CISCO ITU ESPOL

Implementing High Availability

Options in MLS with HSRP
MSIG MSIA
CISCO ITU ESPOL
2
Implementing High Availability
To achieve high network availability, the following network
components are required:
Reliable, fault-tolerant network devices Hardware and
software reliability to automatically identify and overcome
failures.
Device and link redundancy Entire devices may be
redundant or modules within devices may be redundant.
Links may also be redundant.
Resilient network technologies Intelligence that ensures
fast recovery around any device or link failure.
Optimized network design Well-defined network
topologies and configurations designed to ensure that there
is no single point of failure.
Best practices Documented procedures for deploying
and maintaining a robust network infrastructure.
CISCO ITU ESPOL
3
High Availability: 6 Years and counting
CISCO ITU ESPOL
4
Single Forwarding Path vs Redundancy
CISCO ITU ESPOL
5
High Availability
Availability Downtime (24x7x365)
99.000%
99.500%
99.900%
99.950%
99.990%
99.999%
99.9999%
3 Dias
1 Dias
53 Minutos
5 Minutos
30 Segundos
15 Horas
19 Horas
8 Horas
4 Horas
36 Minutos
48 Minutos
46 Minutos
23 Minutos
CISCO ITU ESPOL
6
Implementing High Availability
The network devices that provide redundancy
do not need to be co-located in the same
physical location.
This reduces the probability that problems with the
physical environment, such as a power outage or
other environmental issue, will interrupt
service.
Paraphrasing Jim Warner, Network Engineer at
UCSC, When adding redundancy, know what you
are trying to protect yourself from. It doesnt help
to have redundant devices when there is a power
failure, or redundant links when the cables laid in
the same conduit.
CISCO ITU ESPOL
7
Redundancy can be used for load balancing
With appropriate resiliency features combined with careful
design and configuration, the traffic load between the
respective layers of the network topology (that is, Building
Access submodule to Building Distribution submodule) can be
shared between the primary and secondary forwarding paths.
Therefore, network-level redundancy can also provide
increased aggregate performance and capacity.
HSRP Load
Balancing
CISCO ITU ESPOL
8
Implementing Default Gateway Router
Redundancy in Multilayer Switched Networks
CISCO ITU ESPOL
9
Implementing Default Gateway Router
Redundancy in Multilayer Switched Networks
The availability of a default gateway router is a must for hosts in a
multilayer switched network.
There are several ways a LAN host can determine which router
should be the first hop to a particular remote destination.
The host can use a dynamic process or static configuration.
Examples of dynamic router discovery are as follows:
Proxy ARP The host uses Address Resolution Protocol (ARP) to
determine the next-hop MAC address for off-network destinations.
Local routers respond to the ARP request with their own MAC
address.
Routing protocol The host listens to dynamic routing protocol
updates (for example, Routing Information Protocol [RIP]) and forms
its own routing table.
ICMP Router Discovery Protocol (IRDP) client The host runs an
Internet Control Message Protocol (ICMP) router discovery client.
Static/DHCP Host is statically configured or uses DHCP.
CISCO ITU ESPOL
10
Proxy ARP
CISCO ITU ESPOL
11
Proxy ARP
To acquire the MAC address of the
failover router, the source end
station must either:
initiate another ARP request
wait for the ARP entry to be
flushed dynamically.
The ARP flush timer determines the
period of time in which the source
end station cannot communicate
with the destination even though the
routing protocol has converged.
Once the ARP flushes the entry due
to flush timer expiry, the host
recovers the default gateway MAC
address.
Nevertheless, Cisco does not
recommend the use of proxy
ARP, because it makes
troubleshooting very difficult.
In addition, proxy ARP does not
scale at all in medium-size to
large networks.
Router down, but Host ARP entry
is still Router A, packets continue
to get dropped.
Packets
Once ARP entry times out on
host, it will send another ARP
Request
Router B will send a Proxy ARP
Reply with its MAC address
Host now sends packets to
Router B for File Server A.
CISCO ITU ESPOL
12
IRDP ICMP Router Discovery Message Protocol
CISCO ITU ESPOL
13
A host that uses IRDP:
Listens for hello multicast messages
from the preferred default router.
The IRDP-based advertisements are
considered valid only for a predefined
lifetime value.
If a new advertisement is not seen during
that lifetime, the router address is
considered invalid and the host removes
the corresponding default route.
The IRDP protocol allows for varying
timing values.
A lifetime value is included in the
header of every IRDP advertisement.
A host uses the router address only for
the specified number of lifetime seconds
after the most recent advertisement.
IRDP ICMP Router Discovery Message Protocol
IRDP Advertisements
I will use Router A as my
default gateway.
CISCO ITU ESPOL
14
Static or DHCP
The most common method of
providing a host with a default
gateway address is:
Static configuration
DHCP
This approach simplifies end-
device configuration and
processing, but creates a
single point of failure.
If the default gateway fails, the
end device is limited to
communicating only on the local
IP network segment and is cut
off from the rest of the network.
CISCO ITU ESPOL
15
Redundancy Protocols
Cisco IOS offers several features to provide a
redundant default gateway to end devices.
The redundancy protocol provides the mechanism for
determining which router should take the active role in
forwarding traffic, and when that role must be taken over
by one of the other routers.
The transition from one forwarding router to another is
transparent to the end devices.
The following are the default gateway redundancy features
supported by Cisco IOS routers and switches:
Hot Standby Routing Protocol (HSRP)
Virtual Router Redundancy Protocol (VRRP)
Gateway Load Balancing Protocol (GLBP)
CISCO ITU ESPOL

Hot Standby Router
Protocol
HSRP
CISCO ITU ESPOL
17
HSRP (Hot Standby Routing Protocol)
HSRP, a Cisco proprietary
protocol, supplies a method
of providing nonstop path
redundancy for IP by
sharing protocol and MAC
addresses between
redundant gateways.
The protocol consists of a:
virtual MAC address
IP address
These are shared between
two routers, and a process
that monitors both LAN and
serial interfaces via a
multicast protocol.
CISCO ITU ESPOL
18
One standby router
The backup router in
case the active router
fails for the subnet.
In that case, the standby
router becomes the
active router and starts
forwarding traffic
destined to the virtual IP
address.
One virtual router
The virtual router is not
an actual router.
Rather, it is a concept of
the entire HSRP group
acting as one virtual
router as far as hosts on
the subnet are
concerned.
One active router
The active router
forwards traffic
destined to the virtual
IP address.
CISCO ITU ESPOL
19
The host connected to the switch sends the packet destined for the
virtual router, but in reality the active router does the packet
forwarding.
Note: Additional HSRP member routers Other routers are neither
active nor standby, but they are configured to participate in the same
HSRP group.
They monitor the current active and standby routers and transition
into one of those roles if the current router fails for the subnet.
172.16.10.110
0000.0c07.ac01
172.16.10.82
0010.f6b3.d000
172.16.10.169
0010.0b79.5800
My default
gateway is
172.16.10.110
ARP Table
172.16.10.110 = 0000.0c07.ac01
CISCO ITU ESPOL
20
The active router assumes and maintains its active role through the
transmission of hello messages (default 3 seconds).
The hello interval time defines the interval between successive HSRP hello
messages sent by active and standby routers.
The router with the highest standby priority in the group becomes the active
router.
The default priority for an HSRP router is 100; however, this option is
configurable on a per-standby-group basis.
When the preempt option is not configured, the first router to initialize
HSRP becomes the active router
172.16.10.110
0000.0c07.ac01
172.16.10.82
0010.f6b3.d000
172.16.10.169
0010.0b79.5800
My default
gateway is
172.16.10.110
ARP Table
172.16.10.110 = 0000.0c07.ac01
HSRP Hellos: Active
CISCO ITU ESPOL
21
The second router in the HSRP group to initialize or second highest priority is
elected as the standby router.
The function of the standby router is to monitor the operational status of the
HSRP group and to quickly assume packet-forwarding responsibility if the
active router becomes inoperable.
The standby router also transmits hello messages to inform all other routers
in the group of its standby router role and status.
172.16.10.110
0000.0c07.ac01
172.16.10.82
0010.f6b3.d000
172.16.10.169
0010.0b79.5800
My default
gateway is
172.16.10.110
ARP Table
172.16.10.110 = 0000.0c07.ac01
HSRP Hellos: Standby
CISCO ITU ESPOL
22
The virtual router presents a consistent available router (default gateway) to
the hosts.
The virtual router is assigned its own IP address and virtual MAC address;
however, the active router acting as the virtual router actually forwards the
packets.
Additional HSRP member routers: These routers in listen state monitor the
hello messages but do not respond.
Do forward any packets addressed to the routers' IP addresses.
Do not forward packets destined for the virtual router because they are not
the active router.
172.16.10.110
0000.0c07.ac01
172.16.10.82
0010.f6b3.d000
172.16.10.169
0010.0b79.5800
My default
gateway is
172.16.10.110
ARP Table
