CCNA 3 Module 2 Introduction to Classless Routing

CCNP 3 v4 Module 6
Implementing Redundancy in
the Routing Layer
© 2003, Cisco Systems, Inc. All rights reserved.
1
Objectives
•
Configuring and optimizing Layer 3
redundancy with HSRP
•
Configuring Layer 3 redundancy with
VRRP and GLBP
•
Implementing hardware and software
redundancy with modular switches
•
Describing high availability in multilayer
switching
© 2003, Cisco Systems, Inc. All rights reserved.
2
Overview
•
•
•
A network with High Availability (HA) provides
alternate means by which all infrastructure paths
and key servers can be accessed at all times.
Hot Standby Router Protocol (HSRP), Virtual
Router Redundancy Protocol (VRRP) and
Gateway Load Balancing Protocol (GLBP) create
immediate link failover for LAN clients.
High Availability is also accomplished by
implementing redundant links and hardware,
such as supervisor engines, route modules and
power supplies.
© 2003, Cisco Systems, Inc. All rights reserved.
3
The Router Redundancy Process
•
When router redundancy is configured, a virtual router is
created.
•
The IP address of the virtual router will be configured as
the default gateway for the workstations on the LAN.
•
The virtual router has its own virtual MAC and IP address.
•
–
As always, the workstation will use ARP to resolve the
MAC address of the default gateway.
–
This ARP resolution will return the MAC address of the
virtual gateway.
Frames will then be sent to the virtual router.
–
Hosts on the LAN do not know they are sending frames
to a virtual IP/MAC.
© 2003, Cisco Systems, Inc. All rights reserved.
4
Virtual Routers
•
•
The configuration of the virtual router is done mostly at
interface configuration mode of the physical routers that
will participate in the HA group.
–
The physical routers will share the virtual IP and MAC
address of the virtual router(s).
–
This configuration is very similar across all redundancy
protocols.
One router will be “active” and one or more other backup
routers will be “standby”.
–
Like OSPF, the active router is determined by the highest
IP address and priority.
–
The transition from one forwarding router to another is
transparent to the end devices.
© 2003, Cisco Systems, Inc. All rights reserved.
5
Virtual Router Example
© 2003, Cisco Systems, Inc. All rights reserved.
6
Hot Standby Router Protocol (HSRP)
•
HSRP defines a standby group of routers,
with one router as the active router.
– HSRP consists of a virtual MAC and IP
address that are shared between two or more
routers that belong to the same HSRP
standby group.
© 2003, Cisco Systems, Inc. All rights reserved.
7
ARP Resolution with HSRP
•
The IP address and corresponding MAC address of the
virtual router is maintained in the ARP table of each router
in an HSRP standby group.
•
The MAC address of the HSRP virtual router is
0000.0c07.acxx, where xx is the HSRP group identifier.
–
Here are a few examples:
–
Group 1 = 0000.0c07.ac01
–
Group 16 = 0000.0c07.ac10
–
Group 47 = 0000.0c07.ac2f
© 2003, Cisco Systems, Inc. All rights reserved.
8
HSRP Example
Note the priority of
both routers
© 2003, Cisco Systems, Inc. All rights reserved.
9
HSRP Terminology
© 2003, Cisco Systems, Inc. All rights reserved.
10
HSRP Active and Standby Routers
•
•
Within an HSRP standby group, one router is
elected to be the active router.
–
The active router physically forwards packets sent
to the virtual router.
–
The active router also replies with the virtual router
MAC address.
The function of the HSRP standby router is to
monitor the active router and begin forwarding
packets if the active router fails.
–
This is done by way of hello messages
© 2003, Cisco Systems, Inc. All rights reserved.
11
Standby Router
By default, hello messages are sent every 3 seconds and
The holdtime is 10 seconds or 3 times the hello interval.
Router(config-if)# standby group timers hello holdtime
© 2003, Cisco Systems, Inc. All rights reserved.
