Официален блог на WebEKM EKM очаквайте сайта онлайн скоро.
Download Free Templates http://bigtheme.net/ free full Wordpress, Joomla, Mgento - premium themes.
First Hop Redundancy Protocols – HSRP, VRRP and GLBP – Gateway Redundancy
First Hop Redundancy Protocols have been invented for one main reason, providing redundancy for a getaway, but by the occassion they provide load balancing as well. There are 3 FHRP: HSRP, VRRP and GLBP, 2 of them belong to Cisco, VRRP is an opened standard.
HSRP – Cisco
We got 1 virtual IP address for 2 routers and 1 virtual MAC addrese, the first router is Active the second one Standby and the remained are in ‘listening mode’. We may have multiple HSRP group per single interface. The election of Active router takes place by highest priority, then highest IP address. Interface tracking is supported and preemption (enforcing the switch with higher priority becomes the router after getting back to work) as well. The MAC address of virtual gateway looks 000.0c07.acxx or 0000.0c9f.fxxx (xx and xxx is HSRP group number) depends on the version of HSRP 1 or 2. HSRP can tracks object and interface status. If the PC sends ARP request towards the gateway virtual ip address of the Active router will send its MAC address.
There are a couple of stages before a routers becomes active or standby:
INITIAL – HSRP starts just after configuration on the interface
LISTEN – a router knows virtual IP address, and waiting for hello messages from the other routers
SPEAK – a router send ‘hello’ messages and joins the election of Active router
STANDBY – a router wasn’t elected as an Active router, but still sends hello messages and waits for active router failure
ACTIVE – a router sends ‘hello’ messages and forwards packets from clients
Let’s configure HSRP group between 2 Switches:
Let’s verify if HSRP started working with ‘show standby’ command
As we see the SwitchB is Active because has higher IP address, but we can easily change this with command ‘priority’, default priority is 100. I also used command ‘preempt’ to be sure that always after restart the switch with higher priority will be elected as the Active.
Now, lets play around with ‘timers‘. Thanks to timers we may set up faster convergence. By default routers will be waiting 10 seconds before one becomes Active (‘hold timer‘), we can also change ‘hello‘ timer
Remember, the ‘hold timer’ has to be at least 3 times higher than ‘hello’ !
The last feature that we have to know about is ‘delay‘. Let’s assume that the router with preempt option just booted up, but not only HSRP is deployed on its but any routing protocol that need some time to achieve full convergence. What happen if preempt will take place before OSPF convergence ? The router becomes Active but doesn’t have idea where to send packets that got from PC’s due to lack of OSPF entries in the routing table.We’ve got a “black hole”.
We may order a router to delay preemption in my example I’ve set up to 60 seconds.
Tracking the Interface
Ok, so far we have failover solution in case if one of gateways get break, but let’s imagine situation SwitchA is an Active, but there is a problem with its outside interface, HSRP doesn’t have idea about that and still try sends packets towards ISP interface. What solution do we have? If SwitchA finds out quickly about that fact and SwitchB would become the Active immidietely and starts to send IP packets towards its ISP interface.
HSRP offers us tracking of an interface. In order to use its, firstly we have to enable preempt on both switches to make sure that device with higher priority will be always Active.
So far SwitchA is Active with priority 150, SwitchB is Standby with priority 110. Now we gonna set up interface of SwitchA that leads to ISP, if gets break then priority will decrease of 60 (has to be value less than SwitchB 110) and then SwitchB will become Active !
Now, if you shutdown interface fa1/0 on SwitchA, SwitchB becomes the Active. This is how tracking interface works.
IP SLA
Tracking interface is not bad, but may be not enough. What if we would like to check not only our local interfaces but external interfaces – prefixes (belong to ISPs)? Then we have to use IP SLA feature.
In above configuration I generated ping towards ISP interface with address 1.1.1.2. Next I scheduled pinging right now and keeping sending all the time. Than I created tracking object and attached its to the HSRP interface
Now if you shutdown interface fa0/0 on ISP router, SwitchB will become the Active immidiately and vice-versa.
