Packet-Pick-Apart for HSRP
Pre-requisites: HSRP basics
Required link: HSRP and ARP packet capture
When looking at its packets, HSRP is a relatively straight forward protocol. Each router announces its priority and come to an agreement on the active and standby routers. Every second each router sends a Hello UDP packet which declares its state. Notice the active router (192.168.10.2) sends state code 16 (active) while the standby router (192.168.10.3) sends state code 8 (standby). Alongside the state code is also each router’s priority. As long as the standby router’s priority is lower than the active router’s priority, the pattern goes on until a change occurs.
You will notice there are periodic advertisements sent out by the passive (standby) router. These announcements enable HSRP routers on the network to determine the HSRP state without being a member. These advertisements are also sent when a router is entering or leaving the passive state. Keep this in mind for later.
Pay attention to packet 13. The active router sends out a Hello packet with a priority of 75 instead of 100. When the standby router recognizes it has the highest priority, HSRP goes into action. First the standby router sends an advertise packet announcing it has an active interface (packet 14). Packet 15 then shows a Coup packet. Coup packets are sent when a standby router wants to become the active router. It sends its current state as well as the priority. Another advertisement packet is sent followed by a normal Hello packet, assuming it is the active router.
All this communication has happened between HSRP enables routers, blissfully ignored by downstream routers and hosts. At packet 17, no other devices are aware the HSRP active router has changed. However, the ARP tables and Spanning Tree topologies need to be updated with the path to the new active router. As far as the other devices on the network are concerned, the router was unplugged from one port and plugged into another port. The active router’s HSRP virtual MAC address (in this case 00:00:0c:07:ac:01) is broadcast in packet 18.
Packet 30, 31, and 32 show the HSRP topology stabilizing. The standby router goes through its Speak phase. Each time a Speak packet is sent the active router replies with a Hello packet preventing the Speaking router from becoming active. ARP packets are broadcast after 2 and 4 seconds. After the router goes from Speak to Standby, the topology is stable.
Packet 43 starts the process of the first router becoming active again because its tracked interface was plugged in bringing its priority back to 100. This is allowed to happen since the routers are configured with
preempt, but it is not reflected in packet contents.