First Hop Redundancy Protocols
There exists a class of redundancy protocols known as FHRPs (First Hop Redundancy Protocols) that include VRRP (Virtual Router Redundancy Protocol), HSRP (Hot Standby Router Protocol), and GLBP (Gateway Load Balancing Protocol). These protocols protect against a single point of failure for the default gateway and may also provide load balancing if multiple uplinks are available at first-hop routers.
Both HSRP and VRRP enable two or more routers on a LAN to work together in a group, sharing a single group IP address. The group IP address is configured as the default gateway in each host. In an HSRP or VRRP group, one router is elected to handle all requests sent to the group IP address. It is called the active router with HSRP and the master router with VRRP. There is at least one standby router with HSRP and similarly at least one backup router with VRRP.
GLPB goes a step beyond VRRP and HSRP by providing load balancing in addition to redundancy. We will cover these three protocols in upcoming sections of the chapter.
Virtual Router Redundancy Protocol
VRRP (Virtual Router Redundancy Protocol) enables a group of routers on a LAN segment to form a single virtual router that is also known as a VRRP group. The virtual router is made up of a single router acting as virtual router master and multiple routers acting as virtual router backup. The virtual IP address of the virtual router is then configured on LAN clients as their default gateway.
VRRP Operation
VRRP router priority determines the role that each VRRP router plays. If the IP address of the physical interface on a VRRP router is configured as the virtual IP address, this router will function as the virtual router master. The same priority also determines the likelihood of a router becoming the virtual router master if the virtual router master fails. If there are multiple routers acting as virtual router backup, the one with the highest priority becomes the virtual router master if the original virtual router master fails. You can configure the priority of each virtual router backup with a value of 1 through 254 using vrrp priority command.
VRRP router preemption allows a virtual router backup with a higher priority that comes up to take over the virtual router backup that was elected to become the virtual router master. This preemption is enabled by default so you don’t have to configure anything to make preemption work. If preemption is disabled, the virtual router backup that is elected to become virtual router master remains the master until the original virtual router master comes back online and becomes master again. You may disable preemption by using the no vrrp preempt command interface configuration mode.
A virtual router master sends VRRP advertisements to other routers in the same VRRP group. The advertisements contain the priority and the state of the virtual router master. These advertisements are sent, every second by default, as multicasts to the standard multicast address 224.0.0.18 encapsulated in IPv4 packets.
VRRP Configuration
The figure below shows a basic topology in which VRRP is configured. In this example, routers R1, R2, and R3 are VRRP routers that together form a virtual router or VRRP group. The IP address of the virtual router is the same as that configured on the Ethernet interface of R1 (192.168.1.1).
Figure 14-1 VRRP Topology
Because the virtual router uses the IP address of the physical Ethernet interface of R1, R1 assumes the role of virtual router master. The virtual router master is also known as the IP address owner. There can be multiple virtual router backups, though in the figure above routers R2 and R3 are virtual router backups. If the virtual router master fails, the virtual router backup configured with the highest priority will become the virtual router master. As a result, client hosts on the LAN receive uninterrupted connectivity through their default gateway (192.168.1.1).
R1:
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#vrrp 10 ip 192.168.1.1
R1(config-if)#
*Mar 1 00:29:06.095: %VRRP-6-STATECHANGE: Fa0/0 Grp 10 state Init -> Master
R1(config-if)#end
R1#
R2:
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface FastEthernet0/0
R2(config-if)#ip address 192.168.1.2 255.255.255.0
R2(config-if)#vrrp 10 priority 110
R2(config-if)#vrrp 10 ip 192.168.1.1
R2(config-if)#end
R2#
*Mar 1 00:32:02.859: %VRRP-6-STATECHANGE: Fa0/0 Grp 10 state Init -> Backup
R2#
R3:
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface FastEthernet0/0
R3(config-if)#ip address 192.168.1.3 255.255.255.0
R3(config-if)#vrrp 10 priority 100
R3(config-if)#vrrp 10 ip 192.168.1.1
R3(config-if)#end
R3#
*Mar 1 00:33:54.715: %VRRP-6-STATECHANGE: Fa0/0 Grp 10 state Init -> Backup[OK]
We can verify VRRP configuration using the show vrrp command.
R1#show vrrp
FastEthernet0/0 – Group 10
State is Master
Virtual IP address is 192.168.1.1
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 255
Master Router is 192.168.1.1 (local), priority is 255
Master Advertisement interval is 1.000 sec
Master Down interval is 3.003 sec
You can see from above output that the priority of R1 is 255 and it is the master. As a matter of fact, we never explicitly changed the priority on R1 from the default of 100. The highest priority (255) assignment to R1 is a consequence of using the physical IP address of R1 as the virtual group IP address.
The output of show vrrp on R2 below shows that it is a virtual router backup having priority 110.
