You are on page 1of 80

Ch.

6 FHRP and HSRP

CIS 187 Multilayer Switched Networks
CCNP version 7
Rick Graziani
Spring 2016

Implementing High Availability
 To achieve high network availability, the following network components are
required:
 Reliable, fault-tolerant network devices— Hardware and software
reliability to automatically identify and overcome failures.
 Device and link redundancy—
 Devices
 Devices modules
 Links
 Resilient network technologies— Fast recovery for devices or links.
 Optimized network design— Well-defined network topologies and
configurations to ensure no single point of failure.
 Best practices— Documented procedures for deploying and
maintaining a robust e-commerce network infrastructure.
 Change control— Better control over changes made to network
devices and maintenance of documentation regarding those changes.

2

High Availability

3

Single Forwarding Path vs Redundancy
Single Adding
Forwarding Path Redundancy

4

 Power outage  Paraphrasing Jim Warner. It doesn’t help to have redundant devices when there is a power failure. know what you are trying to protect yourself from. or redundant links when the cables are in the same conduit.Implementing High Availability  Redundancy does not mean co-located in the same physical location.’ 5 . ‘When adding redundancy. Network Engineer at UCSC.

Implementing Default Gateway Router Redundancy in Multilayer Switched Networks 6 .

 Routing protocol  The host listens to dynamic routing protocol updates (for example. EIGRP and forms its own routing table.  Local routers respond to the ARP request with their own MAC address.  Proxy ARP  The host uses Address Resolution Protocol (ARP) to determine the next-hop MAC address for off-network destinations. 7 .  ICMP Router Discovery Protocol (IRDP) client  The host runs an Internet Control Message Protocol (ICMP) router discovery client.Implementing Default Gateway Router Redundancy in Multilayer Switched Networks  Examples of (non-redundant) dynamic router discovery are as follows:  Static/DHCP  Host is statically configured or uses DHCP.

8 .Static or DHCP  The most common method of providing a host with a default gateway address is:  Static configuration  DHCP  Advantage of DHCP:  Simplifies end-device configuration  Disadvantage of DHCP:  Creates a single point of failure. the end device is limited to communicating only on the local IP network segment and is cut off from the rest of the network.  If the default gateway fails.

Proxy ARP 9 .

0/16 Proxy ARP network so I can reach 172. I am on the 172. but Host A does not know that.0.16.  Host A is really on the 172.  Host A has a /16 subnet mask.16.0.10.16.  Host A has a packet to send to Host D  Host A believes that Host D is directly connected.0/16.16. 10 . as segmented by the router.20.200!  Router has Proxy ARP enabled on all interfaces.0/24 network.  Host A sends an ARP request to Host D.  Host A believes that it is directly connected to all of network 172.

 The broadcast will not reach Host D. ARP Request: “Hey everyone on my network.  Layer 2.20. 11 .FFFF).200.20.16. Host A needs the MAC address of Host D.200). Ethernet broadcast (FFFF.16. whoever is Proxy ARP 172. send me your Ethernet MAC Address!  To reach Host D (172.  The ARP request reaches all nodes in the Subnet A.FFFF.

20.16. so I will Reply to the Host A with my MAC address. ARP Request/Reply: “I can reach 172. it will reply with its own MAC address to Host A.200 on Proxy ARP Reply from Router to Host A another network.16.20. Host A’s ARP Table Proxy ARP  Since the router knows that the target address (172.” 12 .200) is on another subnet and can reach Host D.

20.16.  All packets destined to Subnet B are sent to the router including this packet for Host B.200 (Host D) to the MAC address 00-00-0c- 94-36-ab (router).  The router forwards the packets to Host B and also for other hosts in Subnet B. Host A’s Proxy ARP ARP Table  From now on Host A will forward all the packets that it wants to reach 172. 13 .

Host A’s Non-Proxy ARP Table ARP 14 .

 Switch floods the broadcast.0c94. both the Router and Host B will receive the ARP Request (MAC broadcast). 15 .  Host B will send an ARP Reply.20.16.20.200 00-00-0c-94-36-bb Different Situation and Addresses: ARP Host A pings Host B Request  Host B has the IP address 172.200/24 172.36bb ARP Request/Reply  What if Host A has a packet to send Host B?  In this case.16.16.Non Proxy Host A’s ARP Table ARP 172.20.200/24 0000.

