VRRP and Load Sharing


VRRP is the IEEE standard equivalent of HSRP, Cisco proprietary.

VRRP differs slightly from HSRP:

  • one “Master «is elected, “Active” for HSRP.
  • one or more “backup” Routers against only one “standby” router for HSRP, hence the presence of “skew time” to organize their participation to the election.
  • can use real IP address as the virtual IP.
  • use 224.0.0.18, udp(112).

VRRP use the same concept of multiple group to achieve load sharing.

 

Hold = 3xAdvertisment + skew time.

“Advertisement” , called “Hello” in HSRP.

Skew time = 1-(priority/256).

 

The skew time is inversely proportional to the priority, the hypothetical topology depicted in figure 1 better illustrates the utility that lurks behind the concept.

Figure1: skew time and priority

The hold time allows backup routers to be aware of a failure of the master for them to be able to send their advertisements and participate to the election of the new master, but with many routers as backup with different priorities it is clear that only the backup router with the highest priority will become the Master, so there is no need for the others to participate to the “masquerade” : ); thereby, using the skew time, only the backup router with the next highest priority will send its advertisements, become the Master and inform all others, if for any reason it is also not available, The next highest priority backup router will claim the master state.

 

This lab (Figure2) shows how to configure multiple VRRP groups to implement load sharing

Figure 2: lab topology

The layer2 switch connects VLAN10 and VLAN20 to the group of Layer3 devices router R2 and multilayer switch MLS that participate in VRRP.

R2 will be Master router for group20 (VLAN20 group) and MLS the backup gateway and vice versa, MLS will be the Master gateway for VLAN10 and R2 the backup gateway.

This is implemented in R2 using different sub-interfaces for each VLAN entering the router through Fa1/0 with dot1q encapsulation.

In MLS the upstream interface is a routed interface (disabled switching) and SVI VLAN10 and VLAN20 are used to receive traffic from each VLAN on the trunk interface Fa0/1.

The Lab is organized as follow:

– VRRP configuration

– VRRP Verification

– Testing

– MLS failure

– MLS recovery

– R2 tracked interface failure

– R2 tracked interface recovery

 

VRRP CONFIGURATION

MLS:

track 1 interface FastEthernet0/0 line-protocol
 

interface Vlan10

ip address 192.168.10.3 255.255.255.0

vrrp 10 ip 192.168.10.1

vrrp 10 preempt delay minimum 60

vrrp 10 priority 200

vrrp 10 track 1 decrement 100

 

interface Vlan20

ip address 192.168.20.3 255.255.255.0

vrrp 20 ip 192.168.20.1

no vrrp 20 preempt

vrrp 20 priority 150

R2:

track 1 interface FastEthernet0/0 line-protocol
 

interface FastEthernet1/0.10

encapsulation dot1Q 10

ip address 192.168.10.2 255.255.255.0

vrrp 10 ip 192.168.10.1

vrrp 10 priority 150

 

interface FastEthernet1/0.20

encapsulation dot1Q 20

ip address 192.168.20.2 255.255.255.0

vrrp 20 ip 192.168.20.1

vrrp 20 preempt delay minimum 60

vrrp 20 priority 200

vrrp 20 track 1 decrement 100

All First Hop Redundancy protocols like HSRP, VRRP and GLBP allow the use of object tracking which provides enhanced capability to track different object like:

– Interface.

– Line protocol state.

– Reachability of IP route.

– Threshold of IP routing metric.

– IP SLA operations.

– List of boolean expression and threshold weight.

For the purpose of the lab we track only the line protocol status.

VRRP VERIFICATION

Initial VRRP status:

MLS:

MLS#sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Vl10
10
200 3218 Y
Master
192.168.10.3
192.168.10.1

Vl20
20
150 3414 Backup
192.168.20.2
192.168.20.1

MLS# 

 

MLS#sh vrrp
Vlan10 – Group 10

State is Master

Virtual IP address is 192.168.10.1

Virtual MAC address is 0000.5e00.010a

Advertisement interval is 1.000 sec

Preemption enabled, delay min 60 secs

Priority is 200

Track object 1 state Up decrement 100

Master Router is 192.168.10.3 (local), priority is 200

Master Advertisement interval is 1.000 sec

Master Down interval is 3.218 sec

 

Vlan20 – Group 20

State is Backup

Virtual IP address is 192.168.20.1

Virtual MAC address is 0000.5e00.0114

Advertisement interval is 1.000 sec

Preemption disabled

Priority is 150

Master Router is 192.168.20.2, priority is 200

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec (expires in 2.406 sec)

 

MLS# 

MLS VLAN10 SVI is the master gateway interface for VLAN10 with the highest priority of 200 and MLS VLAN20 SVI is the backup gateway interface for VLAN20 (<R2 Fa1/0.20 interface priority).

 

R2:

R2#sh vrrp
Mar 1 01:26:54.243: %SYS-5-CONFIG_I: Configured from console by admin on console brief

Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10
10
150 3414 Y Backup
192.168.10.3
192.168.10.1

Fa1/0.20
20
200 3218 Y Master
192.168.20.2
192.168.20.1

R2#

 

R2#sh vrrp
FastEthernet1/0.10 – Group 10

State is Backup

Virtual IP address is 192.168.10.1

Virtual MAC address is 0000.5e00.010a

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 150

Master Router is 192.168.10.3, priority is 200

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec (expires in 2.538 sec)

 

FastEthernet1/0.20 – Group 20

State is Master

Virtual IP address is 192.168.20.1

Virtual MAC address is 0000.5e00.0114

Advertisement interval is 1.000 sec

Preemption enabled, delay min 60 secs

Priority is 200

Track object 1 state Up decrement 100

Master Router is 192.168.20.2 (local), priority is 200

Master Advertisement interval is 1.000 sec

Master Down interval is 3.218 sec

 

R2#

 

R2 Fa1/0.20 is the master gateway interface for VLAN20 with the highest priority of 200 and intfa1/0.10 is the backup gateway interface for VLAN20 with priority of 150 (< MLS SVI VLAN10 priority).

 

Connectivity

R10(VLAN10):

R10#sh arp
Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 8 cc01.154c.0010 ARPA FastEthernet0/0

Internet 192.168.10.3 52 cc02.1714.0000 ARPA FastEthernet0/0

Internet 192.168.10.1 26 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1714.0000 ARPA FastEthernet0/0

R10#

Using ARP for the default gateway IP 192.168.10.1, R10 has resolved the virtual MAC defined by VRRP group.

R10#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.10.3 88 msec 60 msec 76 msec

2 192.168.13.1 124 msec 88 msec 64 msec

3 10.10.10.1 184 msec 88 msec 92 msec

R10#

According to the initial VRRP state, MLS should be the Master VRRP router for the group 10 which is confirmed by result of trace command.

R20(VLAN20):

R20#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.20.2 108 msec 48 msec 28 msec

2 192.168.12.1 92 msec 104 msec 96 msec

3 10.10.10.1 104 msec 72 msec 64 msec

R20#

According to the initial VRRP state, R2 should be the Master VRRP router for the group 20 which is confirmed by result of trace command.

R20#sh arp
Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1714.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 15 0000.5e00.0114 ARPA FastEthernet0/0

Internet 192.168.20.2 14 cc01.154c.0010 ARPA FastEthernet0/0

Internet 192.168.20.3 56 cc02.1714.0000 ARPA FastEthernet0/0

R20#

Using ARP for the default gateway IP 192.168.20.1, R20 has resolved the virual MAC defined by VRRP group.

TESTING

MLS failure:

In this case MLS is shutdown to simulate a router failure.

