Powered by Blogger.
Home » Posts filed under redundancy
Showing posts with label redundancy. Show all posts
Showing posts with label redundancy. Show all posts

VRRP , An Overview and Implementation

Posted by Unknown Monday, March 25, 2013 0 comments


VRRP: Virtual Router Redundancy protocol

To reach remote networks we use the following methods to discover the first hop to our remote network:
  • Dynamic process
  • Static configurations

The problem with dynamic exploration is extra network overhead, and usually static configuration is recommended as it gives the next hop detail in advance thus reducing the extra network overhead. But the problem with static next hop or in simple words default gateway configuration is redundancy as it creates a single point of failure. To overcome this, we use different redundancy configuration techniques, in which we configure a single virtual IP on a group of routers. In case one virtual gateway fails, the load is instantly shifted to the next available router according to priority. VRRP is one of those techniques as are GLBP and HSRP. In VRRP we define a Master Router and a bunch of back up routers; these backup routers are the point of redundancy in case of Master router failure. 



For example in above scenario, we have configured VRRP on all the three routers and made it a part of VRRP group 1. The mentioned virtual IP address is configured on each router. Suppose if Router A is currently active and some things abnormal happens to it, Router B or Router C will take the backup gateway place according to the priority defined for these routers in VRRP group configurations. In the same fashion we can also create different groups, with different priorities and VRRP advertisements timer values.

Quick Facts about VRRP:

  • VRRP uses 224.0.0.18 and protocol number 112
  • VRRP has virtual MAC Address 0000.5e00.01xx with xx being group number
  • VRRP default Hello interval is 1 second
  • VRRP default priority is 100
  • VRRP preemption is enabled by default 

Configuration example:

In the basic configuration of VRRP, we will cover the following topics:

  • Basic VRRP Configuration
  • VRRP priority and preempt
  • VRRP MD5 authentication
  • VRRP Packet Analysis

We are using below mentioned GNS3 topology for VRRP. It’s the same topology that we used in GLBP, but this time we are creating redundancy via VRRP.


We have created a VRRP Group 1 on R3 and R4 and have configured virtual gateway IP 192.168.1.10. The configurations are done on both router Fast Ethernet 0/0 interfaces.

VRRP Configuration done on R3 Fast Ethernet 0/0 interface is :


VRRP Configuration done on R4 Fast Ethernet 0/0 interface is:


As you can see, we have enable VRRP group 1 on R3 and R4, with clear text authentication. To verify, VRRP is in action, we can check it via show vrrp command on both routers:





From above commands output, you can see that R3 is our Master router and R4 is our backup router. Preemption is enabled on both routers by default. R3 priority is higher (120) then R4 (100). The clear text authentican password is set to cisco.

The same scenario can be used with different VRRP groups, if we want to creat multiple virtual GWs on our network for efficient load balancing and traffic handling as all hosts load on a single router can increase the work/processing load on it. VRRP is preferred routing protocol as it’s not vendor specific like GLBP. With multi-vendor interoperability, VRRP is the ultimate choice in network redundancy design.






GLBP Part II + Practical implementation

Posted by Unknown Saturday, March 23, 2013 0 comments
GLBP Configurations:


We will use GNS3 to implement GLBP. We are using two hosts with same default gateway. Our configuration check list is:
  • Basic GLBP Configuration
  • GLBP priority and preempt
  • GLBP MD5 authentication
  • GLBP Load Balancing Method
  • AVG and AVF Failover
  • GLBP Packet Analysis

We are using the following GNS3 topology:


We are using R1 and R2 to simulate our hosts in GNS3. The configuration on both these routers is:
R1(HostA)

R1#show running-config interface fastEthernet 0/0
Building configuration...

Current configuration : 96 bytes
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
end

and a static route is define to point it to our default-gateway: 192.168.1.10

R1#show ip route static
S*   0.0.0.0/0 [1/0] via 192.168.1.10





Same sort of configuration is done on R2(HostB) too:

R2#show running-config interface fastEthernet 0/0
Building configuration...

Current configuration : 96 bytes
!
interface FastEthernet0/0
 ip address 192.168.1.2 255.255.255.0
 duplex auto
 speed auto
end

R2#show ip route static
S*   0.0.0.0/0 [1/0] via 192.168.1.10

R3 and R4 are our Gateways on which we will load balance the traffic and create redundancy using GLBP. Please note EIGRP is configured as routing protocol with AS # 4 on R3-R4-R5. In the next step we will enable GLBP on Fast Ethernet 0/0 interface of R3 and R4. The configuration done on each router interface is as follow:

R3#show running-config interface fastEthernet 0/0
Building configuration...