" 17 .  Security may be undermined. an act called "spoofing. A machine can claim to be another in order to intercept packets. ARPing for several hosts). Proxy ARP Router(config)# ip arp proxy disable Disables Proxy ARP globally Router(config)# interface Fa 0/0 Router(config-if)# no ip proxy-arp Disables Proxy ARP per interface  Proxy ARP is enabled by default.  Disadvantages of Proxy ARP  It increases the amount of ARP traffic on your segment (instead of one default gateway.  Proxy ARP can be disabled globally or on a per interface basis.  Proxy ARP should be used on the network where IP hosts are not configured with default gateway.

 Those packets subsequently are discarded. 18 . the host continues to send packets for the destination to the MAC address of that router.Proxy ARP Packets  Limited redundancy with Proxy Packets ARP. dropped  If the responsible router fails.

Router down. the host recovers the default gateway MAC address. but Host ARP entry is still Router A. 19 . because it makes troubleshooting very difficult.  Nevertheless. Once ARP entry times out on host.Proxy ARP Packets  Once the ARP flushes the entry due to flush timer expiry. it will send another ARP Request Router B will send a Proxy ARP Reply with its MAC address Host now sends packets to Router B for File Server A. packets continue to get dropped. Cisco does not recommend the use of proxy ARP.

IRDP – ICMP Router Discovery Message Protocol 20 .

 By sharing an IP address and a MAC (Layer 2) address. a host will be unable to send packets to another subnet. two or more routers can act as a single 30 “virtual” router.  With first-hop router redundancy. a set of routers or Layer 3 switches work together to present the illusion of a single virtual router to the hosts on the LAN. .  Even if a redundant router exists that could serve as a default gateway for that subnet. there is no dynamic method by which these devices can determine the address of a new default gateway.Need for First Hop Redundancy Protocols  If the default gateway fails.

Redundancy Protocols  Cisco IOS offers several features to provide a redundant default gateway to end devices.  The following are the default gateway redundancy features supported by Cisco IOS routers and switches:  Hot Standby Routing Protocol (HSRP)  Virtual Router Redundancy Protocol (VRRP)  Gateway Load Balancing Protocol (GLBP) 31 .

HSRP Hot Standby Router Protocol .

 The protocol consists of a:  Virtual MAC address  IP address  Shared between two routers:  Active Router  Standby Router  Routers exchange HSRP hello messages at regular intervals 33 .HSRP (Hot Standby Routing Protocol)  Cisco proprietary protocol  RFC 2281  Method of providing IP address sharing and redundancy for default gateways.

 It will then forward traffic acting as one virtual router.One standby router One virtual router One active router  The backup router in case  The virtual router is not an  The active router the active router fails for the actual router. 34 . destined to the virtual IP  It is the default gateway as address. forwards traffic destined subnet.  Represents the HSRP group to the virtual IP address. far as hosts on the subnet are concerned.

16.ac01 0010.0c07.1 172.1 = 0000.0b79.16. but they are configured to participate in the same HSRP group.d000  The host connected to the switch sends the packet destined for the virtual router.f6b3. but in reality the active router does the packet forwarding.16.ARP Table My default 172.10. 35 .  They monitor the current active and standby routers and transition into one of those roles if the current router fails for the subnet.10.16.1 172.201 0010.10.ac01 gateway is 172.  Note: Additional HSRP member routers— Other routers are neither active nor standby.202 172.5800 0000.10.16.10.0c07.

10.  0 to 255  Default = 100 (configurable)  Otherwise. (May not be what you want!) 36 .ac01 gateway is 172.ac01 172.0c07.  Sent by active and standby routers.0.201 0010.  Multicast 224.202 172.16. ARP Table My default 172.5800 0010.active router.0c07.16.d000 HSRP Hello’s: Standby HSRP Hello’s: Active  The active router assumes and maintains its active role through the transmission of hello messages (default every 3 seconds).2 (“all routers”) using UDP port 1985  The router with the highest standby priority .10.16.1 = 0000.10.10.1 172.0b79.0. the first router to initialize HSRP becomes the active router.16. the router with the highest IP address  When the preempt option is not configured.16.1 0000.f6b3.10.

10.f6b3.10.5800 0010.  Monitor the operational status of the HSRP group  Quickly assumes packet-forwarding responsibility if the active router becomes inoperable.10.1 0000.1 = 0000.d000 HSRP Hello’s: Standby  The second router in the HSRP group to initialize or second highest priority is elected as the standby router.16. ARP Table My default 172.0c07.16. 37 .16.16.  The standby router also transmits hello messages to inform all other routers in the group of its standby router role and status.201 0010.ac01 gateway is 172.10.0c07.202 172.ac01 172.16.0b79.10.1 172.

