Cisco CCNP Enterprise 300-410 ENARSI – CCNP ENCOR (350-401) : FHRP (FIRST HOP REDUNDANCY PROTOCOLS)
- 6_1- HSRP
In this section we’re going to talk about HSRP protocol. A first hub redundancy protocol. FHRP is a computer networking protocol which is designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for the IRS. In the event of a failure of an active router, the backup router will take over the address, usually within a few seconds. In practice, such protocols can also be used to protect other services operating on a single IP address, not just routers hot. Standby Router Protocol HSRP is a routing protocol that allows host computers on the Internet to use multiple routers that act as a single virtual router, maintaining the connectivity even if the first hop router fails, because other routers are on standby and they are ready to go.
Virtual IPM Mac addresses are shared between the two routers and there is no load balancing and verified by the Showstemby command. As you can see that in our figure we have two routers and they are rather one and rather two. And please pay attention that I’m using HSRP to protect the default gateway for here and here. If there’s a problem in that routers, this interface, or if that router fails completely, for example, we can have a power unit problem or we can have a cable problem in the interface connecting between switch and the router. If this router is the active one, the HSRP protocol will switch the traffic to the Sembi router. This is actually what HSRP is doing, but there is no load balancing as I said. For example, if this one is the active router, rather one is the active router, the traffic flows in that direction and there is no packet in here.
When this guy fails, the traffic is switched to this direction. And if I configure preemption on router one, for example, let’s say that I have fixed the power unit problem, and if I configure the preemption as well, this rather will become the active gateway again and this guy will act as a standby. So let’s take a look how we select the active and the standby gateways in the HSRP. As you can see that in the figure we have two routers again, and the router with the highest IP address will be active by default, but the selection can be changed with the HSRP priority value. The router with the highest HSRP priority value becomes active and default priority value is 100. The active and the Stemby router send the hello packets to the HSRP group. Multicast adders in 3 seconds.
If the hello packet does not arrive in 10 seconds, the standby router becomes active. Okay, let’s say that this guy is active again and this guy is standby. If I want to change the roles, if I want to make this guy as an active, I need to increase the priority value of this Rather. When I increase the priority value, this guy will be active and traffic will flow in this direction instead of this direction. In HSRP, the active gateway propagates this Mac address and says that hey guys, use this Mac address which Xx is the HSRP group Identifier, to reach this IP address which is HSRP standby IP. Let’s talk about the topology. Now we have a PC in here which has an IP address of ten 100. The gateway address of the PC is ten one and please pay attention that that’s the HSRP IP.
So I’m going to attach this IP address to this interface of the router one and I’m going to attach this IP address to this interface of router two and I’m going to attach a standby IP for both of them and that’s going to be ten one and I’m going to define the gateway as ten one. So what do you think about this? For example, why I’m not attaching the ten two S gateway? Let’s say that the gateway is ten two. If the gateway would be ten two, I would follow this line to send the packets to wider network, right? But when this router fails if there’s a problem with this router in the network because of the ten, that two will fail also. I wouldn’t go to wider a network, but if I configure this one, whenever this router fails, router two will be the active router and take the traffic onto it. And I’m going to reach the wider network again without any interruption.
Let’s take a look to the HSRP preemption feature. If the active router fails, the standby router is activated and it remains active even if the previous active router is returned. Preemption process forces routers to a new HSRP selection and here are the states of the HSRP routers we have six states and the first state is initial. This is the beginning state it indicates HSRP is not running it happens when the configuration change or the interface is first turned on. In the learn state, the router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router will still wait to hear from the active router. In the listen state, the router knows both IPM mecha races of the virtual router but it’s not the active or standby.
