8/8/2019 CCNP3v5 Module 5

1/24

Module 5 Implementing High

Availability in a Campus Environment

CCNP: Building Multilayer

Switched Networks v5.0

8/8/2019 CCNP3v5 Module 5

2/24

Using Default gateways

End devices are typically configured with asingle default gateway address that does

not change when network topology changes

occur

If a router whose IP addresses is configured

as the default gateway fails, the local device

will be unable to send packets off the localnetwork segment

Even if a redundant router exists, there is no

way dynamic way for the devices to

determine the address of the new default

gateway

Routing protocols can quickly and

dynamically converge and find an alternative

path, but most end devices do not receive

this dynamic routing information

8/8/2019 CCNP3v5 Module 5

3/24

Using Proxy ARP

With proxy ARP, the end user stationbehaves as if the destination device

was connected to its same network

segment

If the responsible router fails, the source

end station continues to send packets

for that IP destination to the MAC

address of the failed router and the

packets are discarded

Eventually the Proxy ARP MAC address

will age out, and the workstation may

eventually acquire another Proxy ARP

failover router, but in the meantime the

workstation cannot send packets off the

local segment.

8/8/2019 CCNP3v5 Module 5

4/24

Hot Standby Routing Protocol - HSRP

HSRP defines a standby group of routers,with one router as the active router

HSRP provides gateway redundancy by

sharing IP and MAC addresses between

redundant gateways

The protocol consists of a virtual MAC

address and IP address that are sharedbetween routers belonging to the same

HSRP standby group.

AN HSRP group comprises these entities:

One active router

One Standby router

One virtual router

Other routers

8/8/2019 CCNP3v5 Module 5

5/24

HSRP Router Roles The Virtual HSRP Router an IP

and MAC address pair to whichend devices have configured astheir default gateway.

The Active Router physicallyprocesses all packets and framessent to the virtual router address

The Standby and other HSRProuters in the group monitor theoperational status of the HSRPgroup and quickly assume

packet-forwarding responsibility ifthe active router becomesinoperable. Transmit hello

packets that use 224.0.0.2 with

UDP port 1985

8/8/2019 CCNP3v5 Module 5

6/24

ARP Resolution with HSRP

The IP address andcorresponding MACaddress of the virtual routeris maintained in the ARPtable of each router in aHSRP standby group

The virtualMAC address is0000.0c07.acXX where XX isthe HSRP group number for thestandby group converted to ahexadecimal

8/8/2019 CCNP3v5 Module 5

7/24

The Standby Router

8/8/2019 CCNP3v5 Module 5

8/24

Interaction between Active and Standby Router

8/8/2019 CCNP3v5 Module 5

9/24

HSRP States

Theimage cannotbedisplayed. Your computer may nothave enough memory toopen theimage,or theimagemay havebeen corrupted.Restartyour computer,and then open thefileagain. Ifthe red x stillappears, you may havetod eletetheimage and then insertit again.

Theimage cannotbedisplayed. Your computer may nothave enough memory toopen theimage,or theimagemay havebeen corrupted.Restartyour computer,and then open thefileagain. Ifthe red x stillappears, you may havetod eletetheimage and then insertit again.

Theimage cannotbe displayed.Your computer may nothaveenough memory toopen theimage,or theimage may havebeen corrupted. Restartyour computer,and then open thefileagain.If thered x stillappears,you may havetodeletethe imageand then insertit again.

8/8/2019 CCNP3v5 Module 5

10/24

Active and Standby StatesTheimage cannotbe displayed.Your computer may nothaveenough memory toopen theimage,or the imagemay havebeen corrupted. Restartyour computer,and then open thefileagain.If thered x stillappears,you may havetodeletethe imageand then insertit again.

Theimage cannotbedisplayed. Your computer may nothave enough memory toopen theimage,or theimagemay havebeen corrupted.Restartyour computer,and then open thefileagain. Ifthe red x stillappears, you may havetod eletetheimage and then insertit again.

8/8/2019 CCNP3v5 Module 5

11/24

Enabling HSRP

Theimage cannotbe displayed.Your computer may nothaveenough memory toopen theimage, or theimagemay havebeen corrupted.Restartyour computer, and then open thefileagain.I fthe red x stillappears, you may havetodelete theimage and then insertit again.

Router(config)#int fa0/0

Router(config-if)#ip address 10.1.1.2 255.255.255.0

Router(config-if)#standby 1 ip 10.1.1.1

8/8/2019 CCNP3v5 Module 5

12/24

Configuring HSRP Standby PrioritiesTheimage cannotbedisplayed. Your computer may nothave enough memory toopen theimage,or theimagemay havebeen corrupted.Restartyour computer,and then open thefileagain. Ifthe red x stillappears, you may havetod eletetheimage and then insertit again.

8/8/2019 CCNP3v5 Module 5

13/24

Configuring HSRP PreemptTheimage cannotbedisplayed. Your computer may nothave enough memory toopen theimage,or theimagemay havebeen corrupted.Restartyour computer,and then open thefileagain. Ifthe red x stillappears, you may havetod eletetheimage and then insertit again.

8/8/2019 CCNP3v5 Module 5

14/24

Configuring HSRP Timers

The hello message containsthe priority of the router aswell as the hellotime andholdtime parameter valuesThe hellotime parametervalue indicates the intervalbetween hello messagesThe holdtime parametervalue indicates the amout oftime the current hellomessage is considered valid.Should be at least 3 xhellotimeThe standby timer includesan msec parameter forfaster failovers

8/8/2019 CCNP3v5 Module 5

15/24

HSRP Interface Tracking In some instances it is not the status of the

HSRP interface itself that should cause aHSRP failover but the failure of another router

used by the active HSRP router

Interface tracking enables the priority of a

standby group router to be automatically

adjusted, based on the availability of the

interfaces of that router

When a tracked interface becomes

unavailable, the HSRP priority of the router is

decreased

8/8/2019 CCNP3v5 Module 5

16/24

HSRP Load Sharing

8/8/2019 CCNP3v5 Module 5

17/24

HSRP Load SharingRouterA#show running-config

Building configuration...

