Posts

1- Understanding HSRP

HSRP is the Cisco standard method of providing high network availability by providing first-hop redundancy for IP hosts on an IEEE 802 LAN configured with a default gateway IP address. HSRP allows two or more HSRP-configured routers to use the MAC address and IP network address of a virtual router. The virtual router does not exist; it represents the common target for routers that are configured to provide backup to each other. One of the routers is selected to be the active router and another to be the standby router, which assumes control of the group MAC address and IP address should the designated active router fail.

HSRP has two versions:

  • HSRPv1—Version 1 of the HSRP, the default version of HSRP. It has these features:

    The HSRP group number can be from 0 to 255.

    HSRPv1 uses the multicast address 224.0.0.2 to send hello packets, which can conflict with Cisco Group Management Protocol (CGMP) leave processing. You cannot enable HSRPv1 and CGMP at the same time; they are mutually exclusive.

  • HSRPv2—Version 2 of the HSRP has these features:

    To match the HSRP group number to the VLAN ID of a subinterface, HSRPv2 can use a group number from 0 to 4095 and a MAC address from 0000.0C9F.F000 to 0000.0C9F.FFFF.

    HSRPv2 uses the multicast address 224.0.0.102 to send hello packets. HSRPv2 and CGMP leave processing are no longer mutually exclusive, and both can be enabled at the same time.

    HSRPv2 has a different packet format than HRSPv1.

    A switch running HSRPv1 cannot identify the physical router that sent a hello packet because the source MAC address of the router is the virtual MAC address.

HSRPv2 has a different packet format than HSRPv1. A HSRPv2 packet uses the type-length-value (TLV) format and has a 6-byte identifier field with the MAC address of the physical router that sent the

I use again cisco website to compare these two vesions:

eature

Default Setting

HSRP version

Version 1

HSRP groups

None configured

Standby group number

0

Standby MAC address

System assigned as: 0000.0c07.acXX, where XX is the HSRP group number

Standby priority

100

Standby delay

0 (no delay)

Standby track interface priority

10

Standby hello time

3 seconds

Standby holdtime

10 seconds

HSRPV1 —> 0000.0c07.ac** (where ** is the HSRP group number)

HSRPV2 —> 0000.0c9f.f0** (where ** is the HSRP group number)

HSRP consists of 6 states:

State

Description

Initial

This is the beginning state. It indicates HSRP is not running. It happens when the configuration changes or the interface is first turned on

Learn

The router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router still waits to hear from the active router.

Listen

The router knows both IP and MAC address of the virtual router but it is not the active or standby router. For example, if there are 3 routers in HSRP group, the router which is not in active or standby state will remain in listen state.

Speak

The router sends periodic HSRP hellos and participates in the election of the active or standby router.

Standby

In this state, the router monitors hellos from the active router and it will take the active state when the current active router fails (no packets heard from active router)

Active

The router forwards packets that are sent to the HSRP group. The router also sends periodic hello messages

Enter a caption for this image (optional)
router1# conf t
router1(config)# int fa0/1
router1(config-if)# standby 1 ip 172.16.0.1
router1(config-if)# standby 1 priority 150
router1(config-if)# standby 1 preempt
router2# conf t
router2(config)# int fa0/2
router2(config-if)# standby 1 ip 172.16.0.2
router2(config-if)# standby 1 priority 120
router2(config-if)# standby 1 preempt
router2(config-if)# standby 1 track fa0/1 60
router2(config-if)# standby 1 timers 1 3

track fa0/1 means if fa0/1 goes down, decrease priority 60 unit.

Standby 1 timers 1 (Hello-Second) 3(Dead-Second)

to see HSRP configuration:

#show standby

2- Understanding VRRP

Virtual Router Redundancy Protocol(VRRP) is created by IETF in 1999. It is the same concept of HSRP except it has faster timer than HSRP. Hello timer is 1 second and hold timer is 3 seconds by default. VRRP uses master/backup instead of active/standby and VRRP group instead of standby group.

router1# conf t
router1(config)# int fa0/1
router1(config-if)# vrrp 10 ip 172.16.0.1
router1(config-if)# vrrp 10 priority 150
router1(config-if)# vrrp 10 preempt
router1(config-if)# vrrp 10 timers advertise msec 100

to see VRRP configuration:

#show vrrp

3- Understanding GLBP

The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active gateway and used to forward traffic whilst the rest are unused until the active one fails. Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol and performs the similar function to HSRP and VRRP but it supports load balancing among members in a GLBP group.

When the routers are configured to a GLBP group, they first elect one gateway to be the Active Virtual Gateway (AVG) for that group. The election is based on the priority of each gateway (highest priority wins). If all of them have the same priority then the gateway with the highest real IP address becomes the AVG. The AVG, in turn, assigns a virtual MAC address to each member of the GLBP group. Each gateway which is assigned a virtual MAC address is called Active Virtual Forwarder (AVF). A GLBP group only has a maximum of four AVFs. If there are more than 4 gateways in a GLBP group then the rest will become Standby Virtual Forwarder (SVF) which will take the place of a AVF in case of failure. The virtual MAC address in GLBP is 0007.b400.xxyy where xx is the GLBP group number and yy is the different number of each gateway (01, 02, 03…).

Each AVF listens to others, if one AVF can no more forward traffic, all listening AVFs will compete to take the responsibility of the failed AVF vMAC along with its own (AVF with higher weighting wins).

To detect a gateway failure, GLBP members communicate between each other through hello messages sent every 3 seconds to the multicast address 224.0.0.102, User Datagram Protocol (UDP) port 3222.

GLBP supports up to 1024 virtual routers (GLBP groups) per physical interface of a router.

GLBP has three authentication types: + No authentication + MD5 authentication + Plain text authentication

router1# conf t
router1(config)# int fa0/1
router1(config-if)# glbp 1 ip 172.16.0.1
router1(config-if)# glbp 1 priority 150
router1(config-if)# glbp 1 preempt
router1(config-if)# glbp 1 timers 15 15
router1(config-if)# glbp 1 load-balancing weighted| round-robin | host-dependent

to see GLBP configuration:

#show glbp brief