R2:

R2#
Mar 1 01:57:20.039: VRRP: Grp 10 Event – Master down timer expired

Mar 1 01:57:20.039: %VRRP-6-STATECHANGE: Fa1/0.10 Grp 10 state Backup -> Master

Mar 1 01:57:30.439: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.20.3 (FastEthernet1/0.20) is down: holding time expired

Mar 1 01:57:30.551: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.10.3 (FastEthernet1/0.10) is down: holding time expired

R2#

After the hold timer expires for VRRP group 10, MLS is considered down and R2 interface fa1/0.10 take over the Master status and become the forwarder, this is confirmed by the traffic that VLAN10 takes to reach the upstream destination:

R2#sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10
10
150 3414 Y Master
192.168.10.2
192.168.10.1

Fa1/0.20 20 200 3218 Y Master 192.168.20.2 192.168.20.1

R2#

 

R10#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.10.2 68 msec 44 msec 60 msec

2 192.168.12.1 152 msec 92 msec 92 msec

3 10.10.10.1 136 msec 92 msec 140 msec

R10#

 

R10#sh arp
Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 44 cc01.154c.0010 ARPA FastEthernet0/0

Internet 192.168.10.3 7 cc02.1714.0000 ARPA FastEthernet0/0

Internet 192.168.10.1 7 0000.5e00.010a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1714.0000 ARPA FastEthernet0/0

R10#

Note that the virtual MAC has not changed, because the operation is transparent to the clients.

Nothing changed for VLAN 20, traffic is still forwarded to R2:

R20#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.20.2 112 msec 76 msec 28 msec

2 192.168.12.1 72 msec 112 msec 64 msec

3 10.10.10.1 136 msec 44 msec 56 msec

R20#

MLS recovery:

Now MLS is back to live and because of the preempt feature it will claim its master status back, however, this is done after a configured 60 seconds, this additional time is given to the downstream Layer 2 distribution swiches to converge STP so the optimal layer 3 path is consistent with layer 2 STP path.

R2:

R2#
Mar 1 02:16:53.344: %VRRP-6-STATECHANGE: Fa1/0.10 Grp 10 state Master -> Backup

Mar 1 02:16:54.088: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.20.3 (FastEthernet1/0.20) is up: new adjacency

Mar 1 02:16:56.044: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.10.3 (FastEthernet1/0.10) is up: new adjacency

R2#

 

R2#sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1

Fa1/0.20 20 200 3218 Y Master 192.168.20.2 192.168.20.1

R2#

And VLAN10 clients again consider MLS as the default gateway:

R10#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 *

192.168.10.3 36 msec 28 msec

2 192.168.13.1 104 msec 60 msec 64 msec

3 10.10.10.1 120 msec 88 msec 64 msec

R10#

R2 upstream interface failure (tracked interface):

Let’s shut down Fa0/0 ionterface on R2 and see what will be the reaction of VRRP:

R2:

R2(config-subif)#int fa 0/0
R2(config-if)#sh

R2(config-if)#

Mar 1 02:35:30.203: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (FastEthernet0/0) is down: interface down

Mar 1 02:35:32.043: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down

Mar 1 02:35:33.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

R2(config-if)#

R2(config-if)#

R2(config-if)#

Mar 1 02:36:30.535: %VRRP-6-STATECHANGE: Fa1/0.20 Grp 20 state Master -> Backup

R2(config-if)#

 

R2(config-if)#do sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1

Fa1/0.20
20 100 3218 Y Backup 192.168.20.3 192.168.20.1

R2(config-if)#

A venality of 100 is subtracted from the interface Fa1/0.20 VRRP group 20 and after 60 sec MLS VRRP group 20 take over the master status and become the default gateway for VLAN20.

MLS:

MLS(config-if)#
*Mar 1 00:20:37.323: VRRP: Grp 20 Event – Master down timer expired

*Mar 1 00:20:37.327: %VRRP-6-STATECHANGE: Vl20 Grp 20 state Backup -> Master

MLS(config-if)#

 

MLS(config-if)#do sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Vl10 10 200 3218 Y Master 192.168.10.3 192.168.10.1

Vl20 20 150 3414 Y Backup 192.168.20.2 192.168.20.1

MLS(config-if) #

Now all VLAN20 traffic is forwarded to MLS:

R20#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.20.3 96 msec 48 msec 48 msec

2 192.168.13.1 120 msec 52 msec 132 msec

3 10.10.10.1 52 msec 60 msec 92 msec

R20#

R2 upstream interface recovery (tracked interface):

R2:

R2(config-if)#int fa0/0
R2(config-if)#no sh

 

Mar 1 03:25:50.167: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (FastEthernet0/0) is up: new adjacency

Mar 1 03:25:50.759: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

Mar 1 03:25:51.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R2(config-if)#

Mar 1 03:26:48.795: VRRP: Grp 20 Event – Master down timer expired

Mar 1 03:26:48.799: %VRRP-6-STATECHANGE: Fa1/0.20 Grp 20 state Backup -> Master

Now The tracked interface is UP so VRRP will call back the penality and R2 VRRP group 20 can claim back its mater state with a higher priority (60 sec after):

R2(config-if)#do sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1

Fa1/0.20
20 200 3218 Y
Master 192.168.20.2 192.168.20.1

R2(config-if)#

 

R3:

MLS(config-if)#do sh vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr

Vl10 10 200 3218 Y Master 192.168.10.3 192.168.10.1

Vl20
20 150 3414 Y Backup 192.168.20.2 192.168.20.1

MLS(config-if)#

R20:

R20#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.20.2 112 msec 60 msec 76 msec

2 192.168.12.1 76 msec 64 msec 72 msec

3 10.10.10.1 168 msec 184 msec 140 msec

R20# 

 

For more global picture about differences between VRRP, HSRP and GLBP take a look at the post entitled “First Hop Redundancy protocol comparison (HSRP,VRRP,GLBP)

Advertisements

MHSRP (Multiple HSRP) and Load Sharing


HSRP provides router redundancy by making one router active and the other one standby, the latter will be used when the active cannot afford traffic forwarding; however, this doesn’t allow optimal utilization of network infrastructure resources.

Multiple HSRP groups allow the use a router as standby for one group and active for another group and vice versa: the active router for one group will be the standby for the other group.

In this lab (Figure1) R2 an R3 are used for HSRP redundancy, both routers are connected to the switch SW (through trunk interfaces) that connects both VLAN10 (R10) and VLAN20 (R20) devices.

Using DHCP service, hosts within each VLAN learn the corresponding default gateway: 192.168.20.1 and 192.168.10.1 for VLAN10 (192.168.20.0/24) and VLAN20 (192.168.10.0/24) respectively. Depending on the size and the complexity of the network, this task require a particular attention to coordinate between DHCP administration and HSRP tasks like adding or deleting VLANs or change in virtual IP address.

This lab is structured as follow:

– HSRP CONFIGURATION

– Verification.

-TESTING

– R3 failure.

– R2 upstream interface failure.

– R2 upstream interface back from failure

Figure1 Topology:


HSRP Configuration

R2:

interface FastEthernet1/0.10
standby preempt

standby 10 ip 192.168.10.1

standby 10 timers msec 500 1

standby 10 priority 50

standby 10 preempt delay minimum 60

standby 10 track Ethernet0/0 60

interface FastEthernet1/0.20

standby preempt

standby 20 ip 192.168.20.1

standby 20 timers msec 500 1

standby 20 preempt delay minimum 60

standby 20 track Ethernet0/0 60

R3:

interface FastEthernet1/0.10
standby preempt

standby 10 ip 192.168.10.1

standby 10 timers msec 500 1

standby 10 preempt delay minimum 60

standby 10 track Ethernet0/0 60

interface FastEthernet1/0.20

standby preempt

standby 20 ip 192.168.20.1

standby 20 timers msec 500 1

standby 20 priority 50

standby 20 preempt delay minimum 60

standby 20 track Ethernet0/0 60

R2 will be the active gateway for VLAN 20 (default priority=100) and the standby gateway for VLAN 10 (configured priority of 50).

R3 will be the active gateway for VLAN 10 (default priority=100) and the standby gateway for VLAN 20 (configured priority of 50).

For both VLANs preempt timer is set to 60 sec to give the switch (distribution/access layer) the time for STP convergence, so the layer2 path will match layer3 path.

