CCNP: Building Multilayer

Switched Networks v5.0

Module 5 – Implementing High
Availability in a Campus Environment
 Using Default gateways
 End devices are typically configured with a
single default gateway address that does not
change when network topology changes
occur
 If a router whose IP addresses is configured
as the default gateway fails, the local device
will be unable to send packets off the local
network segment
 Even if a redundant router exists, there is no
way dynamic way for the devices to
determine the address of the new default
gateway
 Routing protocols can quickly and
dynamically converge and find an alternative
path, but most end devices do not receive
this dynamic routing information
 Using Proxy ARP
 With proxy ARP, the end user station
behaves as if the destination device
was connected to its same network
segment
 If the responsible router fails, the source
end station continues to send packets
for that IP destination to the MAC
address of the failed router and the
packets are discarded
 Eventually the Proxy ARP MAC address
will age out, and the workstation may
eventually acquire another Proxy ARP
failover router, but in the meantime the
workstation cannot send packets off the
local segment.
 Hot Standby Routing Protocol - HSRP
 HSRP defines a standby group of routers,
with one router as the active router
 HSRP provides gateway redundancy by
sharing IP and MAC addresses between
redundant gateways
 The protocol consists of a virtual MAC
address and IP address that are shared
between routers belonging to the same
HSRP standby group.
 AN HSRP group comprises these entities:
 One active router
 One Standby router
 One virtual router
 Other routers
 HSRP Router Roles
 The Virtual HSRP Router – an IP
and MAC address pair to which
end devices have configured as
their default gateway.
 The Active Router – physically
processes all packets and frames
sent to the virtual router address
 The Standby and other HSRP
routers in the group – monitor the
operational status of the HSRP
group and quickly assume
packet-forwarding responsibility if
the active router becomes
inoperable. Transmit hello
packets that use 224.0.0.2 with
UDP port 1985
ARP Resolution with HSRP
 The IP address and
corresponding MAC address of
the virtual router is maintained
in the ARP table of each router
in a HSRP standby group
 The virtual MAC address is
0000.0c07.acXX where XX is the
HSRP group number for the standby
group converted to a hexadecimal
The Standby Router
Interaction between Active and Standby Router
HSRP States
Active and Standby States
Enabling HSRP

