Module 5: Implementing High Availability in a Campus Environment
Module Overview
A network with high availability provides alternative means by which all infrastructure paths and key servers can be accessed at all times. The Hot Standby Routing Protocol (HSRP) is one of those software features that can be configured to provide Layer 3 redundancy to network hosts. HSRP optimization provides immediate or link-specific failover and a recovery mechanism. Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP) evolved from HSRP, providing additional Layer 3 redundancy options. VRRP is a vendor-neutral Layer 3 redundancy protocol and GLBP is a Cisco-proprietary improvement to HSRP that provides intrinsic load balancing.
5.1 Configuring Layer 3 Redundancy with HSRP
5.1.1 Describing Routing Issues
When a default gateway is configured on a device, there is usually no means by which to configure a secondary gateway, even if a second route exists to carry packets off the local segment.
For example, primary and secondary paths between the Building Access and Building Distribution submodules provide continuous access if of a link fails at the Building Access layer. Primary and secondary paths between the Building Distribution and Building Core layers provide continuous operations if a link fails at the Building Distribution layer.
In Figure 
, router A is responsible for routing packets for subnet A, and router B is responsible for handling packets for subnet B. If router A becomes unavailable, routing protocols can quickly and dynamically converge and determine that router B will now transfer packets that would otherwise have gone through router A. However, most workstations, servers, and printers do not receive this dynamic routing information.
End devices are typically configured with a single default gateway IP address that does not change when network topology changes occur. If the router whose IP address is configured as the default gateway fails, the local device is unable to send packets off the local network segment, effectively disconnecting it from the rest of the network. Even if a redundant router that could serve as a default gateway for that segment exists, there is no dynamic method by which these devices can determine the address of a new gateway.
Cisco IOS software runs proxy Address Resolution Protocol (ARP) 
to enable hosts that have no knowledge of routing options to obtain the MAC address of a gateway that is able to forward packets off the local subnet. For example, if the proxy ARP router receives an ARP request for an IP address that it knows is not on the same interface as the request sender, it generates an ARP reply packet with its local MAC address as the destination MAC address of the IP address being resolved. The host that sent the ARP request sends all packets destined for the resolved IP address to the MAC address of the router. The router then forwards the packets toward the intended host, perhaps repeating this process along the way. Proxy ARP is enabled by default.
With proxy ARP, the end-user station behaves as if the destination device were connected to its own network segment. If the responsible router fails, the source end station continues to send packets for that IP destination to the MAC address of the failed router, and the packets are therefore discarded.
Eventually, the proxy ARP MAC address ages out of the workstation’s ARP cache. The workstation may eventually acquire the address of another proxy ARP failover router, but it cannot send packets off the local segment during this failover time.
For further information on proxy ARP, refer to RFC 1027.
5.1.2 Identifying the Router Redundancy Process
With this type of router redundancy and , a set of routers works in concert to present the illusion of a single virtual router to the hosts on the LAN. By sharing an IP address and a MAC (Layer 2) address, two or more routers can act as a single “virtual” router. The virtual router’s IP address is configured as the default gateway for the workstations on a specific IP segment. When frames are to be sent from the workstation to the default gateway, the workstation uses ARP to resolve the MAC address associated with the IP address of the default gateway. ARP returns the MAC address of the virtual router. Frames sent to the virtual router’s MAC address can then be physically processed by any active or standby router that is part of that virtual router group.
Two or more routers use a protocol to determine which physical router is responsible for processing frames sent to the MAC or IP address of a single virtual router. Host devices send traffic to the address of the virtual router. The physical router that forwards this traffic is transparent to the end stations. This redundancy protocol provides the mechanism for determining which router should take the active role in forwarding traffic and determining when that role must be assumed by a standby router. The transition from one forwarding router to another is transparent to the end devices.
Figure 
describes the steps that take place when the forwarding router fails.
5.1.3 Describing HSRP
Hot Standby Router Protocol (HSRP) defines a standby group, with each router assigned to a specific role within the group. HSRP provides gateway redundancy by sharing IP and MAC addresses between redundant gateways. The protocol transmits virtual MAC and IP address information between two routers belonging to the same HSRP group.
Figure describes some of the terms used with HSRP.
An HSRP group consists of the following:
Active router
Standby router
Virtual router
Other routers
HSRP active and standby routers send hello messages to the multicast address 224.0.0.2 using UDP port 1985.
5.1.4 Identifying HSRP Operations
All the routers in an HSRP group have specific roles and interact in prescribed ways.
The virtual router is simply an IP and MAC address pair that end devices have configured as their default gateway. The active router processes all packets and frames sent to the virtual router address. The virtual router does not process physical frames and exists in software only.
Within an HSRP group, one router is elected to be the active router. The active router physically forwards packets sent to the MAC address of the virtual router.
The active router responds to traffic for the virtual router. If an end station sends a packet to the virtual router MAC address, the active router receives and processes that packet. If an end station sends an ARP request with the virtual router IP address, the active router replies with the virtual router MAC address.
In this example, router A assumes the active role and forwards all frames addressed to the well-known MAC address of 0000.0c07.acxx, where xx is the HSRP group identifier.
The IP address and corresponding MAC address of the virtual router are maintained in the ARP table of each router in the HSRP group. As shown in the Figure , the show ip arp command displays the ARP cache on a multilayer switch.
Figure describes the output for the show ip arp command.
