5.3 Configuring Layer 3 Redundancy with VRRP and GLBP
5.3.1 Describing Virtual Router Redundancy
Like HSRP, Virtual Router Redundancy Protocol (VRRP) allows a group of routers to form a single virtual router. In an HSRP or VRRP group, one router is elected to handle all requests sent to the virtual IP address. With HSRP, this is the active router. An HSRP group has one active router, at least one standby router, and perhaps many listening routers. A VRRP group has one master router and one or more backup routers. The LAN workstations are then configured with the address of the virtual router as their default gateway.
VRRP differs from HSRP in the following ways:
VRRP is an IEEE standard (RFC 2338) for router redundancy; HSRP is a Cisco-proprietary protocol.
The virtual router represents a group of routers, known as a VRRP group or virtual router group.
The active router is referred to as the master virtual router.
The master virtual router may have the same IP address as the virtual router group.
Multiple routers can function as backup routers.
VRRP is supported on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces, and with Multiprotocol Label Switching (MPLS), virtual private networks (VPNs), and VLANs.
In Figure , routers A, B, and C are members of a VRRP group. The IP address of the virtual router is the same as that of the LAN interface of router A (10.0.0.1). Router A is responsible for forwarding packets sent to this IP address.
The clients have a gateway address of 10.0.0.1. Routers B and C are backup routers. If the master router fails, the backup router with the highest priority becomes the master router. When router A recovers, it resumes the role of master router.
VRRP provides redundancy for the real IP address of a router or for a virtual IP address shared among the VRRP group members. If a real IP address is used, the router with that address becomes the master. If a virtual IP address is used, the master is the router with the highest priority. The master router uses VRRP messages to inform group members that it is the master.
5.3.2 Identifying the VRRP Operations Process
Figure shows a LAN topology in which VRRP is configured so that routers A and B share the load of being the default gateway for clients 1 through 4. Routers A and B act as backup virtual routers to one another should either one fail.
In this example, two virtual router groups are configured. For virtual router 1, router A is the owner of IP address 10.0.0.1, and therefore the master virtual router for clients configured with that default gateway address. Router B is the backup virtual router to router A.
For virtual router 2, router B is the owner of IP address 10.0.0.2 and is the master virtual router for clients configured with the default gateway IP address of 10.0.0.2. Router A is the backup virtual router to router B.
Given that the IP address of the VRRP group is that of a physical interface on one of the group members, the router owning that address is the master in the group. Its priority is set to 255. Backup router priority values can range from 1 to 254; the default is 100. A priority value of 0 indicates that the current master has stopped participating in VRRP. This setting is used to trigger backup routers to transition quickly to the master without having to wait for the current master to time out.
With VRRP, only the master sends advertisements (the equivalent of HSRP hellos). Advertisements are sent on multicast 224.0.0.18 protocol number 112 at a default interval of 1 second.
When the master becomes unavailable, the dynamic failover uses three timers: the advertisement interval, the master down interval, and the skew time.
The advertisement interval is the time between advertisements in seconds. The default is 1 second.
The master down interval is the number of seconds for the backup to declare the master down. The default is 3 x advertisement interval + skew time.
The skew time, (256 - priority) / 256 ms, ensures that the backup router with the highest priority becomes the new master.
Figure lists the steps involved in the VRRP transition.
Note:
If the VRRP master has an orderly shutdown, it sends an advertisement with a priority of 0. This priority setting then triggers the backup router to take over quicker by waiting only the skew time instead of the master down interval.
5.3.3 Configuring VRRP
VRRP is supported on select Cisco Catalyst platforms and can be configured using the commands in Figure .
Figure describes the VRRP command parameters.
Figure describes how to configure VRRP.
Example: Implementing VRRP
SwitchA(config)#interface vlan10
SwitchA(config-if)#ip address 10.1.10.5 255.255.255.0
SwitchA(config-if)#vrrp 10 ip 10.1.10.1
SwitchA(config-if)#vrrp 10 priority 150
SwitchA(config-if)#vrrp 10 timer advertise 4
SwitchB(config)#interface vlan10
SwitchB(config-if)#ip address 10.1.10.6 255.255.255.0
SwitchB(config-if)#vrrp 10 ip 10.1.10.1
SwitchB(config-if)#vrrp 10 priority 100
SwitchB(config-if)#vrrp 10 timer advertise 4
5.3.4 Describing GLBP
While HSRP and VRRP provide gateway resiliency, the upstream bandwidth is not used for the standby members of the redundancy group while the device is in standby mode. Only the active router for HSRP and VRRP groups forwards traffic for the virtual MAC. Resources associated with the standby router are not fully utilized. Some load balancing can occur by creating multiple groups and assigning multiple default gateways, but this configuration creates an administrative burden.
Cisco designed the Gateway Load Balancing Protocol (GLBP) to allow automatic selection, simultaneous use of multiple gateways, and automatic failover between those gateways. Multiple routers share the load of frames that, from a client perspective, are sent to a single default gateway address.
With GLBP, resources can be fully utilized without the administrative burden of configuring multiple groups and managing multiple default gateway configurations as is required with HSRP and VRRP.
GLBP has the following functions:
Active virtual gateway (AVG): Members of a GLBP group elect one gateway to be the AVG for that group. Other group members provide backup for the AVG if the AVG becomes unavailable. The AVG assigns a virtual MAC address to each member of the group.
Active virtual forwarder (AVF): Each gateway assumes responsibility for forwarding packets sent to the virtual MAC address assigned to it by the AVG. These gateways are known as AVFs for their virtual MAC address.
Communication: GLBP members communicate with each other using hello messages sent every 3 seconds to the multicast address 224.0.0.102, User Datagram Protocol (UDP) port 3222.