Current configuration : 283 bytes
!
interface FastEthernet0/0
 mac-address 0033.3333.3333
 ip address 192.168.1.3 255.255.255.0
 duplex auto
 speed auto
 glbp 4 ip 192.168.1.10
 glbp 4 priority 120
 glbp 4 preempt
 glbp 4 weighting 6
 glbp 4 load-balancing weighted
 glbp 4 authentication md5 key-string shah123
end

The routing configuration on R3 is as follow:

R3#show ip route eigrp
D    10.0.0.0/8 [90/409600] via 192.168.3.5, 00:09:27, FastEthernet0/1
D    192.168.2.0/24 [90/307200] via 192.168.3.5, 00:09:27, FastEthernet0/1
                    [90/307200] via 192.168.1.4, 00:09:27, FastEthernet0/0

R3#show ip route
Output ommited
Gateway of last resort is not set
D    10.0.0.0/8 [90/409600] via 192.168.3.5, 00:09:35, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0
D    192.168.2.0/24 [90/307200] via 192.168.3.5, 00:09:35, FastEthernet0/1
                    [90/307200] via 192.168.1.4, 00:09:35, FastEthernet0/0
C    192.168.3.0/24 is directly connected, FastEthernet0/1

As you can see GLBP group number 4 is configured on R3 with virtual gateway IP : 192.168.1.10. The priority is set to 120, as we want to make this router AVG ( Active Virtual Gateway), authentication and load balancing also adjusted. We can create various type of load balancing but here we are using weighting. The configurations on R4 are almost same, but we have given a little bit low priority number to this gateway as we would like to make it GLBP Virtual Forwarder. The configurations are as follow:

R4#show running-config interface fastEthernet 0/0
Building configuration...

Current configuration : 283 bytes
!
interface FastEthernet0/0
 mac-address 0044.4444.4444
 ip address 192.168.1.4 255.255.255.0
 duplex auto
 speed auto
 glbp 4 ip 192.168.1.10
 glbp 4 priority 110
 glbp 4 preempt
 glbp 4 weighting 7
 glbp 4 load-balancing weighted
 glbp 4 authentication md5 key-string shah123
end

R4#show ip route eigrp
D    10.0.0.0/8 [90/409600] via 192.168.2.5, 00:16:45, FastEthernet0/1
D    192.168.3.0/24 [90/307200] via 192.168.2.5, 00:16:45, FastEthernet0/1
                    [90/307200] via 192.168.1.3, 00:16:45, FastEthernet0/0

R4#show ip route
Output omitted.

Gateway of last resort is not set

D    10.0.0.0/8 [90/409600] via 192.168.2.5, 00:17:10, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0
C    192.168.2.0/24 is directly connected, FastEthernet0/1
D    192.168.3.0/24 [90/307200] via 192.168.2.5, 00:17:10, FastEthernet0/1
                    [90/307200] via 192.168.1.3, 00:17:10, FastEthernet0/0

The configuration on our last router, R5, on which we will create a loop back 5 interface to test ping it from R1 and R2 to check our GLBP load balancing and redundancy, is:

R5#show ip route
Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.0.0.0/24 is directly connected, Loopback5
D       10.0.0.0/8 is a summary, 00:31:59, Null0
D    192.168.1.0/24 [90/307200] via 192.168.3.3, 00:19:12, FastEthernet0/0
                    [90/307200] via 192.168.2.4, 00:19:12, FastEthernet0/1
C    192.168.2.0/24 is directly connected, FastEthernet0/1
C    192.168.3.0/24 is directly connected, FastEthernet0/0



And we are done! Now we are good to go, we can check the GLBP and verify it via the following commands:
R4#show glbp
FastEthernet0/0 - Group 4
  State is Standby
    3 state changes, last state change 00:20:20
  Virtual IP address is 192.168.1.10
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.904 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Authentication MD5, key-string "shah123"
  Preemption enabled, min delay 0 sec
  Active is 192.168.1.3, priority 120 (expires in 8.472 sec)
  Standby is local
  Priority 110 (configured)
  Weighting 7 (configured 7), thresholds: lower 1, upper 7
  Load balancing: weighted
  Group members:
    0033.3333.3333 (192.168.1.3) authenticated
    0044.4444.4444 (192.168.1.4) local
  There are 2 forwarders (1 active)
  Forwarder 1  ---------------  >Active virtual Gatway
    State is Listen
    MAC address is 0007.b400.0401 (learnt)
    Owner ID is 0033.3333.3333
    Time to live: 14398.476 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 192.168.1.3 (primary), weighting 6 (expires in 9.976 sec)
  Forwarder 2 ----------------- > GLBP virtual Forwarder
    State is Active
      3 state changes, last state change 00:20:03
    MAC address is 0007.b400.0402 (default)
    Owner ID is 0044.4444.4444
    Preemption enabled, min delay 30 sec
    Active is local, weighting 7

And the output of the same command on R3 is as:

R3#show glbp
FastEthernet0/0 - Group 4
  State is Active
    2 state changes, last state change 00:30:01
  Virtual IP address is 192.168.1.10
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.568 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Authentication MD5, key-string "shah123"
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is 192.168.1.4, priority 110 (expires in 8.052 sec)
  Priority 120 (configured)
  Weighting 6 (configured 6), thresholds: lower 1, upper 6
  Load balancing: weighted
  Group members:
    0033.3333.3333 (192.168.1.3) local
    0044.4444.4444 (192.168.1.4) authenticated
  There are 2 forwarders (1 active)
  Forwarder 1
    State is Active
      1 state change, last state change 00:29:51
    MAC address is 0007.b400.0401 (default)
    Owner ID is 0033.3333.3333
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 6
    Arp replies sent: 1
  Forwarder 2
    State is Listen
      2 state changes, last state change 00:24:42
    MAC address is 0007.b400.0402 (learnt)
    Owner ID is 0044.4444.4444
    Redirection enabled, 599.216 sec remaining (maximum 600 sec)
    Time to live: 14399.212 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 192.168.1.4 (primary), weighting 7 (expires in 9.208 sec)
    Arp replies sent: 2

to see our GLBP in action, we issue a ping from Host A ( R1) to 10.0.0.4 loopback interface on R5, arp debugging has been enabled on Host A to check GLBP in action. Here is the output:

R1#ping 10.0.0.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:

*Mar  1 00:47:57.511: IP ARP: creating incomplete entry for IP address: 192.168.1.10 interface FastEthernet0/0
*Mar  1 00:47:57.515: IP ARP: sent req src 192.168.1.1 c001.17a4.0000,
                 dst 192.168.1.10 0000.0000.0000 FastEthernet0/0
*Mar  1 00:47:57.547: IP ARP: rcvd rep src 192.168.1.10 0007.b400.0402, dst 192.168.1.1 FastEthernet0/0.
*Mar  1 00:47:59.591: IP ARP: rcvd req src 192.168.1.4 0044.4444.4444, dst 192.168.1.1 FastEthernet0/0
*Mar  1 00:47:59.595: IP ARP: creating entry for IP address: 192.168.1.4, hw: 0044.4444.4444
*Mar  1 00:47:59.599: IP ARP: sent rep src 192.168.1.1 c001.17a4.0000,
                 dst 192.168.1.4 0044.4444.4444 FastEthernet0/0.!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 28/42/56 ms

R1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.1.10           36   0007.b400.0402  ARPA   FastEthernet0/0

R1#traceroute 10.0.0.4

Type escape sequence to abort.
Tracing the route to 10.0.0.4

  1 192.168.1.4 28 msec 36 msec 20 msec ---- > R4 Fast Ethernet 0/0 interface for outgoing packet
  2 192.168.2.5 40 msec *  40 msec

That is great! Our new gateway has been resolved by host A while communicating with R5 loopback interface (10.0.0.4). Okay we have confirmed that our GLBP is working great virtual MAC and IP assignment is working perfectly. Now if we want to check whether redundancy is working or not, we can do the following, we will disable the Fast Ethernet 0/0 interface on R4, and check if R3 is taking its place or not:
R1#ping 10.0.0.4 repeat 2000

Type escape sequence to abort.
Sending 2000, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.....!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
Success rate is 99 percent (730/736), round-trip min/avg/max = 8/34/112

During the above highlighted instance Interface Fast Ethernet 0/0 was shut down on R4 and the traffic was shifted after a minor glitch to R3, as can be seen from below output:

R1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.1.10            0   0007.b400.0401  ARPA   FastEthernet0/0
Internet  192.168.1.1             -   c001.17a4.0000  ARPA   FastEthernet0/0
Internet  192.168.1.3             0   0033.3333.3333  ARPA   FastEthernet0/0

As you can the virtual MAC address corresponding to Virtual GW (192.168.1.10) changed from 0007.b400.0402 ---- > 0007.b400.0401!! isn’t it great J

In short GLBP is a very good redundancy and load balancing protocol. AVG is responsible for keeping any eye on all Virtual forwarders and assigning virtual MACs according to network requirements. Active Virtual Gateway redundancy is managed by GLBP priority value and Active virtual forwarders are controlled via weight value in the configurations. 






GLBP Gateway load balancing protocol

Posted by Unknown Friday, March 22, 2013 0 comments
GLBP or Gateway load balancing protocol is used for load balancing and gateway redundancy in a network. Instead of giving actual MAC addressed with the default gateway, the GLBP group provides virtual MAC to the requesting hosts, which can be used further in creating network redundancy. Some of the main components of GLBP are:

  • Active Virtual Gateway
  • Active Virtual Forwarder
Active virtual gateway takes care of all virtual MAC assignments in the network. In case of its failure, active virtual forwarder with second highest priority takes its place.

 Quick Facts:
  • GLBP uses 224.0.0.102 UDP/3222
  • GLBP default Hello interval is 3 seconds
  • GLBP has virtual MAC 0007.b4xx.xxyy with xx being group number and yy being forwarder number
  • GLBP allows up to 4 virtual MAC address per group
  • Elected Active Virtual Gateway (AVG) assigns/revokes virtual MAC to/from group members
  • Each gateway is an Active Virtual Forwarder (AVF) and answers own ARP request
--to be continued--


Copyright © My CISCO Journal . All rights reserved.