Load Balancing
If we are going to make load balancing we have to configure SwitchA as the Active for group 1 and the Standby for group 2 and SwitchB conversly. Of course we do that with setting up priority.
VRRP – IEEE standard
Very similar to HSRP but we have one Master and the others Backup routers. We may use virtual IP address or interface real IP address. The form of MAC address of the virtual gateway is 0000.5e00.01xx where xx is the VRRP group number. VRRP can’t track the interface but can track IP SLA object group. Not too much to describe if you know how HSRP works so let’s go over GLBP.
GLBP – Cisco
Devices that running GLBP elect AVG (Active Virtual Gateway). There may be only one AVG within the same instance of GLBP. The task of AVG is assigning and handing out virtual MAC addresses to AVFs. The remained routers become AVFs (Active Virtual Forwarder) that play a role of gateways, but AVG becomes AVF as well. When PC sends ARP question regarding the MAC address of the gateway, AVG sends back one of the virtual MAC addresses of AVFs (including itself). In this way all routers actively participate in forwarding packets. So unlike the VRRP or HSRP we have also 1 virtual IP address but each router will get its own virtual MAC address.
There are 3 mechanism thanks to virtual addresses are handing out :
Round Robin : AVG hands out virtual mac addresses to AVF1, AVF2, AVF3 and so on, and sends them to interested in hosts in the same order.
Host dependent: a host can use the virtual address of the same AVF until AVF will be reachable
Weighted: unequal load balancing, some AVFs will be sending more packets than the others
The format of virtual MAC address is 0007.b400.xxyy (where xx is group number and yy is AVF number). Preempt feature works alike in HSRP and VRRP.
Let’s check how it works with the simplest configuration:
Now, let’s send some pings from host1 and host2 and check theirs ARP tables, we can notice that despite they use the same gateway with IP address 192.168.1.1 the MAC addresses are different.
Interface tracking
Tracking interface works differently than in HSRP and VRRP. In HSRP and VRRP if priority the one of the Active switch drops below some level then the other takes over the Active switch role. GLBP uses weighting and whereas priority is only used to determine which router will be AVG, weighting is used in order to state if the router can be still AVF or not (if fulfill given conditions)
Let’s lab it out!
I’ve configured GLBP as usual but I added tracking interface fa1/0 and 2 lines of configuration on SwitchA
glbp 1 weighting 100 lower 85 upper 90
what means :set up weighting on 100 and if interface fa1/0 goes down then decrease this value to 80 (decrement 20) . If interface gets back to work the value will increase to 100. ‘Lower 85’ means if the weighting value droped to 85 or below then this switch will not be AVF anymore, until the value reach 90 (what will happen in our case because 100-20=80 (below 85 router is not AVF anymore) and 80+20=100 (more then 90 router is AVF back)
glbp 1 weighting track 1 decrement 20
what means in our case : track interface number fa1/0 faced towards ISP, if goes down then decrease weighting value of 20
Let’s check if this is true with ‘show glbp’ command
The first picture shows what happend on both routers when we turn off tracked interface fa1/0. As we see the value of weighting has dropped to 80
Then I up the interface fa1/0 and the value got back to 100
Load Balancing
GLBP can do load balancing without group configuration. Thanks to weight we may not only manipulate with AVFs but also do unequal load balancing. Let’s assume we want make SwitchA responsible for forwarding 80% of packets and SwitchB for 20%. In order to do that we have to change the way that virtual MAC addresses are handing out from default round and robin to weighted.
How do we calculate weighting ? We have to add all weighting values, this final value gives us 100%. Let’s assume we have 3 Switches and we want to implement load balancing 50%, 30% and 20% for particular AVFs. So we may implement weighting 110, 75 and 35 what gives us 220 totally (110-50%, 75-30% and 35-20%)