To Infinity & Beyond If you use HSRP Modified from the instructor bridge materials and covered in “Scaling Networks” chapter 2 curriculum - by Mark Anderson

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Review of WHY and WHAT? Configure basic HSRP Why change the timers? Describe the idea behind HSRP interface tracking Describe the idea behind HSRP load balancing Very quick look at VRRP Identify GLBP as a load-balancing redundancy protocol Most Important part is the DEMO !

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 First Hop Redundancy Protocols (FHRP) provide default gateway redundancy. The following is the evolution: Proxy ARP Static Default Gateway HSRP Hot Standby Router Protocol VRRP Virtual Router Redundancy Protocol GLBP Gateway Load Balancing Protocol Legacy solution. Used before default gateways were supported on IP clients. End station acts as if destination were on same network segment and sends out an ARP. The router responds with an ARP reply using its own MAC. Now that a default gateway is configured on most devices, the Proxy ARP feature is not used anymore Not dynamic. Does not provide secondary path. If Default Gateway is not set on a Host the Host will not send out an ARP. So, Proxy ARP feature is not used anymore.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Hot Standby Router Protocol (HSRP) HSRP for IPv6 Virtual Router Redundancy Protocol version 2 (VRRPv2) VRRPv3 Gateway Load Balancing Protocol (GLBP) GLBP for IPv6 ICMP Router Discovery Protocol (IRDP) Legacy solution

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 HSRP defines a group of routers -- one active and one standby. Virtual IP and MAC addresses are shared between the two routers. (note: special MAC addresses  more later) To verify HSRP state, use the show standby command. HSRP is Cisco proprietary, and VRRP is vendor neutral.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Active router: Responds to default gateway ARP requests with the virtual router MAC address Assumes active forwarding of packets for the virtual router Sends hello messages Knows the virtual router IP address Standby Router Listens for periodic hello messages Listens to all ARPs but ignores Does not forward packets Assumes active forwarding of packets if it does not hear from active router Note: The PC is configured with the virtual IP as its Default Gateway.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Configure HSRP on the interface. Switch(config-if)# standby group-number ip ip-address The group number is optional and indicates the HSRP group to which this interface belongs. Specifying a unique group number in the standby commands enables the creation of multiple HSRP groups. The default group is 0. standby ip (this would default to group 0) The IP address is that of the virtual router for that specific HSRP group. Important: The actual addresses of the HSRP routers must not be discovered by end devices. Hence, when enabling HSRP it automatically disables ICMP redirects on that interface.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 First with start with a group number, such as “1”, and the virtual router ip address. Routers are configured with priorities (default is 100). The router with the highest priority becomes the Active router. The preempt keyword ensures that Router A will be the HSRP active router as long its interface is active and sending hellos. RouterA(config)# interface GigabitEthernet0/0 RouterA(config-if)# ip address RouterA(config-if)# standby 1 ip RouterA(config-if)# standby 1 priority 110 RouterA(config-if)# standby 1 preempt 110 is higher than 90 so Router A will be the active router

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Although the course covers the concepts of HSRP using routers, in real life Layer 3 switches are used. RouterA(config)# interface GigabitEthernet0/0 RouterA(config-if)# ip address RouterA(config-if)# standby 1 ip RouterA(config-if)# standby 1 priority 110 RouterA(config-if)# standby 1 preempt HSRP using Layer 3 switches is very similar. Note Common practice to use the VLAN # as the Group #

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Use the show standby command to verify the HSRP state. RouterA# show standby GigabitEthernet0/0 - Group 1 (version 2) State is Active 2 state changes, last state change 00:00:18 Virtual IP address is Active virtual MAC address is C9F.F001 Local virtual MAC address is C9F.F001 (v2 default) Hello time 3 sec, hold time 10 sec Next hello sent in secs Preemption enabled Active router is local Standby router is , priority 90 (expires in 9 sec) Priority 110 (configured 110) Group name is hsrp-Gig0/0-1 (default)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 HSRP Version Group Numbers Multicast Address Special MAC Address HSRP v C07.ACXXXX = HSRP Group number HSRP v C9F.FXXXXXX =HSRP Group number