Current configuration:!interface Vlan10ip address 172.16.10.32 255.255.255.0no ip redirectsstandby 1 priority 150standby 1 ip 172.16.10.110interface Vlan20ip address 172.16.20.32 255.55.255.0no ip redirectsstandby 2 priority 50standby 2 ip 172.16.20.120

RouterB#show running-config

Building configuration...

Current configuration:

!

interface Vlan10ip address 172.16.10.33 255.255.255.0

no ip redirects

standby 1 priority 50

standby 1 ip 172.16.10.110

interface Vlan20

ip address 172.16.20.33 255.255.255.0no ip redirects

standby 2 priority 150

standby 2 ip 172.16.20.120

8/8/2019 CCNP3v5 Module 5

18/24

Debugging HSRP Operations

8/8/2019 CCNP3v5 Module 5

19/24

Virtual Routing Redundancy Protocol - VRRP

VRRP is an IEEE standard for router redundancy,

HSRP is a Cisco proprietary

The virtual router, representing a group of routers,

is known as a VRRP group

The active router is referred to as the master

virtual router

The master virtual router may have the same IPaddress of the virtual router group

Multiple routers can function as backup routers

If a real IP address is used, the owning router

becomes the master. If a virtual IP address is

used, the master is the router with the highest

priority

VRRP can be configured so that routers can share

the load of being default gateways for clients

8/8/2019 CCNP3v5 Module 5

20/24

Configuring VRRPEnabling VRRP

vrrp group ip ip-address Enables VRRP on an interface. All routers in the VRRP

group must be configured with the same primary address for

the virtual router

Verifying configuration

show vrrp [brief | group] Displays a brief or detailed status of one or all VRRP groups

on the router

show vrrp interface type number [brief] Displays the VRRP groups and their status on a specifiedinterface

8/8/2019 CCNP3v5 Module 5

21/24

Configuring VRRPCustomizing VRRP (Optional)

vrrp group description text Assigns a text description to the VRRP group

vrrp group priority level sets the priority level of the router within a VRRP group default 100

vrrp group preempt [delay minimum seconds configures the router to take over as a virtual router master ifit has higher priority than current virtual router master. Therouter that is the IP address owner will preempt regardless ofthis setting.

vrrp group timers advertise [msec] interval configures the interval between successive advertisementsby the virtual master in a VRRP group default 1 second. Allrouters in a VRRP group must use the same timers or theywill not communicate.

vrrp group timers learn Configures Non master members to learn timer values frommaster.

Example configuration

Router(config)# interface fa0/0Router(config-if)# ip address 172.16.6.5 255.255.255.0

Router(config-if)# vrrp 10 description working-group

Router(config-if)# vrrp 10 priority 110

Router(config-if)# vrrp 10 preempt delay minimum 380

Router(config-if)# vrrp 10 timers advertise 110

Router(config-if)# vrrp 10 timers learn

8/8/2019 CCNP3v5 Module 5

22/24

Gateway Load Balancing Protocol - GLBP

HSSR and VRRP provide gateway resiliency, however the standby members along with their

up stream bandwidth is not used while the device is in standby mode.

Some load balancing can be accomplished by the creation of multiple groups.

Gateway Load Balancing Protocol (GLBP) was designed to allow automatic selection and

simultaneous use of multiple, available gateways, as well as automatic failover between these

those gateways

The members of a GLBP group elect one gateway to be the Active VirtualGateway AVG) for

that group. Other members of the group provide backup for the AVG should it become

unavailable.

GLBP automatically manages the virtual MAC address assignment, determines who handles

the forwarding, and ensures that each station has a forwarding path in the event of failures to

gateways or tracked interfaces. If failures occur, the load-balancing ratio is adjusted among the remaining active forwarders so

that resources are used in the most efficient way

8/8/2019 CCNP3v5 Module 5

23/24

GLBP operation GLBP will attempt to balance traffic on a per-host basis using the

round robin algorithm. When a client sends an ARP message, the AVG will return the

MAC address of one of the active virtual forwarders

When a second device sends an ARP request, the AVG returns the

next virtual MAC from the list

The two clients will send their routed traffic to separate routers

although the have the same default gateway address configured

If a tracked interface fails, GLBP detects the failure, and the second

router will take over forwarding both clients packets

8/8/2019 CCNP3v5 Module 5

24/24

Configuring GLBPCustomizing GLBP

glbp group preempt [delay minimum seconds] Configures the router to take over as AVF for a GLBP group if it has

a higher priority than the current AVG

glbp group priority level Sets the priority level of the gateway within a GLBP group. Default is

100

glbp group timers [msec] hellotime [msec] holdtime Configures the interval between succesive hello packets sent by the

AVG in a GLBP group.

Enabling and verifying GLBPglbp group ip ip-address Enables GLBP on an interface and identifes the primary address of

the virtual gateway.

show glbp [interface-type interface-number] [group] [state] [brief]

Example configuration

Router(config)# interface fa0/0

Router(config-if)# ip address 172.16.6.5 255.255.255.0

Router(config-if)# glbp 10 ip 172.16.6.1

Router(config-if)# glbp 10 priority 110

Router(config-if)# glbp 10 preempt delay minimum 60

Router(config-if)# glbp 10 timers 5 18