HSRP Hello polling time is set to 500 ms and the holdtime to 1sec

Verification:

R2:

R2#sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 50 P Standby
192.168.10.3
local
192.168.10.1

Fa1/0.20 20 100 P Active
local
192.168.20.3
192.168.20.1

R2#

R3:

R3(config)#do sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 100 P Active
local
192.168.10.2
192.168.10.1

Fa1/0.20 20 50 P Standby
192.168.20.2
local
192.168.20.1

R3(config)#

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.3 32 msec 28 msec

2 192.168.13.1 88 msec 104 msec 112 msec

3 10.10.10.1 120 msec 120 msec

R10#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 1 cc01.1744.0010 ARPA FastEthernet0/0

Internet 192.168.10.1 1 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0

R10#

VLAN10 traffic takes the path through R3 as transparently decided by HSRP.

R20:

R20#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.2 64 msec 44 msec

2 192.168.12.1 136 msec 56 msec 44 msec

3 10.10.10.1 164 msec 52 msec

R20#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 0 0000.0c07.ac14 ARPA FastEthernet0/0

Internet 192.168.20.3 0 cc02.1084.0010 ARPA FastEthernet0/0

R20#

VLAN20 traffic takes the path through R2 as transparently decided by HSRP.

Figure2: the logical topology as seen by clients

TESTING

R3 failure

The first test is to shutdown R3 router and enable “debug standby events”

R2:

Aug 26 03:51:34.808: %SYS-5-CONFIG_I: Configured from console by admin on console
Aug 26 03:51:46.944: HSRP: Fa1/0.20 Grp 20 Standby router is unknown, was 192.168.20.3

Aug 26 03:51:46.948: HSRP: Fa1/0.10 Grp 10 Standby: c/Active timer expired (192.168.10.3)

Aug 26 03:51:46.952: HSRP: Fa1/0.10 Grp 10 Active router is local, was 192.168.10.3

Aug 26 03:51:46.952: HSRP: Fa1/0.10 Grp 10 Standby router is unknown, was local

Aug 26 03:51:46.956: HSRP: Fa1/0.10 Grp 10 Standby -> Active

Aug 26 03:51:46.960: %HSRP-6-STATECHANGE: FastEthernet1/0.10 Grp 10 state Standby -> Active

Aug 26 03:51:46.964: HSRP: Fa1/0.10 Grp 10 Redundancy “hsrp-Fa1/0.10-10” state Standby -> Active

Aug 26 03:51:49.972: HSRP: Fa1/0.10 Grp 10 Redundancy group hsrp-Fa1/0.10-10 state Active -> Active

Aug 26 03:51:52.976: HSRP: Fa1/0.10 Grp 10 Redundancy group hsrp-Fa1/0.10-10 state Active -> Active

After 1 second (holdtime timer expired) R2 consider R3 down and become the Active router for VLAN10.

R2#sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 50 P Active
local
unknown
192.168.10.1

Fa1/0.20 20 100 P Active local unknown 192.168.20.1

R2#

Because the only router available in the HSRP group 10 is R2 the local, there is no “standby” router.

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.2 84 msec 28 msec 24 msec


2 192.168.12.1 124 msec 48 msec *

3 10.10.10.1 156 msec 116 msec 80 msec

R10#

R10#

R10#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 10 cc01.1744.0010 ARPA FastEthernet0/0

Internet 192.168.10.1 4 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0

R10#

Though, the virtual IP and MAC are the same from the client standpoint, the path taken has transparently changed, now it is forwarded through R2.

R20:

R20#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.2 96 msec 60 msec 60 msec

2 192.168.12.1 120 msec 96 msec 144 msec

3 10.10.10.1 92 msec 120 msec 116 msec

R20#

R20#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 6 0000.0c07.ac14 ARPA FastEthernet0/0

Internet 192.168.20.3 5 cc02.1084.0010 ARPA FastEthernet0/0

R20#

Nothing has changed for VLAN20 where it is still forwarded through the active gateway R2.

R3 back from failure

Now R3 is back to live and because preempt is configured it will try to get back its status of “Active” and send hello message to the actual active router with its priority.

R2:

Aug 26 04:01:39.688: HSRP: Fa1/0.10 Grp 10 Standby router is 192.168.10.3
Aug 26 04:01:39.700: HSRP: Fa1/0.20 Grp 20 Standby router is 192.168.20.3

Aug 26 04:02:38.183: HSRP: Fa1/0.10 Grp 10 Active: j/Coup rcvd from higher pri router (100/192.168.10.3)

Aug 26 04:02:38.187: HSRP: Fa1/0.10 Grp 10 Active router is 192.168.10.3, was local

Aug 26 04:02:38.191: HSRP: Fa1/0.10 Grp 10 Standby router is unknown, was 192.168.10.3

Aug 26 04:02:38.191: HSRP: Fa1/0.10 Grp 10 Active -> Speak

Aug 26 04:02:38.191: %HSRP-6-STATECHANGE: FastEthernet1/0.10 Grp 10 state Active -> Speak

Aug 26 04:02:38.191: HSRP: Fa1/0.10 Grp 10 Redundancy “hsrp-Fa1/0.10-10” state Active -> Speak

Aug 26 04:02:38.207: HSRP: Fa1/0.10 API MAC address update

Aug 26 04:02:38.207: HSRP: Fa1/0.20 API MAC address update

Aug 26 04:02:39.187: HSRP: Fa1/0.10 Grp 10 Speak: d/Standby timer expired (unknown)

Aug 26 04:02:39.187: HSRP: Fa1/0.10 Grp 10 Standby router is local

Aug 26 04:02:39.191: HSRP: Fa1/0.10 Grp 10 Speak -> Standby

Aug 26 04:02:39.195: HSRP: Fa1/0.10 Grp 10 Redundancy “hsrp-Fa1/0.10-10” state Speak -> Standby

R2#

R2#sh stand brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 50 P Standby
192.168.10.3
local
192.168.10.1

Fa1/0.20 20 100 P Active local 192.168.20.3 192.168.20.1

R2#

After preempt timer expiration, R3 took back the active role by winning the election with its priority of 100 as against 50 for R2.

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.3 48 msec 12 msec

2 192.168.13.1 104 msec 104 msec 128 msec

3 10.10.10.1 168 msec 56 msec 96 msec

R10#

Now VLAN traffic is back to his initial path through R3.

R2 upstream interface failure:

In this a failure of R2 upstream interface f0/0 is simulated by shutting it down.

R2:

R2(config-if)#do sh stand brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 0 P Standby 192.168.10.3 local 192.168.10.1

Fa1/0.20 20 40 P Standby
192.168.20.3
local 192.168.20.1

R2(config-if)#

After the “penality” given to R2 (priority-60) the standby router will win the election with its priority 50 and become active for VLAN20 too.

R3:

R3#sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 100 P Active
local
192.168.10.2 192.168.10.1

Fa1/0.20 20 50 P Active
local
192.168.20.2 192.168.20.1

R3#

R3 now the gateway for both VLAN10 and VLAN20.

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.3 80 msec 36 msec 32 msec

2 192.168.13.1 104 msec 40 msec 108 msec

3 10.10.10.1 184 msec 104 msec 112 msec

R10#

R10#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.1 2 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0

R10#

Note the difference between the two consecutive outputs of “trace route” command, in the first, the switch SW did not updated its ARP table and still forward VLAN 10 traffic to R2 and only the routing table is redirecting it to R3. In the second output the switch has received “Gratuitous ARP” carrying the new ARP information, so to forward VLAN 10 traffic directly to the new gateway R3.

R20:

R20#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 *

192.168.20.3 48 msec 28 msec

2 192.168.13.1 60 msec 88 msec 92 msec

3 10.10.10.1 92 msec 100 msec 124 msec

R20#

R20#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 2 0000.0c07.ac14 ARPA FastEthernet0/0

Internet 192.168.20.3 0 cc02.1084.0010 ARPA FastEthernet0/0

R20#

VLAN20 takes its usual path through R3.

R2 upstream interface back from failure:

R2 f0/0 is now back to live.

R2:

R2(config-if)#do sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 50 P Standby
192.168.10.3
local 192.168.10.1

Fa1/0.20 20 100 P Active
local
192.168.20.3 192.168.20.1

R2(config-if)#

R2 is again the active gateway for VLAN 20

R3:

R3#sh standby brief
P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0.10 10 100 P Active local
192.168.10.2 192.168.10.1

Fa1/0.20 20 50 P Standby
192.168.20.2
local 192.168.20.1

R3#

R3 is back to the standby state for VLAN 20

R10:

R10#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.3 64 msec 44 msec 48 msec

2 192.168.13.1 200 msec 88 msec 96 msec

3 10.10.10.1 140 msec 92 msec 104 msec

R10#

R10#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 42 cc01.1744.0010 ARPA FastEthernet0/0

Internet 192.168.10.3 20 cc02.1084.0010 ARPA FastEthernet0/0

Internet 192.168.10.1 2 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1084.0000 ARPA FastEthernet0/0

R10#

No changes in the VLAN 10 path.

R20:

R20#trace 10.10.10.1
Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.2 128 msec 88 msec 20 msec

2 192.168.12.1 40 msec 60 msec 96 msec

3 10.10.10.1 56 msec 120 msec 108 msec

R20#

VLAN20 is now taking the initial path through R2

R20#sh arpProtocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1084.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 4 0000.0c07.ac14 ARPA FastEthernet0/0

Internet 192.168.20.3 13 cc02.1084.0010 ARPA FastEthernet0/0

R20#

Note that from the first time HSRP has been configured and throughout all undertaken tests the gateway IP address and the MAC are the same in all VLAN client nodes, independently of who is the active or the standby router.

Gateway virtual IP 192.168.20.1

Gateway virtual MAC 0000.0c07.ac14

***

HSRP can also be deployed on Layer3 switches Virtual (SVI) or routed interfaces, for instance R3 can easily be replaced by a layer3 switch as depicted by figure2:

Figure2: using Layer3 SVI and routed interfaces

And the configuration would be as follow:

MLS:

interface FastEthernet0/1
no switchport

ip address 192.168.13.3 255.255.255.0

!

interface FastEthernet0/3

switchport trunk allowed all

switchport mode trunk

no ip address

!

interface Vlan10

ip address 192.168.10.3 255.255.255.0

standby 10 ip 192.168.10.1

standby 10 timers msec 500 1

standby 10 preempt delay minimum 60

!

interface Vlan20

ip address 192.168.20.3 255.255.255.0

standby preempt

standby 20 ip 192.168.20.1

standby 20 timers msec 500 1

standby 20 priority 50

standby 20 preempt delay minimum 60

In fact, multiple HSRP doesn’t provide a perfect load balancing, it will depend on the bandwidth produced by each VLANs, rather it provides a separate VLAN-based redundancy.

MSDP and Inter-domain multicast


So far we have seen that PIM (Protocol Independent Multicast) can perfectly satisfy the need for multicast forwarding inside a single domain or autonomous system, which is not the case with multicast applications intended to provide services outside the boundary of a single autonomous system, here comes the role of protocols such MSDP (Multicast Source Discovery Protocol).

With PIM-SM a typical multicast framework inside a single domain is composed of one or more Rendez-Vous points, multicast sources and multicast receivers. Now let’s imagine a company specialized in Video-On Demand content with receivers across Internet, with a typical multicast framework inside each AS to be as close as possible to receivers and let’s suppose that multicast sources in one AS is no more available, and we know that RP is responsible for registering sources and linking them to receivers, so what if an RP in one AS can communicate with the RP in another AS and be able to register with its sources?

Well that’s exactly what MSDP is intended for: make multicast sources available for other AS receivers by communicating this information between RP in different autonomous systems.

In this lab two simplified autonomous systems are considered AS27011 and AS27022 with an RP and multicast source, serving the same group, in each(Figure1).

Figure1: Topology

The scenario is as follow:

  • First, R22 the multicast source is sending multicast traffic 224.1.1.1 to R2 with RP2 as the rendez-vous point inside AS27022.
  • Second, R22 stop sending the multicast traffic and R1 in AS27011 start sending the same multicast group 224.1.1.1

To successfully deploy MSDP (or any other technology or protocol) it is crucial to split the work into several steps and make sure that each step is working perfectly, this will dramatically reduce the time that would be spent troubleshooting issues accumulated with each layer.

  • Basic connectivity & reachability
  • Routing protocol: BGP configuration
  • multicast configuration
  • MSDP configuration
  1. Basic connectivity & reachability

Let’s start by configuring IGP (EIGRP) to insure connectivity between devices:

R1:

router eigrp 10
network 192.168.111.0

no auto-summary

RP1:

router eigrp 10

passive-interface Ethernet0/1

network 1.1.1.3 0.0.0.0

network 172.16.0.1 0.0.0.0

network 192.168.111.0

network 192.168.221.0

no auto-summary

RP2:

router eigrp 10

passive-interface Ethernet0/1

network 1.1.1.2 0.0.0.0

network 172.16.0.2 0.0.0.0

network 192.168.221.0

network 192.168.222.0

network 192.168.223.0

no auto-summary

IGP routing information should not leak between ASs, hence the need to set interfaces between ASs as passive so only networks carried by BGP will be reachable between AS27022 and AS27011.

R22:

router eigrp 10
network 22.0.0.0

network 192.168.223.0

no auto-summary

R2:

router eigrp 10
network 192.168.222.0

no auto-summary

  1. Routing protocol: BGP configuration

     

Do not forget to advertise multicast end-point subnets through BGP (10.10.10.0/24, 22.0.0.0/24 and 192.168.40.0/24) so they can be reachable between the two autonomous systems.

R1:

router bgp 27011
no synchronization

bgp log-neighbor-changes

network 10.10.10.0 mask 255.255.255.0

neighbor 192.168.111.11 remote-as 27011

no auto-summary

RP1:

router bgp 27011
no synchronization

bgp log-neighbor-changes

neighbor 1.1.1.2 remote-as 27022

neighbor 1.1.1.2 ebgp-multihop 2

neighbor 1.1.1.2 update-source Loopback0

neighbor 192.168.111.1 remote-as 27011

no auto-summary

ip route 1.1.1.2 255.255.255.255 192.168.221.22

RP2:

router bgp 27022
no synchronization

bgp log-neighbor-changes

neighbor 1.1.1.3 remote-as 27011

neighbor 1.1.1.3 ebgp-multihop 2

neighbor 1.1.1.3 update-source Loopback0

neighbor 192.168.222.2 remote-as 27022

neighbor 192.168.222.2 route-reflector-client

neighbor 192.168.223.33 remote-as 27022

neighbor 192.168.223.33 route-reflector-client

no auto-summary

ip route 1.1.1.3 255.255.255.255 192.168.221.11

eBGP is configured between loopback interfaces to match MSDP peer relationship, therefore static routes are added in both sides to reach those loopback interfaces.

R22:

router bgp 27022
no synchronization

network 22.0.0.0 mask 255.255.255.0

neighbor 192.168.223.22 remote-as 27022

no auto-summary

R2:

router bgp 27022
no synchronization

network 192.168.40.0

neighbor 192.168.222.22 remote-as 27022

no auto-summary

There is three methods to configure iBGP in AS 27022:

– enable BGP only on the border router RP2 and redistribute needed subnets into BGP (not straightforward).

– configure full mesh iBGP (not consistent with the phyisical topology which is linear).

– configure RP1 as Route reflector.

let’s retain the last option the most optimal in the current situation, whenever this option is possible you better start by considering it to allow more flexibility for future growth of your network, otherwise when things become more complicated you will have to reconfigure BGP from the scratch to use Route Reflector.

Monitoring:

R2:

R2#sh ip bgp
BGP table version is 10, local router ID is 1.1.1.4

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*>i10.10.10.0/24 192.168.221.11 0 100 0 27011 i

*>i22.0.0.0/24 192.168.223.33 0 100 0 i

*> 192.168.40.0 0.0.0.0 0 32768 i

R2#

R22:

R22(config-router)#do sh ip bgp
BGP table version is 8, local router ID is 22.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*>i10.10.10.0/24 192.168.221.11 0 100 0 27011 i

*> 22.0.0.0/24 0.0.0.0 0 32768 i

*>i192.168.40.0 192.168.222.2 0 100 0 i

R22(config-router)#

R1:

R1#sh ip bgp
BGP table version is 10, local router ID is 192.168.111.1

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.10.10.0/24 0.0.0.0 0 32768 i

*>i22.0.0.0/24 192.168.221.22 0 100 0 27022 i

*>i192.168.40.0 192.168.221.22 0 100 0 27022 i

R1#

  1. multicast configuration

R1:

ip multicast-routing
interface Ethernet0/0

ip pim sparse-dense-mode

interface Serial1/0

ip pim sparse-dense-mode

RP1:

ip multicast-routing
interface Loopback1

ip pim sparse-dense-mode

interface Ethernet0/1

ip pim sparse-dense-mode

ip pim send-rp-announce Loopback1 scope 64

ip pim send-rp-discovery scope 64

RP1 router is configured as the RP and mapping agent for the AS27011

RP2:

interface Loopback0
ip pim sparse-dense-mode

interface Ethernet0/1

ip pim sparse-dense-mode

interface Ethernet0/2

ip pim sparse-dense-mode

ip pim send-rp-announce Loopback1 scope 64

ip pim send-rp-discovery scope 64

RP2 router is configured as the RP and mapping agent for the AS27022

R2:

interface Ethernet0/0
ip pim sparse-dense-mode


ip igmp join-group 224.1.1.1

interface Serial1/0

ip pim sparse-dense-mode

Auto-RP is chosen to advertise RP information throughout all interfaces where PIM sparse-dense mode is enabled… including through the link between autonomous systems, this mean that group-to-RP mapping information will be advertised to other ASs PIM routers which can lead to confusion and the result is that a PIM router in one AS will receive information from its local RP telling that it is the RP responsible for a number of groups as well information from external RP announcing their information:

R2#
*Mar 1 02:58:01.315: Auto-RP(0): Received RP-discovery, from 192.168.221.11, RP_cnt 1, ht 181

*Mar 1 02:58:01.319: Auto-RP(0): Update (224.0.0.0/4, RP:172.16.0.1), PIMv2 v1

R2#

RP2(config-if)#

*Mar 1 02:44:05.615: %PIM-6-INVALID_RP_JOIN: Received (*, 224.1.1.1) Join from 0.0.0.0 for invalid RP 172.16.0.1

RP2(config-if)#

And this is not the kind of cooperation intended by MSDP, MSDP allow RPs on one AS to contact multicast sources in other AS, but still responsible for multicast forwarding inside its AS.

The solution is to block service groups 224.0.1.39 and 224.0.1.40 between the two ASs using multicast boundary filtering:

RP1:

access-list 10 deny
224.0.1.39
access-list 10 deny
224.0.1.40

access-list 10 permit any

interface Ethernet0/1


ip multicast boundary 10

RP2:

access-list 10 deny
224.0.1.39
access-list 10 deny
224.0.1.40

access-list 10 permit any

interface Ethernet0/1


ip multicast boundary 10

Multicast monitoring inside AS:

RP2(config)#
*Mar 1 03:26:17.731: Auto-RP(0): Build RP-Announce for
172.16.0.2, PIMv2/v1, ttl 64, ht 181

*Mar 1 03:26:17.735: Auto-RP(0): Build announce entry for (224.0.0.0/4)

*Mar 1 03:26:17.739: Auto-RP(0): Send RP-Announce packet on Ethernet0/2

*Mar 1 03:26:17.743: Auto-RP(0): Send RP-Announce packet on
Serial1/0

*Mar 1 03:26:17.747: Auto-RP: Send RP-Announce packet on Loopback1

*Mar 1 03:26:17.747: Auto-RP(0): Received RP-announce, from 172.16.0.2, RP_cnt 1, ht 181

*Mar 1 03:26:17.751: Auto-RP(0): Added with (224.0.0.0/4, RP:172.16.0.2), PIMv2 v1

*Mar 1 03:26:17.783: Auto-RP(0): Build RP-Discovery packet

RP2(config)#

RP2(config)#

*Mar 1 03:26:17.783: Auto-RP: Build mapping (224.0.0.0/4, RP:172.16.0.2), PIMv2 v1,

*Mar 1 03:26:17.791: Auto-RP(0): Send RP-discovery packet on Ethernet0/2 (1 RP entries)

*Mar 1 03:26:17.799: Auto-RP(0): Send RP-discovery packet on Serial1/0 (1 RP entries)

RP2(config)#

RP2 the RP forAS27022 is properly announcing itself to the mapping agent (the same router) which in turn properly announcing RP to local PIM routers R22 and R2:

R22:
R22#

*Mar 1 03:26:24.339: Auto-RP(0): Received RP-discovery, from 192.168.223.22, RP_cnt 1, ht 181

*Mar 1 03:26:24.347: Auto-RP(0): Added with (224.0.0.0/4, RP:172.16.0.2), PIMv2 v1

R22#

R22#sh ip pim rp mapp

PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4


RP 172.16.0.2 (?), v2v1

Info source: 192.168.223.22 (?), elected via Auto-RP

Uptime: 00:04:16, expires: 00:02:41

R22#

R2:
R2#

*Mar 1 03:27:14.175: Auto-RP(0): Received RP-discovery, from 192.168.222.22, RP_cnt 1, ht 181

*Mar 1 03:27:14.179: Auto-RP(0): Update (224.0.0.0/4, RP:172.16.0.2), PIMv2 v1

R2#

R2#sh ip pim rp mapp

PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4


RP 172.16.0.2 (?), v2v1

Info source: 192.168.222.22 (?), elected via Auto-RP

Uptime: 00:09:22, expires: 00:02:37

R2#

  1. MSDP configuration

RP1:

ip msdp peer 1.1.1.2 connect-source Loopback0

RP2:

ip msdp peer 1.1.1.3 connect-source Loopback0

interface loo0 doesn’t need PIM to be enabled on it.

The MSDP peer ID have to match eBGP peer ID

RP1:

RP1#sh ip msdp summ
MSDP Peer Status Summary

Peer Address AS State Uptime/ Reset SA Peer Name

Downtime Count Count

1.1.1.2
27022 Up 01:14:58 0 0 ?

RP1#

RP1(config)#do sh ip bgp summ

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

1.1.1.2 4 27022 79 79 4 0 0 01:15:46 2

192.168.111.1 4 27011 80 80 4 0 0 01:16:03 1

RP1#

RP2:

RP2#sh ip msdp sum
MSDP Peer Status Summary

Peer Address AS State Uptime/ Reset SA Peer Name

Downtime Count Count

1.1.1.3
27011 Up 01:15:48 0 2 ?

RP2#

RP2(config)#

RP2(config)#do sh ip bgp sum

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

1.1.1.3 4 27011 80 80 4 0 0 01:16:33 1

192.168.222.2 4 27022 81 82 4 0 0 01:16:43 1

192.168.223.33 4 27022 81 82 4 0 0 01:16:44 1

RP2#

R22#ping
Protocol [ip]:

Target IP address: 224.1.1.1

Repeat count [1]: 1000000

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Interface [All]: Ethernet0/0

Time to live [255]:

Source address: Loopback2

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 1000000, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 22.0.0.1

Reply to request 0 from 192.168.222.2, 216 ms

Reply to request 1 from 192.168.222.2, 200 ms

Reply to request 2 from 192.168.222.2, 152 ms

Reply to request 3 from 192.168.222.2, 136 ms

Reply to request 4 from 192.168.222.2, 200 ms

Reply to request 5 from 192.168.222.2, 216 ms

After generating a multicast routing from R22 loo2 interface to the group 224.1.1.1 you can note from the result of the previous extended ping that R2 is responding to it.

RP2#sh ip mroute 224.1.1.1
IP Multicast Routing Table

Flags: D – Dense, S – Sparse, B – Bidir Group, s – SSM Group, C – Connected,

L – Local, P – Pruned, R – RP-bit set, F – Register flag,

T – SPT-bit set, J – Join SPT, M – MSDP created entry,

X – Proxy Join Timer Running, A – Candidate for MSDP Advertisement,

U – URD, I – Received Source Specific Host Report,

Z – Multicast Tunnel, z – MDT-data group sender,

Y – Joined MDT-data group, y – Sending to MDT-data group

Outgoing interface flags: H – Hardware switched, A – Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.1.1.1), 00:17:35/00:02:38, RP 172.16.0.2, flags: S

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:


Serial1/0, Forward/Sparse-Dense, 00:17:35/00:02:38

(22.0.0.1, 224.1.1.1), 00:05:57/00:03:28, flags: T


Incoming interface: Ethernet0/2, RPF nbr 192.168.223.33

Outgoing interface list:


Serial1/0, Forward/Sparse-Dense, 00:05:57/00:03:28

RP2#

RP on AS27022 has already built the shared tree with the receiver (*, 224.1.1.1) and registered for the source tree with PIM-DR sending router (22.0.0.1, 224.1.1.1).

Note that the RPF interface that is used to reach the source 22.0.0.1 is e0/2

Now let’s suppose that for some reasons the source R22 stopped sending the multicast group to 224.1.1.1 and in the neighbor AS 27022 a source begin to send multicast traffic to the same group.

RP2#*Mar 1 01:32:42.051: MSDP(0): Received 32-byte TCP segment from 1.1.1.3

*Mar 1 01:32:42.055: MSDP(0): Append 32 bytes to 0-byte msg 102
from 1.1.1.3, qs 1

RP2#

RP2 msdp has received SA message from the MSDP peer at RP1 to inform it about its local source, the group and RP as show in the following output:

RP2#sh ip msdp saMSDP Source-Active Cache – 2 entries

(10.10.10.3, 224.1.1.1), RP 172.16.0.1, BGP/AS 0, 00:26:31/00:05:46, Peer 1.1.1.3

(192.168.111.1, 224.1.1.1), RP 172.16.0.1, BGP/AS 0, 00:26:31/00:05:46, Peer 1.1.1.3

RP2#

RP2#sh ip mroute 224.1.1.1
IP Multicast Routing Table

Flags: D – Dense, S – Sparse, B – Bidir Group, s – SSM Group, C – Connected,

L – Local, P – Pruned, R – RP-bit set, F – Register flag,

T – SPT-bit set, J – Join SPT, M – MSDP created entry,

X – Proxy Join Timer Running, A – Candidate for MSDP Advertisement,

U – URD, I – Received Source Specific Host Report,

Z – Multicast Tunnel, z – MDT-data group sender,

Y – Joined MDT-data group, y – Sending to MDT-data group

Outgoing interface flags: H – Hardware switched, A – Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.1.1.1), 01:34:23/00:03:25, RP 172.16.0.2, flags: S

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

Serial1/0, Forward/Sparse-Dense, 01:34:23/00:03:25

(10.10.10.3, 224.1.1.1), 00:30:13/00:03:21, flags: MT


Incoming interface: Ethernet0/1, RPF nbr 192.168.221.11

Outgoing interface list:


Serial1/0, Forward/Sparse-Dense, 00:30:13/00:03:25

(192.168.111.1, 224.1.1.1), 00:30:13/00:03:21, flags:

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

Serial1/0, Forward/Sparse-Dense, 00:30:13/00:03:24

RP2#

Note the new entry for the group 224.1.1.1 which is (10.10.10.3, 224.1.1.1) flagged as “M” for MSDP created entry and “T” telling that packets has been received on this SPT.

The incoming interface connect the RPF neighbor RP2 towards the source 10.10.10.3 and the outgoing interface send traffic to R2.

RP1#sh ip mroute 224.1.1.1
IP Multicast Routing Table

Flags: D – Dense, S – Sparse, B – Bidir Group, s – SSM Group, C – Connected,

L – Local, P – Pruned, R – RP-bit set, F – Register flag,

T – SPT-bit set, J – Join SPT, M – MSDP created entry,

X – Proxy Join Timer Running, A – Candidate for MSDP Advertisement,

U – URD, I – Received Source Specific Host Report,

Z – Multicast Tunnel, z – MDT-data group sender,

Y – Joined MDT-data group, y – Sending to MDT-data group

Outgoing interface flags: H – Hardware switched, A – Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.1.1.1), 00:34:29/stopped, RP 172.16.0.1, flags: SP

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list: Null

(10.10.10.3, 224.1.1.1), 00:31:27/00:02:25, flags: TA


Incoming interface: Serial1/0, RPF nbr 192.168.111.1

Outgoing interface list:


Ethernet0/1, Forward/Sparse-Dense, 00:30:31/00:02:50

(192.168.111.1, 224.1.1.1), 00:34:29/00:02:55, flags: PTA

Incoming interface: Serial1/0, RPF nbr 0.0.0.0

Outgoing interface list: Null

RP1#

RP1#

the entry (10.10.10.3, 224.1.1.1) has serial1/0 as incoming interface connected to the RPF neighbor which is the source R1 and forward the traffic to AS27022 to RP2.

“T” for packets has been received on this entry and the RP (MSDP) consider this SPT to be a candidate for MSDP advertisement to other AS.

HSRP (Hot Standby Routing Protocol)


HSRP concept :

 – HSRP provide redundancy for gateway router, when the active router goes down or one of its critical connections, another router can replace it.

– Using HSRP on an interface automatically disable ICMP redirect.

– Routers participating in the HSRP architecture exchanges information about routers statuses in hello messages every “hello time” (3 seconds by default).

– The router with the highest standby priority will be selected as the active router and will handle traffic related with the virtual ip and MAC.

– If the active router stop sending hello messages for 3* hello time (10 seconds by default) the router with next highest priority will become active.

– The virtual MAC address is generated automatically using the vendor code and the HSRP group.

– With MHSRP a router can be active for one group and standby for another group:

– A router (layer3 switch) can be active for one VLAN and standby for another VLAN.

– These features can be used to provide load balancing of traffic between routers.

 

Figure1: HSRP status transitions

  • Not only inbound interface status (up/down) participates in the HSRP process, but other critical interfaces too like outbound.
  • If outbound interface goes down the priority of the router is decreased by a configured number (priority) to let specific routers in the group or in the VLAN to become active.