0b79. 172.0c07.1 = 0000.d000  The virtual router presents a consistent available router (default gateway) to the hosts.10.  Assigned its:  Own IP address  Own virtual MAC address  The active router acting as the virtual router actually forwards the packets.16.16.1 0000.  Additional HSRP member routers: These routers in listen state monitor the hello messages but do not respond.10.201 0010.16.1 I receive and forward packet sent to the virtual router.16.10.5800 0010.f6b3.ac01 172.10.16.202 172.  Do forward any packets addressed to the routers' IP addresses.  Do not forward packets destined for the virtual router because they are not the active router.10.0c07.ac01 gateway is 172. ARP Table My default 172. 38 .

10.1 I don’t see Hellos from Active (10 secs).5800 0010.0b79. New Active 172.10. the other HSRP routers stop receiving hello messages and the standby router assumes the role of the active router.10. ARP Table My default 172.0c07.  When the holdtime expires (default 10 seconds).16.10.d000 HSRP Hello’s HSRP Hello’s: Active  When the active router fails.1 Router 0000.16.16. 39 .f6b3.16.ac01 172.16.0c07.10. so I will receive and forward packets sent to the virtual router. the end stations see no disruption in service.201 0010.ac01 gateway is 172.  Because the new active router assumes both the IP address and virtual MAC address of the virtual router.202 172.1 = 0000.

16.10.ARP Table My default 172.16.  If both the active and standby routers fail:  All routers in the HSRP group contend for the active and standby router roles.0b79.16.  If there are other routers participating in the group.201 0010.d000  When the only the active router fails:  Standby takes over.f6b3. those routers then contend to be the new standby router.40 .10.16.5800 0000.1 172.ac01 0010.1 = 0000.10.16.202 172.0c07.ac01 gateway is 172.10.1 172.  The new active router remains the forwarding router even when the former active router with the higher priority regains service in the network unless preempt is configured (coming).10.0c07.

16. DLS1 number ip virtual-ip-address interface vlan 10 ip add 172. enter this command in interface configuration mode: (Physical interface or VLAN interface if VLANs are used) Switch(config-if)#standby group.255.0 standby 1 priority 100 standby 1 ip 172.  virtual-ip-address indicates the virtual IP address of the HSRP group.10.1  The group number can range from 0 standby 1 preempt to 255. 200 100 Virtual IP  To configure a router as a member of an HSRP standby group.255.10.16.201 255.10.16. DLS2 interface vlan 10 ip add 172.255.0  group-number refers to the HSRP standby 1 priority 200 standby group number.202 255.1 standby 1 preempt 41 .16.255. standby 1 ip 172.10.

20.16.16.255.1 standby 1 preempt 42 .255.0 16 groups. 200 210 100 Virtual IP 220 Switch(config-if)#standby group- number ip virtual-ip-address DLS1 interface vlan 10 ip add 172.16.202 255.10. standby 1 ip 172.255.202 255.16.  Group numbers are locally significant interface vlan 30 to that VLAN or interface.1  Each VLAN does NOT have to have standby 1 preempt it’s own group number.30.201 255.10.30.0 standby 1 priority 220 standby 1 ip 172. standby 1 priority 210 standby 1 ip 172.16.1  The group number can range from 0 standby 1 preempt to 255.  0 is the default interface vlan 20  Most Cisco switches support only up ip add 172.0  group-number refers to the HSRP standby 1 priority 200 standby group number.255. ip add 172.20.255.16.255.

1 likely become the active router.10.202 255. 200 100 Priority  To set the priority value of a router. standby 1 preempt  If several routers have the same priority.16.201 255.255. DLS1  The range is 0 to 255.1 becomes the forwarding router.10. enter this command in interface configuration mode: Switch(config-if)#standby group- number priority priority-value  The priority-value indicates the number that prioritizes a potential standby router. ip add 172. standby 1 priority 100  In reality the router that boots up first will most standby 1 ip 172. interface vlan 10  The router with the numerically highest IP ip add 172.10. the default is 100. the router in standby 1 priority 200 an HSRP group with the highest priority standby 1 ip 172. standby 1 preempt  Best to use the preempt command 43 (coming) .0  During the election process. the physical IP address of the router's interface is DLS2 used as a tiebreaker.255.255.0 address wins. interface vlan 10  Some documentation states 1 to 255.16.16.255.16.10.