R2#show vrrp
FastEthernet0/0 – Group 10
State is Backup
Virtual IP address is 192.168.1.1
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 110
Master Router is 192.168.1.1, priority is 255
Master Advertisement interval is 1.000 sec
Master Down interval is 3.570 sec (expires in 2.806 sec)
The below output of show vrrp on R3 indicates that it is also a backup with a priority of 100. The default VRRP priority is also 100 though and we configured it manually just for the sake of demonstration.
R3#show vrrp
FastEthernet0/0 – Group 10
State is Backup
Virtual IP address is 192.168.1.1
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 192.168.1.1, priority is 255
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.633 sec)
If the router R1 becomes unavailable, the backup with higher priority, that is R2, should assume the role of master. Let’s simulate the failure of R1 by manually shutting down its FastEthernet0/0.
R1(config)#interface FastEthernet0/0
R1(config-if)#shutdown
R1(config-if)#end
The result of this would be R2 becoming the master while R3 staying as backup, as indicated by the output of show vrrp command on R2 and R3.
R2#show vrrp
FastEthernet0/0 – Group 10
State is Master
Virtual IP address is 192.168.1.1
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 110
Master Router is 192.168.1.2 (local), priority is 110
Master Advertisement interval is 1.000 sec
Master Down interval is 3.570 sec
R3#show vrrp
FastEthernet0/0 – Group 10
State is Backup
Virtual IP address is 192.168.1.1
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 192.168.1.2, priority is 110
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.165 sec)
Hot Standby Router Protocol
HSRP (Hot Standby Router Protocol) is a Cisco proprietary FHRP (first-hop redundancy protocol) that is available in two versions. The newer version 2 improves upon version 1 and is now the preferred choice. These two versions of HSRP are not compatible with each other.
HSRP Operation
Two or more routers on a LAN segment form an HSRP group also known as standby group. One router in the group assumes the role of the active router and handles all requests from clients. The other router or routers become standby and take over if the active router fails. The multicast address 224.0.0.102 is used to send HSRP version 2 hello messages. These messages communicate HSRP parameters to other members of the group and also serve as a keep alive.
The problem with HSRP really is that only one router is active at one time. The other routers in the standby group are just sitting there watching the show, until the active router fails. This scheme of things is not very efficient as if you have redundant uplinks connected to the standby routers, all the additional bandwidth provided by these uplinks will not be used.
HSRP Configuration
The figure below shows a basic HSRP topology with two routers forming an HSRP or standby group. The router R1 is configured with a priority 110 that is higher than the default priority 100. The router R2 is configured with the default priority 100. The Ethernet interfaces of R1 and R2 are configured with IP addressed 192.168.1.1 and 192.168.1.2, respectively. The IP address assigned to the HSRP group 10 is 192.168.1.10 that is configured on both group members using the standby ip command.
Figure 14-2 HSRP Topology
R1:
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#standby version 2
R1(config-if)#standby 10 preempt
R1(config-if)#standby 10 priority 110
R1(config-if)#standby 10 ip 192.168.1.10
R1(config-if)#end
R1#
R2:
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface FastEthernet0/0
R2(config-if)#ip address 192.168.1.2 255.255.255.0
R2(config-if)#standby version 2
R2(config-if)#standby 10 preempt
R2(config-if)#standby 10 priority 100
R2(config-if)#standby 10 ip 192.168.1.10
R2(config-if)#end
R2#
It is time for verification using the show standby command. You can see from the output for R1 below that it is the active router.
R1#show standby
FastEthernet0/0 – Group 10 (version 2)
State is Active
5 state changes, last state change 00:08:23
Virtual IP address is 192.168.1.10
Active virtual MAC address is 0000.0c9f.f00a
Local virtual MAC address is 0000.0c9f.f00a (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.948 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.2, priority 100 (expires in 9.412 sec)
Priority 110 (configured 110)
Group name is “hsrp-Fa0/0-10” (default)
The output of show standby command on R2 below indicates that it is the standby router.
R2#show standby
FastEthernet0/0 – Group 10 (version 2)
State is Standby
7 state changes, last state change 00:00:12
Virtual IP address is 192.168.1.10
Active virtual MAC address is 0000.0c9f.f00a
Local virtual MAC address is 0000.0c9f.f00a (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.756 secs
Preemption enabled
Active router is 192.168.1.1, priority 110 (expires in 8.760 sec)
MAC address is c200.09ac.0000
Standby router is local
Priority 100 (default 100)
Group name is “hsrp-Fa0/0-10” (default)
Gateway Load Balancing Protocol
GLBP (Gateway Load Balancing Protocol) prevents a single point of failure, like HSRP and VRRP, but also allows load-sharing among a group of redundant routers. Multiple first-hop routers on the LAN form a group to offer a single virtual router, also sharing the IP packet forwarding load.
HSRP and VRRP also allow multiple routers to form a virtual router group with a virtual IP address. But only one member of the group is elected as the active router that forwards packets sent to the virtual IP address for the group. The other routers in the group stay idle until the active router fails. In other words, the bandwidth of standby routers is not utilized and goes waste. Although it is possible to configure multiple virtual router groups to achieve load balancing in case of HSRP and VRRP, but it requires configuring different default gateways on different hosts, which is an extra administrative burden.
The advantage of GLBP is that it provides load balancing in addition to redundancy without requiring configuration of different default gateways on different clients.
GLBP Operation
The routers participating in GLBS communicate with each other through hello messages sent every 3 seconds to the multicast address 224.0.0.102, UDP port 3222 (both source and destination). GLBP supports up to 1024 GLBP groups on each physical interface, and up to four active virtual forwarders per group.
Routers participating in GLBP form a group and elect one router as the AVG (active virtual gateway) for that group. Other members of the group provide backup for the AVG if it goes down. The AVG controls all members of the group by assigning a virtual MAC address to each member. Each router takes responsibility of forwarding packets sent to the virtual MAC address assigned to it by the AVG. These routers are each called AVF (active virtual forwarder) for their virtual MAC address. The AVG also responds to ARP (Address Resolution Protocol) requests for the virtual IP address. This is the key to GLBP operation as load balancing is actually achieved by the AVG replying to ARP requests from different hosts with different virtual MAC addresses.
When a client sends an ARP message for the IP address of its default gateway, the AVG responds with the virtual MAC address of one of the AVFs. When another client sends an ARP message for default gateway address resolution, the AVG returns the virtual MAC address of the next AVF. So each client gets a different virtual MAC address for the same virtual IP address of the default gateway. As a result, each client will send its traffic to separate routers despite the fact that they are configured with the same default gateway.
GLBP Configuration
The figure below shows a basic GLBP topology with R1 and R2 forming a GLBP group. The router R1 is the AVG for the GLBP group and is responsible for the virtual IP address 192.168.1.10. Router R1 is also the AVF for the virtual MAC address 0007.b400.0a01. Router R2 is a member of the same GLBP group and is the designated AVF for the virtual MAC address 0007.b400.0a02. Client 1 has a default gateway of 192.168.1.10 and a gateway MAC address of 0007.b400.0a01. Client 2 has the same default gateway 192.168.1.10 but receives the gateway MAC address 0007.b400.0a02 because router R2 is sharing the traffic load with R1.
Figure 14-3 GLBP Topology
R1:
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#glbp 10 ip 192.168.1.10
R1(config-if)#end
R1#
R2:
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface FastEthernet0/0
R2(config-if)#ip address 192.168.1.2 255.255.255.0
R2(config-if)#glbp 10 ip
R2(config-if)#end
R2#
You may verify GLBP configuration and find out which role each router is playing using the show glbp command.
R1#show glbp
FastEthernet0/0 – Group 10
State is Active
2 state changes, last state change 00:07:32
Virtual IP address is 192.168.1.10
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.488 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Preemption disabled
Active is local
Standby is 192.168.1.2, priority 100 (expires in 9.888 sec)
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
c200.140c.0000 (192.168.1.1) local
c201.140c.0000 (192.168.1.2)
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:07:22
MAC address is 0007.b400.0a01 (default)
Owner ID is c200.140c.0000
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Forwarder 2
State is Listen
2 state changes, last state change 00:00:10
MAC address is 0007.b400.0a02 (learnt)
Owner ID is c201.140c.0000
Redirection enabled, 598.188 sec remaining (maximum 600 sec)
Time to live: 14398.188 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.1.2 (primary), weighting 100 (expires in 8.188 sec)
Similarly, you can use the show glbp command on R2.
R2#show glbp
FastEthernet0/0 – Group 10
State is Standby
1 state change, last state change 00:05:21
Virtual IP address is 192.168.1.10 (learnt)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.740 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Preemption disabled
Active is 192.168.1.1, priority 100 (expires in 7.468 sec)
Standby is local
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
c200.140c.0000 (192.168.1.1)
c201.140c.0000 (192.168.1.2) local
There are 2 forwarders (1 active)
Forwarder 1
State is Listen
MAC address is 0007.b400.0a01 (learnt)
Owner ID is c200.140c.0000
Time to live: 14397.456 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.1.1 (primary), weighting 100 (expires in 8.888 sec)
Forwarder 2
State is Active
1 state change, last state change 00:05:07
MAC address is 0007.b400.0a02 (default)
Owner ID is c201.140c.0000
Preemption enabled, min delay 30 sec
Active is local, weighting 100
The table below rounds off our coverage of first-hop redundancy protocols in this chapter by presenting a comparison of VRRP, HSRP, and GLBP.
Table 14-1 Comparison of VRRP, HSRP, and GLBP
| Feature | VRRP | HSRP | GLBP |
| Router Role | 1 master1 (or more) backup | 1 active1 standby 1 or more listening |
1 AVG2 (or more) AVF |
| IP Address | Real | Virtual | Virtual |
| Election | 1 – highest priority2 – highest IP (tiebreaker) | 1 – highest priority2 – highest IP (tiebreaker) | 1 – highest priority2 – highest IP (tiebreaker) |
| Load Balancing | No | No | Yes |
| Cisco proprietary | No (IEEE standard) | Yes | Yes |
Posts
0 comments:
Post a Comment