

This memo provides information for the Internet community. It
not specify an Internet standard of any kind. Distribution of
memo is unlimited

Copyright

Copyright (C) The Internet Society (1998). All Rights Reserved

IESG

This document reflects an existing deployed protocol. The IETF
have a working group which is in the process of producing a
track protocol to address the same issues

The memo specifies the Hot Standby Router Protocol (HSRP). The
of the protocol is to allow hosts to appear to use a single
and to maintain connectivity even if the actual first hop router
are using fails. Multiple routers participate in this protocol
in concert create the illusion of a single virtual router.
protocol insures that one and only one of the routers is
packets on behalf of the virtual router. End hosts forward
packets to the virtual router

The router forwarding packets is known as the active router.
standby router is selected to replace the active router should
fail. The protocol provides a mechanism for determining active
standby routers, using the IP addresses on the participating routers
If an active router fails a standby router can take over without
major interruption in the host's connectivity. This memo
discusses the ARP, MAC address, and security issues with
protocol

Li, et. al. Informational [Page 1]

RFC 2281 Cisco HSRP March 1998

TABLE OF

1 Introduction .............................................. 2
2 Conditions of Use ......................................... 3
3 Scope ..................................................... 4
3.1 Terminology ............................................... 4
4 Definitions ............................................... 4
5 Protocol .................................................. 4
5.1 Packet formats ............................................ 4
5.2 Operational parameters .................................... 7
5.3 States .................................................... 8
5.4 Timers .................................................... 9
5.5 Events .................................................... 9
5.6 Actions ................................................... 10
5.7 State Transitions.......................................... 11
6 MAC address considerations ................................ 13
6.1 General ................................................... 13
6.2 Address Filter ............................................ 14
6.3 ICMP Redirect ............................................. 14
6.4 Proxy ARP ................................................. 15
7 Security Considerations ................................... 15
8 References ................................................ 15
9 Authors' Addresses ........................................ 16
10 Full Copyright Statement .................................. 17

1.

The Hot Standby Router Protocol, HSRP, provides a mechanism which
designed to support non-disruptive failover of IP traffic in
circumstances. In particular, the protocol protects against
failure of the first hop router when the source host cannot learn
IP address of the first hop router dynamically. The protocol
designed for use over multi-access, multicast or broadcast
LANs (e.g., Ethernet). HSRP is not intended as a replacement
existing dynamic router discovery mechanisms and those
should be used instead whenever possible [1]. A large class
legacy host implementations that do not support dynamic discovery
capable of configuring a default router. HSRP provides
services to those hosts

All of the routers participating in HSRP are assumed to be
appropriate IP routing protocols and have a consistent set of routes
The discussion of which protocols are appropriate and whether
is consistent in any given situation is beyond the scope of
specification

Li, et. al. Informational [Page 2]

RFC 2281 Cisco HSRP March 1998

Using HSRP, a set of routers work in concert to present the
of a single virtual router to the hosts on the LAN. This set
known as an HSRP group or a standby group. A single router
from the group is responsible for forwarding the packets that
send to the virtual router. This router is known as the
router. Another router is elected as the standby router. In
event that the active router fails, the standby assumes the
forwarding duties of the active router. Although an arbitrary
of routers may run HSRP, only the active router forwards the
sent to the virtual router

To minimize network traffic, only the active and the standby
send periodic HSRP messages once the protocol has completed
election process. If the active router fails, the standby
takes over as the active router. If the standby router fails
becomes the active router, another router is elected as the
router

On a particular LAN, multiple hot standby groups may coexist
overlap. Each standby group emulates a single virtual router.
each standby group, a single well-known MAC address is allocated
the group, as well as an IP address. The IP address SHOULD belong
the primary subnet in use on the LAN, but MUST differ from
addresses allocated as interface addresses on all routers and
on the LAN, including virtual IP addresses assigned to other
groups

If multiple groups are used on a single LAN, load splitting can
achieved by distributing hosts among different standby groups

The remainder of this specification discusses the operation of
single standby group. In the case of multiple groups, each
operates independently of other groups on the LAN and according
this specification. Note that individual routers may participate
multiple groups. In this case, the router maintains separate
and timers for each group

2 Conditions of

US Patent number 5,473,599 [2], assigned to Cisco Systems, Inc.
be applicable to HSRP. If an implementation requires the use of
claims of patent no. 5,473,599, Cisco will license such claims
reasonable, nondiscriminatory terms for use in practicing
standard. More specifically, such license will be available for
one-time, paid up fee

