IP routing redundancy is designed to allow for transparent fail-over at the first-hop IP router.Well, first off, let’s briefly recall the concept of a default gateway: a default gateway is nothing else than the first hop for packets from a particular LAN (or VLAN to be more accurate) that need to reach a remote network; the router is able to forward such packets as long as its routing table keeps a route to the intended remote network or a default route is present. This means that if that first hop ever goes down, that particular network will become incapable to communicate to the outside world and only local communication across the switched domain will be possible, which in most cases, is of little use.
Having stated the problem, there’s a solution to it, fortunately. First Hop Redundancy protocols will allow default gateway redundancy, meaning, having more than one default gateway enabled, in the event of a router failure there’s a backup device that will kick in and almost transparently to users, continue to forward traffic to remote networks, thus avoiding the situation of isolation depicted in the above paragraph.
There are three first hop redundancy protocols that could be used for this purpose:
- Hot Standby Router Protocol (HSRP)
- Virtual Router Redundancy Protocol (VRRP)
- Gateway Load Balancing Protocol (GLBP)
Hot Standby Router Protocol (HSRP)
Hot Standby Router Protocol (HSRP) is a CISCO proprietary protocol, which provides redundancy for a local subnet. In HSRP, two or more routers gives an illusion of a virtual router. HSRP allows you to configure two or more routers as standby routers and only a single router as active router at a time. All the routers in a single HSRP group shares a single MAC address and IP address, which acts a default gateway to the local network. The Active router is responsible for forwarding the traffic. If it fails, the Standby router takes up all the responsibilities of the active router and forwards the traffic.
Some important terms related to HSRP:
- Virtual IP : IP address from local subnet is assigned as default gateway to all local hosts in the network.
- Virtual MAC address : MAC address is generated automatically by HSRP. The first 24 bits will be default CISCO address (i.e. 0000.0c). The next 16 bits are HSRP ID (i.e. 07.ac). The next 8 bits will be the group number in hexadecimal. e.g.- if the group number is 10 then the last 8 bits will be 0a.
Example of virtual MAC address –
- Hello messages : Periodic messages exchanged by active and standby routers. These messages are exchanged after every 3 seconds telling the state of router.
- Hold down timer : Its default value is 10 seconds i.e roughly 3 times the value of hello message. This timer tells us about the router that how much time will the standby router waits for hello message if it is not received on time. Note : If the active router fails then the standby router will become the active router.
- Priority : By default, the priority value is 100. It is helpful when the active router comes back after falling down, we can change the priority of standby router (which has become the active router after the original active router is down) to less than 100 therefore it again becomes standby router. Note : The router having higher priority will become the active router.
- Preempt : It is a state in which the standby router automatically becomes the active router.
Members having same group ID are the members of same group. One of the member of the group will be elected as the active router while others remain as standby routers. The virtual IP is configured as default gateway of all the hosts in the local subnet and the active router is responsible for forwarding the traffic of local hosts. If the active router goes down then the hello messages are not exchanged between the active and the standby routers therefore the standby router waits until the hold down timer time. As soon as the hold down time is finished, the standby router will become the active router and takes up all the responsibilities of active router. This is known as preempt. If in case the original active router comes back then we can decrease the priority of the standby router so that it will become the standby router again.
Hot Standby Router Protocol (HSRP) has 2-versions :
Version 1 : The messages are multicast at 184.108.40.206 and uses the UDP port 1985. This version allows group number range from 0 to 255.
Version 2 : The messages are multicast at 220.127.116.11 and uses the UDP port 1985. This version allows group number range from 0 to 4095.
Consider above given topology. There are 2 routers named R1 and R2. IP address of R1 (f 0/0) is 10.1.1.1/24 and R2 (f 0/0) is 10.1.1.2/24.
