Section 1 – Getting Started with your Cisco Lab
Section 2 – Basic Cisco Router and Switch Management
Section 3 – Configuring Basic Cisco Device Security
Section 4 – Configuring Cisco Catalyst Series Switches
Section 5 – Configuring Wide Area Network Links
Section 6 – Configuring Static Routing
Section 7 – Configuring Routing Information Protocol (RIP)
Section 8 – Configuring Enhanced Interior Gateway Routing Protocol (EIGRP)
Section 9 – Configuring Open Shortest Path First (OSPF)
Section 10 – Configuring Route Redistribution
Section 11 – Configuring IP Services
Section 12 – Configuring IP Version 6 (IPv6)
When designing a network, one of the common things to focus on after simple access is how the network will deal with failure. Part of this process is trying to build as much redundancy into the design as financially possible, while also maintaining performance and manageability. From the client’s perspective, the first piece of the network they deal without, outside of their local subnet, is the default gateway; if this gateway were to go down, then access to an entire subnet (at least) would go down. One of the ways to deal with this is to implement a first hop redundancy protocol. On Cisco equipment, there are a couple of different options to choose from, including Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP). This article gives an overview of these options and how they differ.
Hot Standby Router Protocol (HSRP)
HSRP is a Cisco proprietary protocol that enables the network engineer to configure multiple redundant routers that exist on the same subnet; each can be used as a gateway for the devices on the subnet. Without HSRP, each of the devices on the subnet would need to be individually configured to use a specific gateway, effectively not providing redundancy but limiting the number of clients that would be affected if a router were to go down. With HSRP, a group of routers (gateways) will be configured together, and a single HSRP virtual IP address and MAC address will be created that are used by the devices on the subnet. The different routers in the HSRP will communicate to a select single active gateway that handles all live traffic. At this point, a single standby gateway is also selected. This standby gateway communicates with the active gateway via multicast and will detect should the active gateway fail. When this happens, one of the standby gateways will take over the duties of the active gateway and continue traffic forwarding without much (if any) delay. When this happens, a new standby gateway is also selected.
Virtual Router Redundancy Protocol (VRRP)
VRRP is an open standard that can be used in environments where equipment from multiple vendors exists. Its operation is similar to HSRP but differs in a couple of ways. In VRRP, like with HSRP, a group is configured that contains a number of routers (gateways); one will be selected by the network engineer to be the master. The master router’s physical IP address of the interface connecting the subnet is used by the clients as a default gateway. The backup members of the VRRP group will communicate with the master gateway and take over the duties of forwarding traffic, should the master fail. The IP address used always belongs to the master router which is referred to as the IP address owner. When the master router recovers, it will take back the duties of routing for that IP address.
It is possible to have multiple VRRP groups on a single subnet, which can be used to spread the load of the traffic coming off of a subnet. However, this must be done manually at the client’s location, by changing their default gateway addresses.
Gateway Load Balancing Protocol (GLBP)
GLBP is another Cisco proprietary protocol that can be used for first hop redundancy. GLBP offers something that the first two does not: dynamic load balancing. With GLBP, unlike HSRP or VRRP, all of the routers that exist within the GLBP group are active and are forwarding traffic. When a GLBP group is configured, one of the routers within the group will be elected as the Active Virtual Gateway (AVG); each of the other routers will back up the AVG, should it fail. The AVG is responsible for assigning virtual MAC addresses to each of the members of the GLBP group; each of these members is referred to as an Active Virtual Forwarder (AVF). The AVG is responsible for responding to ARP request by subnet devices, and selecting which group’s router will handle the traffic. The IP address of the default gateway is the same across all of the subnet devices; this IP address is virtual. When the device ARPs for a MAC address, the AVG will respond with one of the virtual MAC addresses. This way, the AVG is able to control which router will handle the load of each individual subnet device.
(Hot Standby Router protocol)
(Virtual Redundancy Router Protocol)
(Gateway Load Balancing Protocol)
|Router role||– 1 active router.- 1 standby router.- 1 or more listening routers.||– 1 master router.- 1 or more backup routers.||– 1 AVG (Active Virtual Gateway).- up to 4 AVF routers on the group (Active Virtual Forwarder) passing traffic.- up to 1024 virtual routers (GLBP groups) per physical interface.|
|– Use virtual ip address.||– Can use real router ip address, if not, the one with highest priority become master.||– Use virtual ip address.|
|Scope||Cisco proprietary||IEEE standard||Cisco proprietary|
2-Highest IP (tiebreaker)
|Master Router: (*)
2-Highest IP (tiebreaker)
|Active Virtual Gateway:
2-Highest IP (tiebreaker)
|Traffic type||22.214.171.124 – udp 1985 (version1)
126.96.36.199-udp 1985 (version2)
|188.8.131.52 – IP 112||184.108.40.206 udp 3222|
|Timers||Hello – 3 seconds||Advertisement – 1 second||Hello – 3 seconds|
|(Hold) 10 seconds||(Master Down Interval)3 * Advertisement + skew time||(Hold) 10 seconds|
|(Skew time)(256-priority) / 256|
|Load-balancing functionality||– Multiple HSRP group per interface/SVI/routed int.||– Multiple VRRP group per interface/SVI/routed int.||Load-balancing oriented- Weighted algorithm.- Host-dependent algorithm.- Round-Robin algorithm (default).|
|Requires appropriate distribution of Virtual GW IP per Clients for optimal load-balancing.(generally through DHCP)||Requires appropriate distribution of Virtual GW IP per Clients for optimal load-balancing.(generally through DHCP)||Clients are transparently updated with virtual MAC according to load-balancing algorithm through ARP requesting a unique virtual gateway.|
* If the group VRRP Virtual IP on the master (higher priority) is the real IP configured on a different VRRP (Backup with lower priority) IOS will manage to make the VRRP router with the real IP, the master, by setting its priority to 255, knowing that the configurable range is [1-254].
Specifying a different source to generate the pings R1#ping 10.1.1.1 source 192.168.1.2 Router A>enable Router A#ping Protocol [ip]: Target IP address: 192.168.40.1 !--- The address to ping. Repeat count : Datagram size : Timeout in seconds : Extended commands [n]: y Source address or interface: 172.16.23.2 !---Ping packets are sourced from this address. Type of service : Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 220.127.116.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/97/132 ms !--- Ping is successful. Router A>enable Router A#traceroute Protocol [ip]: Target IP address: 192.168.40.2 !--- The address to which the path is traced. Source address: 172.16.23.2 Numeric display [n]: Timeout in seconds : Probe count : Minimum Time to Live : Maximum Time to Live : Port Number : Loose, Strict, Record, Timestamp, Verbose[none]: Type escape sequence to abort. Tracing the route to 192.168.40.2 1 172.31.20.2 16 msec 16 msec 16 msec 2 172.20.10.2 28 msec 28 msec 32 msec 3 192.168.40.2 32 msec 28 msec * !--- The traceroute is successful.