 

Figure 2: Topology


CONFIGURATION

R2:

interface FastEthernet1/0

ip address 192.168.40.2 255.255.255.0

standby 40 ip 192.168.40.1

standby 40 preempt

standby 40 track Ethernet0/0 60

R3:

interface FastEthernet1/0

ip address 192.168.40.3 255.255.255.0

standby 40 ip 192.168.40.1

standby 40 priority 50 

 

Figure 3: Topology as seen by hosts in the access layer

 


 

Verification

R3:

R3#sh standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0
40
50
Standby
192.168.40.2
local
192.168.40.1

R3#sh standby

FastEthernet1/0Group 40


State is Standby

4 state changes, last state change 00:23:58


Virtual IP address is 192.168.40.1


Active virtual MAC address is 0000.0c07.ac28


Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.216 secs


Preemption disabled


Active router is 192.168.40.2, priority 100 (expires in 7.192 sec)


Standby router is local


Priority 50 (configured 50)

IP redundancy name is “hsrp-Fa1/0-40” (default)

R3# 

R2:

R2#sh standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0
40
100
P
Active
local
192.168.40.3
192.168.40.1

R2#sh standby

FastEthernet1/0Group 40


State is Active

1 state change, last state change 00:26:03


Virtual IP address is 192.168.40.1


Active virtual MAC address is 0000.0c07.ac28


Local
virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.196 secs


Preemption enabled


Active router is local


Standby router is 192.168.40.3, priority 50 (expires in 7.252 sec)


Priority 100 (default 100)


Track interface Ethernet0/0 state Up decrement 60

IP redundancy name is “hsrp-Fa1/0-40” (default)

R2# 

 Client host:

C:\>ipconfig

 

Windows IP Configuration

 

 

Ethernet adapter Gig:

 

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.40.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0


Default Gateway . . . . . . . . . : 192.168.40.1

C:\> 

The host in the LAN in configured with the HSRP virtual IP address as the default gateway, let’s ping it and see what MAC address is assigned to it:

C:\>ping 192.168.40.1

 

Pinging 192.168.40.1 with 32 bytes of data:

 

Reply from 192.168.40.1: bytes=32 time=71ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=36ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

 

Ping statistics for 192.168.40.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 71ms, Average = 46ms

 

C:\>arp -a

 

Interface: 192.168.40.104 — 0x3

Internet Address Physical Address Type


192.168.40.1
00-00-0c-07-ac-28
dynamic

 

C:\> 

Note that the default gateway MAC address matches the one of the virtual gateway from the previous routers outputs about HSRP information.

00-00-0c-07-ac is assigned by default and 28 in hexadecimal is the representation of the group 40 in decimal.

With trace route from the host you can note the path taken by the traffic to reach the host 10.10.10.1

C:\>tracert 10.10.10.1

 

Tracing route to 10.10.10.1 over a maximum of 30 hops

 

1 36 ms 32 ms 42 ms 192.168.40.2

2 51 ms 74 ms 77 ms 192.168.12.1

3 125 ms 62 ms 61 ms 10.10.10.1

 

Trace complete.

 

C:\> 

the traffic transparently took R2 as the default gateway because it is the active router in the HSRP group 40.

 

TESTING

In this second part let’s simulate two types of failure:

– R2 failure, by completely shutting down R2.

– R2 upstream interface e0/0.

 

1- R2 failure, by completely shutting down R2

 

To see how HSRP works we enabled “debug standby events” along with a non-stop ping from the LAN host.

C:\>ping -t 192.168.40.1

 

Pinging 192.168.40.1 with 32 bytes of data:

 

Reply from 192.168.40.1: bytes=32 time=39ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=20ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Request timed out.

Request timed out.

Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=62ms TTL=255

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=16ms TTL=255

 

Ping statistics for 192.168.40.1:

Packets: Sent = 13, Received = 11, Lost = 2 (15% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 63ms, Average = 42ms

Control-C

^C

C:\> 

Note that the two lines of request timeout correspond to the default standby timeout of 10 seconds with the convergence time of the routing protocol in place.

Now we can verify the new path taken:

C:\>tracert 10.10.10.1

 

Tracing route to 10.10.10.1 over a maximum of 30 hops

 

1 19 ms 46 ms 35 ms 192.168.40.3

2 51 ms 73 ms 62 ms 192.168.13.1

3 406 ms 79 ms 60 ms 10.10.10.1

 

Trace complete.

 

C:\> 

Even though the default gateway IP and MAC addresses are still the same, the Traffic path to 10.10.10.1 now has changed and niow forwarded through R3.

C:\>arp -a

 

Interface: 192.168.40.104 — 0x3

Internet Address Physical Address Type


192.168.40.1
00-00-0c-07-ac-28
dynamic

 

Interface: 192.168.45.104 — 0x5

Internet Address Physical Address Type

192.168.45.1 00-0e-a6-49-ea-ba dynamic

 

C:\> 

here is the result of debugging:

Mar 1 00:03:21.320: %SYS-5-CONFIG_I: Configured from console by admin on console

Mar 1 00:03:57.763: HSRP: Fa1/0 Grp 40 Standby: c/Active timer expired (192.168.40.2)

!!!!First the holddown timer of 3x3sec expired!!!!

Mar 1 00:03:57.767: HSRP: Fa1/0 Grp 40 Active router is local, was
192.168.40.2

Mar 1 00:03:57.771: HSRP: Fa1/0 Grp 40 Standby router is unknown, was
local

Mar 1 00:03:57.771: HSRP: Fa1/0 Grp 40 Standby -> Active

Mar 1 00:03:57.775: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Standby -> Active

Mar 1 00:03:57.779: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Standby -> Active

Mar 1 00:04:00.787: HSRP: Fa1/0 Grp 40 Redundancy group hsrp-Fa1/0-40 state Active -> Active

Mar 1 00:04:03.623: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.40.2 (FastEthernet1/0) is down: holding time expired

Mar 1 00:04:03.791: HSRP: Fa1/0 Grp 40 Redundancy group hsrp-Fa1/0-40 state Active -> Active

 The interface F1/0 immediately take over and change from standby to active:

R3:

R3#sh standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0
40
50
Active
local
unknown
192.168.40.1

R3#sh standby

FastEthernet1/0 – Group 40


State is Active

2 state changes, last state change 00:10:10


Virtual IP address is 192.168.40.1


Active virtual MAC address is 0000.0c07.ac28


Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.684 secs

Preemption disabled


Active router is local


Standby router is unknown


Priority 50 (configured 50)

IP redundancy name is “hsrp-Fa1/0-40” (default)

R3# 

Finally R2 is back to production:

C:\>ping -t 192.168.40.1

 

Pinging 192.168.40.1 with 32 bytes of data:

 

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=33ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=98ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=28ms TTL=255

Reply from 192.168.40.1: bytes=32 time=29ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=16ms TTL=255

Request timed out.

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=3ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=20ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

 

Ping statistics for 192.168.40.1:

Packets: Sent = 94, Received = 93, Lost = 1 (1% loss),

Approximate round trip times in milli-seconds:

Minimum = 3ms, Maximum = 98ms, Average = 35ms

Control-C

^C

C:\> 

 

C:\>tracert 10.10.10.1

 

Tracing route to 10.10.10.1 over a maximum of 30 hops

 

1 24 ms 13 ms 48 ms 192.168.40.2

2 47 ms 62 ms 81 ms 192.168.12.1

3 114 ms 57 ms 62 ms 10.10.10.1

 

Trace complete.

 

C:\> 

Note that the network took less than the first time to converge and change the path trough R2 again because there is no timers, only hello exchanged and the decision is immediately taken to give the active state back to R2, this is confirmed by the following debug output from R3:

Mar 1 00:17:55.918: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.40.2 (FastEthernet1/0) is up: new adjacency

Mar 1 00:18:12.870: HSRP: Fa1/0 Grp 40 Active: j/Coup rcvd from higher pri router (100/192.168.40.2)

Mar 1 00:18:12.874: HSRP: Fa1/0 Grp 40 Active router is 192.168.40.2, was local

Mar 1 00:18:12.878: HSRP: Fa1/0 Grp 40 Active -> Speak

Mar 1 00:18:12.878: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Active -> Speak

Mar 1 00:18:12.882: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Active -> Speak

Mar 1 00:18:12.898: HSRP: Fa1/0 API MAC address update

Mar 1 00:18:22.874: HSRP: Fa1/0 Grp 40 Speak: d/Standby timer expired (unknown)

Mar 1 00:18:22.878: HSRP: Fa1/0 Grp 40 Standby router is local

Mar 1 00:18:22.878: HSRP: Fa1/0 Grp 40 Speak -> Standby

Mar 1 00:18:22.878: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Speak -> Standby

R3# 

After receiving hello from R2 telling that it has better priority R3 switch to the “Active” state to actively participate in the election, and the result is to go back to standby state.

2- R2 upstream interface e0/0.