Assigning IP address to router R1.
r1#(config) int fa0/0
r1#(config-if)ip add 10.1.1.1 255.255.255.0
Assigning IP address to router R2.
r2#(config) int fa0/0
r2#(config-if)ip address 10.1.1.2 255.255.255.0
Now, Let’s provide virtual IP address (10.1.1.100), group name HSRP_TEST, group number 1 and priority 110. Also, preempt has been enabled i.e. if the active router goes down then the standby router automatically becomes the active router.
r1#(config-if) standby 1 ip 10.1.1.100
r1#(config-if) standby 1 name HSRP_TEST
r1#(config-if) standby 1 priority 110
r1#(config-if) standby 1 preempt
Now, we will provide virtual IP address (10.1.1.100), group name HSRP_TEST and priority 100. Also, group number 1 and preempt has been enabled.
r2#(config) int fa0/0
r2#(config-if) standby 1 ip 10.1.1.100
r2#(config-if) standby 1 name HSRP_TEST
r2#(config-if) standby 1 priority 100
r2#(config-if) standby 1 preempt
Note : As we have provided priority 110 to r1, therefore it will become the active router.
Virtual Router Redundancy Protocol (VRRP)
VRRP is an open standard protocol, which is used to provide redundancy in a network. It is a network layer protocol (protocol number-112). The number of routers (group members) in a group acts as a virtual logical router which will be the default gateway of all the local hosts. If one router goes down, one of the other group members can take place for the responsibilities for forwarding the traffic.
Some important terms related to VRRP:
- Virtual IP : An IP address is assigned as a virtual IP address from the local subnet which is configured as a default gateway for all the local hosts.
- Virtual MAC address : A virtual MAC address is automatically generated by taking the last 8 bytes as the VRRP group number in hexadecimal. In VRRP, Mac address used is 0000.5e00.01xx. Here, xx is the VRRP group number in hexadecimal.
- Master router : One of the VRRP group member is elected as master router which takes up the responsibility of forwarding the local traffic. The router is elected on the basis of priority. If some group member of VRRP group has higher priority than others then it will be elected as master router. If the priority is same(by default 100) then the router having the highest IP address will become the master router.
- Backup routers : Only one of the VRRP group member will become the master router while others will be back up routers. In case the master router fails then one of the backup routers will become master router.
- Master advertisement timer : The master router multicast the keep-alive messages at 18.104.22.168 in every 1 second.
- Master dead timer : The time in which the backup router will take up the responsibilities of Master router if the master advertisement message is not received. It is, by default, 3.69 seconds.
- Prempt : It is a state in which one of the backup routers become the master router (when the master router goes down). Also, when the master router comes up again, it will become the master router as it’s priority is still higher.
- Object tracking : The VRRP object tracking provides a way in which the best router will become the master router. The current master router continuously polls the tracked object state (such as line protocol is up or down). Suppose if the master router line protocol is down then the priority of backup router will be increased dynamically i.e it will become the master router.
- Authentication : VRRP supports 3 types of authentication – No authentication, Plain text Authentication, MD5 authentication
VRRP rejects packet in any of the following cases :
The authentication schemes differ on the routers and the incoming packet, MD5 digest differs on the router and the incoming packet and Text authentication strings are different on the router and the incoming packet.
In above given topology, there are 2-routers named R1 and R2, where R1 fa 0/0 ip address is 10.1.1.1/24 and R2 fa0/0 ip address is 10.1.1.2/24.
Assigning IP address to router R1 :
r1# int fa0/0
r1# ip add 10.1.1.1 255.255.255.0
Assigning IP address to router r2.
r2# int fa0/0
r2# ip address 10.1.1.2 255.255.255.0
Now, let’s provide virtual IP address(10.1.1.100), group name VRRP_TEST, group number 10 and priority 110. Also, here preempt has been enabled by default i.e. if the master router goes down then the backup router automatically becomes the master router.
r1# int fa0/0
r1# vrrp 10 ip 10.1.1.100
r1# vrrp 10 name VRRP_TEST
r1# vrrp 10 priority 110
Now, provide virtual IP address(10.1.1.100), group name VRRP_TEST and priority 100. Also, group number 10 is assigned.
r2# int fa0/0
r2# vrrp 10 ip 10.1.1.100
r2# vrrp 10 name VRRP_TEST
r2# vrrp 10 priority 100
Note : As provided priority 110 to r1, therefore, it will become the master router.
Gateway Load Balancing Protocol (GLBP)
Gateway Load Balancing Protocol (GLBP) is one of First Hop Redundancy Protocol (FHRP) which provides redundancy like other First Hop Redundancy Protocol, also provides load Balancing. It is a Cisco proprietary protocol which can perform both functions. It provides load Balancing over multiple routers using single virtual IP address and multiple virtual Mac address.