12
HSRP States
•
A router in an HSRP standby group can be in one of the
following states: initial, listen, speak, standby, or active.
1.
Initial: This is the starting state and indicates that HSRP is not
running.
2. Listen: In the listen state, the router knows the IP address of the
virtual router, but is neither the active router nor the standby
router.
3. Speak: In the speak state, the router sends periodic hello
messages and is actively participating in the election of the active
router or standby router.
•
The router will remain in the speak state unless it becomes an
active or standby router.
4.
Standby: In the standby state, because the router is a candidate to
become the next active router and will listen for hellos from the
active router.
•
There is only one standby router for the HSRP group.
5. Active: In the active state, the router is currently forwarding
packets that are sent to the virtual MAC address of the group.
© 2003, Cisco Systems, Inc. All rights reserved.
13
HSRP Configuration Commands
© 2003, Cisco Systems, Inc. All rights reserved.
14
HSRP Group Configuration
Router(config)#int fa0/0
Router(config-if)#ip addr 192.168.1.3 255.255.255.0
Router(config-if)#standby 1 ip 192.168.1.1
Router(config-if)#standby 1 priority 200
Router(config-if)#standby 1 timers 3 10
Router(config-if)#standby 1 preempt ?
delay Wait before preempting
<cr>
Router(config-if)#standby 1 preempt
Router(config-if)#standby 1 authentication standbykey
% Maximum authentication string length is 8
Router(config-if)#standby 1 authentication secretky
3550:
Switch(config)#int vlan 10
Switch(config-if)#ip addr 192.168.10.3 255.255.255.0
Switch(config-if)#standby 10 ip 192.168.10.1
Switch(config-if)#standby 10 priority 200
© 2003, Cisco Systems, Inc. All rights reserved.
15
show standby on Router
Router#sh standby
FastEthernet0/0 - Group 1
State is Active
2 state changes, last state change 00:03:19
Virtual IP address is 192.168.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.456 secs
Authentication text "secretky"
Preemption enabled
Active router is local
Standby router is 192.168.1.2,priority 100(expires in 9.456sec)
Priority 200 (configured 200)
IP redundancy name is "hsrp-Fa0/0-1" (default)
© 2003, Cisco Systems, Inc. All rights reserved.
16
show run and show standby ML Switch
interface Vlan10
ip address 192.168.10.3 255.255.255.0
standby 10 ip 192.168.10.1
standby 10 priority 200
VLAN ID
!
Switch#sh standby [vlan 10 10]
Vlan10 - Group 10
Group#
State is Active
2 state changes, last state change 00:03:30
Virtual IP address is 192.168.10.1
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.700 secs
Preemption enabled
Active router is local
Standby router is 192.168.10.3, priority 100 (expires in 8.388 sec)
Priority 150 (configured 150)
IP redundancy name is "hsrp-Vl10-10" (default)
Switch#
© 2003, Cisco Systems, Inc. All rights reserved.
17
show standby [brief]
© 2003, Cisco Systems, Inc. All rights reserved.
18
HSRP Load Sharing
•
To facilitate load sharing, a single router may be a
member of multiple HSRP standby groups on a
single segment.
–
This allows for additional redundancy and load
balancing among VLANs
–
While a router is actively forwarding traffic for one HSRP
group, the router can be in standby or listen state for
another group.
•
•
There can be up to 255 standby groups on any LAN.
For each standby group, an IP address and a single
well-known MAC address with a unique group
identifier is allocated to the group.
© 2003, Cisco Systems, Inc. All rights reserved.
19
Multigroup HSRP Example
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfip.htm#wp1124304
© 2003, Cisco Systems, Inc. All rights reserved.
20
HSRP Using Trunk Links for Mutliple VLANs
HSRP-enabled routers can participate in multiple separate VLANs using
Inter-Switch Link (ISL) or 802.1Q.