In the example illustrated in Figure , the output displays an ARP entry for a router that is a member of HSRP group 1 in VLAN10. The virtual router for VLAN10 is identified as 172.16.10.110. The well-known MAC address that corresponds to this IP address is 0000.0c07.ac01, where 01 is the HSRP group identifier for group 1. The HSRP group number is the standby group number (1) converted to hexadecimal (01).
The HSRP standby router 
monitors the operational status of the HSRP group and quickly assumes packet-forwarding responsibility if the active router becomes inoperable. Both the active and standby routers transmit hello messages to inform all other routers in the group of their role and status. The routers use destination multicast address 224.0.0.2 with UDP port 1985 for these messages. The source address is the interface IP address of the sending router.
An HSRP group may contain other routers that are group members but are not in an active or standby state. These routers monitor the hello messages sent by the active and standby routers to ensure that active and standby routers exist for the HSRP group of which they are a member. These routers do forward packets addressed to their own specific IP addresses, but they do not forward packets addressed to the virtual router. These routers issue speak messages at every hello interval time.
Figure 
describes some of the terms used with HSRP.
When the active router fails, the other HSRP routers stop seeing hello messages from the active router. 
The standby router then assumes the role of the active router. If other routers are participating in the group, they contend to be the new standby router.
If both the active and standby routers fail, all routers in the group contend for the active and standby router roles.
Because the new active router assumes both the IP and MAC addresses of the virtual router, the end stations see no disruption in service. The end-user stations continue to send packets to the virtual router MAC address, and the new active router delivers the packets to the destination.
5.1.5 Describing HSRP States
A router in an HSRP group can be in one of the following states: initial, learn, listen, speak, standby, or active.
Figure describes the different HSRP states.
When a router exists in one of these states, it performs the actions required for that state. Not all HSRP routers in the group transition through all states. For example, if there are three routers in the group, the router that is not the standby or active router remains in the listen state.
All routers begin in the initial state, indicating that HSRP is not running. This state is entered via a configuration change, such as when HSRP is disabled on an interface, or when an HSRP-enabled interface is first brought up, such as when the no shutdown command is issued.
After the initial state, the interface moves to the learn state. The interface is expecting to see HSRP packets and from these packets determine the virtual IP and active HSRP router for the group.
Once the interface has seen HSRP packets and determined the virtual IP, it moves to the listen state. The purpose of the listen state is to determine if there are already active or standby routers for the group. If the active and standby routers are functional, the interface remains in this state. However, if hellos are not seen from either router, the interface moves to the speak state.
In the speak state, the routers are actively participating in the election of the active router, standby router, or both. The routers look at each other’s hello packets to determine which router should assume which role.
Three timers are used in HSRP: active, standby, and hello. If a hello is not received from an active HSRP router within the active timer, the router transitions to a new HSRP state.
Figure describes the HSRP timers.
In the standby state , because the router is a candidate to become the next active router, it sends periodic hello messages. It also listens for hello messages from the active router. There can only be one standby router in the HSRP group.
In the active state , the router is currently forwarding packets that are sent to the virtual MAC address of the group. It also replies to ARP requests directed to the virtual router’s IP address. The active router sends periodic hello messages. There must be one active router in each HSRP group.
5.1.6 Describing HSRP Configuration Commands
Figure illustrates common HSRP configuration commands.
Figure describes the essential commands used to configure and verify HSRP.
5.1.7 Enabling HSRP
Switch(config-if)#standby group-number ip ip-address
Figure describes the command parameters for configuring an HSRP group on an interface.
When HSRP is running, the end-user stations must not discover the actual MAC addresses of the routers in the standby group. Any protocol that informs a host of a router’s actual address must be disabled. Enabling HSRP on a Cisco router interface automatically disables Internet Control Message Protocol (ICMP) redirects on that interface, which ensures that the addresses of the participating HSRP routers are not discovered.
After the standby ip command is issued, the interface changes to the appropriate state, and the router issues an HSRP message.
To remove an interface from an HSRP group, enter the no standby group ip command.
The following example states that interface VLAN11 is a member of HSRP group 11, the virtual router IP address for the group is 172.16.11.115, and ICMP redirects are disabled. To verify the HSRP configuration, use the show running-config command:
Switch#show running-config
Building configuration...
Current configuration:!
Another way to verify the HSRP configuration is with the show standby brief command, which displays abbreviated information about the current state of all HSRP operations on the device.
To display the status of the HSRP router, use one of these commands:
Switch#show standby [interface [group]] [active | init | listen | standby] [brief]
Switch#show standby delay [type-number]
If the optional interface parameters are not included, the show standby command displays HSRP information for all interfaces.
The following example shows the output of the show standby command:
Switch#show standby Vlan11 11
Vlan11 - Group 11
Local state is Active, priority 110
Hellotime 3 holdtime 10
Next hello sent in 00:00:02.944
Hot standby IP address is 172.16.11.115 configured
Active router is local
Standby router is 172.16.11.114 expires in 00:00:08
Standby virtual mac address is 0000.0c07.ac01
This is the output when you use the brief parameter:
Switch#show standby brief
Interface Grp Prio P State Active addr Standby addr Group addr
Vl11 11 110 Active local 172.16.11.114 172.16.11.115
Notice that the group address 172.16.11.115 is on the same subnet as the standby and active router IP addresses.
No hay comentarios:
Publicar un comentario