In the speak state, the router sends periodic HSRP Hellos and participates in the election of active or standby router. In the Standby state, the router monitors hello packets from the active router and it will take the active state when the current active router fails. And in the active state, the router forwards packets that are sent to the HSRP group. The rather also sends periodic hello message and here is the configuration of the HSRP. First I need to fix the IP addresses for my configuration the IP address in here here is 33 and my gateway is 31 and my HSRP is also what I do in the configuration is I’m going under the interface mode and I’m assigning the IP addresses at 32 and 33 to the physical interfaces. These are for here and for here. Then I’m going to attach the Standby IP by using Standby and Standby group number and IP and the IP address.
Okay, I’m doing the same thing on rather 22. I just have two different configurations for router one in here, standby One, priority 150. This line shows me that router One is the active router for this HSRP topology. Because of the default volley of the priorities 100, if I choose the 150, this guy will be the active one. And here, as you can see, that I type Stand by one preempt command, which means I have configured the preemption. For example, if this router fails, this guy will be the active one. But when this router is back, this guy will be Standby again and router one will be active. Because I configured the preemption to verify the HSRP configuration, I’m using the Show Standby command and I can see the group number, state, active virtual Mac address and Standby routers IP as well.
By typing the Show Standby command, I can use different gateways for different villains in HSRP Two, and this is what multigroup HSRP is doing for me. For example, for Villan Ten and Villain 20, I’m using this guy as primary and I’m using this guy as the secondary for Villain 20 and Villain Ten. Then I’m getting under the interface villain. For example, interface Villain Ten, I’m attaching a lower priority for VLAN ten and higher priority for VLAN 20, which means this is going to be active for VLAN 20 and this is going to be in Sambu mode for the VLAN ten. HSRP has another great feature that is known as HSRP interface tracking. As I told you in the first slide, HSRP always is responsible for protecting the default gateway, these interfaces. But when I try to connect the Internet, I have also these interfaces as well.
So what HSRP is doing with interface tracking, HSRP is watching that if this interface is up or not, if this interface fails. For example, if serial interface fails, what HSRP is doing this is decrementing the priority load of router One and router B is becoming the active router. So I’m not having an interruption. So traffic is flowing in this direction. So another thing that HSRP can do is object tracking. For example, let’s say that I have no problem in this interface too, and everything is okay in my local area network. Here is my local area network, my router is working fine and there’s no problem in this interface or this interface. Everything is okay, but there may be a problem on the ISP network. Maybe I have a central router in here that I’m collecting the traffic from the branch offices. What HSRP object tracking does, I can ping here this interface of my HQ router.
And if pink fails to the HQ router, I can change the traffic pattern again and maybe I can use another ISP and another central router so that my traffic won’t interrupt. Here is the object traffic configuration as well. I’m defining an IPSLA and I’m trying to ping this IP address. As you can see that I have a local area network switch and I have rather one and router two. And on the other side I have a core router which has an IP address of one one. Then I’m defining a frequency which means that I’m going to ping here each 5 seconds. Then I’m defining the start and the finished time of the HSR I’m sorry IPSLA. Then I’m tracking this IPSLA and whenever there’s a problem I’m going to decrement the privacy value and the other router will switch as active. HSRP provides the following two types of authentication and their plain text and the MD five.
If you want to configure MD Five, you can use a Standby group authentication MD five key string and the keystring number and the string. The group number is arbitrary. You can choose anything that you want. If you want to configure a plaintext, you can use Standby, for example one authentication and you can use the string that you want. All routers in a HSRP group send hello packets. By default, the hello timer is set to 3 seconds and the dead timer is set to 10 seconds. It means that a hello packet is sent between the HSRP Standby group devices every 3 seconds and the Standby device becomes active and a hello packet has not been received for 10 seconds. If you want to modify the hello and Hold timer, you can use Standby Standby group number timers and hello time or Hold time command.
There are two versions of the HSRP and they are version one and the version two. Version one is the default version of the protocol HSRP. Version two allows group number numbers of up to 4096, thus allowing you to use villain number as the group number. All devices in an HSRP group must have the same version configured, otherwise the hello messages are not understood.