Li, et. al. Informational [Page 3]

RFC 2281 Cisco HSRP March 1998

3

This document describes the packets, messages, states, and
used to implement the protocol. It does not discuss
management or internal implementation issues

3.1

The language conventions of RFC 2119 [3] are used in this document

4

Active Router - the router that is currently forwarding
for the virtual

Standby Router - the primary backup

Standby Group - the set of routers participating in HSRP
jointly emulate a virtual

Hello Time - the interval between successive HSRP
messages from a given

Hold Time - the interval between the receipt of a
message and the presumption that the
router has

5

Within a standby group, the routers periodically advertise
information using various messages

5.1 Packet

The standby protocol runs on top of UDP, and uses port number 1985.
Packets are sent to multicast address 224.0.0.2 with TTL 1.

Routers use their actual IP address as the source address
protocol packets, not the virtual IP address. This is necessary
that the HSRP routers can identify each other

The format of the data portion of the UDP datagram is

Li, et. al. Informational [Page 4]

RFC 2281 Cisco HSRP March 1998

1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | Op Code | State | Hellotime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Holdtime | Priority | Group | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication Data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication Data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Virtual IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Version: 1

The version of the HSRP messages. This document describes
0.

Op Code: 1

The Op Code describes the type of message contained in
packet. Possible values are

0 -
1 -
2 -

Hello messages are sent to indicate that a router is running
is capable of becoming the active or standby router

Coup messages are sent when a router wishes to become the
router

Resign messages are sent when a router no longer wishes to be
active router

State: 1

Internally, each router in the standby group implements a
machine. The State field describes the current state of
router sending the message. Details on the individual states
described below. Possible values are

Li, et. al. Informational [Page 5]

RFC 2281 Cisco HSRP March 1998

0 -
1 -
2 -
4 -
8 -
16 -

Hellotime: 1

This field is only meaningful in Hello messages. It contains
approximate period between the Hello messages that the
sends. The time is given in seconds

If the Hellotime is not configured on a router, then it MAY
learned from the Hello message from the active router.
Hellotime SHOULD only be learned if no Hellotime is configured
the Hello message is authenticated. A router that sends a
message MUST insert the Hellotime that it is using in
Hellotime field in the Hello message. If the Hellotime is
learned from a Hello message from the active router and it is
manually configured, a default value of 3 seconds is RECOMMENDED

Holdtime: 1

This field is only meaningful in Hello messages. It contains
amount of time that the current Hello message should be
valid. The time is given in seconds

If a router sends a Hello message, then receivers should
that Hello message to be valid for one Holdtime. The
SHOULD be at least three times the value of the Hellotime and
be greater than the Hellotime. If the Holdtime is not
on a router, then it MAY be learned from the Hello message
the active router. The Holdtime SHOULD only be learned if
Hello message is authenticated. A router that sends a
message MUST insert the Holdtime that it is using in the
field in the Hello message

A router which is in active state MUST NOT learn new values
the Hellotime and the Holdtime from other routers, although it
continue to use values which it learned from the previous
router. It MAY also use the Hellotime and Holdtime values
through manual configuration. The active router MUST NOT use
configured time and one learned time. If the Holdtime is
learned and it is not manually configured, a default value of 10
seconds is RECOMMENDED

Li, et. al. Informational [Page 6]

RFC 2281 Cisco HSRP March 1998

Priority: 1

This field is used to elect the active and standby routers.
comparing priorities of two different routers, the router with
numerically higher priority wins. In the case of routers
equal priority the router with the higher IP address wins

Group: 1

This field identifies the standby group. For Token Ring,
between 0 and 2 inclusive are valid. For other media
between 0 and 255 inclusive are valid

Authentication Data: 8

This field contains a clear-text 8 character reused password

If no authentication data is configured, the RECOMMENDED
value is 0x63 0x69 0x73 0x63 0x6F 0x00 0x00 0x00.

Virtual IP Address: 4

The virtual IP address used by this group

If the virtual IP address is not configured on a router, then
MAY be learned from the Hello message from the active router.
address SHOULD only be learned if no address was configured
the Hello message is authenticated

5.2 Operational

The following information MUST be known to each router in the
group. The mechanisms used to determine this information are
of the scope of this document

Standby group

Virtual MAC

Authentication

Li, et. al. Informational [Page 7]

RFC 2281 Cisco HSRP March 1998

The following information MUST be known to at least one router
each standby group and MAY be known by any of the other routers
the group

Virtual IP

The following information MAY be configured on any router

Preemption

If a router has higher priority than the active router
preemption is configured, it MAY take over as the active
using a Coup message

5.3

Each router in the group participates in the protocol by
a simple state machine. This specification describes the
visible behavior of this state machine. Implementations MAY
their internal implementations within the functional description
the state machine

All routers begin in the Initial state. This section discusses
intent of each state. For specific details on the actions taken
each state, please see the state transition table in section 5.7.

