* How fast can this happen?
* How does the client knows?
* What about ARP cache issues?
* what if just the wan link fails?
#HSRP vs. VRRP vs. GLBP
* Cisco Hot-Standby Router Protocol (HSRP) :
- Created by Cisco, for Cisco in 1994.
- Uses a default HELLO timer of 3 sec with a HOLD timer of 10 sec.
* Virtual Router Redundancy Protocol (VRRP) :
- Created by the IETF in 1999.
- Works between multiple vendors.
- Has faster timers than HRSP by default - HELLO of 1 sec, HOLD of 3 sec.
* Gateway Load Balancing Protocol (GLBP) :
- Created by Cisco, for Cisco in 2005
- Identical features to HSRP, but allowf an active-active connection that adds load-balancing
# HSRP
* Gateways organized into standby groups.
* One gateway active, others in standby state.
* Phantom (Virtual) router IP and MAC address generated.
* Virtual IP and virtual MAC active on the active router.
* Virtual IP must be different from any other IP address.
* Virtual MAC of 0000.0c07.acXX (XX is the hex HSRP group).
* Up to 255 HSRP groups per interface.
* Version 1 uses 224.0.0.2 and version 2 uses 224.0.0.102 (UDP destination port 1985).
* Standby routers listen for Hellos from the active router.
* The hello interval is 3 seconds and the dead interval is 10 seconds.
* Highest priority (by default 100) determines the active router.
* Preemption is disabled by default.
* Supports tracking.
* Supports clear-text and MD5 authentication.
# VRRP
- Virtual IP and virtual MAC active on the master router.
- Virtual IP may the same as one configured on a physical interface.
- Virtual MAC of 0000.5e00.01XX (XX is the the hex VRRP group).
- Up to 255 VRRP groups per interface.
- Uses 224.0.0.18 and IP protocol number 112.
- Backup routers listen for Hellos from the master router.
- The hello interval is 1 second and the dead interval is 3 seconds.
- Highest priority (by default 100) determines the master router.
- Preemption is enabled by default.
- Supports tracking.
- Supports clear-text and MD5 authentication.
# GLBP
- Up to 4 active virtual forwarders (AVF).
- Virtual IP must be different from any other IP address.
- Virtual IP on the active virtual gateway (AVG) and load shares ARP requests between AVF.
- Individual virtual MAC on each AVF.
- Virtual MAC of 0007.b400.XXYY (XX is the hex GLBP group and YY the AVF number {01|02|03|04}).
- Up to 255 GLBP groups per interface.
- Uses 224.0.0.102 (UDP source/destination port 3222).
- Standby routers listen for Hellos from the active router.
- The hello interval is 3 seconds and the dead interval is 10 seconds.
- Preemption is disabled by default.
- Supports tracking.
- Supports clear-text and MD5 authentication.
When preemption is disabled:
* Although the priority of the active router goes below than the standby router, the active router mantains the active role.
* Only when the active router inferface fails the standby router takes the active role.
#MAC Address Structure
0000.0C 07.AC XX
------- ----- --
| | |
| | |
| HSRP ID |
| |
Cisco Vendor |
ID |
Standby Group
Number
#HSRP Base Configuration
Step 1: Create Standby Group
Step 2: Reassign IP Addresses (PC)
Step 3: Verify
Step 4: Optimize and Tune
#HSRP states before becoming active
1. Disabled
2. Init
3. Listen
4. Speak
5. Standby
6. Active
#Configure Basic HSRP (Switch A as an active)
SwitchA#configure terminal
SwitchA(config)#interface vlan 70
SwitchA(config-if)#standby 1 ip 172.30.70.1
SwitchA(config-if)#standby 1 priority 150 ! (By Default is 100 Highest Better)
SwitchC#configure terminal
SwitchC(config)#interface vlan 70
SwitchC(config-if)#standby 1 ip 172.30.70.1
#Tuning and Optimizing HSRP
* Priority
* Preempt
* Tracking
* Timers
# Preempt
SwitchA(config)#interface vlan 70
SwitchA(config-if)#standby 1 preempt
SwitchA(config-if)#standby 1 preempt delay reload 180 ! (When switch reload it will be wait 3 min after take an action)
SwitchC(config)#interface vlan 70
SwitchC(config-if)#standby 1 preempt
* Highest Priority wins always, SwitchA do not wait when SwitchC fails
# Tracking
SwitchA(config)#interface vlan 70
SwitchA(config-if)#standby 1 track FastEthernet 0/5 50
* With Tracking feature you can change priority automatically.
* In this case if FastEthernet 0/5 goes down SwitchA´s Priority will be changed to 50 and SwitchC become active because it has priority 100 by default.
* The priority is incremented by the same amount as interfaces come back up.
* By default the decrementvalue for an interface is 10
# Timers
SwitchA(config)#interface vlan 70
SwitchA(config-if)#standby 1 timers 1 4 ! (In this case Hello = 1 Sec. Hold = 4 sec.)
SwitchA(config-if)#standby 1 timers msec 150 msec 700 ! (converge less than 1 sec)
* Only the standby router monitors the hello messages from the active router.
* The Hold time always should be at least three times the hello timer.
#Configure MD5 Authentication
SwitchA(config)#interface vlan 70
SwitchA(config-if)#standby 1 authentication md5 key-string 0 SuperSecret
SwitchC(config)#interface vlan 70
SwitchC(config-if)#standby 1 authentication md5 key-string 0 SuperSecret
#Using Key Chain
SwitchA(config)#key chain HSRP-KEY
SwitchA(config-keychain)#key 1
SwitchA(config-keychain-key)#key-string 0 SuperSecret
SwitchA(config)#interface vlan 70
SwitchA(config-if)#standby 1 authentication md5 key-chain HSRP-KEY
*Same on SwitchC