Each subinterface can serve as an active or standby gateway for either VLAN.
This way, either subinterface can serve as active for one VLAN and standby
for the other VLAN.
© 2003, Cisco Systems, Inc. All rights reserved.
21
Multiple HSRP Groups and Multiple VLANs
© 2003, Cisco Systems, Inc. All rights reserved.
22
Optimizing HSRP
•
HSRP Preempt
•
Hello Message Timer Adjustment
•
HSRP Interface Tracking
© 2003, Cisco Systems, Inc. All rights reserved.
23
HSRP Preempt
•
In the event of an active router failure, a
standby router will assume the role of active
router.
•
By default, the new active router will retain its
role as active when the former active router
comes back online, even if it has a higher
priority than the current active router.
•
In order for the former active router to regain
its role as active we must configure the
‘preempt’ option.
Router(config-if)# standby 10 preempt
© 2003, Cisco Systems, Inc. All rights reserved.
24
Hello Message Timer Adjustment
•
•
HSRP interfaces send hello messages to communicate with
other HSRP interfaces.
–
Hello messages are used to determine which router will
active and which will be standby.
–
Hello messages are also used to determine if an active router
has gone down.
The hello message contains the priority of the router as well
as hellotime and holdtime parameter values.
Switch(config-if)#standbygroup-number timershellotime holdtime
•
The holdtime value should be at least three times the value of
the hellotime.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfip.htm#wp1001531
© 2003, Cisco Systems, Inc. All rights reserved.
25
HSRP Hello and Holdtimes
© 2003, Cisco Systems, Inc. All rights reserved.
26
HSRP Interface Tracking
© 2003, Cisco Systems, Inc. All rights reserved.
27
HSRP Interface Tracking
•
In some situations, the status of an interface
directly affects which router needs to become
the active router.
•
If an interface an HSRP router uses to reach
some resource goes down, the HSRP router
can decrease its priority to a value lower than
that of the current standby router.
–
This allows the standby router to become active.
© 2003, Cisco Systems, Inc. All rights reserved.
28
HSRP Interface Tracking
Router(config-if)# standby 1 track serial 0/0 50
© 2003, Cisco Systems, Inc. All rights reserved.
29
HSRP Tracking Example
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/fthsrptk.htm
© 2003, Cisco Systems, Inc. All rights reserved.
30
Tuning HSRP Operations
•
The HSRP hello and holdtime can be set to
millisecond values so that HSRP failover
occurs in less than 1 second. For example:
Switch(config-if)#standby 1 timers msec 200 msec 750
•
Preempt delay time should also be set to allow
the HSRP device time to reconnect with the
rest of the network, i.e.. relearn the routing
table or spanning-tree topology before it
becomes the active router again.
standby 1 preempt delay minimum 180
© 2003, Cisco Systems, Inc. All rights reserved.
31
HSRP Debug Commands
© 2003, Cisco Systems, Inc. All rights reserved.
32
Virtual Router Redundancy Protocol (VRRP)
•
Like HSRP, Virtual Router Redundancy Protocol (VRRP)
allows a group of routers to form a single virtual router.
– VRRP is an IEEE standard for router redundancy, HSRP
is a Cisco proprietary
– The virtual router, representing a group of routers, is
known as a VRRP group.
– The active router is referred to as the master virtual
router.
– The master virtual router may have the same IP address
of the virtual router group.
– Multiple routers can function as backup routers.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st18/st_vrrpx.htm
© 2003, Cisco Systems, Inc. All rights reserved.
33
VRRP Example
© 2003, Cisco Systems, Inc. All rights reserved.
34
VRRP Redundancy Features
•
VRRP provides redundancy for the real IP
address of a router, or for a virtual IP address
shared among the VRRP group members.
–
If a real IP address is used, the owning router
becomes the master.
–
If a virtual IP address is used, the master is the
router with the highest priority.