- LAB : HSRP Configuration
In this section, we’re going to talk about the HSRP practicing on the packet tracer. We have three steps to accomplish. In the first step, we need to make the HSRP configuration for rather one and two according to these IP addresses. Okay? Second, we need to assign a suitable gateway IP address to RP PC. All right? And third, we need to make sure that the packets from the PC go by the following red arrow on this direction, I think. Okay, so what I’m going to do, let’s make a summary in here. I’m going to attach the tenda two internal interfaces of the routers and tend to three for this rather one and tend to three will be on router two. Okay? And I need to assign a suitable gateway IP address that’s going to be our HSRP IP.
So the gateway will be ten one for the PC. And third, we need to make sure that the packets from the PC go by following the red arrow. So when I’m making the HSRP config on the rather one, I need to use a high priority and we need to make sure that if this guy is being the active for the HSRP okay, let’s go. So what I’m going to do is first I’m going to assign the IP addresses or I’m going to check if they are already pre configured or not. Okay, I’m on the other one. Show IP interface brief, and I can see that no IP address is configured. All right, interface faster than at, and this guy will have an IP address of ten two. Okay, and let’s go to the other two and assign this other IP address. Ten three and no shut. All right, I assign the IP addresses and let’s assign the default gateway to the PC.
My PC’s IP address is I need to recheck it ten 100. Okay, ten one will be the gateway as we talked. Okay, so I assigned the IP addresses to the festater zero interfaces at two, three, and 100. Okay, I assigned the suitable gateway IP address to my PC as well. All right, then what I need to do is to configure the HSRP on routers and make sure that router one is the active router.Okay, I’m going to the router one. So I need to show you how we configure it interface fast, eternal zero. And I’m going to assign I’m going to assign the standby IP as ten one. What is going wrong? Okay, there is no subnet mask. All right, then stand by one will have a priority value which is bigger than the default value of 100. So I can use 200 to make sure that rather one is the default, but I’m not on rather one. Okay, then I’m removing this configuration.
I’m a rather true, as you can see. Okay, no stand by one IP and no stand by one priority. Okay, show run and check faster. Turn at zero zero. Okay, we are now going to rather one. I’m sorry for the delay. We are in the interface mode already, and what I need to do is configuring the standby one IP first, then stand by one priority will be bigger than 100, and that’s going to be arbitrary. I choose the 200. Okay, then let’s I’m sorry, then we need to configure the preemption as well. It’s arbitrary too. But if you are remembering from our slides, I am offering you to configure the preemption always for the active router. Okay, let’s go with the router two interface. Fast. Ethernet will have an standby one IP with ten one.
So I don’t want to configure the preemption, and I am not going to configure the prior to volley for router two because the default volley is 100. And as I configured rather one with the prior volley of the 200, I’m expecting to see that router one is the active and router two is the standby. Okay, so let’s check. It shows standby. Okay, as I see from the show standby output, the state of the router one is active for the HSRP and my virtual IP address is ten one, which is okay. So let’s take a look to show standby on router two. State is tenby and we are sharing the ten one IP address with the other one. Okay, guys, that’s what I really want to see. And I accomplished the three steps two and HSRP configuration has finished.
- 6_2- VRRP
In this section we are going to talk about VRRP protocol. The Virtual Router Redundancy protocol is a computer networking protocol that provides for automatic assignment of available IP routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selection on an IP subnetwork. The protocol achieves this by creation of virtual routers, which are an abstract representation of multiple routers. For example, Monster and Becca Brothers acting as a group. The default gateway of a participating host is assigned to virtual router instead of a physical router. As you can understand from the concept, VRRP is almost the same thing with HSRP, but that’s an industry standard. You can use HSRP on Cisco devices only, but you can use Verpy on any other device.
We have just a few chains in terminology too. In HSRP, these guys are standby and active routers, and in here the active router is known as Master. The backup router is known as I’m sorry, the standby router is known as the backup router. Here are the differences between HSRP and VRP. As I told, HSRP is a Cisco standard, while this is an IEEE standard. HSRP uses UDP encapsulation while Virp is using IP encapsulation. This guy is using UDP and VRP is using TCP and blah, blah blah. We have a few chains more in the protocols. Here’s the configuration of the VRRP. As you can remember from the HSRP config. If you check it, it’s almost the same thing. For example, we have just two routers in a topology in here and we have faster than interfaces.
We need to configure the VRRP between each device. To configure it, we get under the interface mode and we just type VERP and Verrp group number, IP and the IP address and Verrp VRRP group and preempt for preemption configuration and Verrp VRRP group priority and priority number. As you remember from our HSRP session, you know what these comments are doing, but the configuration was just Standby instead of VRRP and we’re using VRP in here instead of Standby, and that’s the only change in the configuration. VRP supports nd five authentication. To provide nd five authentication, we go under the interface mode and here is the command errrp group number authentication MD five key string and the keystring that we are defining amherrapy tracking is almost the same thing in HSRP. The commands are changing to Verpy instead of Standby. So I’m not dive into this one.
- 6_3- GLBP
In this section we are going to talk about GLBP protocol gateway. Load Balancing Protocol GLBP is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols by adding basic load balancing feature. There are two roles in GLBP of Routers and they are are active mutual gateway and active virtual forwarder. The first one in the Active Virtual Gateway, members of the GLBP group select a rather as Active Virtual Gateway from among themselves. Other group members wait in the standby to take action when Avg is inaccessible. Active virtual gateway assigns a virtual mac address for each member of GLBP group.
One of the main tasks of Active Virtual Gateway is to listen the app requests that are towards to the default gateway IP address and respond to this request with the Mac address of GLBP group members. Thus, Active Virtual Gateway also provides load sharing between members. And each gateway is responsible for forwarding packets sent by Virtual Mac address assigned by the Active Virtual Gateway. And these gateways are called active Virtual Forwarder. Within the GLBP group there can be up to four Active Virtual Forwarders. And here are the states of GLBP. We have different states for virtual gateway and virtual forwarder. For Virtual Gateway, disabled means there is a part of the GLBP configuration but the Virtual IP is not configured or learned.
Initial means Virtual IP is configured or learned but the configuration is not yet complete. The corresponding interface must be in operational in layer three and should be capable of IP routing. The list means hello packets are received by the Virtual Gateway. Speak means virtual gateway tries to be active or standby. Standby means gateway in this case is ready to be Active Virtual Gateway in the case there’s a problem in the Active Virtual Gateway. Active means this gateway is Active Virtual Gateway and responds to the ARP request made to the Virtual IP address. And let’s take a look to the four Virtual Forwarder states. Initial means the Virtual Mac address has been learnt but the Virtual Forwarded configuration is not yet completed.
The related interface can work in layer three and must be capable of IP routing. Listen means the Virtual Forwarder in this case gets the hello packets and is ready to go in the active state if the current Active Virtual Forwarder becomes inaccessible. And the active state means the device in the active state is Active Virtual Forwarder and it’s responsible to respond to packets arriving to the Virtual Forwarder Mac address. And here’s the configuration of the GLBP. Let’s take a look. It’s almost same with the VRP and the GLBP. As you can see that we go in the under the interface mode we assign an IP address, then we assign the GLBP and GLBP group number and IP of the GLBP address. Then we can define priority and preemption as well. We have three GLBP load balancing options.
They are weighted host dependent and they’re round robin. Let’s take a look to the weighted first. The load sent to router varies depending on the weight volume advertised by the rather in the state in the host dependent a host is granted to use the same virtual mac address as long as the virtual mac address joins the GLBP group. And in the round robin a load balancing algorithm which each virtual forwarder responds to incoming ARP requests for a virtual IP address and please keep in mind that this is the default algorithm and here is the authentication of GLDP. GLDP also supports the Nd five. And you can use GLDP GLDP group number authentication MD five key string. And this is the string that we are going to use for the authentication. And you can also make the GLBP object tracking too. And here is the configuration how you can do it. And that’s the same logic between the HSRP and VRP.