 Timers will be in milliseconds (1/1. Switch(config-ig)# standby group timers [msec] hellotime [msec] holdtime  Hellotime  Default = 3 seconds  Value varies from 1 to 255.Timers Both the hellotime and the holdtime parameters are configurable.  Holdtime  Default = 10 seconds  Value varies from 1 to 255.000th) of the msec keyword precedes a value.  To reinstate the default standby timer values. enter the following command: no standby group-number timers 44 .

10.0 standby 1 priority 100 standby 1 ip 172.255. DLS2 interface vlan 10 ip add 172.10.202 255.255.255.1 where xx is the HSRP group standby 1 preempt identifier.16.16.16.acxx standby 1 priority 200 standby 1 ip 172.1 standby 1 preempt 45 .255.16.0 0000. 200 100 HSRP Group Identifier  DLS1 has a priority of 200  DLS2 has a default priority of 100.201 255.0c07.10.  Who is the active router?  DLS1 assumes the active router role and forwards all frames DLS1 addressed to the well-known MAC interface vlan 10 address of: ip add 172.10.

46 . the MAC address that corresponds to the virtual IP address is 0000.0c07.ac2f.ac01.  Group number (47) converted to hexadecimal (2f).  If the HSRP group number of router A is 47. the MAC address that corresponds to the virtual IP address is 0000.0c07. 201 202 1  If the HSRP group number of router A is 01.

202 255.1 command in interface configuration mode: standby 1 preempt Switch(config-if)#standby group-number preempt [delay [minimum seconds] [reload DLS2 seconds]] interface vlan 10 ip add 172.201 255. standby 1 priority 100 enter the following command: standby 1 ip 172.0  To enable a router to resume the active state standby 1 priority 200 after a state change.16.10. ip add 172.16.10.10.16.255. 200 100 Preempt  The standby router automatically assumes the active router role when the active router fails or is removed from service.16.  This new active router remains the forwarding router even when the former active router with the higher priority regains service in the network.1 Switch(config-if)#no standby standby 1 preempt group-number preempt 47 .10.0  To remove the interface from preemptive status. enter the following standby 1 ip 172.255.  The former active router can be configured DLS1 to resume the forwarding router role from a interface vlan 10 router with a lower priority.255.255.

200 100 Delay Switch(config-if)#standby group-number preempt [delay [minimum seconds] [reload seconds]]  Default: Router will immediately preempt another router that has an active role.  minimum: Router will wait for (0 to 3600 seconds) before attempting to overthrow the DLS1 active router with a lower priority interface vlan 10  This time begins as soon as the router is ip add 172.0  This is helpful when you need time for the standby 1 priority 100 routing protocol to converge.255. standby 1 priority 200  Interface comes up standby 1 ip 172.1  HSRP is configured standby 1 preempt  reload: Router will wait for (0 to 3600 seconds) after it has been reloaded or restarted before attempting to overthrow the DLS2 active router with a lower priority.1 standby 1 preempt 48 .202 255.10.16. interface vlan 10 ip add 172.255.16.10.255. standby 1 ip 172.10.16.10.201 255.0 capable of assuming the the active role.255.16.

10.255.1 standby 1 preempt standby 1 authentication nosecret DLS2 interface vlan 10 ip add 172.0 from participating in HSRP.1 standby 1 preempt standby 1 authentication nosecret 49 .16. standby 1 priority 200 standby 1 ip 172.255.10. DLS1  Intended only to prevent peers with a interface vlan 10 default configuration (no authentication) ip add 172.255.255.16.  Can be easily intercepted and used to impersonate a legitimate peer. 200 100 Plain Text Authentication Switch(config-if)# standby group- number authentication string  Sent in plain text to authenticate HSRP peers.0 standby 1 priority 100 standby 1 ip 172.16.202 255.16.10.10.201 255.

255.1 standby 1 preempt Switch(config-if)# standby group standby 1 authentication md5 key- authentication md5 key-chain hsrp1 string nosecret Switch(config)# key chain hsrp1 DLS2 Switch(config-keychain)# key 1 interface vlan 10 Switch(config-keychain-key)# key-string ip add 172.255.0 standby 1 priority 200 keys: standby 1 ip 172.html 50 .cisco.16.201 255.255.10. interface vlan 10  Can use key chains when using multiple ip add 172. 200 100 MD5 Authentication Switch(config-if)# standby group- number authentication md5 key- string [0|7] string  Message Digest 5 (MD5) hash is computed on a portion of each HSRP message.16.10.0 secretkey standby 1 priority 100 standby 1 ip 172. DLS1  More secure than plain text authentication.16.16.255.10.com/en/US/docs/ios/12_3t/ string nosecret 12_3t2/feature/guide/gthsrpau.10.202 255.1 standby 1 preempt  MD5 and HSRP: standby 1 authentication md5 key-  http://www.

