Sunday, July 6, 2014

High Availability-HSRP, VRRP, GLBP

For this post, I'm going to provide a brief overview of each of the first hop redundancy protocols covered in CCNP Switch.

Hot Standby Router Protocol (HSRP)- Cisco proprietary.  Active/Standby design.  There is 1 active router, 1 standby router, and any other routers in the group are "other routers" in the listening state.  The set of routers are called the Virtual Router, which represents a shared IP and MAC address, which is used by the endpoints as the default gateway.  Virtual MAC format: 0000.0c07.acxx .  xx represents the HSRP group number.  HSRP requires layer 2 connectivity between routers.

16 max HSRP groups

HSRP Packet Flow: Workstation uses ARP to resolve MAC for default gateway.  Active router responds to ARP and replies with virtual MAC.  In the event of failure, hosts do not need to update their ARP cache, as the standby router when it transitions to the active state, sends a gratuitous ARP reply to a broadcast MAC destination address, for the virtual IP address to force a CAM table update on the L2 switches, so L2 forwarding correctly points to the new active HSRP router.

HSRP States

Initial-Starting state, entered when an interface comes up or a configuration change occurs
Listen-Router is aware of the virtual IP, but is not active or standby.  Listens for hello messages
Speak-Sends hello messages and participates in election of active and standby routers.
Standby-Ready to become the active router should active router fail.  Sends hello messages.  Max 1 standby router per group.
Active-Actively forwards packets sent to the HSRP virtual mac address.  Sends hello messages. Max 1 active router per group.

HSRP Timers

Hello time- 3 seconds
Hold time - 10 seconds
Both timers are configurable.  Active HSRP router will advertise timers, advertised timers from the active router will take higher precedence then statically configured values.
HSRP hello packets are sent to multicast destination IP 224.0.0.2

HSRP Priority
Ranges from 0-255, default value 100
Router with the highest priority becomes the active router during an election.  In the event of a tie, the router with the highest IP address wins the election.

HSRP Preemption
Enabling preemption allows a standby router with a higher priority to take over an active router's role as the active router for the HSRP group.  Preemption is disabled by default

HSRP Tracking
Allows the priority of a HSRP router to be adjusted automatically based on tracked interface or object availability. If a tracked interface drops, the priority can be decremented to a configured value to be lower then the current active router, allowing the standby to take over. Note that preemption needs to be configured for this work properly.  Tracking can be coupled with IP SLA.

HSRP Caveats- Ensure HSRP active router is also the root STP bridge for the associated VLAN.  Ensure HSRP timers match across all routers in an associated HSRP group.  Ensure a L2 connection exists amongst HSRP routers. Timers configured on the active HSRP router are advertised to other members of the group and override manually configured timer values.

Virtual Router Redundancy Protocol (VRRP)
Essentially IEEE compatible version of HSRP, with some different features.  One router is active, and handles all traffic forwarding directed to the virtual IP address.  This router is called the master router.  Any other routers in the VRRP group are called backup routers.  Compared to HSRP, a real router's IP address can be assigned as the virtual IP address for the VRRP group.  If the real address is used, the router using this IP becomes the master address.  If a virtual IP is used, master is elected based on highest priority.

255 max VRRP groups

VRRP Packet Flow: Same as HSRP.

VRRP States:
Initialize
Backup-Backup VRRP routers do not sent advertisements, compared to HSRP.  Instead, they continue to listen for master advertisements.  If the master advertisements stop and the master down interval is exceeded, master state transition begins.
Master-While in the master state, the router actively forwards frames sent to the virtual IP and sends advertisements once every second, by default.

VRRP Timers:
Three timers are used:
The advertisement timer-default 1 second
The master down interval.  This is calculated via 3 * advertistement interval + skew time
The skew time.  Calculated 256 - priority / 256.  The skew timer ensures the router with the higher priority becomes the next VRRP master.
Only the VRRP group master sends advertisements, and it sends it by default every second to multicast address 224.0.0.18.

VRRP Priority:
Priority is configurable from 1-254, with 100 being the default priority.  0 is a special value used in the event of a master router powering down in a controlled manner to inform backup routers that it is going down.  In the event of a tie, the router with the highest IP address becomes the master.

VRRP Preemption
Unlike HSRP, preemption is enabled by default.

VRRP Tracking:
VRRP cannot track interfaces like HSRP, but can track objects

VRRP Caveats:
L2 link amongst VRRP members required for operation
Master router should be the STP root for the corresponding VLAN in a switched environment to ensure optimal pathing
VRRP group timers must match-unlike HSRP, timers are not advertised from the master router.

Gateway Load Balancing Protocol (GLBP)
Cisco proprietary protocol which allows for an active/active network with multiple routers actively forwarding traffic, comapred to HSRP and VRRP which only have one active or master router per configured group.  Can actively forward and share traffic across multiple gateways.  Routers in a GLBP group fall into one of two categories.  Active virtual gateway (AVG).  This router is elected to be the AVG for the group and assigned a virtual mac address to each remaining member of the GLBP group.  Active virtual forwarder (AVF).  The remaining gateways in the GLBP group, which are assigned virtual MACs by the AVG.  Compared to HSRP and VRRP, AVFs forward traffic.

There can be a max of 1024 virtual grouters, or GLBP groups, per physical interface of a router.
There can be a max of 4 virtual forwarders per group.

GLBP Packet Flow
AVG replies to ARP requests from hosts, and depending on the selected load balancing mode, replies with the virtual mac address for GLBP group members.

*GLBP Statesstill looking for more detailed information of the exact GLBP states

GLBP Load Balancing Modes
Round-robin load balancing algorithm (default)- Reply to each client ARP request used the virtual MAC address of next possible GLBP group member in a round robin fashion.
Weighted load-balancing algorithm- traffic load directed to a router is based on a weighted value assigned to the router
Host-dependent load-balancing algorithm- Host will use the same virtual mac address assuming the virtual mac address is a participant of the GLBP group

GLBP Timers
Hello- default 3 seconds
Hold time- default 10 seconds
Redirect - determines when AVG stops responding to ARP for a failed virtual mac of an AVF
Secondary Hold - Amount of time before an AVF will accept packets from an assumed virtual mac taken from a failed AVF
The AVG sends hello messages by default every 3 seconds to GLBP members via multicast 224.0.0.102.
The AVG will advertise timer values to GLBP group members

GLBP Priority
Priority determines the AVG for a group.  Priority is 1-255,with 100 as the default.  If preemption is enabled (it is off by default), as with HSRP and VRRP, a router can take over the role of AVG if it has a higher priority.

GLBP Weighting 
Weighting is used to determine AVF redundancy priority in the event of an AVF failure.  Additionally, a threshold is created to determine when an AVF may or may not be active.  The default weight value is 100. All AVFs backup on another-if an AVF fails, out of the remaining AVFs, the one with the highest weighting value wins this secondary election and accepts packets sent to two virtual macs-its own, and the one it assumed via the election.  This is where the redirect and secondary hold timers come into play.

GLBP Preemption:
Disabled by default but supported

GLBP Tracking:
Tracks objects and interfaces

GLBP Caveats:
L2 link necessary between GLBP group members
Active gateways should be configured as STP root for corresponding VLANs