•
A VRRP group has one master router and one
or more backup routers.
•
The master router uses VRRP messages to
inform group members of the IP addresses of
the backup routers.
© 2003, Cisco Systems, Inc. All rights reserved.
35
The VRRP Operation Process
-if)# vrrp 1 ip 10.0.0.1
-if)# vrrp 2 ip 10.0.0.2
-if)# vrrp 1 ip 10.0.0.1
-if)# vrrp 2 ip 10.0.0.2
Two virtual routers groups are configured: Virtual Router 1 and 2.
Virtual Router 1 is 10.0.0.1 and Virtual Router 2 is 10.0.0.2.
Since each router owns one of these IPs it will be the Master Router for
that group and the other router set with the same IP will be the backup.
© 2003, Cisco Systems, Inc. All rights reserved.
36
The VRRP Operation Process
The priority of the Master Router is set to 255.
Backup router priority values can range from 1 to 254; the default
value is 100. The VRRP MAC address is 0000.5e00.01xx.
The master sends the advertisement on multicast 224.0.0.18
on a default interval of 1 second (advertisement interval).
The master-down interval is the time interval for backup to declare
the master down (seconds).
© 2003, Cisco Systems, Inc. All rights reserved.
37
VRRP Configuration
Master Router:
interface FastEthernet0/1
ip address 10.1.2.3 255.255.255.0
duplex auto
speed auto
vrrp 10 ip 10.1.2.3
Even with the higher priority, the router
below is still the backup because the router
above is using its own IP address.
Backup Router:
interface FastEthernet0/1
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
vrrp 10 ip 10.1.2.3
vrrp 10 priority 150
© 2003, Cisco Systems, Inc. All rights reserved.
38
Gateway Load Balancing Protocol (GLBP)
•
While HSRP and VRRP provide gateway
resiliency, the standby members of the
redundancy group remain idle while the device is
in standby mode.
–
Only the active router for the HSRP and VRRP group
forwards traffic for the virtual MAC.
–
In order to provide load balancing, multiple groups
must be created with each group pointing to different
gateways.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ft_glbp.htm
© 2003, Cisco Systems, Inc. All rights reserved.
39
Gateway Load Balancing Protocol (GLBP)
•
Cisco designed GLBP allow for
simultaneous use of multiple, available
gateways, as well as automatic failover
between those gateways.
•
With GLBP, it is not necessary to
configure multiple groups or assign
different gateways to clients.
© 2003, Cisco Systems, Inc. All rights reserved.
40
GLBP Operation
•
•
The members of a GLBP group elect one gateway to be the
Active Virtual Gateway (AVG) for that group.
– The AVG is the router with the highest priority or IP addr.
– Other members of that group provide backup for the
AVG.
The AVG assigns a virtual MAC address to each member of
the GLBP group.
– The AVG answers all ARP requests sent from clients and
responds with one of the virtual MAC addresses of a
member of the GLBP group.
– A GLBP group can have up to four group members.
– Each router in the GLBP group is called an Active Virtual
Forwarder (AVF).
© 2003, Cisco Systems, Inc. All rights reserved.
41
GLBP Example
The GLBP MAC address is in the form of 0007.b40g.ggff
g = group, f = forwarder
For example, Group 10 = 0007.b400.0a01
© 2003, Cisco Systems, Inc. All rights reserved.
42
GLBP Modes
•
GLBP supports different modes of load balancing:
–
Weighted load-balancing
•
–
Host-dependent
•
–
Same host always uses the same virtual MAC
Round-robin
•
•
Uses the configured weight value
Each ARP reply contains the virtual MAC address of
the next router in the group
In the event that one of the AVFs becomes unavailable, the
next AVF takes over for the one that went down.
© 2003, Cisco Systems, Inc. All rights reserved.
43
GLBP Example
© 2003, Cisco Systems, Inc. All rights reserved.
44
VRRP and GLBP Configuration
VRRP Implementation:
Switch(config)#interface vlan10
Switch(config-if)#ip address 10.1.10.5 255.255.255.0
Switch(config-if)#vrrp 10 ip 10.1.10.1
GLBP Implementation:
Router(config)#interface fa0/1
Router(config-if)#ip address 10.1.10.5 255.255.255.0
Router(config-if)#glbp 10 ip 10.1.10.1
Router(config-if)#glbp 10 priority 150
Router(config-if)#glbp 10 preempt
Router(config-if)#glbp 10 timers msec 250 msec 750
© 2003, Cisco Systems, Inc. All rights reserved.
45
Route Processor Redundancy
© 2003, Cisco Systems, Inc. All rights reserved.
46
Redundant Supervisor Engines
•
A Catalyst switch can allow a standby supervisor engine to
take over if the primary supervisor engine fails.
–
•
In software, this capability is enabled by a feature called
Route Processor Redundancy (RPR).
RPR can run in one of two modes
–
RPR and RPR+
•
The active Supervisor Engine checks the IOS version of the
redundant Supervisor Engine when it boots.
•
If the image on the redundant Supervisor Engine is the same
then RPR+ is used if they do not match, then RPR is used.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_qanda_item09186a0080159963.shtml
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/index.htm
© 2003, Cisco Systems, Inc. All rights reserved.
47
RPR+ vs. RPR
•
•
•
•
RPR leaves the standby MSFC and PFC non
operational until a failover occurs.
RPR+ places the standby MSFC and PFC in an
operational mode upon boot, thereby providing
faster failover.
RPR+ maintains synchronization of the runningconfiguration file between the two Supervisor
Engines.
Both RPR and RPR+ maintain synchronization of
the startup-configuration file between the two
Supervisor Engines.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/redund.htm
© 2003, Cisco Systems, Inc. All rights reserved.
48
RPR Configuration
© 2003, Cisco Systems, Inc. All rights reserved.
49
Multilayer Switch Feature Card (MSFC)
•
The Catalyst 6500 platform provides Layer 3 functionality
through a Multilayer Switch Function card (MSFC) residing
on the Supervisor Engine module.
–
The MSFC3 which is integrated onto the Supervisor Engine
720.
–
The MSFC3 runs Layer 2 protocols on one CPU and Layer
3 protocols on the second CPU.
•
•
VLAN Trunking Protocol, routing protocols, multimedia
services, security services etc…
The MSFC builds the CEF Information Base table in software
and downloads this table to the hardware or ASIC on the
Policy Feature Card (PFC) and any installed Distributed
Forwarding Card (DFC).
© 2003, Cisco Systems, Inc. All rights reserved.
50
Stateless Switchover Mode
•
When a redundant supervisor engine runs in
SSO mode, the redundant supervisor engine
starts up in a fully-initialized state and
synchronizes with the persistent configuration
and the running config of the active sup engine.
–
This maintains the configuration of all Layer 2
protocols and the connection of all Layer 2 sessions.
–
Layer 3 sessions will be delayed until the newly
activated sup engine can repopulate its routing
tables.
–
SSO is supported in 12.2(20)EWA and later releases.
–
Supported on Catalyst 4500 and 6500.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper0900aecd801c5cd7.shtml
© 2003, Cisco Systems, Inc. All rights reserved.
51
Single Router Mode (SRM)
•
•
•
•
In SRM redundancy, only the designated router (MSFC) is visible
to the network at any given time.
–
Dual Router Mode (DRM) had both MFSCs active and used HSRP to
maintain an active and secondary relationship.
–
This caused added complexity and peering problems.
Instead, SRM uses an active designated router and a standby
non-designated router.
The non-designated router is booted up completely and
participates in configuration synchronization, which is
automatically enabled when entering SRM.
The configuration of the non-designated router is exactly the
same as the designated router, but its interfaces are kept in a
"line down" state and are not visible to the network.