1.

This is the starting state and indicates that HSRP is not running
This state is entered via a configuration change or when
interface first comes up

2.

The router has not determined the virtual IP address, and not
seen an authenticated Hello message from the active router.
this state the router is still waiting to hear from the
router

3.

The router knows the virtual IP address, but is neither the
router nor the standby router. It listens for Hello messages
those routers

Li, et. al. Informational [Page 8]

RFC 2281 Cisco HSRP March 1998

4.

The router sends periodic Hello messages and is
participating in the election of the active and/or standby router
A router cannot enter Speak state unless it has the virtual
address

5.

The router is a candidate to become the next active router
sends periodic Hello messages. Excluding transient conditions
there MUST be at most one router in the group in Standby state

6.

The router is currently forwarding packets that are sent to
group's virtual MAC address. The router sends periodic
messages. Excluding transient conditions, there MUST be at
one router in Active state in the group

5.4

Each router maintains three timers, an Active timer, a Standby timer
and a Hello timer

The Active timer is used to monitor the active router. The
timer is started anytime an authenticated Hello message is seen
the active router. It is set to expire in the Holdtime seen in
Hello message

The Standby timer is used to monitor the standby router The
timer is started anytime an authenticated Hello message is seen
the standby router. It is set to expire in the Holdtime seen in
Hello message

The Hello timer expires once per Hellotime period. If the router
in Speak, Standby, or Active states, it should generate a
message upon Hello timer expiry. The Hello timer MUST be jittered

5.5

These are the events in the HSRP finite state machine

a - HSRP is configured on an enabled interface

b - HSRP is disabled on an interface or the interface is disabled

Li, et. al. Informational [Page 9]

RFC 2281 Cisco HSRP March 1998

c - Active timer expiry. The Active timer was set to the
when the last Hello message was seen from the active router

d - Standby timer expiry. The Standby timer was set to
Holdtime when the last Hello message was seen from the
router

e - Hello timer expiry. The periodic timer for sending
messages has expired

f - Receipt of a Hello message of higher priority from a router
Speak state

g - Receipt of a Hello message of higher priority from the
router

h - Receipt of a Hello message of lower priority from the
router

i - Receipt of a Resign message from the active router

j - Receipt of a Coup message from a higher priority router

k - Receipt of a Hello message of higher priority from the
router

l - Receipt of a Hello message of lower priority from the
router

5.6

This section specifies the actions to be taken as part of the
machine

A Start Active
If this action occurred as the result of the receipt of a
authenticated Hello message from the active router, the
timer is set to the Holdtime field in the Hello message
Otherwise the Active timer is set to the current Holdtime
in use by this router. The Active timer is then started

B Start Standby
If this action occurred as the result of the receipt of
authenticated Hello message from the standby router,
Standby timer is set to the Holdtime field in the
message. Otherwise the Standby timer is set to the
hold time value in use by this router. The Standby timer
then started

Li, et. al. Informational [Page 10]

RFC 2281 Cisco HSRP March 1998

C Stop Active
The Active timer is stopped

D Stop Standby
The Standby timer is stopped

E Learn
This action is taken when an authenticated message is
from the active router. If the virtual IP address for
group was not manually configured, the virtual IP address
be learned from the message. The router MAY learn
and Holdtime values from the message

F Send Hello
The router sends a Hello message with its current State
Hellotime and Holdtime

G Send Coup
The router sends a Coup message to inform the active
that there is a higher priority router available

H Send Resign
The router sends a Resign message to allow another router
become the active router

I Send Gratuitous ARP
The router broadcasts an ARP response packet advertising
group's virtual IP address and virtual MAC address. The
is sent using the virtual MAC address as the source MAC
in the link layer header, as well as within the ARP packet

5.7 State

This table describes the state transitions of the state machine.
each event and current state of the router, the router MUST
the set of actions specified and transition to the designated state
If no action is specified, no action should be taken. If no
change is specified, no state change should be performed

The notation used in this table has the specified set of
listed as letters corresponding to the actions listed in section 5.6.
The next state is listed as a number as specified in section 5.3.
slash ('/') separates the actions and states. Certain
transitions have alternatives which depend on external state
Alternatives are separated by a '|'. See the attached notes
details on these transitions

Li, et. al. Informational [Page 11]

RFC 2281 Cisco HSRP March 1998

+-----+----------+----------+----------+----------+----------+----------+
| | 1 | 2 | 3 | 4 | 5 | 6 |
| | Initial | Learn | Listen | Speak | Standby | Active |
+-----+----------+----------+----------+----------+----------+----------+
|Event| |
+-----+----------+----------+----------+----------+----------+----------+
| a | AB/2|3+ | | | | | |
+-----+----------+----------+----------+----------+----------+----------+
| b | | CD/1 | CD/1 | CD/1 | CD/1 | CDH/1 |
+-----+----------+----------+----------+----------+----------+----------+
| c | | | AB/4 | | CDFI/6 | |
+-----+----------+----------+----------+----------+----------+----------+
| d | | | B/4 | D/5 | | |
+-----+----------+----------+----------+----------+----------+----------+
| e | | | | F | F | F |
+-----+----------+----------+----------+----------+----------+----------+
| f | | | | B/3 | B/3 | |
+-----+----------+----------+----------+----------+----------+----------+
| g | | EAB/3 | EA | EA | EA | AB/4 |
+-----+----------+----------+----------+----------+----------+----------+
| h | | EAB/3 | A|BGFI/6*| A|BGFI/6*| A|BGFI/6*| G |
+-----+----------+----------+----------+----------+----------+----------+
| i | | | AB/4 | A | CFI/6 | |
+-----+----------+----------+----------+----------+----------+----------+
| j | | | | | | ABH/4 |
+-----+----------+----------+----------+----------+----------+----------+
| k | | | B | B/3 | B/3 | B |
+-----+----------+----------+----------+----------+----------+----------+
| l | | | B/4 | D/5 | | B |
+-----+----------+----------+----------+----------+----------+----------+

+ If the virtual IP address is configured, set state 3 (Listen)
the virtual IP address is not configured, set state 2 (Learn).
either case do actions A and B

* If the router is configured to preempt do actions B, G, F, and
and set state to 6 (Active). If the router is not configured
preempt do actions A with no state change

Li, et. al. Informational [Page 12]

RFC 2281 Cisco HSRP March 1998

6 MAC Address

6.1

Each HSRP group has an associated well known virtual MAC address.
token ring networks, these addresses are actually
addresses. The three addresses 0xC0 0x00 0x00 0x01 0x00 0x00, 0xC
0x00 0x00 0x02 0x00 0x00, and 0xC0 0x00 0x00 0x04 0x00 0x00
correspond to groups 0, 1, and 2 respectively

On other media, the virtual MAC addresses are 0x00 0x00 0x0C 0x07
0xAC XX where XX represents the HSRP group number. Routers
implement HSRP SHOULD use well-known HSRP MAC addresses as
group's virtual MAC address whenever possible

The active router MUST accept and forward traffic that is
for the group's virtual MAC address. It MUST stop accepting
forwarding such traffic when the router leaves the Active state

If and only if the router is in the Active state, the router MUST
the group's virtual MAC address as the source MAC address for
Hello messages. This is necessary in order to allow learning
to be able to determine which LAN segment the virtual MAC
currently belongs to

For each group, there is one virtual IP address and one virtual
address. This is a desirable situation, since the ARP table
in the end stations do not need to change over time as the
active router moves from one router to another

Additionally, for HSRP to work in bridging environments, the
must be able to quickly update themselves as the virtual MAC
"moves". Although learning bridges typically are able to do this
some have been known to have problems with this. It is
that only true learning bridges be used with HSRP

The movement of the virtual MAC address can cause further
side effects in environments where additional state is tied to
MAC address. For example on Token Ring, if Source Route Bridging
in use, a RIF will be stored with the virtual MAC address in a host'
RIF cache. The RIF indicates the path and final ring used to
the MAC address. As routers transition into Active state, they
not be able to affect the RIF caches on the hosts on the
ring. This may lead to packets being bridged to the ring for
previous active router

Li, et. al. Informational [Page 13]

RFC 2281 Cisco HSRP March 1998

In such circumstances, a router MAY use its normal MAC addresses
the virtual MAC address. This method of operation is
discouraged. In this mode, the virtual IP address will map to
different MAC address over time. This can create problems for
stations, since ARP tables assume a relatively static mapping
MAC address and IP address. These ARP tables are normally
when the end stations receive the gratuitous ARP responses
by a router that enters the active state