Some important terms related to GLBP
- Virtual IP address : An IP address is assigned as a virtual IP address from the local subnet which is configured as a default gateway for all the local hosts.
- Actual Virtual Gateway (AVG) : It is one of the router operating GLBP in a single group which is responsible for assigning virtual Mac address for each member in the group and for responding of the ARP request coming from the devices. The AVG has the highest priority value or IP address in the group.
- Actual Virtual forwarder (AVF) : These are the routers including the AVG in a single GLBP group. These are actually responsible for forwarding the data after they are assigned by the AVG for the task. If in case AVG goes down, one of the AVFs can become the AVG.
- Preempt : It is a state in which the one of the AVF will become the AVG router (when the AVG router goes down). Also, when the AVG router comes up again, it will become the AVG router as it’s priority is still higher (assumed).
- Object tracking : GLBP uses a weighting scheme to determine the forwarding capacity of each router in the GLBP group. GLBP tracks interface and adjusts it’s weighting i.e if the tracked interface goes down then it reduces by certain value (according to the configuration).
- The Actual Virtual Gateway (AVG) provides virtual Mac addresses to all the other routers operating GLBP of the same group. The remaining routers are Actual Virtual Forwarder (AVF). When an ARP request comes from subnet device to know the Mac address of the virtual IP address, one of the virtual Mac addresses is provided by the AVG. AVG will provide the virtual Mac address by using Round Robin algorithm or other algorithms that have been applied. In this way, all devices running GLBP are used to forward traffic.
- GLBP virtual Mac address Assignment : When a subnet device (host) wants to send traffic, it requests a Mac address for the virtual IP (gateway) by sending an ARP request. In response to the ARP request, AVG will provide one of the virtual Mac address (provided to AVF by AVG).
- Virtual Gateway Redundancy : To detect a gateway failure, GLBP members communicate with each other through hello messages, sent in every 3-seconds to the multicast address 22.214.171.124. If AVG fails, then the AVF having highest priority will become the AVG i.e responsible for providing the Mac address of AVFs.
- Virtual forwarder Redundancy : Just like in HSRP, if one of the AVF fails then the other AVF in the same GLBP group will take the responsibility of forwarding the packets. There can be maximum 4 routers in a GLBP group.
- GLBP uses 3 algorithm for load Balancing –
- Round-Robin : AVG will assign the virtual Mac addresses serial wise, like first virtual Mac address is assigned to AVF1, then to AVF2 etc.
- Host-dependent : If particular host needs specific virtual Mac address every time then specific AVF is assigned to the hosts by the AVG.
- Weighted : The load will be distributed according to the requirement i.e assigning virtual Mac address in proportions. If we want some AVFs to handle more traffic than other, then change the weight.
In given topology, there are 2 routers named R1 and R2 where R1 is connected via fa0/0 ip address is 10.1.1.1/24 and R2 is connected via fa0/0 ip address is 10.1.1.2/24.
Assigning IP address to router R1.
r1(config)# int fa0/0
r1(config-if)# ip add 10.1.1.1 255.255.255.0
Assigning IP address to router R2.
r2(config)# int fa0/0
r2(config-if)# ip address 10.1.1.2 255.255.255.0
Now, configure virtual IP, GLBP priority, preemption and type of load Balancing.
r1(config-if)# glbp 1 ip 10.1.1.100
r1(config-if)# glbp 1 priority 120
r1(config-if)# glbp 1 preempt
r1(config-if)# glbp 1 load-balancing round-robin
Here, assign the virtual IP as 10.1.1.100 from the local subnet and priority (assign R1 with higher priority as we want this router to become AVG). Also, preempt has been enabled and load Balancing of type round-robin. Now, configure same GLBP for r2.
r2(config-if)# glbp 1 ip 10.1.1.100
r2(config-if)# glbp 1 priority 100
r2(config-if)# glbp 1 preempt
r2(config-if)# glbp 1 load-balancing round-robin
Here, switch resides between the AVG and AVF, then how switch will learn the same Mac address on another port, when AVG goes down? When AVG goes down, then the newly elected AVG will produce a gratuitous ARP to flush the CAM table of switches and the host ARP cache.
GLBP supports clear text and MD5 password Authentication.
It supports up to 1024 virtual routers(GLBP groups).
Allows load sharing using single virtual IP and multiple virtual Mac address.