–
When the designated router fails, the non-designated router takes
over and brings up all its interfaces.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/srmsso.htm
© 2003, Cisco Systems, Inc. All rights reserved.
52
Failure with SRM and SSO
•
When the switch is powered on, SRM with SSO runs between
the two Supervisor Engines.
–
•
The Supervisor Engine that boots first becomes the active
Supervisor.
If the active Supervisor Engine 720 or MSFC3 fails, the
redundant Supervisor Engine 720 and MSFC3 become active.
–
The newly active Sup720 uses the existing PFC3 Layer 3
switching information to forward traffic while the newly active
MSFC3 builds its routing table.
–
Routing protocols have to then build the routing table for the
newly activated Sup Engine.
•
Packets that need to be routed are dropped until this is
done.
© 2003, Cisco Systems, Inc. All rights reserved.
53
Nonstop Forwarding (NSF)
•
Cisco NSF always runs with SSO and provides
redundancy for Layer 3 traffic.
•
The main purpose of NSF is to continue
forwarding IP packets following a sup. engine
switchover and the subsequent establishment
of the routing protocols peering relationships.
–
Cisco NSF is supported by the BGP, OSPF, IS-IS and
EIGRP protocols for routing and is supported by
CEF for forwarding.
–
A networking device is NSF-aware if it is running
NSF-compatible software.
–
A device is NSF-capable if it has been configured to
support NSF
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/nsfsso.htm
© 2003, Cisco Systems, Inc. All rights reserved.
54
Configuring NSF with SSO
Router> enable
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# redundancy
Router(config-red)# mode sso
Router(config-red)# end
Router# show redundancy states
Router# configure t
Router(config)# router ospf 1
Router(config-router)# nsf
© 2003, Cisco Systems, Inc. All rights reserved.
55
Redundant Power
© 2003, Cisco Systems, Inc. All rights reserved.
56
6509 Startup showing Power in Redundancy
Mode
00:00:54: SP: SP: Currently running ROMMON from S (Gold) region
00:01:02: %SYS-SP-5-RESTART: System restarted -Cisco Internetwork Operating System Software
IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOYMENT RELEASE
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 27-May-03 20:48 by ccai
00:01:03: %OIR-SP-6-INSPS: Power supply inserted in slot 1
00:01:03: %C6KPWR-SP-4-PSOK: power supply 1 turned on.
00:01:03: %OIR-SP-6-INSPS: Power supply inserted in slot 2
00:01:03: %C6KPWR-SP-4-PSOK: power supply 2 turned on.
00:01:03: %C6KPWR-SP-4-PSREDUNDANTBOTHSUPPLY: in power-redundancy mode,
system is operating on both power supplies.
00:01:04: %C6KENV-SP-4-FANHIOUTPUT: Version 2 high-output fan-tray is in effect
00:01:09: %FABRIC-SP-5-FABRIC_MODULE_ACTIVE: the switching fabric module in slot 5 became active
00:01:10: %DIAG-SP-6-RUN_COMPLETE: Module 5: Running Complete Diagnostics...
00:01:30: %C6KENV-SP-4-CLOCKFAILED: clock 2 failed
00:01:32: %DIAG-SP-6-DIAG_OK: Module 5: Passed Online Diagnostics
00:01:33: %OIR-SP-6-INSCARD: Card inserted in slot 5, interfaces are now online
00:01:33: %DIAG-SP-6-RUN_COMPLETE: Module 2: Running Complete Diagnostics...
00:03:28: %DIAG-SP-6-DIAG_OK: Module 2: Passed Online Diagnostics
00:03:28: %OIR-SP-6-INSCARD: Card inserted in slot 2, interfaces are now online
00:04:00: %SNMP-5-COLDSTART: SNMP agent on host SouthCityPress is undergoing a cold start
© 2003, Cisco Systems, Inc. All rights reserved.
57