High availability techniques (redundancy, FHRP, SSO)

1.1 Explain the different design principles used in an enterprise network

📘CCNP security (350-701)

High availability (HA) in enterprise networks ensures that services, applications, and network devices stay up and running, even if part of the system fails. The goal is to minimize downtime and avoid service interruptions.

1. Redundancy

Definition:
Redundancy means having backup components in your network so that if one device or link fails, another takes over automatically.

Why it matters:
In an enterprise network, downtime can mean lost productivity, missed transactions, or security risks. Redundancy ensures the network keeps working.

Key types of redundancy in networks:

  1. Device redundancy
    • Example: Two core switches instead of one. If the primary switch fails, the secondary switch automatically takes over.
    • This is often done with pairing protocols like HSRP, VRRP, or GLBP (we’ll cover them next).
  2. Link redundancy
    • Having multiple physical links between switches or routers.
    • If one link goes down, traffic automatically reroutes through another path.
    • Protocols used:
      • EtherChannel (combines multiple physical links into one logical link)
      • Spanning Tree Protocol (STP) (prevents loops and activates backup links when needed)
  3. Power and hardware redundancy
    • Devices may have dual power supplies or hot-swappable modules.
    • If one power supply fails, the device keeps running using the backup.

Exam tip:
Understand that redundancy is all about eliminating single points of failure.

2. FHRP (First Hop Redundancy Protocols)

Definition:
FHRP is used to ensure that end devices always have a working default gateway even if a router fails. Without FHRP, if a router goes down, devices may lose connectivity outside their local network.

Common FHRPs:

ProtocolMain FeatureExample Use
HSRP (Hot Standby Router Protocol)One active router, one standby router. Only the active router forwards traffic.Enterprise LAN with critical routers.
VRRP (Virtual Router Redundancy Protocol)Similar to HSRP, but uses a “master” router concept.Works across multi-vendor devices.
GLBP (Gateway Load Balancing Protocol)Provides both redundancy and load balancing between multiple routers.When traffic needs to be distributed evenly across routers.

How it works (simple IT example):

  • Routers share a virtual IP address that acts as the default gateway.
  • If the router currently handling traffic fails, another router takes over the virtual IP automatically.
  • This switch happens without manual intervention.

Exam tip:

  • Know the differences between HSRP, VRRP, and GLBP.
  • Remember that FHRP only protects the default gateway (the first hop).

3. SSO (Stateful Switchover)

Definition:
SSO is a high availability feature for devices (mainly routers, firewalls, or switches) that allows a backup unit to take over immediately if the primary unit fails without dropping existing sessions.

Key points:

  1. Active/Standby Redundancy:
    • Devices operate in pairs: one active, one standby.
    • The standby device mirrors the active device in real time.
  2. Stateful Failover:
    • Not just connectivity; existing connections (like VPN sessions, firewall connections, or TCP sessions) remain active.
    • Users don’t notice the failover.
  3. Example in IT environment:
    • A firewall cluster with SSO ensures that active VPN connections continue uninterrupted even if the primary firewall fails.

Exam tip:

  • SSO is often mentioned in firewall and router HA questions.
  • Remember the difference:
    • Redundancy/FHRP protects connectivity (network level)
    • SSO protects both connectivity and session information (device level)

Putting It All Together

Here’s how these high availability techniques work together in a real IT setup:

  1. Redundancy: Multiple switches, routers, and links prevent single points of failure.
  2. FHRP: Ensures devices always have a working default gateway.
  3. SSO: Ensures devices themselves can fail over without disrupting user sessions.

Key idea: High availability is layered:

  • Network level → redundancy + FHRP
  • Device level → SSO

By implementing these techniques, enterprises can achieve continuous network uptime and reliable service delivery.

Exam Checklist for CCNP Security 350-701

  • Understand what redundancy is and why it’s important.
  • Know the different types of redundancy (device, link, power).
  • Know the FHRP protocols: HSRP, VRRP, GLBP.
  • Understand how FHRP ensures gateway availability.
  • Know what SSO is and how it keeps sessions alive during failover.
  • Be able to differentiate between redundancy, FHRP, and SSO in scenarios.
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by