172.16.10.110 = 0000.0c07.ac01
I receive and
forward
packet sent
to the virtual
router.
CISCO ITU ESPOL
23
When the active router fails, the other HSRP routers stop receiving hello
messages and the standby router assumes the role of the active router.
This occurs when the holdtime expires (default 10 seconds).
Because the new active router assumes both the IP address and virtual
MAC address of the virtual router, the end stations see no disruption in
service.
The end-user stations continue to send packets to the virtual router's virtual
MAC address and IP address where the new active router delivers the packets
to the destination.
172.16.10.110
0000.0c07.ac01
172.16.10.82
0010.f6b3.d000
172.16.10.169
0010.0b79.5800
My default
gateway is
172.16.10.110
ARP Table
172.16.10.110 = 0000.0c07.ac01
HSRP Hellos: Active HSRP Hellos
I dont see Hellos
from Active (10
secs), so I will
receive and forward
packet sent to the
virtual router. New Active
Router
CISCO ITU ESPOL
24
HSRP States
Initial Initial
Listen Listen
Active Speak
Standby Listen
Speak Speak
Standby
Router A
Priority
100
Router B
Priority
50
HSRP Standby Group 1
Router B hears that
router A has a
higher priority, so
router B returns to
the listen state.
Router A does not
hear any higher
priority than itself,
so promotes itself
to standby.
Router A does not
hear an active
router, so promotes
itself to active.
All other routers
remain in this
state.
CISCO ITU ESPOL
25
HSRP States
Initial state All routers begin in the initial state. This state is entered via a
configuration change or when an interface is initiated.
Learn state The router has not determined the virtual IP address, and
has not yet seen a hello message from the active router. In this state, the
router is still waiting to hear from the active router.
Listen state The router knows the virtual IP address, but is neither the
active router nor the standby router. All other routers participating in the
HSRP group besides the active or standby routers reside in this state.
Speak state HSRP routers in the speak state send periodic hello
messages and actively participate in the election of the active or
standby router. The router remains in the speak state unless it becomes an
active or standby router.
Standby state In the standby state, the HSRP router is a candidate to
become the next active router and sends periodic hello messages. There
must be at least one standby router in the HSRP group.
Active state In the active state, the router is currently forwarding
packets that are sent to the virtual MAC and IP address of the HSRP group.
The active router also sends periodic hello messages.
Not all HSRP routers transition through all states. For example, a router that
is not the standby or active router does not enter the standby or active states.
CISCO ITU ESPOL
26
HSRP Group Identifier
Router A has a priority of 200
Router B has a default priority
of 100.
Router A assumes the active
router role and forwards all
frames addressed to the well-
known MAC address of
0000.0c07.acxx, where xx
is the HSRP group identifier.
CISCO ITU ESPOL
27
HSRP Group Identifier
If the HSRP group number of router A is 01, the MAC address that
corresponds to the virtual IP address is 0000.0c07.ac01.
If the HSRP group number of router A is 2f, the MAC address that
corresponds to the virtual IP address is 0000.0c07.ac2f.
The HSRP group number is the standby group number (47) converted
to hexadecimal (2f).
CISCO ITU ESPOL
28
Configuring HSRP
Router A
interface vlan 10
ip add 172.16.10.82 255.255.255.0
standby 1 priority 200
standby 1 ip 172.16.10.110
standby 1 preempt


Router B
interface vlan 10
ip add 172.16.10.169 255.255.255.0
standby 1 priority 100
standby 1 ip 172.16.10.110
standby 1 preempt

CISCO ITU ESPOL
29
HSRP Load Balancing
CISCO ITU ESPOL
30
HSRP Load Balancing
Two HSRP-enabled routers participate in two separate
VLANs using Inter-Switch Link (ISL) or 802.1Q.
Trunking allows users to configure HSRP redundancy
between multiple routers to eliminate situations in which a
single point of failure causes traffic interruptions.
CISCO ITU ESPOL
31
HSRP Interface Tracking
Primary T1 link experiences a failure.
Without HSRP enabled, router A would detect the failed
link and send an ICMP redirect to router B.
Active Router
X
Router A
sends ICMP
Redirect to
Host, pointing
it to Router B.
Host now
sends
packets to
Router B.
CISCO ITU ESPOL
32
HSRP Interface Tracking
Interface tracking enables the priority of a
standby group router to be automatically adjusted
based on availability of the other interfaces on that
router.
Active Router
X
Router A still
sends HSRP
Hellos.
Hosts
continue to
send packets
to Router A.
CISCO ITU ESPOL
33
HSRP Interface Tracking
The E0 interface on router A tracks the S1 interface.
If the link between the S1 interface and headquarters fails,
the router automatically decrements its priority on that
interface and stops transmitting hello messages out
interface E0.
Router B assumes the active router role when no hello
messages are detected for the specific holdtime period.
Active Router
X
Router A tracks
S1 and
automatically
decrements its
priority and stops
sending hello
messages.
Hosts now
send packets
to Router B.
Router B assumes
Active role after
holdtime.
CISCO ITU ESPOL
34
Router A
interface Ethernet0
ip address 171.16.6.5 /24
no ip redirects
standby 1 priority 105
standby 1 preempt
standby 1 ip 171.16.6.100
standby 1 track Serial1

interface Serial1
ip address 171.16.2.5 /24
Router B
interface Ethernet0
ip address 171.16.6.6 /24
no ip redirects
standby 1 priority 100
standby 1 preempt
standby 1 ip 172.16.6.100
standby 1 track Serial1

interface Serial1
ip address 171.16.7.6 /24
CISCO ITU ESPOL

Virtual Router Redundancy
Protocol
VRRP
CISCO ITU ESPOL
36
VRRP
Like HSRP, VRRP is a default gateway redundancy
method. VRRP enables a group of routers to form a
single virtual router.
The VRRP standard (RFC 2338) solves the static default
gateway configuration problem.
VRRP is similar in functionality to HSRP, and hence the
LAN hosts can be configured with the virtual router as their
default gateway.
The virtual router, representing a group of routers, is
known as a VRRP group.
Cisco switches and routers support VRRP on Ethernet,
Fast Ethernet, and Gigabit Ethernet interfaces, and on
MPLS VPNs and VLANs.
CISCO ITU ESPOL
37
VRRP
Routers A, B, and C, are VRRP-enabled routers.
Routers A, B, and C form a virtual router, with 10.0.0.1 as the virtual IP address.
IP address of the virtual router is the same as that configured for the Ethernet interface
of Router A (10.0.0.1).
Because the virtual router uses the IP address of the physical Ethernet interface of
router A, router A assumes the role of the master virtual router and is known as the IP
address owner.
As the master virtual router, router A controls the IP address of the virtual router and is
responsible for forwarding packets sent to this IP address.
Hosts 1 through 3 are configured with the default gateway IP address of 10.0.0.1.
Routers B and C function as backup virtual routers.
If the master virtual router fails, the router configured with the higher priority will
become the master virtual router and provide uninterrupted service for the LAN hosts.
When Router A recovers, it becomes the master virtual router again.
The virtual router
can use a physical
IP address or a
virtual IP address.
CISCO ITU ESPOL
38
VRRP
LAN topology in which VRRP is configured such that:
Router A is default gateway for Hosts 1 and 2.
Router B is default gateway for Hosts 3 and 4.
Act as backup virtual routers to each other if either router fails.
CISCO ITU ESPOL
39
VRRP
Interface IP address = virtual IP address for the VRRP group
Owning router is the master in a VRRP group
The priority associated with that interface should be configured
as 255.
Otherwise, the highest priority wins the election and is the master.
Backup values range from 1 to 254; the default value is 100.
CISCO ITU ESPOL
40
VRRP
A main difference between HSRP and VRRP is that in VRRP, the
backup router does not send advertisements.
Therefore, the VRRP master is not aware of the current backup router.
In summary, VRRP is similar to HSRP in functionality, but it is
standard compared to Cisco's proprietary HSRP.
Nevertheless, in enterprise and service provider networks, HSRP
deployments far outnumber VRRP deployments.
CISCO ITU ESPOL

Gateway Load Balancing
Protocol
GLBP
CISCO ITU ESPOL
42
GLBP
Cisco designed GLBP to allow automatic
selection and simultaneous use of multiple
available gateways, and to provide automatic
detection and failover to a redundant path in the
event of failure to any active gateway.
With GLBP, it is possible to fully use resources
without the extra administrative burden of
configuring multiple groups and managing
multiple default gateway configurations.
CISCO ITU ESPOL
43
GLBP
A GLBP group has up to four member routers acting as IP default
gateways, Known as the Active Virtual Forwarders (AVFs).
GLBP:
Automatically manages the virtual MAC address assignment
Determines who handles the forwarding
Ensures that each station has a forwarding path in the event of
failures to gateways or tracked interfaces.
These functions are accomplished by one of the routers in the group
acting as the active virtual gateway (AVG).
Load sharing is achieved by the AVG replying to the ARP requests with
different virtual MAC addresses.
Up to 4
members
1 router
CISCO ITU ESPOL
44
Client 1
Default Gateway = 10.21.8.10 Default Gateway = 10.21.8.10
ARP Request
for 10.21.8.10
ARP Reply:
0007.b400.0101
Send Packet
encapsulated
in frame to
0007.b400.0101
000C.0417.
91CC
10.21.8.100 172.16.10.10
0007.b400.
0101
CISCO ITU ESPOL
45
Client 2
Default Gateway = 10.21.8.10 Default Gateway = 10.21.8.10
ARP Request
for 10.21.8.10
ARP Reply:
0007.b400.0102
Send Packet
encapsulated in frame
to 0007.b400.0102
000C.0417.
91CC
10.21.8.100 172.16.10.10
0007.b400.
0102
CISCO ITU ESPOL
46
GLBP
If Router A becomes unavailable Client 1 will not lose access to the
WAN because Router B will assume responsibility for forwarding
packets sent to the virtual MAC address of Router A, and for
responding to packets sent to its own virtual MAC address.
Router B will also assume the role of the AVG for the entire GLBP
group.
Round-robin load-balancing algorithm Each virtual forwarder
MAC address takes turns being included in address resolution replies
for the virtual IP address. The round-robin load-balancing algorithm is
the default.

CISCO ITU ESPOL
47
GLBP Interface
Tracking
Like HSRP, GLBP can be configured to track
interfaces.
The link from router R1 is lost. GLBP detects the failure.
The responsibility of forwarding packets destined for virtual
MAC 1 is taken over by the secondary virtual forwarder
CISCO ITU ESPOL
48
Summary
VRRP provides router redundancy in a manner
similar to HSRP.
VRRP supports a master and one or more
backup routers.
VRRP and GLBP are configured per interface.
GLBP provides router redundancy and load
balancing.
GLBP balances traffic by allocating a virtual
MAC Address to each AVF.