6.2 Address

As noted, routers currently emulating a virtual router adopt
group's MAC and IP addresses. MAC addresses are typically
in an address filter or 'list' of MAC addresses in a router'
interface controller. It is desirable for routers to be able to
one or more virtual MAC addresses to their controllers' MAC
filter while maintaining their primary MAC addresses

Unfortunately, some interface controllers support address
for only one unicast MAC address. Or, in the case of Token Ring,
functional address which HSRP should use is already in use for
other protocol. In these cases, such routers can still
HSRP, but the protocol must change the interface's primary
address when assuming or relinquishing control as the active router

This is potentially problematic because some traffic may
wish to use the router's primary MAC address. However, the
MAY be mitigated by having the router send out gratuitous ARP
regarding its non-HSRP IP addresses. Through this, other
entities using IP should update their ARP tables to reflect that
router is now using a group virtual MAC address rather than
primary MAC address

Some protocols may not be able to run simultaneously with the
protocol due to the interface primary MAC address change.
example, DECnet phase IV and HSRP will not be able to run at the
time on some equipment

6.3 ICMP

While running HSRP, it is important to prevent the host
discovering the primary MAC addresses of the routers in its
group. Thus, any protocol that informs a host of a router's
address should be disabled. Thus, routers participating in HSRP
an interface MUST NOT send ICMP redirects on that interface

Li, et. al. Informational [Page 14]

RFC 2281 Cisco HSRP March 1998

6.4 Proxy

Typically, hosts learn the HSRP virtual IP address through
configuration of their default router. These hosts then send
for destinations outside of the LAN to the virtual IP address.
some environments, hosts may instead make use of proxy ARP in
to route off of the LAN. In this case, the hosts use the MAC
that is supplied in proxy ARP responses. HSRP functionality
maintained if the proxy ARP responses specify the HSRP virtual
address

If an HSRP router is configured to support proxy ARP with HSRP,
the router MUST specify the HSRP virtual MAC address in any proxy
responses it generates. These proxy ARP responses MUST not
suppressed based upon HSRP state. Suppression based upon state
result in lack of any proxy ARP response being generated, since
proxy ARP responses may be suppressed due to other reasons, such
split-horizon rules

7. Security

This protocol does not provide security. The authentication
found within the message is useful for preventing misconfiguration
The protocol is easily subverted by an active intruder on the LAN
This can result in a packet black hole and a denial-of-
attack. It is difficult to subvert the protocol from outside the
as most routers will not forward packets addressed to the all-
multicast address (224.0.0.2).

8.

[1] Deering, S., "ICMP Router Discovery Messages", RFC 1256,
September 1991.

[2] United States Patent. Patent Number : 5,473,599. Standby
Protocol. Date of Patent: Dec. 5, 1995.

[3] Bradner, S., "Key words for use in RFCs to Indicate
Levels", BCP 14, RFC 2119, March 1997.

Li, et. al. Informational [Page 15]

RFC 2281 Cisco HSRP March 1998

9. Authors'

Tony
Juniper Networks, Inc
3260 Jay St
Santa Clara, CA 95054

Phone: (408) 327-1900
EMail: tli@juniper.

Bruce
Juniper Networks, Inc
3260 Jay St
Santa Clara, CA 95054

Phone: (408) 327-1900
EMail: cole@juniper.

Phil
Cisco
170 Tasman Dr
San Jose, CA 95143

Phone: (408) 526-7632
EMail: pmorton@cisco.

Dawn
Cisco
170 Tasman Dr
San Jose, CA 95143

Phone: (408) 527-2014
EMail: dawnli@cisco.

Li, et. al. Informational [Page 16]

RFC 2281 Cisco HSRP March 1998

10. Full Copyright

Copyright (C) The Internet Society (1998). All Rights Reserved

This document and translations of it may be copied and furnished
others, and derivative works that comment on or otherwise explain
or assist in its implementation may be prepared, copied,
and distributed, in whole or in part, without restriction of
kind, provided that the above copyright notice and this paragraph
included on all such copies and derivative works. However,
document itself may not be modified in any way, such as by
the copyright notice or references to the Internet Society or
Internet organizations, except as needed for the purpose
developing Internet standards in which case the procedures
copyrights defined in the Internet Standards process must
followed, or as required to translate it into languages other
English

The limited permissions granted above are perpetual and will not
revoked by the Internet Society or its successors or assigns

This document and the information contained herein is provided on
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE

Li, et. al. Informational [Page 17]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX