First Hop Redundancy Protocols in IPv6 HSRP + GLBP
Upcoming SlideShare
Loading in...5
×
 

First Hop Redundancy Protocols in IPv6 HSRP + GLBP

on

  • 1,405 views

First hop redundancy protocols in i pv6 hsrp + glbp

First hop redundancy protocols in i pv6 hsrp + glbp

Statistics

Views

Total Views
1,405
Views on SlideShare
1,405
Embed Views
0

Actions

Likes
0
Downloads
19
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

First Hop Redundancy Protocols in IPv6 HSRP + GLBP First Hop Redundancy Protocols in IPv6 HSRP + GLBP Document Transcript

  • HTTP://WWW.ROUTER-SWITCH.COM/ First Hop Redundancy Protocols in IPv6: HSRP + GLBPCurrently Cisco has support for Hot Standby Router Protocol (HSRP) and GatewayLoad Balancing (GLBP) in IPv6. There is an RFC5798 for Virtual Router RedundancyProtocol (VRRP), but checking the DocCD for this up to IOS 15.2M&T in the IPv6configuration guide, I did not see it.This post will only be covering HSRP and GLBP operations, but we need to coversome basic operations of IPv6 Neighbor Discovery (ND) before we get into FHRPs.By default, IPv6 will use Router Advertisement (RA) to announce the presence of arouter on a segment and use the Default Router Preference (DRP) options inside NDto determine the default gateway used.IPv6 has a built in redundancy mechanism inside ND called Neighbor UnreachabilityDetection (NUD) using the Neighbor Solicitation (NS) and Neighbor Advertisement(NA) to detect the failure. Reading RFC 5798, the most aggressive timers will onlyachieve failover within 5 seconds, which would significantly increase the overhead ofND traffic in a real world network of say 254 hosts in most common IPv4 VLANdesigns with a /24 subnet. There is a good post on packetlife.net that shows thisdown to about 1 second by adjusting the Router Advertisement (RA) lifetime andRouter Advertisement interval for more detailed information.So now that we know that IPv6 uses ND and has a mechanism for detecting defaultrouters and failover, why do we need FHRPs? Well this post is not here to debate thewhy of this, but to look at the how with some packet captures. But I would think thatFHRPs are there for the same reason we have so many protocols that sort of overlap:we are always looking for a better mouse trap. And in limited testing, relying on NDfor default router and failover does not scale to provide the predictable and reliableconfigurations that the FHRPs do. For example, I found no preempt capabilities forthe default router election. I will also make a nod to IPv6 security and mention thatNUD has no authentication mechanism. Authentication can be accomplished usingSecure Neighbor Discovery (SeND), but is out of the scope of this post.Now back to FHRPs, let’s do what we do and mock up a very basic FHRP network on aLAN segment, and take a look at a few configuration parameters. We’ll start withHSRP, then GLBP, as well as some packet captures with Wireshark anddiscuss some of the differences between the IPv4 and IPv6 versions of each.The very basic FHRP network will use HOST1, R1, and R2 on the LAN for the FHRP anda WAN router with serial interfaces for tracking and failover scenarios.BASIC FHRP NETWORK DIAGRAM
  • HTTP://WWW.ROUTER-SWITCH.COM/Hot Standby Router Protocol (HSRP)First step to configure HSRP for IPv6 is to enable HSRP version 2 to support IPv6:‘standby version 2’. After that, the ‘standby’ commands are pretty much the same aswith IPv4 – creating groups and adding tracking and preemption capabilities.After configuration of HSRP and the Active -> Standby negotiation is complete, theActive HSRP router will send the RAs, and the IPv6 hosts will use the new link localaddress that is auto configured with the command ‘standby 1 ipv6 autoconfig’. Thiscan be seen on HOST1 in the output of the ‘show ipv6 int f0/0’.HOST1#sh ipv6 int f0/0FastEthernet0/0 is up, line protocol is upIPv6 is enabled, link-local address is FE80::233:33FF:FE33:3333No Virtual link-local address(es):Global unicast address(es):2001:DB8:1212::3, subnet is 2001:DB8:1212::/64Joined group address(es):FF02::1FF02::1:FF00:3FF02::1:FF33:3333MTU is 1500 bytesICMP error messages limited to one every 100 millisecondsICMP redirects are enabledICMP unreachables are sent
  • HTTP://WWW.ROUTER-SWITCH.COM/ND DAD is enabled, number of DAD attempts: 1ND reachable time is 30000 millisecondsDefault router is FE80::5:73FF:FEA0:1 on FastEthernet0/0The R1 and R2 HSRP groups will communicate over multicast address FF02::66.R1#sh ipv6 int f0/0 | b JoinedJoined group address(es):FF02::1FF02::2FF02::66FF02::1:FF00:1FF02::1:FF11:1111R2#sh ipv6 int f0/0 | b JoinedJoined group address(es):FF02::1FF02::2FF02::66FF02::1:FF00:2FF02::1:FF22:2222HSRP INTERFACE ROUTER CONFIGURATIONS and SHOW COMMANDSR1#sh run int f0/0interface FastEthernet0/0mac-address 0011.1111.1111ipv6 address 2001:DB8:1212::1/64standby version 2standby 1 ipv6 autoconfigstandby 1 priority 200standby 1 preemptstandby 1 track Serial0/0R2#sh run int f0/0interface FastEthernet0/0mac-address 0022.2222.2222ipv6 address 2001:DB8:1212::2/64standby version 2standby 1 ipv6 autoconfigstandby 1 preemptstandby 1 track Serial0/1R1#sh standbyFastEthernet0/0 – Group 1 (version 2)State is Active7 state changes, last state change 00:02:15Virtual IP address is FE80::5:73FF:FEA0:1Active virtual MAC address is 0005.73a0.0001
  • HTTP://WWW.ROUTER-SWITCH.COM/Local virtual MAC address is 0005.73a0.0001 (v2 IPv6 default)Hello time 3 sec, hold time 10 secNext hello sent in 2.432 secsPreemption enabledActive router is localStandby router is FE80::222:22FF:FE22:2222, priority 100 (expires in 7.388 sec)Priority 200 (configured 200)Track interface Serial0/0 state Up decrement 10Group name is “hsrp-Fa0/0-1″ (default)R2#sh standbyFastEthernet0/0 – Group 1 (version 2)State is Standby7 state changes, last state change 00:02:27Virtual IP address is FE80::5:73FF:FEA0:1Active virtual MAC address is 0005.73a0.0001Local virtual MAC address is 0005.73a0.0001 (v2 IPv6 default)Hello time 3 sec, hold time 10 secNext hello sent in 2.008 secsPreemption enabledActive router is FE80::211:11FF:FE11:1111, priority 200 (expires in 8.060 sec)MAC address is 0011.1111.1111Standby router is localPriority 100 (default 100)Track interface Serial0/1 state Up decrement 10Group name is “hsrp-Fa0/0-1″ (default)HSRP SUMMARYIPv4  HSRPv1  UDP port 1985 224.0.0.2  MAC address 0000.0C07.ACxy, where xy is the HSRP group number in hexadecimal  HSRPv2  UDP port 1985 224.0.0.102  MAC address range 0000.0C9F.F000 to 0000.0C9F.FFFFIPv6  HSRPv2  UDP port 2029 FF02::66  MAC 0005.73A0.000 – 0005.73A0.0FFF (4096 addresses)  RAs sent from active HSRP routerWireshark screen captures and/or view online with CloudSharkR1 HSRP Active
  • HTTP://WWW.ROUTER-SWITCH.COM/R2 HSRP Standby (Passive)
  • HTTP://WWW.ROUTER-SWITCH.COM/R1 HSRP RA to set Default Router on HOST1Gateway Load Balancing (GLBP)GLBP only takes one command on the interface to put it into action: ‘glbp 1 ipv6FE80::100′ . We will just stick with this basic configuration and use the defaults, aswe are only intrested in seeing the protocol work – not tweak it for maxperformance.GLBP SHOW COMMANDR1#sh glbpFastEthernet0/0 – Group 1State is Active2 state changes, last state change 00:22:41Virtual IP address is FE80::100Hello time 3 sec, hold time 10 secNext hello sent in 0.736 secsRedirect time 600 sec, forwarder timeout 14400 secPreemption disabledActive is localStandby is FE80::222:22FF:FE22:2222, priority 100 (expires in 8.692 sec)Priority 100 (default)Weighting 100 (default 100), thresholds: lower 1, upper 100
  • HTTP://WWW.ROUTER-SWITCH.COM/Load balancing: round-robinGroup members:0011.1111.1111 (FE80::211:11FF:FE11:1111) local0022.2222.2222 (FE80::222:22FF:FE22:2222)There are 2 forwarders (1 active)Forwarder 1State is Active1 state change, last state change 00:22:31MAC address is 0007.b400.0101 (default)Owner ID is 0011.1111.1111Redirection enabledPreemption enabled, min delay 30 secActive is local, weighting 100Client selection count: 2Forwarder 2State is ListenMAC address is 0007.b400.0102 (learnt)Owner ID is 0022.2222.2222Redirection enabled, 597.516 sec remaining (maximum 600 sec)Time to live: 14397.516 sec (maximum 14400 sec)Preemption enabled, min delay 30 secActive is FE80::222:22FF:FE22:2222 (primary), weighting 100 (expires in 7.512 sec)Client selection count: 2R2#sh glbpFastEthernet0/0 – Group 1State is Standby1 state change, last state change 00:23:17Virtual IP address is FE80::100Hello time 3 sec, hold time 10 secNext hello sent in 0.652 secsRedirect time 600 sec, forwarder timeout 14400 secPreemption disabledActive is FE80::211:11FF:FE11:1111, priority 100 (expires in 9.696 sec)Standby is localPriority 100 (default)Weighting 100 (default 100), thresholds: lower 1, upper 100Load balancing: round-robinGroup members:0011.1111.1111 (FE80::211:11FF:FE11:1111)0022.2222.2222 (FE80::222:22FF:FE22:2222) localThere are 2 forwarders (1 active)Forwarder 1State is ListenMAC address is 0007.b400.0101 (learnt)
  • HTTP://WWW.ROUTER-SWITCH.COM/Owner ID is 0011.1111.1111Time to live: 14399.688 sec (maximum 14400 sec)Preemption enabled, min delay 30 secActive is FE80::211:11FF:FE11:1111 (primary), weighting 100 (expires in 8.960 sec)Forwarder 2State is Active1 state change, last state change 00:23:15MAC address is 0007.b400.0102 (default)Owner ID is 0022.2222.2222Preemption enabled, min delay 30 secActive is local, weighting 100Let’s take a look at GLBP in action, using the default load balancing ofround-robin. Host1 will send 1 ping packet, at that point ND will occur for thedefault router of FE80::100 which was set as the GLBP virutal ipv6 address on theinterface ‘glbp 1 ipv6 FE80::100′ . First packet will be sent with MAC of Forwarder 1on R1 and the second packet, after we clear ipv6 neighbors’, will be sent with theMAC of Forwarder 2 on R2 because of the default load balancing configuration ofround-robin.HOST1#sh ipv6 int f0/0 | i routerDefault router is FE80::100 on FastEthernet0/0HOST1#sh ipv6 neighborsHOST1#ping 4444::4 r 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 4444::4, timeout is 2 seconds:!Success rate is 100 percent (1/1), round-trip min/avg/max = 92/92/92 msHOST1#ICMPv6-ND: DELETE -> INCMP: FE80::100ICMPv6-ND: Sending NS for FE80::100 on FastEthernet0/0ICMPv6-ND: Received NA for FE80::100 on FastEthernet0/0 from FE80::100ICMPv6-ND: Neighbour FE80::100 on FastEthernet0/0 : LLA 0007.b400.0101ICMPv6-ND: INCMP -> REACH: FE80::100ICMPv6-ND: Received NA for FE80::100 on FastEthernet0/0 from FE80::100ICMPv6-ND: Received RA from FE80::100 on FastEthernet0/0HOST1#sh ipv6 neighbors fe80::100IPv6 Address Age Link-layer Addr State InterfaceFE80::100 1 0007.b400.0101 STALE Fa0/0
  • HTTP://WWW.ROUTER-SWITCH.COM/HOST1#clear ipv6 neighborsICMPv6-ND: STALE -> DELETE: FE80::222:22FF:FE22:2222ICMPv6-ND: STALE -> DELETE: FE80::211:11FF:FE11:1111ICMPv6-ND: STALE -> DELETE: FE80::100HOST1#sh ipv6 neighbors fe80::100HOST1#ping 4444::4 r 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 4444::4, timeout is 2 seconds:!Success rate is 100 percent (1/1), round-trip min/avg/max = 88/88/88 msHOST1#ICMPv6-ND: DELETE -> INCMP: FE80::100ICMPv6-ND: Sending NS for FE80::100 on FastEthernet0/0ICMPv6-ND: Received NA for FE80::100 on FastEthernet0/0 from FE80::100ICMPv6-ND: NA has no link-layer optionICMPv6-ND: Received NA for FE80::100 on FastEthernet0/0 from FE80::100ICMPv6-ND: Neighbour FE80::100 on FastEthernet0/0 : LLA 0007.b400.0102ICMPv6-ND: INCMP -> REACH: FE80::100HOST1#sh ipv6 int f0/0 | i routerDefault router is FE80::100 on FastEthernet0/0HOST1#sh ipv6 neighbors fe80::100HOST1#sh ipv6 neighbors fe80::100IPv6 Address Age Link-layer Addr State Interface
  • HTTP://WWW.ROUTER-SWITCH.COM/FE80::100 0 0007.b400.0102 STALE Fa0/0GLBP SUMMARYIPv4  multicast address 224.0.0.102, UDP port 3222  multiple virtual MAC addresses starting with 0007.b400.0101IPv6  multicast address FF02::66, UDP port 3222  multiple virtual MAC addresses starting with 0007.b400.0101Wireshark captures view online with CloudSharkWRAP UPQuick conculsion seems they changed more in HSRP than GLBP to get it ready andworking with IPv6. The devil is in the details of IPv6 ICMPv6 Neighbor Discovery asyou will see the more you dig into IPv6.More Related Readings:Cisco First Hop Redundancy Protocols: HSRP, VRRP, GLBPHow to Configure GLBP in Cisco IOS Routers?How to Configure GLBP?GLBP Overview and FeaturesGLBP & GLBP Basic Configuration