Router(config)#int fa0/0
Router(config-if)#ip address 10.1.1.2 255.255.255.0
Router(config-if)#standby 1 ip 10.1.1.1
Configuring HSRP Standby Priorities
Configuring HSRP Preempt
 Configuring HSRP Timers
•The hello message contains
the priority of the router as
well as the hellotime and
holdtime parameter values
•The hellotime parameter
value indicates the interval
between hello messages
•The holdtime parameter
value indicates the amout of
time the current hello
message is considered valid.
Should be at least 3 x
hellotime
•The standby timer includes
an “msec” parameter for
faster failovers
 HSRP Interface Tracking
 In some instances it is not the status of the
HSRP interface itself that should cause a
HSRP failover but the failure of another router
used by the active HSRP router
 Interface tracking enables the priority of a
standby group router to be automatically
adjusted, based on the availability of the
interfaces of that router
 When a tracked interface becomes
unavailable, the HSRP priority of the router is
decreased
HSRP Load Sharing
 HSRP Load Sharing
RouterA#show running-config
Building configuration...
Current configuration:
! Current configuration:
<output omitted>
interface Vlan10
ip address 172.16.10.32 255.255.255.0
no ip redirects
standby 1 priority 150
standby 1 ip 172.16.10.110
interface Vlan20
ip address 172.16.20.32 255.55.255.0
no ip redirects
standby 2 priority 50
standby 2 ip 172.16.20.120
RouterB#show running-config
Building configuration...
!
<output omitted>
interface Vlan10
ip address 172.16.10.33 255.255.255.0
no ip redirects
standby 1 priority 50
standby 1 ip 172.16.10.110
interface Vlan20
ip address 172.16.20.33 255.255.255.0
no ip redirects
standby 2 priority 150
standby 2 ip 172.16.20.120
Debugging HSRP Operations
Virtual Routing Redundancy Protocol - VRRP
 VRRP is an IEEE standard for router redundancy,
HSRP is a Cisco proprietary
 The virtual router, representing a group of routers,
is known as a VRRP group
 The active router is referred to as the master
virtual router
 The master virtual router may have the same IP
address of the virtual router group
 Multiple routers can function as backup routers
 If a real IP address is used, the owning router
becomes the master. If a virtual IP address is
used, the master is the router with the highest
priority
 VRRP can be configured so that routers can
share the load of being default gateways for
clients
 Configuring VRRP
Enabling VRRP
vrrp group ip ip-address
Verifying configuration
show vrrp [brief | group]
show vrrp interface type number [brief]
Enables VRRP on an interface. All routers in the VRRP
group must be configured with the same primary address for
the virtual router
Displays a brief or detailed status of one or all VRRP groups
on the router
Displays the VRRP groups and their status on a specified
interface
 Configuring VRRP
Customizing VRRP (Optional)
vrrp group description text Assigns a text description to the VRRP group
vrrp group priority level sets the priority level of the router within a VRRP group –
default 100
vrrp group preempt [delay minimum seconds configures the router to take over as a virtual router master if
it has higher priority than current virtual router master. The
router that is the IP address owner will preempt regardless of
this setting.
vrrp group timers advertise [msec] interval configures the interval between successive advertisements
by the virtual master in a VRRP group – default 1 second. All
routers in a VRRP group must use the same timers or they
will not communicate.
vrrp group timers learn Configures Non master members to learn timer values from
master.
Example configuration
Router(config)# interface fa0/0
Router(config-if)# ip address 172.16.6.5 255.255.255.0
Router(config-if)# vrrp 10 description working-group
Router(config-if)# vrrp 10 priority 110
Router(config-if)# vrrp 10 preempt delay minimum 380
Router(config-if)# vrrp 10 timers advertise 110
Router(config-if)# vrrp 10 timers learn
 Gateway Load Balancing Protocol - GLBP
 HSSR and VRRP provide gateway resiliency, however the standby members along with their
up stream bandwidth is not used while the device is in standby mode.
 Some load balancing can be accomplished by the creation of multiple groups.
 Gateway Load Balancing Protocol (GLBP) was designed to allow automatic selection and
simultaneous use of multiple, available gateways, as well as automatic failover between these
those gateways
 The members of a GLBP group elect one gateway to be the Active Virtual Gateway AVG) for
that group. Other members of the group provide backup for the AVG should it become
unavailable.
 GLBP automatically manages the virtual MAC address assignment, determines who handles
the forwarding, and ensures that each station has a forwarding path in the event of failures to
gateways or tracked interfaces.
 If failures occur, the load-balancing ratio is adjusted among the remaining active forwarders so
that resources are used in the most efficient way
 GLBP operation
 GLBP will attempt to balance traffic on a per-host basis using the
round robin algorithm.
 When a client sends an ARP message, the AVG will return the MAC
address of one of the active virtual forwarders
 When a second device sends an ARP request, the AVG returns the
next virtual MAC from the list
 The two clients will send their routed traffic to separate routers
although the have the same default gateway address configured
 If a tracked interface fails, GLBP detects the failure, and the second
router will take over forwarding both clients packets
 Configuring GLBP
Customizing GLBP
glbp group preempt [delay minimum seconds] Configures the router to take over as AVF for a GLBP group if it has a
higher priority than the current AVG
glbp group priority level Sets the priority level of the gateway within a GLBP group. Default is 100
glbp group timers [msec] hellotime [msec] holdtime Configures the interval between succesive hello packets sent by the
AVG in a GLBP group.
Enabling and verifying GLBP
glbp group ip ip-address Enables GLBP on an interface and identifes the primary address of the virtual gateway.
show glbp [interface-type interface-number ] [group] [state] [brief]

Example configuration
Router(config)# interface fa0/0
Router(config-if)# ip address 172.16.6.5 255.255.255.0
Router(config-if)# glbp 10 ip 172.16.6.1
Router(config-if)# glbp 10 priority 110
Router(config-if)# glbp 10 preempt delay minimum 60
Router(config-if)# glbp 10 timers 5 18