Learn Speak Listen Standby Active state— state— state— In state— HSRP thestate— The The active In router Initial routers router thethe state. standby router. router. reside group. standbyin the routers HSRP router. so router B returns to Router A does not the listen state. router forwarding aIP inhello the isbut address. has instate— the standby knows routernot speak determined isAll state. hear an active Active Speak router. Standby 51 . Speak Speak so promotes itself Router B hears that to standby. router A has a Standby Listen higher priority. hear any higher priority than itself. the routers state thesend virtual currently the begin virtual IPperiodic HSRP address. so promotes itself to active. sendsfrom active address or via All thetheactive standby a periodic other of routers hello HSRP router. participating in state. Thethe active There HSRPthe in therouter router must speak also group be is still state sends atbesides least waiting unless whenone the it to hear becomes anstandby interface periodic activehello from an is orrouter the active active or initiated. is neither and to and packets actively the has become that active are not sentthetoyet participate router next seen thein thethe This nor active virtual astate hello election routerismessage standby MAC ofentered and the and IProuter. initial messages candidatestate. configuration The In this or router change messages. messages. in this state. remains group. HSRP Standby Group 1 HSRP Router A Router B States Priority Priority 100 50 Initial Initial Learn Learn All other routers Listen Listen remain in this Router A does not state.

Configuring HSRP Virtual Router on Routers 10.10.10.1 R2 interface gig 0/2 ip address 10.1 52 .10.0 standby 1 priority 110 standby 1 preempt standby 1 ip 10.10.255.10.10.10.10/24 10.255.10.10.10.1/24 10.10.11/24 R1 interface gig 0/2 ip address 10.10.255.11 255.10 255.255.10.10.0 standby 1 priority 120 standby 1 preempt standby 1 ip 10.

2 172.2 53 .10.10.16.HSRP Load Balancing Gateway: Gateway: Gateway: Gateway: 172.16.16.10.16.1 172.1 172.10.

16.10.16.HSRP Load Balancing Gateway: Gateway: Gateway: Gateway: 172.1 172.10.10. 54 .2  While a router is actively forwarding traffic for one HSRP group.2 172.16.16. it can be in the standby or listen state for another group.  Each standby group emulates a single virtual router.1 172.10.

172.2  Both DLS1 and DLS2 are members of groups 1 and 2.10.  DLS1:  Active forwarding router for group 1  Standby router for group 2.16.10.  DLS2:  Active forwarding router for group 2  Standby router for group 1. HSRP Load Balancing Note: There can be up to 255 standby groups on any VLAN or interface.1 172.16.16.10.16.1 172.10. 55 . Increasing the number of groups in which a router participates increases the management load on the router and may affect the performance of the router for very large numbers of Gateway: Gateway: Gateway: Gateway: HSRP groups.2 172.

16.16.1 Load balancing HSRP 172.16.0 standby 1 priority 200 standby 1 ip 172.2 standby 2 preempt 56 .255.16.1 172.2 standby 2 preempt Gateway: Gateway: Gateway: Gateway: DLS2 172.10.16.255.10.169 255.10.10.16.16.10.255.1 172.10.16.16.16.10.0 standby 1 priority 100 standby 1 ip 172.10.10.16.16.2 172.2 interface vlan 10 ip add 172.255.10. 200 100 100 200 172.1 standby 1 preempt standby 2 priority 200 standby 2 ip 172.1 standby 1 preempt standby 2 priority 100 standby 2 ip 172.10.82 255.10.2 DLS1 interface vlan 10 ip add 172.

Configuring HSRP Interface Tracking Active Router  In some situations. 57 .  This is particularly true when each of the routers in an HSRP group has a different path to resources within the campus network.  Routers A and B are exchanging hello messages through their E0 interfaces. the status of an interface directly affects which router needs to become the active router.

pointing it to Router B. 58 .  Primary T1 link experiences a failure. Host now sends packets to Router B.Configuring HSRP Interface Tracking Active Router Router A sends ICMP X Redirect to Host.  Without HSRP enabled. router A would detect the failed link and send an ICMP redirect to router B.

indicating that router A is still the active router.  Although the S1 interface on router A is no longer functional.Configuring HSRP Interface Tracking Active Router Router A still sends HSRP X Hello’s. Hosts continue to send packets to Router A. 60 . • Enabling HSRP on a Cisco router interface automatically disables ICMP redirects to ensure that the actual addresses of the participating HSRP routers are not discovered.  However. router A still sends hello messages out interface E0. when HSRP is enabled.  Packets sent to the virtual router for forwarding to headquarters cannot be routed. ICMP redirects are disabled.

61 . Hosts continue to send packets to Router A.Configuring HSRP Interface Tracking Active Router Router A still sends HSRP X Hello’s.  Interface tracking enables the priority of a standby group router to be automatically adjusted based on availability of the other interfaces on that router.

holdtime.  If the link between the S1 interface and headquarters fails. 62 .  Router B assumes the active router role when no hello messages are detected for the specific holdtime period. Hosts now Router B assumes send packets Active role after to Router B. the router automatically decrements its priority on that interface (default by 10 per interface tracked) and stops transmitting hello messages out interface E0.  The E0 interface on router A tracks the S1 interface.Configuring HSRP Interface Tracking Active Router Router A tracks S1 and automatically decrements its X priority and stops sending hello messages.

Router A Router B
interface Ethernet0 interface Ethernet0
ip address 171.16.6.5 /24 ip address 171.16.6.6 /24
no ip redirects no ip redirects
standby 1 priority 105 standby 1 priority 100
standby 1 preempt standby 1 preempt
standby 1 ip 171.16.6.100 standby 1 ip 172.16.6.100
standby 1 track Serial1 standby 1 track Serial1

interface Serial1 interface Serial1
ip address 171.16.2.5 /24 ip address 171.16.7.6 /24

63

Before Failure
RouterA#show standby
Ethernet0 - Group 1
Local state is Active, priority 105, may preempt
Hellotime 3 holdtime 10
Next hello sent in 00:00:01.028
Hot standby IP address is 171.16.6.100 configured
Active router is local
Standby router is 171.16.6.6 expires in 00:00:08
Tracking interface states for 1 interface, 1 up:
Up Serial1

RouterB#show standby
Ethernet0 - Group 1
Local state is Standby, priority 100, may preempt
Hellotime 3 holdtime 10
Next hello sent in 00:00:00.772
Hot standby IP address is 171.16.6.100
Active router is 171.16.6.5 expires in 00:00:09
Standby router is local
Standby virtual mac address is 0000.0c07.ac01
Tracking interface states for 1 interface, 1 up:
Up Serial1
64

After Failure
RouterA#show standby
Ethernet0 - Group 1
Local state is Standby, priority 95, may preempt
Hellotime 3 holdtime 10
Next hello sent in 00:00:01.028
Hot standby IP address is 171.16.6.100 configured
Active router is 171.16.6.6 expires in 00:00:08
Standby router is local
Tracking interface states for 1 interface, 0 up:
Down Serial1
RouterB#show standby
Ethernet0 - Group 1
Local state is Active, priority 100, may preempt
Hellotime 3 holdtime 10
Next hello sent in 00:00:00.772
Hot standby IP address is 171.16.6.100
Active router is local
Standby router is 171.16.6.5 expires in 00:00:09
Standby virtual mac address is 0000.0c07.ac01
Tracking interface states for 1 interface, 1 up:
Up Serial1
65

For more information

 http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_not
e09186a0080094a91.shtml
66

VRRP Virtual Router Redundancy Protocol .

 Nevertheless. HSRP deployments far outnumber VRRP deployments.  At the time of this presentation only available in Catalyst 4500 and 6500. VRRP is a default gateway redundancy method. 68 . in enterprise and service provider networks.  RFC 2338  Similar in functionality to HSRP.  Slight differences in terminology and in operation.VRRP  Like HSRP.

18 (VRRP) (HSRP uses 224.  VRRP group numbers:  0 to 255 (HSRP 0 to 255)  VRRP priority: 1 to 254 (HSRP 0 to 255)  254 is the highest (HSRP 255)  100 is default (HSRP 100)  Virtual router MAC addresses:  0000.acxx HSRP)  VRRP advertisements:  Sent every 1 second (HSRP every 3 seconds)  VRRP preempt:  Default (HSRP must be configured)  VRRP interface tracking:  None (HSRP has interface tracking)  Multicast address and protocol:  224.0c07.2 “all routers”)  IP protocol 112 (HSRP protocol 17 for UDP) 69 .0.0.01xx xx = VRRP group number  (0000.  All other VRRP routers are in backup state (HSRP only one Standby router).0.0.  HSRP Active Router = VRRP Master Router (highest priority).5e00.VRRP  If you understand HSRP you will understand VRRP.

 If the master virtual router fails. router A assumes the role of the master virtual router and is known as the IP address owner.  Routers A. B.0.1).  IP address of the virtual router is the same as that configured for the Ethernet interface of Router A (10.0.1 as the virtual IP address.  Routers B and C function as backup virtual routers. . B.0. the router configured with the higher priority will become the master virtual router and provide uninterrupted service for the LAN hosts. it becomes the master virtual router again. 70  When Router A recovers.  Hosts 1 through 3 are configured with the default gateway IP address of 10.  Because the virtual router uses the IP address of the physical Ethernet interface of router A. and C form a virtual router. with 10.VRRP The virtual router can use a physical IP address or a virtual IP address.0.1.  Routers A.0. are VRRP-enabled routers.0. and C.

RouterA(config)#interface fa 0/1 RouterA(config-if)#ip address 10.0.0.0 RouterA(config-if)#vrrp 1 ip 10.0.2 255.1 255.0 RouterC(config-if)#vrrp 1 ip 10.255.1 RouterC(config)#interface fa 0/1 RouterC(config-if)#ip address 10.3 255.255.255.255.0.0.255.0.1 71 .0.0 RouterB(config-if)#vrrp 1 ip 10. VRRP The virtual router can use a physical IP address or a virtual IP address.0.0.0.0.1 RouterB(config)#interface fa 0/1 RouterB(config-if)#ip address 10.255.0.

72 . the default value is 100. the highest priority wins the election and is the master. RouterA(config)#interface fa 0/1 RouterA(config-if)#ip address 10.0 RouterA(config-if)#vrrp 1 ip 10.255.  Backup values range from 1 to 254. VRRP The virtual router can use a physical IP address or a virtual IP address.1 RouterA(config-if)#vrrp 1 priority 255  Interface IP address = Virtual IP address for the VRRP group  Owning router is the master in a VRRP group  The priority associated with that interface should be configured as 255.255.  Otherwise.0.1 255.0.0.0.

 Each router acts as the backup virtual router if the other router fails.VRRP Load Balancing  LAN topology in which VRRP is configured such that:  Router A is default gateway for Hosts 1 and 2.  Router B is default gateway for Hosts 3 and 4. 73 .

2 RouterA(config-if)#vrrp 2 priority 255 RouterA(config-if)#vrrp 1 ip 10.0.0.0.255.2 255. VRRP 255 110 110 255 Load Balancing RouterA(config)#interface fa 0/1 RouterA(config-if)#ip address 10.0.0.1 RouterA(config-if)#vrrp 1 priority 110 74 .0.0 RouterA(config-if)#vrrp 2 ip 10.2 RouterA(config-if)#vrrp 2 priority 110 RouterB(config)#interface fa 0/1 RouterB(config-if)#ip address 10.1 255.0 RouterA(config-if)#vrrp 1 ip 10.0.255.0.1 RouterA(config-if)#vrrp 1 priority 255 RouterA(config-if)#vrrp 2 ip 10.255.0.0.0.255.0.

 The higher the advertisement interval.VRRP 255 110 110 255  In terms of failover. . the more time it takes to detect the 75 failure of the master—and hence. the takeover time of a standby router to an active router depends on two timers:  Advertisement interval:  Time interval between advertisements (seconds).  The default is 1 second.  Configurable  Master-down interval:  Time interval for backup to declare the master down (seconds). failover.  Not configurable  Three times the value of the advertisement interval.

com/en/US/docs/ios/12_0st/12_0st18/feature/guide /st_vrrpx.For more information  http://www.html 76 .cisco.

GLBP Gateway Load Balancing Protocol .

 At the time of this presentation only available in Catalyst 6500.GLBP  Cisco designed GLBP to:  Allow automatic selection and simultaneous use of multiple available gateways  To provide automatic detection and failover to a redundant path in the event of failure to any active gateway  Allows for both of these without the extra administrative burden of configuring multiple groups and managing multiple default gateway configurations. 78 .

is the virtual forwarder number  Determines who handles the forwarding  Ensures that each station has a forwarding path in the event of failures to gateways or tracked interfaces.xx – (16 bits) six 0 bits.  Known as the Active Virtual Forwarders (AVFs). 1 router Up to 4 members GLBP  A GLBP group has up to four member routers acting as IP default gateways. followed by ten bit GLBP group number  yy .  Active Virtual Gateway (AVG):  Automatically manages the virtual MAC address assignment  0007.b4xx.xxyy  xx.  These functions are accomplished by one of the routers in the group acting as the active virtual gateway (AVG). 79 .

