Gateway Redundancy Protocol

Cisco First Hop Redundancy Protocols: HSRP, VRRP, GLBP

 1 . Hot Standby Router Protocol (HSRP)

• HSRP is Cisco proprietary, but defined in RFC 2281.
• HSRP routers multicast to the all-routers address 224.0.0.2 on UDP port 1985.
• HSRP group numbers (0 – 255) are only significant to an interface.
• HSRP virtual MAC in the range 0000.0c07.acXX where the last 8 bits represent the standby group.
• HSRP priority ranges from 0 to 255; default is 100.
• The default hello timer is 3 seconds; holddown timer is 10 seconds.
• preempt is not enabled by default
• HSRP interface states: Disabled Init Listen Speak Standby Active
• Cisco devices by default use the plaintext string "cisco" for authentication.
• Plaintext or MD5 authentication can be used
• Active router election :The highest priority wins; highest IP wins a tie.
• The router’s priority will be decremented by the associated value (default 10) if the tracked interface fails.

HSRP Commands:

HSRP group configuration:

standby 1 ip [virtual_ip]

Timers:

standby 1 timers [hello] [dead]

By default a router with higher priority cannot preempt the current active router; this can be allowed:

standby 1 priority [priority]

standby 1 preempt

Interface Tracknig

A router can be configured to withdraw from active status if one or more of its other interfaces fail:

standby 1 track [interface][value]

The router’s priority will be decremented by the associated value (default 10) if the tracked interface fails.If another router now has a higher priority and has been configured to  preempt, it will take over as the active router for the group.

Authentication

standby 1 authentication md5 key-string [password]

Verification

show standby [brief] [interface]

2. Virtual Router Redundancy Protocol (VRRP)

• Standards-based alternative to HSRP, defined in RFC 2338.
• VRRP refers to the active router as the master router; all others are in the backup state.
• VRRP virtual MAC from the range 0000.5e00.01XX where the last eight bits represent the group number.
• VRRP advertisements are multicast to 224.0.0.18, using IP protocol 112.
• VRRP advertisements are sent in 1-second intervals by default;  backup routers can optionally learn the interval from the master router.
• VRRP routers will preempt the master by default if they have a higher priority.
• VRRP is unable to track interfaces and concede an election.

VRRP Commands:

vrrp 1 ip [virtual_ip]

vrrp 1 timers {advertise [hello]learn}

vrrp 1 priority [priority]

vrrp 1 preempt

vrrp 1 authentication md5 key-string [password]

vrrp 1 track [object]

decrement

Verification

show vrrp [brief]

3. Gateway Load Balancing Protocol (GLBP)

• GLBP  is Cisco proprietary, and acts like HSRP/VRRP with true load-balancing  capability: all routers in a group forward traffic simultaneously.
• GLBP group numbers range from 0 to 1023. Priorities range from 0 to 255 (default is 100).
• GLBP advertisements are multicast to 224.0.0.102
• hello/hold timers (default 3/10 seconds)
• Timers only need to be configured on the AVG; other routers will learn from it.
• Active Virtual Gateway (AVG)
  The AVG has the highest priority in the GLBP group (or the highest IP  address in the event of a tie); it answers all ARP requests for the  group’s virtual IP address.
• Active Virtual Forwarder (AVF)
  All routers sharing load in GLBP are AVFs.
  If an AVF fails, the AVG reassigns its virtual MAC to another router.
• Two timers are used to age out the virtual MAC of a failed AVF:
  Redirect timer (default 600 seconds) – Determines when the AVG will stop responding to ARP requests with the MAC of the failed AVF
  Timeout timer (default 4 hours) – Determines when the failed AVF  is no longer expected to return, and its virtual MAC will be flushed  from the GLBP group
• AVFs are assigned a maximum weight (1-254; default is 100).
• Default hello & hold timers 3 & 10 seconds respectively can be configured like for HSRP:

GLBP Commands:

glbp 1 ip [virtual_ip]

glbp 1 priority [priority]

glbp 1 preempt

glbp 1 forwarder preempt

Configuring the timers:

glbp 1 timer [hello] [dead]

glbp 1 timer redirect [redirect] [time-out]

Interfaces can be tracked and the AVF’s weight adjusted when interfaces go down

glbp 1 weighting [weight] lower [lower] upper [upper]

glbp 1 weighting track [object] decrement [value]

When the upper or lower threshold is reached, the AVF enters or leaves the group, respectively.

Load Balancing

Up to four virtual MACs can be assigned by the AVG.

Traffic can be distributed among AVFs using one of the following methods:

Round robin (default)

– Each new ARP request is answered with the next MAC address available; traffic is distributed evenly among AVFs

Weighted

– AVFs are assigned load in proportion to their weight

Host-dependent

– Statically maps a requesting client to a single AVF MAC

Configuring load balancing:

glbp 1 load-balacing [method]

Verification

show glbp [brief]