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 The show standby brief command displays a summary of the HSRP configurations. RouterA# show standby brief P indicates configured to preempt. | Interface Grp Pri P State Active Standby Virtual IP Gig0/ P Active local RouterA(config)# interface GigabitEthernet0/0 RouterA(config-if)# ip address RouterA(config-if)# standby 1 ip RouterA(config-if)# standby 1 priority 110 RouterA(config-if)# standby 1 preempt State of this router either Active or Standby. The Active router is local (this router, or the IP of the Active router. The IP address of the Standby router or local if this router.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Configure HSRP Adding additional line so transition will happen quicker: RouterA(config-if)# standby 1 timers msec 200 msec 600 Install VideoLAN (VLC media player) Streams media from the server to the target (free download - ) Install on computer acting like the media server Install on the target (laptop) - more slide 33 Start stream from server to target Break connection between target and active router (R1). Standby (R2) should transition to Active Reconnect connection and R1 should become Active again.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 G0/0 S0/0/0 R1 R1(config)# interface G0/0 R1(config-if)# ip address R1(config-if)# standby 10 ip R1(config-if)# standby 10 priority 110 R1(config-if)# standby 10 preempt R1(config-if)# standby 10 track serial 0/0/0 Decrements by default of 10, so priority now 100 You can alter how much to decrement the priority by adding that amount at the end of the command: R1(config-if)# standby 10 track serial 0/0/0 20 ActIveActIve

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Continue from previous demonstration Configure Tracking of R1 Fa0/1 Verify still working Break connection between R1 and the L3Sw See what happens

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 To work you must have InterVLAN routing configured! Active Standby

Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 19

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 HSRPVRRP HSRP is a Cisco proprietary protocol, created in 1994, and formalized with the RFC 2281 in March VRRP is an IEEE standard (RFC 2338 in 1998; then RFC 3768 in 2005) for router redundancy. 16 groups max.255 groups max. 1 active, 1 standby, several candidates.1 active, several backups. Virtual IP is different from Active and Standby real IP addresses. Virtual IP can be the same as one of the group members real IP address. Uses for hello packets.Uses for hello packets. Default timers: hello 3 s, holdtime 10 s.The default timers are shorter in VRRP than HSRP. This often gave VRRP the reputation of being faster than HSRP. Can track interfaces or objects.Can track only objects. Uses authentication within each group by default. When authentication is not configured, a default authentication, using “cisco” as the password. Supports plaintext and HMAC/MD5 authentication methods (RFC 2338). The new VRRP RFC (RFC 3768) removes support for these methods. The consequence is that VRRP does not support authentication anymore. Nevertheless, current Cisco IOS still supports the RFC 2338 authentications mechanisms.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Routers A, B, and C are members of a VRRP group. The IP address of the virtual router can be the same as that of the LAN interface of Router A ( ). Router A is responsible for forwarding packets sent to this IP address. The clients have a gateway address of Routers B and C are backup routers. If the master router fails, the backup router with the highest priority becomes the master router. When Router A recovers, it resumes the role of master router.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 RouterA# configure terminal Enter configuration commands, one per line. End with CNTL/Z. RouterA(config)# interface vlan 1 RouterA(config-if)# ip address RouterA(config-if)# vrrp 1 ip RouterA(config-if)# vrrp 1 timers advertise msec 500 RouterA(config-if)# end RouterB# configure terminal Enter configuration commands, one per line. End with CNTL/Z. RouterB(config)# interface vlan 1 RouterB(config-if)# ip address RouterB(config-if)# vrrp 1 ip RouterB(config-if)# vrrp 1 priority 90 RouterB(config-if)# vrrp 1 timers learn RouterB(config-if)# end

Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 23

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Allows full use of resources on all devices without the administrative burden of creating multiple groups Provides a single virtual IP address and multiple virtual MAC addresses Routes traffic to single gateway distributed across routers Provides automatic rerouting in the event of any failure

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 By default, GLBP attempts to balance traffic on a per-host basis using the round-robin algorithm. When a client sends an ARP message for the gateway IP address, the AVG returns the virtual MAC address of one of the AVFs. When a second client sends an ARP message, the AVG returns the next virtual MAC address from the list. I’m the AVG so I am assigning the virtual vMAC ending in 0001 to me and 0002 to the AVF router. Also, the virtual IP is Okay I will respond to vMAC I just got an ARP request from Host A for I will handle this one and reply with my vMAC I got an ARP request from Host B for I will send the AVF’s vMAC to Host B I just got a packet from Host B. I must be the Default Gateway for B. AVG=Active Virtual Gateway AVF=Active Virtual Forwarder

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 R1 R1(config)# interface g0/1 R1(config-if)# glbp 1 ip R1(config-if)# glbp 1 preempt R1(config-if)# glbp 1 priority 150 R1(config-if)# glbp 1 load-balancing round-robin R3 R3(config)# interface g0/1 R3(config-if)# glbp 1 ip R3(config-if)# glbp 1 load-balancing round-robin