 The AVG assigns a virtual MAC address to each member of the GLBP group.  Highest priority or highest IP address becomes AVG  GLBP Priority: 1 to 255 (default = 100)  GLP Group Numbers: 0 to 1023  Other group members (AVFs) provide backup for the AVG in the event that the AVG becomes unavailable.  Each gateway assumes responsibility for forwarding packets sent to the virtual MAC address assigned to it by the AVG.GLBP  Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. .  These gateways are known as active virtual forwarders (AVFs) for their virtual 80 MAC address.

b400.0101.21.8.8.  Same virtual IP address of 10.10. and is responsible for the virtual IP address 10.21.8.0101.b400.21.GLBP  Router A is the AVG for a GLBP group.0102 because Router B is sharing the 81 traffic load with Router A.10 and a gateway MAC address of 0007.10) and handing out a MAC address of an AVF.21. .b400.b400.  Router A is also an AVF for the virtual MAC address 0007.10  Client 1 has a default gateway IP address of 10.  Client 2 shares the same default gateway IP address but receives the gateway MAC address 0007.8.  Responsible for responding to ARP Requests for default gateway (10.  Router B is a member of the same GLBP group and is designated as the AVF for the virtual MAC address 0007.0102.

8.21.100 172.21.10. 000C.b400.21.8.8.b400.0417.10 0007.21.10 0101 91CC 82 .0101 ARP Request for 10. 10.16.Client 1 ARP Reply: 0007.10 Send Packet encapsulated in frame to 0007.8.10 Default Gateway = 10.b400.0101 Default Gateway = 10.

0102 Default Gateway = 10.10 0007.10.0102 ARP Request Send Packet for 10.8.16.21.8.b400.b400. 10.21.10 encapsulated in frame to 0007.10 Default Gateway = 10.b400.100 172.Client 2 ARP Reply: 0007.0417.8. 000C.21.21.10 0102 91CC 83 .8.

 After a period of time (see redirect and timout timers) Router B will only use a single MAC address.  GLBP Timers:  Hello messages every 3 seconds  Holdtime is 10 seconds Switch(config-ig)# glbp group timers [msec] hellotime [msec] holdtime  If Router A becomes unavailable Client 1 will not lose access to the WAN. I willtake I’ll alsoover be the for AVG framesfor GLBP X thesent group.  Router B will assume responsibility for forwarding packets sent to the virtual MAC address of Router A  Continues responding to packets sent to its own virtual MAC address. 84 . RouterA’s to virtual MAC address and my own.  Router B will also assume the role of the AVG for the entire GLBP group.  Communication for the GLBP members continues despite the failure of a router in the GLBP group.

1 255.21.10 RouterA(config-if)#glbp 21 priority 254 RouterB(config)#interface fa 0/1 RouterB(config-if)#ip address 10.8.0 RouterA(config-if)#glbp 21 ip 10.8.21.10 RouterA(config-if)#glbp 21 priority 100 85 .8.8.255.255.255. 254 100 GLBP RouterA(config)#interface vlan 21 RouterA(config-if)#ip address 10.255.21.0 RouterA(config-if)#glbp 21 ip 10.2 255.21.

86 .GLBP  GLBP supports the following operational modes for load balancing:  Round-robin load-balancing algorithm— Each virtual forwarder MAC address takes turns being included in address resolution replies for the virtual IP address. The round-robin load-balancing algorithm is the default.  Host-dependent load-balancing algorithm— A host is guaranteed to use the same virtual MAC address as long as that virtual MAC address is participating in the GLBP group.  Weighted load-balancing algorithm— The amount of load directed to an AVF depends on the weighting value advertised by the gateway containing that AVF.

 Each GLBP router is an AVF for the MAC address it has been assigned.1. 87 . 10.GLBP Operation  Hosts A and B send their off-network traffic to separate next-hop routers because they each have cached a different MAC address for the single virtual gateway IP address—in this case.88.10.

 Router(config-if)# track 1 interface serial1/0  The link from router R1 is lost. 88 .GLBP Interface Tracking  Like HSRP.  GLBP detects the failure. GLBP can be configured to track interfaces.

89 .GLBP Interface Tracking  The responsibility of forwarding packets destined for virtual MAC “1” is taken over by the secondary virtual forwarder (router R2).

For more information  http://www.html 90 .com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft _glbp.cisco.

Implementing High Availability Options in MLS with HSRP CIS 187 Multilayer Switched Networks CCNP 3 Rick Graziani .