First we shutdown the outgoing interface on R2 and inspect the behavior of HSRP:

R2:

R2(config-if)#int e0/0

R2(config-if)#sh

R2(config-if)#

Mar 1 00:19:43.280: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (Ethernet0/0) is down: interface down

Mar 1 00:19:45.180: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down

Mar 1 00:19:46.180: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down

Mar 1 00:20:43.641: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Active -> Speak

R3:

Aug 23 14:07:35.410: %SYS-5-CONFIG_I: Configured from console by admin on console

Aug 23 14:07:54.297: HSRP: Fa1/0 Grp 40 Standby: h/Hello rcvd from lower pri Active router (40/192.168.40.2)

Aug 23 14:07:54.301: HSRP: Fa1/0 Grp 40 Starting minimum preempt delay (60 secs)

Aug 23 14:08:54.341: HSRP: Fa1/0 Grp 40 Minimum preempt delay expired

Aug 23 14:08:54.345: HSRP: Fa1/0 Grp 40 Active router is local, was 192.168.40.2

Aug 23 14:08:54.349: HSRP: Fa1/0 Grp 40 Standby router is unknown, was local

Aug 23 14:08:54.353: HSRP: Fa1/0 Grp 40 Standby -> Active

Aug 23 14:08:54.353: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Standby -> Active

Aug 23 14:08:54.357: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Standby -> Active

Aug 23 14:08:54.457: HSRP: Fa1/0 Grp 40 Active: i/Resign rcvd (40/192.168.40.2)

Aug 23 14:08:55.424: HSRP: Fa1/0 Grp 40 Standby router is 192.168.40.2

Aug 23 14:08:57.459: HSRP: Fa1/0 Grp 40 Redundancy group hsrp-Fa1/0-40 state Active -> Active

Aug 23 14:09:00.462: HSRP: Fa1/0 Grp 40 Redundancy group hsrp-Fa1/0-40 state Active -> Active

R3# 

 

R3#sh standby

FastEthernet1/0 – Group 40


State is Active

29 state changes, last state change 00:00:28

Virtual IP address is 192.168.40.1

Active virtual MAC address is 0000.0c07.ac28

Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 500 msec, hold time 1 sec

Next hello sent in 0.096 secs

Preemption enabled, delay min 60 secs

Active router is local


Standby router is 192.168.40.2, priority 40 (expires in 0.568 sec)


Priority 50 (configured 50)

IP redundancy name is “hsrp-Fa1/0-40” (default)

R3# 

 

C:\>ping -t 192.168.40.1

 

Pinging 192.168.40.1 with 32 bytes of data:

 


Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=16ms TTL=255

Reply from 192.168.40.1: bytes=32 time=32ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Request timed out.

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=47ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=63ms TTL=255

Reply from 192.168.40.1: bytes=32 time=31ms TTL=255

Reply from 192.168.40.1: bytes=32 time=16ms TTL=255


 

Ping statistics for 192.168.40.1:

Packets: Sent = 30, Received = 29, Lost = 1 (3% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 63ms, Average = 33ms

Control-C

^C

C:\> 

Second we activate back the outgoing interface on R2 and inspect the behavior of HSRP:

R2:

R2(config-if)#int e0/0

R2(config-if)#no sh

R2(config-if)#

Mar 1 00:23:56.542: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

Mar 1 00:23:57.542: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up

Mar 1 00:23:57.834: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (Ethernet0/0) is up: new adjacency

Mar 1 00:24:55.263: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Standby -> Active

R3:

Aug 23 14:12:02.005: HSRP: Fa1/0 API arp for proto, 192.168.40.1 is active vIP

Aug 23 14:13:06.062: HSRP: Fa1/0 Grp 40 Active: j/Coup rcvd from higher pri router (100/192.168.40.2)

Aug 23 14:13:06.066: HSRP: Fa1/0 Grp 40 Active router is 192.168.40.2, was local

Aug 23 14:13:06.070: HSRP: Fa1/0 Grp 40 Standby router is unknown, was 192.168.40.2

Aug 23 14:13:06.074: HSRP: Fa1/0 Grp 40 Active -> Speak

Aug 23 14:13:06.074: %HSRP-6-STATECHANGE: FastEthernet1/0 Grp 40 state Active -> Speak

Aug 23 14:13:06.078: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Active -> Speak

Aug 23 14:13:06.086: HSRP: Fa1/0 API MAC address update

Aug 23 14:13:07.066: HSRP: Fa1/0 Grp 40 Speak: d/Standby timer expired (unknown)

Aug 23 14:13:07.066: HSRP: Fa1/0 Grp 40 Standby router is local

Aug 23 14:13:07.070: HSRP: Fa1/0 Grp 40 Speak -> Standby

Aug 23 14:13:07.074: HSRP: Fa1/0 Grp 40 Redundancy “hsrp-Fa1/0-40” state Speak -> Standby

R3# 

 

R3#sh standby

FastEthernet1/0 – Group 40


State is Standby

31 state changes, last state change 00:00:23

Virtual IP address is 192.168.40.1

Active virtual MAC address is 0000.0c07.ac28

Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 500 msec, hold time 1 sec

Next hello sent in 0.072 secs

Preemption enabled, delay min 60 secs


Active router is 192.168.40.2, priority 100 (expires in 0.488 sec)


Standby router is local


Priority 50 (configured 50)

IP redundancy name is “hsrp-Fa1/0-40” (default)

R3# 

Figure 4 depicts captured traffic from the LAN between the two routers which shows HSRP traffic (Hello messages) between R2 and R3.

 

Figure 4: HSRP traffic

You can note “gratuitous ARP” packets sent by the virtual router to inform the switch about IP changes.

First Hop Redundancy protocol comparison (HSRP,VRRP,GLBP)


Protocol
Features

HSRP

(Hot Standby Router protocol)

VRRP

(Virtual Redundancy Router Protocol)

GLBP

(Gateway Load Balancing Protocol)

Router role – 1 active router.- 1 standby router.- 1 or more listening routers. – 1 master router.- 1 or more backup routers. – 1 AVG (Active Virtual Gateway).- up to 4 AVF routers on the group (Active Virtual Forwarder) passing traffic.- up to 1024 virtual routers (GLBP groups) per physical interface.
– Use virtual ip address. – Can use real router ip address, if not, the one with highest priority become master. – Use virtual ip address.
Scope Cisco proprietary IEEE standard Cisco proprietary
Election Active Router:
1-Highest Priority
2-Highest IP (tiebreaker)
Master Router: (*)
1-Highest Priority
2-Highest IP (tiebreaker)
Active Virtual Gateway:
1-Highest Priority
2-Highest IP (tiebreaker)
Optimization features Tracking

yes

yes

yes

Preempt

yes

yes

yes

Timer adjustments

yes

yes

yes

Traffic type 224.0.0.2 – udp 1985 (version1)
224.0.0.102-udp 1985 (version2)
224.0.0.18 – IP 112 224.0.0.102 udp 3222
Timers Hello – 3 seconds Advertisement – 1 second Hello – 3 seconds
(Hold) 10 seconds (Master Down Interval)3 * Advertisement + skew time (Hold) 10 seconds
(Skew time)(256-priority) / 256
Load-balancing functionality – Multiple HSRP group per interface/SVI/routed int. – Multiple VRRP group per interface/SVI/routed int. Load-balancing oriented- Weighted algorithm.- Host-dependent algorithm.

– Round-Robin algorithm (default).

Requires appropriate distribution of Virtual GW IP per Clients for optimal load-balancing.(generally through DHCP) Requires appropriate distribution of Virtual GW IP per Clients for optimal load-balancing.(generally through DHCP) Clients are transparently updated with virtual MAC according to load-balancing algorithm through ARP requesting a unique virtual gateway.

* If the group VRRP Virtual IP on the master (higher priority) is the real IP configured on a different VRRP (Backup with lower priority) IOS will manage to make the VRRP router with the real IP, the master, by setting its priority to 255, knowing that the configurable range is [1-254].

%d bloggers like this: