To Infinity & Beyond
If you use HSRP
Modified from the instructor
bridge materials and covered in
“Scaling Networks” chapter 2
curriculum - by Mark Anderson
• Review of WHY and WHAT?
• Configure basic HSRP
• Why change the timers?
• Describe the idea behind HSRP interface tracking
•
•
•
Most
Describe the idea behind HSRP load balancing
Important
Very quick look at VRRP
part is the
Identify GLBP as a load-balancing redundancy protocol
DEMO !
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
3
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
4
First Hop Redundancy Protocols (FHRP) provide default gateway
redundancy. The following is the evolution:
• Proxy ARP
• Static Default Gateway
• Legacy solution.
• Not dynamic.
• Used before default gateways were
• Does on
notIP
provide
supported
clients.secondary
path.
• HSRP Hot Standby Router Protocol • End station acts as if destination
• Ifon
Default
is not setand
were
same Gateway
network segment
• VRRP Virtual Router Redundancy Protocol on a Host the Host will not
sends out an ARP.
send out an ARP. So, Proxy
• GLBP Gateway Load Balancing Protocol
• The router
responds
withused
an ARP
ARP feature
is not
reply anymore.
using its own MAC.
• Now that a default gateway is
configured on most devices, the
Proxy ARP feature is not used
anymore
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
5
• Hot Standby Router Protocol (HSRP)
HSRP for IPv6
• Virtual Router Redundancy Protocol version 2 (VRRPv2)
VRRPv3
• Gateway Load Balancing Protocol (GLBP)
GLBP for IPv6
• ICMP Router Discovery Protocol (IRDP)
Legacy solution
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
6
• HSRP defines a group of routers -- one active and one standby.
• Virtual IP and MAC addresses are shared between the two
routers. (note: special MAC addresses  more later)
• To verify HSRP state, use the show standby command.
• HSRP is Cisco proprietary, and VRRP is vendor neutral.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
7
• Active router:
Responds to default gateway ARP
requests with the virtual router MAC
address
Assumes active forwarding of packets
for the virtual router
Sends hello messages
Knows the virtual router IP address
• Standby Router
Listens for periodic hello messages
Listens to all ARPs but ignores
Does not forward packets
Assumes active forwarding of packets
if it does not hear from active router
© 2013 Cisco and/or its affiliates. All rights reserved.
Note: The PC is
configured with
the virtual IP as its
Default Gateway.
Cisco Public
8
• Configure HSRP on the interface.
Switch(config-if)#
standby group-number ip ip-address
• The group number is optional and indicates the HSRP group to
which this interface belongs.
• Specifying a unique group number in the standby commands
enables the creation of multiple HSRP groups. The default
group is 0.
standby ip 192.168.5.50 (this would default to group 0)
• The IP address is that of the virtual router for that specific
HSRP group.
Important: The actual addresses of the HSRP routers must not be discovered by
end devices. Hence, when enabling HSRP it automatically disables ICMP
redirects on that interface.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9
• First with start with a group number, such as “1”, and the virtual
router ip address.
• Routers are configured with priorities (default is 100). The router
with the highest priority becomes the Active router.
• The preempt keyword ensures that Router A will be the HSRP
active router as long its interface is active and sending hellos.
110 is higher
than 90 so
Router A will be
the active router
RouterA(config)# interface GigabitEthernet0/0
RouterA(config-if)# ip address 10.1.10.2 255.255.255.0
RouterA(config-if)# standby 1 ip 10.1.10.1
RouterA(config-if)# standby 1 priority 110
RouterA(config-if)# standby 1 preempt
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
10
• Although the course covers the concepts of HSRP using routers,
in real life Layer 3 switches are used.
HSRP using
Layer 3 switches
is very similar.
RouterA(config)# interface GigabitEthernet0/0
Note
Common
RouterA(config-if)# ip address 10.1.10.2 255.255.255.0
practice to use
RouterA(config-if)# standby 1 ip 10.1.10.1
the VLAN # as
RouterA(config-if)# standby 1 priority 110
the Group #
RouterA(config-if)# standby 1 preempt
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
11
Use the show standby command to verify the HSRP state.
RouterA# show standby
GigabitEthernet0/0 - Group 1 (version 2)
State is Active
2 state changes, last state change 00:00:18
Virtual IP address is 10.1.10.1
Active virtual MAC address is 0000.0C9F.F001
Local virtual MAC address is 0000.0C9F.F001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.278 secs
Preemption enabled
Active router is local
Standby router is 10.1.10.3, priority 90 (expires in 9 sec)
Priority 110 (configured 110)
Group name is hsrp-Gig0/0-1 (default)
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12
HSRP Group
Multicast Special MAC
Version Numbers Address Address
HSRP v1
0-255
224.0.0.2
0000.0C07.ACXX XX = HSRP
Group
number
HSRP v2
0-4095
224.0.0.102
0000.0C9F.FXXX
© 2013 Cisco and/or its affiliates. All rights reserved.
XXX =HSRP
Group
number
Cisco Public
13
The show standby brief command
a summary
The Activedisplays
The IP address
State
of
this
router
is
local
of the HSRP configurations.
of the Standby
router either
Active
or Standby.
RouterA# show standby
brief
(this router, or
router or local if
the IP of the
this router.
P indicates configured
to preempt.
Active router.
Interface
Gig0/0
Grp
1
|
Pri P State
110 P Active
Active
local
Standby
10.1.10.3
Virtual IP
10.1.10.1
RouterA(config)# interface GigabitEthernet0/0
RouterA(config-if)# ip address 10.1.10.2 255.255.255.0
RouterA(config-if)# standby 1 ip 10.1.10.1
RouterA(config-if)# standby 1 priority 110
RouterA(config-if)# standby 1 preempt
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
• Configure HSRP
Adding additional line so transition will happen quicker:
RouterA(config-if)# standby 1 timers msec 200 msec 600
• Install VideoLAN (VLC media player)
Streams media from the server to the target (free
download - http://www.videolan.org/index.html )
Install on computer acting like the media server
Install on the target (laptop) - more slide 33
• Start stream from server to target
• Break connection between target and active
router (R1).
• Standby (R2) should transition to Active
• Reconnect connection and R1 should
become Active again.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
15
(little beyond scope)
R1(config)# interface G0/0
S0/0/0
R1(config-if)# ip address 10.1.1.2 255.255.255.0
R1
R1(config-if)# standby 10 ip 10.1.1.1
G0/0
R1(config-if)# standby 10 priority 110
R1(config-if)# standby 10 preempt
R1(config-if)# standby 10 track serial 0/0/0
Decrements by default of 10, so priority now 100
A
c
t
I
v
e
You can alter how much to decrement the priority by
adding that amount at the end of the command:
R1(config-if)# standby 10 track serial 0/0/0 20
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
16
• Continue from previous
demonstration
• Configure Tracking of R1 Fa0/1
• Verify still working
• Break connection between R1 and
the L3Sw
• See what happens
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
17
To work you must
have InterVLAN
routing configured!
Active
Standby
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
18
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19
HSRP
VRRP
HSRP is a Cisco proprietary protocol,
created in 1994, and formalized with the
RFC 2281 in March 1998.
VRRP is an IEEE standard (RFC 2338 in 1998; then RFC
3768 in 2005) for router redundancy.
16 groups max.
255 groups max.
1 active, 1 standby, several candidates.
1 active, several backups.
Virtual IP is different from Active and
Standby real IP addresses.
Virtual IP can be the same as one of the
group members real IP address.
Uses 224.0.0.2 for hello packets.
Uses 224.0.0.18 for hello packets.
Default timers: hello 3 s, holdtime 10 s.
The default timers are shorter in VRRP than HSRP. This
often gave VRRP the reputation of being faster than HSRP.
Can track interfaces or objects.
Can track only objects.
Uses authentication within each group by
default. When authentication is not
configured, a default authentication,
using “cisco” as the password.
Supports plaintext and HMAC/MD5 authentication methods
(RFC 2338). The new VRRP RFC (RFC 3768) removes
support for these methods. The consequence is that VRRP
does not support authentication anymore. Nevertheless,
current Cisco IOS still supports the RFC 2338
authentications mechanisms.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
20
• Routers A, B, and C are members of a VRRP group. The IP address of the
virtual router can be the same as that of the LAN interface of Router A
(10.0.0.1). Router A is responsible for forwarding packets sent to this IP
address.
• The clients have a gateway address of 10.0.0.1. Routers B and C are backup
routers. If the master router fails, the backup router with the highest priority
becomes the master router. When Router A recovers, it resumes the role of
master router.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
21
RouterA# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterA(config)# interface vlan 1
RouterA(config-if)# ip address 10.0.2.1 255.255.255.0
RouterA(config-if)# vrrp 1 ip 10.0.2.254
RouterA(config-if)# vrrp 1 timers advertise msec 500
RouterA(config-if)# end
RouterB# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)# interface vlan 1
RouterB(config-if)# ip address 10.0.2.2 255.255.255.0
RouterB(config-if)# vrrp 1 ip 10.0.2.254
RouterB(config-if)# vrrp 1 priority 90
RouterB(config-if)# vrrp 1 timers learn
RouterB(config-if)# end
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
22
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
23
• Allows full use of resources on
all devices without the
administrative burden of
creating multiple groups
• Provides a single virtual IP
address and multiple virtual
MAC addresses
• Routes traffic to single gateway
distributed across routers
• Provides automatic rerouting in
the event of any failure
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
24
I’m the AVG so I am
assigning the virtual vMAC
ending in 0001 to me and
0002 to the AVF router.
Also, the virtual IP is
I just got an
10.88.1.10.
I got
an ARP
ARP
request
request
from
Host Afrom
for
Host B forI
10.88.1.10.
will10.88.1.10.
handle thisI
willand
send
the
one
reply
AVF’s
with
my vMAC
vMAC to
Host B
Okay I will respond
to vMAC ...0002
I just got a packet from
Host B. I must be the
Default Gateway for B.
• By default, GLBP attempts to balance traffic on a per-host basis using
the round-robin algorithm.
• When a client sends an ARP message for the gateway IP address, the
AVG returns the virtual MAC address of one of the AVFs.
• When a second client sends an ARP message, the AVG returns the next
virtual MAC address from the list.
© 2013 Cisco and/or its affiliates. All rights reserved.
AVG=Active Virtual Gateway
AVF=Active Virtual Forwarder
Cisco Public
25
R1
R1(config)# interface g0/1
R1(config-if)# glbp 1 ip 192.168.1.254
R1(config-if)# glbp 1 preempt
R1(config-if)# glbp 1 priority 150
R1(config-if)# glbp 1 load-balancing
round-robin
R3
R3(config)# interface g0/1
R3(config-if)# glbp 1 ip 192.168.1.254
R3(config-if)# glbp 1 load-balancing
round-robin
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
26
R1#show glbp
GigabitEthernet0/1 - Group 1
State is Active
2 state changes, last state change 00:04:12
Virtual IP address is 192.168.1.254
<output omitted>
Active router is local
Standby is 192.168.1.3, priority 100 (expires in 7.644 sec)
Priority 150 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
c000.0ce0.0000 (192.168.2.1) local
c001.0ce0.0000 (192.168.2.2)
<output omitted>
• The show glbp command in this example displays information
about the status of GLBP group 1.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
27
R1#show glbp
<output omitted>
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:04:02
MAC address is 0007.b400.0101 (default)
Owner ID is c000.0ce0.0000
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Forwarder 2
State is Listen
• The show glbp command in this example displays information
about the status of GLBP group 1.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
28
• HSRP Packet Tracer that is included with bridge materials.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
29
• End devices are typically configured with a single default gateway
IP address that does not change when the network topology
changes.
• Redundancy protocols provide a mechanism for determining
which router should take the active role in forwarding traffic and
determining when that role must be taken over by a standby
router.
• HSRP defines a standby group of routers, with one router as the
active router. VRRP is standard protocol that provides a similar
function.
• GLBP is a Cisco proprietary solution to allow automatic selection
and simultaneous use of multiple available gateways in addition
to automatic failover between those gateways.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
30
• Lab 2.4.3.4 Configuring HSRP and GLBP
Uses real Equipment
Creating a PT activity will show how the packets look, but not the same as real
equipment.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
31
Server:
Change IP address to match topology (i.e. 200.200.200.100/24)
Install VLC (VideoLan - http://www.videolan.org/index.html )
Control panel  Network and Sharing Center  Advanced Settings  enable media
streaming. Also turn Firewall OFF, and you might need to allow public sharing.
Copy media files to server – i.e. “A day made of glass.mp4”
VLC – To Start Stream: Media  Stream  add video  Stream  next  add HTTP
port 8888 path/glass.mpg  next  next  check Stream all elementary streams 
Stream (note: port = use any unused port number; path/ give it a name with the .mpg
extension )
Client:
Change IP address to match topology (i.e. 192.168.5.100/24)
Install VLC
Control panel  Network and Sharing Center  Advanced Settings  enable media
streaming. Also turn Firewall OFF, and you might need to allow public sharing.
VLC – To receive stream: Media  Network Stream 
http://200.200.200.100:8888/glass.mpg (needs to match settings from server)
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
33
FYI
• Configure HSRP on the interface.
Switch(config-if)#
standby group-number ip ip-address
• The group number is optional and indicates the HSRP group to which
this interface belongs.
• Specifying a unique group number in the standby commands enables
the creation of multiple HSRP groups. The default group is 0.
• Multiple SVIs (max 16) can be part of the same group number and will
therefore share the same virtual MAC address.
• The IP address is that of the virtual router IP address for the HSRP
group.
• Important: The actual addresses of the HSRP routers must not be
discovered by end devices. Hence, when enabling HSRP it
automatically disables ICMP redirects on that interface.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
34
FYI
• To set the HSRP priority value of a router, enter this command in
interface configuration mode:
standby group-number priority priority-value
• The priority value can be from 0 to 255. The default value is 100.
• During the election process, the router with the highest priority in
an HSRP group becomes the active router. If a tie occurs, the router
with the highest configured IP address becomes active.
• If the routers do not have preempt configured, a router that boots up
significantly faster than the others in the standby group becomes the
active router, regardless of the configured priority. The former active
router can be configured to resume the forwarding router role by
preempting a router with a lower priority.
• To enable a router to resume the forwarding router role, enter this
command in interface configuration mode:
standby [group-number] preempt
reload seconds sync seconds}]
© 2013 Cisco and/or its affiliates. All rights reserved.
[delay {minimum seconds
Cisco Public
35
FYI
Variable
Description
group-number
(Optional) Group number
on the interface to which
the timers apply.
The default is 0.
msec
(Optional) Interval in
milliseconds. Millisecond
timers allow for faster
failover.
hellotime
Hello interval in seconds.
This is an integer from 1
through 255. The
default is 3 seconds.
holdtime
Time, in seconds, before
the active or standby
router is declared to be
down. This is an integer
from 1 through 255. The
default is 10 seconds.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
36
FYI
RouterA(config)# interface vlan 10
RouterA(config-if)# ip address 10.1.1.2 255.255.255.0
RouterA(config-if)# standby 10 ip 10.1.1.1
RouterA(config-if)# standby 10 priority 110
RouterA(config-if)# standby 10 preempt
RouterA(config-if)# standby 10 authentication xyz123
RouterA(config-if)# standby 10 timers msec 200 msec 750
RouterA(config-if)# standby 10 preempt delay minimum 225
When booting a device, preempt should not begin until full connectivity has
happened. To accomplish this set preempt delay to a value 50% greater than the
boot time. Ex: 150 sec. boot time + 50% (75 sec) = 225 seconds.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
37