GLBP has the following features:
Load sharing: Traffic from LAN clients can be shared by multiple routers.
Multiple virtual routers: Up to 1,024 virtual routers (GLBP groups) can be on each physical interface of a router, and there can be up to four virtual forwarders per group.
Preemption: You can preempt an AVG with a higher priority backup virtual gateway. Forwarder preemption works in a similar way, except that it uses weighting instead of priority and is enabled by default.
Efficient resource utilization: Any router in a group can serve as a backup, which eliminates the need for a dedicated backup router because all available routers can support network traffic.
GLBP provides upstream load sharing by utilizing the redundant uplinks simultaneously. It uses link capacity efficiently, thus providing peak-load traffic coverage. By making use of multiple available paths upstream from the routers or Layer 3 switches running GLBP, output queues may also be reduced.
HSRP and VRRP use only a single path; other paths are idle, unless multiple groups and gateways are configured. The single path may encounter higher output queue rates during peak times, which leads to lower performance from higher jitter rates. The impact of jitter is lessened and overall performance is improved with GLBP, because more upstream bandwidth is available and additional upstream paths are used.
5.3.5 Identifying the GLBP Operations Process
GLBP allows automatic selection and simultaneous use of all available gateways in the group. The members of a GLBP group elect one gateway to be the AVG for that group. Other members of the group provide backup for the AVG if it becomes unavailable. The AVG assigns a virtual MAC address to each member of the GLBP group. All routers become AVFs for frames addressed to that virtual MAC address. As clients send Address Resolution Protocol (ARP) requests for the address of the default gateway, the AVG sends these virtual MAC addresses in the ARP replies. A GLBP group can have up to four group members.
GLBP supports the following operational modes for load balancing traffic across multiple default routers servicing the same default gateway IP address:
Weighted load-balancing algorithm: The amount of load directed to a router is dependent upon the weighting value advertised by that router.
Host-dependent load-balancing algorithm: A host is guaranteed to use the same virtual MAC address as long as that virtual MAC address is participating in the GLBP group.
Round-robin load-balancing algorithm: As clients send ARP requests to resolve the MAC address of the default gateway, the reply to each client contains the MAC address of the next possible router in round-robin fashion. All routers’ MAC addresses take turns being included in address resolution replies for the default gateway IP address.
GLBP automatically manages the virtual MAC address assignment, determines who handles the forwarding, and ensures that each station has a forwarding path for failures to gateways or tracked interfaces. If failures occur, the load-balancing ratio is adjusted among the remaining AVFs so that resources are used in the most efficient way.
As shown in Figure , GLBP attempts to balance traffic on a per-host basis using the round-robin algorithm.
Figure describes how GLBP balances traffic using the round-robin algorithm.
In Figure , clients A and B have each resolved a different MAC address for the default gateway, so they send their routed traffic to separate routers, although they both have the same default gateway address configured. Each GLBP router is an AVF for the virtual MAC address to which it has been assigned.
Like HSRP, GLBP can be configured to track interfaces. In Figure , the WAN link from router R1 is lost, and GLBP detects the failure.
Because interface tracking was configured on R1, the job of forwarding packets for virtual MAC address 0000.0000.0001 is taken over by the secondary virtual forwarder for the MAC, which is router R2. Therefore, the client sees no disruption of service nor does it need to resolve a new MAC address for the default gateway.
GLBP is supported on select Cisco Catalyst platforms. Figure illustrates the GLBP interface commands. Figure describes the command parameters. Figure describes the steps needed to configure GLBP.
The following example configures GLBP on two multilayer switches:
SwitchA(config)#interface vlan7
SwitchA(config-if)#ip address 10.1.7.5 255.255.255.0
SwitchA(config-if)#glbp 7 ip 10.1.7.1
SwitchA(config-if)#glbp 7 priority 150
SwitchA(config-if)#glbp 7 timers msec 250 msec 750
SwitchB(config)#interface vlan7
SwitchB(config-if)#ip address 10.1.7.6 255.255.255.0
SwitchB(config-if)#glbp 7 ip 10.1.7.1
SwitchB(config-if)#glbp 7 priority 100
SwitchB(config-if)#glbp 7 timers msec 250 msec 750
SwitchA#show glbp 7
Vlan7 - Group 7
State is Active
2 state changes, last state change 23:50:33
Virtual IP address is 10.1.7.1
Hello time 250 msec, hold time 750 msec
Next hello sent in 40 msecs
Redirect time 600 sec, forwarder time-out 7200 sec
Authentication text "stringabc"
Preemption enabled, min delay 60 sec
Active is local
Standby is unknown
Priority 254 (configured)
Weighting 105 (configured 110), thresholds: lower 95, upper 105
Track object 2 state Down decrement 5
Load balancing: host-dependent
There is 1 forwarder (1 active)
Forwarder 1
State is Active
1 state change, last state change 23:50:15
MAC address is 0007.b400.0101 (default)
Owner ID is 0005.0050.6c08
Redirection enabled
Preemption enabled, min delay 60 sec
5.4 High Availability Lab Exercise
5.4.1 Lab 5-1 Hot Standby Router Protocol
Lab Exercise: Lab 5-1 Hot Standby Router Protocol
Configure inter-VLAN routing with HSRP to provide redundant, fault tolerant routing to the internal network.
Summary
Device, link, or hardware component redundancy at strategic points in the network leads to high availability. Hot Standby Router Protocol (HSRP) provides router redundancy to network hosts and can be optimized in several ways. Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP) were derived from HSRP and provide additional redundancy features.
No hay comentarios:
Publicar un comentario