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 The show glbp command in this example displays information about the status of GLBP group 1. R1#show glbp GigabitEthernet0/1 - Group 1 State is Active 2 state changes, last state change 00:04:12 Virtual IP address is Active router is local Standby is , priority 100 (expires in sec) Priority 150 (default) Weighting 100 (default 100), thresholds: lower 1, upper 100 Load balancing: round-robin Group members: c000.0ce ( ) local c001.0ce ( )

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 The show glbp command in this example displays information about the status of GLBP group 1. R1#show glbp There are 2 forwarders (1 active) Forwarder 1 State is Active 1 state change, last state change 00:04:02 MAC address is 0007.b (default) Owner ID is c000.0ce Redirection enabled Preemption enabled, min delay 30 sec Active is local, weighting 100 Forwarder 2 State is Listen

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 HSRP Packet Tracer that is included with bridge materials.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 End devices are typically configured with a single default gateway IP address that does not change when the network topology changes. Redundancy protocols provide a mechanism for determining which router should take the active role in forwarding traffic and determining when that role must be taken over by a standby router. HSRP defines a standby group of routers, with one router as the active router. VRRP is standard protocol that provides a similar function. GLBP is a Cisco proprietary solution to allow automatic selection and simultaneous use of multiple available gateways in addition to automatic failover between those gateways.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Lab Configuring HSRP and GLBP Uses real Equipment Creating a PT activity will show how the packets look, but not the same as real equipment.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Server: Change IP address to match topology (i.e /24) Install VLC (VideoLan - ) Control panel  Network and Sharing Center  Advanced Settings  enable media streaming. Also turn Firewall OFF, and you might need to allow public sharing. Copy media files to server – i.e. “A day made of glass.mp4” VLC – To Start Stream: Media  Stream  add video  Stream  next  add HTTP port 8888 path/glass.mpg  next  next  check Stream all elementary streams  Stream (note: port = use any unused port number; path/ give it a name with the.mpg extension ) Client: Change IP address to match topology (i.e /24) Install VLC Control panel  Network and Sharing Center  Advanced Settings  enable media streaming. Also turn Firewall OFF, and you might need to allow public sharing. VLC – To receive stream: Media  Network Stream  (needs to match settings from server)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Configure HSRP on the interface. Switch(config-if)# standby group-number ip ip-address The group number is optional and indicates the HSRP group to which this interface belongs. Specifying a unique group number in the standby commands enables the creation of multiple HSRP groups. The default group is 0. Multiple SVIs (max 16) can be part of the same group number and will therefore share the same virtual MAC address. The IP address is that of the virtual router IP address for the HSRP group. Important: The actual addresses of the HSRP routers must not be discovered by end devices. Hence, when enabling HSRP it automatically disables ICMP redirects on that interface. FYI

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 To set the HSRP priority value of a router, enter this command in interface configuration mode: standby group-number priority priority-value The priority value can be from 0 to 255. The default value is 100. During the election process, the router with the highest priority in an HSRP group becomes the active router. If a tie occurs, the router with the highest configured IP address becomes active. If the routers do not have preempt configured, a router that boots up significantly faster than the others in the standby group becomes the active router, regardless of the configured priority. The former active router can be configured to resume the forwarding router role by preempting a router with a lower priority. To enable a router to resume the forwarding router role, enter this command in interface configuration mode: standby [group-number] preempt [delay {minimum seconds reload seconds sync seconds}] FYI

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 VariableDescription group-number(Optional) Group number on the interface to which the timers apply. The default is 0. msec(Optional) Interval in milliseconds. Millisecond timers allow for faster failover. hellotimeHello interval in seconds. This is an integer from 1 through 255. The default is 3 seconds. holdtimeTime, in seconds, before the active or standby router is declared to be down. This is an integer from 1 through 255. The default is 10 seconds. FYI

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 RouterA(config)# interface vlan 10 RouterA(config-if)# ip address RouterA(config-if)# standby 10 ip RouterA(config-if)# standby 10 priority 110 RouterA(config-if)# standby 10 preempt RouterA(config-if)# standby 10 authentication xyz123 RouterA(config-if)# standby 10 timers msec 200 msec 750 RouterA(config-if)# standby 10 preempt delay minimum 225 When booting a device, preempt should not begin until full connectivity has happened. To accomplish this set preempt delay to a value 50% greater than the boot time. Ex: 150 sec. boot time + 50% (75 sec) = 225 seconds. FYI