There are two methods a LAN host can determine its default gateway or first-hop router. The first method uses a dynamic process such as a dynamic routing protocol like RIP (Routing Information Protocol). The main drawback of dynamic discovery protocols is that they require some configuration and processing on the host, which must participate in the dynamic process. The alternative to using a dynamic discovery protocol is to statically configure a default gateway on the host. The static approach simplifies host configuration but also creates a single point of failure. A host configured with a static default gateway is isolated if the gateway fails. It cannot switch to an alternate gateway even if one exists until an administrator manually re-configures the default gateway on the host.
First Hop Redundancy Protocols
There exists a class of redundancy protocols known as FHRPs (First Hop Redundancy Protocols) that include VRRP (Virtual Router Redundancy Protocol), HSRP (Hot Standby Router Protocol), and GLBP (Gateway Load Balancing Protocol). These protocols protect against a single point of failure for the default gateway and may also provide load balancing if multiple uplinks are available at first-hop routers.
Both HSRP and VRRP enable two or more routers on a LAN to work together in a group, sharing a single group IP address. The group IP address is configured as the default gateway in each host. In an HSRP or VRRP group, one router is elected to handle all requests sent to the group IP address. It is called the active router with HSRP and the master router with VRRP. There is at least one standby router with HSRP and similarly at least one backup router with VRRP.
GLPB goes a step beyond VRRP and HSRP by providing load balancing in addition to redundancy. We will cover these three protocols in upcoming sections of the chapter.
Virtual Router Redundancy Protocol
VRRP (Virtual Router Redundancy Protocol) enables a group of routers on a LAN segment to form a single virtual router that is also known as a VRRP group. The virtual router is made up of a single router acting as virtual router master and multiple routers acting as virtual router backup. The virtual IP address of the virtual router is then configured on LAN clients as their default gateway.
VRRP router priority determines the role that each VRRP router plays. If the IP address of the physical interface on a VRRP router is configured as the virtual IP address, this router will function as the virtual router master. The same priority also determines the likelihood of a router becoming the virtual router master if the virtual router master fails. If there are multiple routers acting as virtual router backup, the one with the highest priority becomes the virtual router master if the original virtual router master fails. You can configure the priority of each virtual router backup with a value of 1 through 254 using vrrp priority command.
VRRP router preemption allows a virtual router backup with a higher priority that comes up to take over the virtual router backup that was elected to become the virtual router master. This preemption is enabled by default so you don’t have to configure anything to make preemption work. If preemption is disabled, the virtual router backup that is elected to become virtual router master remains the master until the original virtual router master comes back online and becomes master again. You may disable preemption by using the no vrrp preempt command interface configuration mode.
A virtual router master sends VRRP advertisements to other routers in the same VRRP group. The advertisements contain the priority and the state of the virtual router master. These advertisements are sent, every second by default, as multicasts to the standard multicast address 188.8.131.52 encapsulated in IPv4 packets.
The figure below shows a basic topology in which VRRP is configured. In this example, routers R1, R2, and R3 are VRRP routers that together form a virtual router or VRRP group. The IP address of the virtual router is the same as that configured on the Ethernet interface of R1 (192.168.1.1).
Figure 14-1 VRRP Topology
Because the virtual router uses the IP address of the physical Ethernet interface of R1, R1 assumes the role of virtual router master. The virtual router master is also known as the IP address owner. There can be multiple virtual router backups, though in the figure above routers R2 and R3 are virtual router backups. If the virtual router master fails, the virtual router backup configured with the highest priority will become the virtual router master. As a result, client hosts on the LAN receive uninterrupted connectivity through their default gateway (192.168.1.1).
We can verify VRRP configuration using the show vrrp command.
You can see from above output that the priority of R1 is 255 and it is the master. As a matter of fact, we never explicitly changed the priority on R1 from the default of 100. The highest priority (255) assignment to R1 is a consequence of using the physical IP address of R1 as the virtual group IP address.
The output of show vrrp on R2 below shows that it is a virtual router backup having priority 110.
The below output of show vrrp on R3 indicates that it is also a backup with a priority of 100. The default VRRP priority is also 100 though and we configured it manually just for the sake of demonstration.
If the router R1 becomes unavailable, the backup with higher priority, that is R2, should assume the role of master. Let’s simulate the failure of R1 by manually shutting down its FastEthernet0/0.
The result of this would be R2 becoming the master while R3 staying as backup, as indicated by the output of show vrrp command on R2 and R3.
Hot Standby Router Protocol
HSRP (Hot Standby Router Protocol) is a Cisco proprietary FHRP (first-hop redundancy protocol) that is available in two versions. The newer version 2 improves upon version 1 and is now the preferred choice. These two versions of HSRP are not compatible with each other.
Two or more routers on a LAN segment form an HSRP group also known as standby group. One router in the group assumes the role of the active router and handles all requests from clients. The other router or routers become standby and take over if the active router fails. The multicast address 184.108.40.206 is used to send HSRP version 2 hello messages. These messages communicate HSRP parameters to other members of the group and also serve as a keep alive.
The problem with HSRP really is that only one router is active at one time. The other routers in the standby group are just sitting there watching the show, until the active router fails. This scheme of things is not very efficient as if you have redundant uplinks connected to the standby routers, all the additional bandwidth provided by these uplinks will not be used.
The figure below shows a basic HSRP topology with two routers forming an HSRP or standby group. The router R1 is configured with a priority 110 that is higher than the default priority 100. The router R2 is configured with the default priority 100. The Ethernet interfaces of R1 and R2 are configured with IP addressed 192.168.1.1 and 192.168.1.2, respectively. The IP address assigned to the HSRP group 10 is 192.168.1.10 that is configured on both group members using the standby ip command.
Figure 14-2 HSRP Topology
It is time for verification using the show standby command. You can see from the output for R1 below that it is the active router.
The output of show standby command on R2 below indicates that it is the standby router.
Gateway Load Balancing Protocol
GLBP (Gateway Load Balancing Protocol) prevents a single point of failure, like HSRP and VRRP, but also allows load-sharing among a group of redundant routers. Multiple first-hop routers on the LAN form a group to offer a single virtual router, also sharing the IP packet forwarding load.
HSRP and VRRP also allow multiple routers to form a virtual router group with a virtual IP address. But only one member of the group is elected as the active router that forwards packets sent to the virtual IP address for the group. The other routers in the group stay idle until the active router fails. In other words, the bandwidth of standby routers is not utilized and goes waste. Although it is possible to configure multiple virtual router groups to achieve load balancing in case of HSRP and VRRP, but it requires configuring different default gateways on different hosts, which is an extra administrative burden.
The advantage of GLBP is that it provides load balancing in addition to redundancy without requiring configuration of different default gateways on different clients.
The routers participating in GLBS communicate with each other through hello messages sent every 3 seconds to the multicast address 220.127.116.11, UDP port 3222 (both source and destination). GLBP supports up to 1024 GLBP groups on each physical interface, and up to four active virtual forwarders per group.
Routers participating in GLBP form a group and elect one router as the AVG (active virtual gateway) for that group. Other members of the group provide backup for the AVG if it goes down. The AVG controls all members of the group by assigning a virtual MAC address to each member. Each router takes responsibility of forwarding packets sent to the virtual MAC address assigned to it by the AVG. These routers are each called AVF (active virtual forwarder) for their virtual MAC address. The AVG also responds to ARP (Address Resolution Protocol) requests for the virtual IP address. This is the key to GLBP operation as load balancing is actually achieved by the AVG replying to ARP requests from different hosts with different virtual MAC addresses.
When a client sends an ARP message for the IP address of its default gateway, the AVG responds with the virtual MAC address of one of the AVFs. When another client sends an ARP message for default gateway address resolution, the AVG returns the virtual MAC address of the next AVF. So each client gets a different virtual MAC address for the same virtual IP address of the default gateway. As a result, each client will send its traffic to separate routers despite the fact that they are configured with the same default gateway.
The figure below shows a basic GLBP topology with R1 and R2 forming a GLBP group. The router R1 is the AVG for the GLBP group and is responsible for the virtual IP address 192.168.1.10. Router R1 is also the AVF for the virtual MAC address 0007.b400.0a01. Router R2 is a member of the same GLBP group and is the designated AVF for the virtual MAC address 0007.b400.0a02. Client 1 has a default gateway of 192.168.1.10 and a gateway MAC address of 0007.b400.0a01. Client 2 has the same default gateway 192.168.1.10 but receives the gateway MAC address 0007.b400.0a02 because router R2 is sharing the traffic load with R1.
Figure 14-3 GLBP Topology
You may verify GLBP configuration and find out which role each router is playing using the show glbp command.
Similarly, you can use the show glbp command on R2.
The table below rounds off our coverage of first-hop redundancy protocols in this chapter by presenting a comparison of VRRP, HSRP, and GLBP.
Table 14-1 Comparison of VRRP, HSRP, and GLBP
|Router Role||1 master1 (or more) backup||1 active1 standby
1 or more listening
|1 AVG2 (or more) AVF|
|Election||1 – highest priority2 – highest IP (tiebreaker)||1 – highest priority2 – highest IP (tiebreaker)||1 – highest priority2 – highest IP (tiebreaker)|
|Cisco proprietary||No (IEEE standard)||Yes||Yes|