2. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
• A good network design provides the redundancy in devices and network links.
• Redundancy is basically extra hardware or software that can be used as backup.
• If the main hardware or software fails or link fail or unavailable in case of emergency.
• It is method for ensuring network availability in case of network device or path failure.
• It is method for ensuring network availability in case of network device unavailability.
• Network redundancy is process through which additional or alternate instances of network
• Redundancy can be achieved via failover, load balancing & high availability in automatic way.
• High availability is a feature which provides redundancy and fault tolerance automatically.
• High Availability is a number of connected devices processing and providing a services.
• The goal is to ensure this service is always available even in the event of a failure or down.
• Clustering is similar to redundant servers & provides fault tolerance in case of emergency.
• A group of servers are logically combined into a cluster and seen as one device to work.
• If a device fails within cluster services continue because other devices continue services.
• One link process traffic & second link remains in standby until primary link fails.
• Set up to allow company to connect their device to more than one Internet connection.
• If one connection goes down, all traffic would failover to the other Internet connection.
• This would eliminate single point of failure and would re-assure availability and reliability.
• RAID is a fault tolerance solution for hard drives usually implemented in the servers/storage.
• Redundant Array of Independent Disks providing redundancy and fault tolerance.
• Automatic failover is process of moving active services from primary device to backup.
• Usually backup device continues these services until primary device has come back up.
• When a device fails another device takes over this process which is referred to as a failover.
• Services failover to backup device which will continue from where primary device left off.
• Failover feature allows for hardware firewalls to have some redundancy and backup.
• Have two or more hardware device configured if primary fails, the backup take over.
• It is implemented on the high-end hardware devices for networks require redundancy.
• HSRP is a Cisco proprietary protocol for establishing a fault-tolerant default gateway.
• Redundancy, Fault-tolerance, & High-availability, all refer to some sort of failover of backup.
ETHERCHANNEL
4. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
- Network resiliency is a key component of network design.
- Resiliency with Layer 2 forwarding is accomplished by adding multiple Layer 2 switches into
a topology.
- Resiliency with Layer 3 forwarding is accomplished by adding multiple Layer 3 paths or
routers.
- The PC could configure its gateway as 172.16.1.2, but what happens when that device fails?
The same problem occurs if the other gateway was configured. How can a host be
configured with more than one gateway?
The deployment of first-hop redundancy protocols (FHRPs) solves the problem of hosts configuring
multiple gateways. FHRPs work by creating a virtual IP (VIP) gateway instance that is shared between
the Layer 3 devices. This course covers the following FHRPs:
• Hot Standby Router Protocol (HSRP)
• Virtual Router Redundancy Protocol (VRRP)
• Gateway Load Balancing Protocol (GLBP)
5. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
Hot Standby Router Protocol (HSRP)
• HSRP stands for Hot Standby Router Protocol & Cisco proprietary protocol.
• There are two versions of Hot Standby Router Protocol (HSRPv1 & HSRPv2).
• Two or more Cisco Routers or Switches on LAN segment form an HSRP group.
• In HSRP, one Cisco Router or Switch assumes the function of “Active” Device.
• In HSRP, other Routers or Switches is known as “Standby” Router or Switch.
• In HSRP, the highest priority gateway is elected as active gateway of group.
• In HSRP the active gateway is the owner of Virtual MAC & Virtual IP address.
• In HSRP, the default priority is set to 100 but it can be easily modify (0-255).
• Highest interface IP becomes Master Switch and preempt option is disabled by default.
• HSRP Version 1 uses Multicast Address 224.0.0.2 for sending the Hello traffic.
• HSRP Version 2 uses Multicast Address 224.0.0.102 for sending the Hello traffic.
• In HSRP, the messages can be authenticated using the clear text or the MD5.
• HSRP Version 1 allows for group numbers ranging from 0 – 255 not more then.
• HSRP Version 2 allows for group numbers ranging from 0 – 4095 which is more.
• HSRP Version 1 virtual MAC 0000. 0c07.acXX. (XX is group no. {0-255}).
• HSRP Version 2 virtual MAC 0000. 0c9f.fXXX. (XXX is group no. {0-4095}).
• HSRP Version 2 support IPv6 address but HSRP version 1 doesn’t support IPV6.
• HSRP Version 1 and HSRP Version 2 are not compatible with each other.
• Load sharing using multiple groups and virtual IP with priority modification.
• In HSRP Version 1 & 2 Default Hello time is 3 seconds, Hold time is 10 seconds.
• On Cisco Router or Switches By default, version 1 is enable until version 2 enabled.
• By default, in all Cisco Routers or Cisco Switches have priority 100.
HSRP does not support preemption by default, so when a router with lower priority becomes
active, it does not automatically transfer its active status to a superior router.
HSRP VERSION 1:
8. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
HSRP-enabled interfaces send and receive multicast UDP-based hello messages to detect any failure
and designate active and standby routers.
If a standby device does not receive a hello message or the active device fails to send a hello
message, the standby device with the second highest priority becomes HSRP active.
The transition of HSRP active between the devices is transparent to all hosts on the segment
because the MAC address moves with the virtual IP address.
STEPS TO CONFIGURE HSRP version 1:
Step 1. Define the HSRP instance by using the command standby instance-id ip vip-address.
Step 2. (Optional) Configure HSRP router preemption to allow a more preferred router to take the
active router status from an inferior active HSRP router. Enable preemption with the
command standby instance-id preempt.
Step 3. (Optional) Define the HSRP priority by using the command standby instance-
id prioritypriority. The priority is a value between 0 and 255.
Step 4. Define the HSRP MAC Address (Optional).
The MAC address can be set with the command standby instance-id mac-address mac-address.
Most organizations accept the automatically generated MAC address, but in some migration
scenarios, the MAC address needs to be statically set to ease transitions when the hosts may have a
different MAC address in their ARP table.
Step 5. (Optional) Define the HSRP timers by using the command standby instance-
id timers {seconds | msec milliseconds}. HSRP can poll in intervals of 1 to 254 seconds or 15 to 999
milliseconds.
HSRPv1 HSRPv2
Timers Does not support millisecond timer values Supports millisecond timer
values
Group range 0 to 255 0 to 4095
Multicast
address
224.0.0.2 224.0.0.102
MAC address
range
0000.0C07.ACxy, where xy is a hex value representing the HSRP
group number
0000.0C9F.F000 to
0000.0C9F.FFFF
9. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
Step 6. (Optional) Establish HSRP authentication by using the command standby instance-
id authentication {text-password | text text-password | md5 {key-chain key-chain | key-string key-
string}}.
It is possible to create multiple HSRP instances for the same interface. Some network architects
configure half of the hosts for one instance and the other half of the hosts for a second instance.
Setting different priorities for each instance makes it possible to load balance the traffic across
multiple routers.
EXAMPLE TO CONFIGURE HSRP:
Device1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device1(config)# interface vlan 10
03:55:35.148: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
Device1(config-if)# ip address 172.16.10.2 255.255.255.0
Device1(config-if)# standby 10 ip 172.16.10.1
03:56:00.097: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Speak -> Standby
Device1(config-if)# standby 10 preempt
Device2(config)# interface vlan 10
03:56:04.478: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state
to down
Device2(config-if)# ip address 172.16.10.3 255.255.255.0
Device2(config-if)# standby 10 ip 172.16.10.1
Device2(config-if)# standby 10 preempt
03:58:22.113: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Standby -> Active
Verify:
show standby [interface-id] [brief]
Device1# show standby
Vlan10 - Group 10
State is Standby
9 state changes, last state change 00:13:12
Virtual IP address is 172.16.10.1
Active virtual MAC address is 0000.0c07.ac0a (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.736 secs
Preemption enabled
Active router is 172.16.10.3, priority 100 (expires in 10.032 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl10-10" (default)
10. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
HSRP LINK (OBJECT) TRACKING:
HSRP provides the capability to link object tracking to priority. For example, assume that traffic
should flow through SW2’s WAN connection whenever feasible. Traffic can be routed by SW3 to
SW2 and then on to SW2’s WAN connection; however, making SW2 the VIP gateway streamlines the
process. But when SW2 loses its link to the WAN, it should move the HSRP active speaker role to
SW3.
This configuration is accomplished as follows:
• Configure a tracked object to SW2’s WAN link (in this example, VLAN 1).
• Change SW2’s priority to a value higher than SW3 (in this case, 110).
• Configure SW2 to lower the priority if the tracked object state changes to down. This is
accomplished with the command standby instance-id track object-id decrement decrement-value.
The decrement value should be high enough so that when it is removed from the priority, the value
is lower than that of the other HSRP router.
Device1(config)# track 1 interface vlan 1 line-protocol
Device1(config-track)# interface vlan 10
Device1(config-if)# standby 10 priority 110
04:44:16.973: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Standby -> Active
Device1(config-if)# standby 10 track 1 decrement 20
Device2# show standby
! Output omitted for brevity
Vlan10 - Group 10
11. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
State is Active
10 state changes, last state change 00:06:12
Virtual IP address is 172.16.10.1
Preemption enabled
Active router is local
Standby router is 172.16.10.3, priority 100 (expires in 9.856 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
HSRP VERSION 2:
HSRP version 2 is designed to address the following restrictions in HSRP version 1:
• In HSRP version 1, millisecond timer values are not advertised or learned. HSRP version 2 advertises
and learns millisecond timer values. This change ensures stability of the HSRP groups in all cases.
• In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands
the group number range from 0 to 4095.
• HSRP version 2 provides improved management and troubleshooting. With HSRP version 1, you
cannot use HSRP active hello messages to identify which physical device sent the message because
the source MAC address is the HSRP virtual MAC address. The HSRP version 2 packet format includes
a 6-byte identifier field that is used to uniquely identify the sender of the message. Typically, this
field is populated with the interface MAC address.
• The multicast address 224.0.0.2 is used to send HSRP hello messages. This address can conflict with
Cisco Group Management Protocol (CGMP) leave processing.
Version 1 is the default version of HSRP.
12. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
• HSRP version 2 uses the new IP multicast address 224.0.0.102 to send hello packets instead of
the multicast address of 224.0.0.2, used by HSRP version 1. This new multicast address allows
CGMP leave processing to be enabled at the same time as HSRP.
• HSRP version 2 permits an expanded group number range, 0 to 4095, and consequently uses a
new MAC address range 0000.0C9F.F000 to 0000.0C9F.FFFF. The increased group number range
does not imply that an interface can, or should, support that many HSRP groups. The expanded
group number range was changed to allow the group number to match the VLAN number on
subinterfaces. Dec to Hexa converter -> http://decimal-to-binary.com/decimal-to-binary-
converter-online.html
• When the HSRP version is changed, each group will reinitialize because it now has a new virtual
MAC address.
• HSRP version 2 has a different packet format than HSRP version 1. The packet format uses a
type-length-value (TLV) format. HSRP version 2 packets received by an HSRP version 1 device will
have the type field mapped to the version field by HSRP version 1 and subsequently ignored.
• A new command will allow changing of the HSRP version on a per-interface level standby version
[1 | 2]. Note that HSRP version 2 will not interoperate with HSRP version 1. However, the
different versions can be run on different physical interfaces of the same router.
TLV is a way of storing data to facilitate quick parsing of that data.
Its mainly used in transferring data in binary format in network communications.
T = Tag/Type , 2 Byte hex value
L = Length , 2 Byte hex value
V = Value, L ASCII characters.
STEPS TO CONFIGURE HSRP VERSION 2:
Device1(config)# interface vlan 350
Device1(config-if)# standby version 2
Device1(config-if)# standby 350 priority 110
Device1(config-if)# standby 350 preempt
Device1(config-if)# standby 350 timers 5 15
Device1(config-if)# standby 350 ip 172.20.100.10
13. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
Virtual Router Redundancy Protocol
Virtual Router Redundancy Protocol (VRRP) is an industry standard and operates similarly to HSRP.
The behavior of VRRP is so close to that of HSRP that the following differences should be noted:
• The preferred active router controlling the VIP gateway is called the master router. All other
VRRP routers are known as backup routers.
• VRRP enables preemption by default.
• The MAC address of the VIP gateway uses the structure 0000.5e00.01xx, where xx reflects the
group ID in hex.
• VRRP uses the multicast address 224.0.0.18 for communication.
There are currently two versions of VRRP:
• VRRPv2: Supports IPv4
• VRRPv3: Supports IPv4 and IPv6
• VRRP, uses multicast IP 224.0.0.18 for hello mechanism and elections.
• VRRP (Virtual Router Redundancy Protocol) uses own transport protocol 112.
• In VRRPv2, the default Hello time is 1 seconds and the Hold time is set to 3 seconds.
• Virtual IP Address can be the same as the real IP address on the interface.
• In VRRP, when you configure gateway IP itself to be VRRP IP, it become master using highest
priority “255”.
• If incase, Real IP and VRRP IP is different, it takes the priority of “100”
• Load sharing can be using multiple group & virtual IP with changing the priority.
STEPS TO CONFIGURE VRRP: (VRRPv2)
Early VRRP configuration supported only VRRPv2 and was non-hierarchical in its configuration.
Step 1. Define the VRRP instance by using the command vrrp instance-id ip vip-address.
w
Step 2. (Optional) Define the VRRP priority by using the command vrrp instance-id priority priority.
The priority is a value between 0 and 255.
Step 3. (Optional) Enable object tracking so that the priority is decremented when the object is false.
Do so by using the command vrrp instance-id track object-id decrement decrement-value. The
decrement value should be high enough so that when it is removed from the priority, the value is
lower than that of the other VRRP router.
14. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
Step 4. (Optional) Establish VRRP authentication by using the command vrrp instance-
id authentication {text-password | text text-password | md5 {key-chain key-chain | key-string key-
string}}.
R2 and R3 are two routes that share a connection to a Layer 2 switch with their Gi0/0 interfaces,
which both are on the 172.16.20.0/24 network. R2 and R3 use VRRP to create the VIP gateway
172.16.20.1.
15. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
R2# configure term
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)# interface GigabitEthernet 0/0
R2(config-if)# ip address 172.16.20.2 255.255.2
R2(config-if)# vrrp 20 ip 172.16.20.1
04:32:14.109: %VRRP-6-STATECHANGE: Gi0/0 Grp 20 state Init -> Backup
04:32:14.113: %VRRP-6-STATECHANGE: Gi0/0 Grp 20 state Init -> Backup
04:32:17.728: %VRRP-6-STATECHANGE: Gi0/0 Grp 20 state Backup -> Master
04:32:47.170: %VRRP-6-STATECHANGE: Gi0/0 Grp 20 state Master -> Backup
16. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
R3# configure term
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)# interface GigabitEthernGi0/0
R3(config-if)# ip add 172.16.20.3 255.255.255.0
04:32:43.550: %VRRP-6-STATECHANGE: Gi0/0 Grp 20 state Init -> Backup
04:32:43.554: %VRRP-6-STATECHANGE: Gi0/0 Grp 20 state Init -> Backup
04:32:47.170: %VRRP-6-STATECHANGE: Gi0/0 Grp 20 state Backup -> Master
VERFICATION:
show vrrp [brief]
R2# show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Gi0/0 20 100 3609 Y Backup 172.16.20.3 172.16.20.1
R2# show vrrp
EthernGi0/0 - Group 20
State is Backup
Virtual IP address is 172.16.20.1
Virtual MAC address is 0000.5e00.0114
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 172.16.20.3, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.904 sec)
STEPS TO CONFIGURE VRRP: (VRRPv3)
VRRP v2 vs VRRP v3:
PARAMETER VRRP v2 VRRP v3
RFC RFC 3768 RFC 5798
PROTOCOL SUPPORTED Supports only IPV4 Supports both IPV4 and IPV6
TIMERS Timers in seconds Timers in Milliseconds
MULTICAST ADDRESS 224.0.0.18 for IPV4 224.0.0.18 for IPV4
FF02:0:0:0:0:0:0:12 for IPV6
VIRTUAL ROUTER ID IPV4 – MAC ADDRESS
0000.5E00.01xx
IPV4 – MAC ADDRESS
0000.5E00.01xx
IPV6 – FF02::12 to send Hello
messages
PREEMPTION Node with same priority value
but higher IP would cause
preemption
Only higher priority would
cause preemption
ENABLE VRRP Enabled on per Interface basis Need to be enabled globally
17. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
The newer version of IOS XE software provides configuration of VRRP in a multi-address format that
is hierarchical.
Step 1. Enable VRRPv3 on the router by using the command fhrp version vrrp v3.
Step 2. Define the VRRP instance by using the command vrrp instance-id address-
family {ipv4 | ipv6}. This places the configuration prompt into the VRRP group for additional
configuration.
Step 3. (Optional) Change VRRP to Version 2 by using the command vrrpv2. VRRPv2 and VRRPv3 are
not compatible.
Step 4. Define the gateway VIP by using the command address ip-address.
Step 5. (Optional) Define the VRRP priority by using the command priority priority. The priority is a
value between 0 and 255.
Step 6. (Optional) Enable object tracking so that the priority is decremented when the object is false.
Do so by using the command track object-id decrement decrement-value. The decrement value
should be high enough so that when it is removed from the priority, the value is lower than that of
the other VRRP router.
CONFIGURATIONS:
SW2# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)# fhrp version vrrp v3
SW2(config)# interface vlan 22
19:45:37.385: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan22, changed
state to up
SW2(config-if)# ip address 172.16.22.2 255.255.255.0
SW2(config-if)# vrrp 22 address-family ipv4
SW2(config-if-vrrp)# address 172.16.22.1
SW2(config-if-vrrp)# track 1 decrement 20
SW2(config-if-vrrp)# priority 110
19:48:00.338: %VRRP-6-STATE: Vlan22 IPv4 group 22 state INIT -> BACKUP
19:48:03.948: %VRRP-6-STATE: Vlan22 IPv4 group 22 state BACKUP -> MASTER
SW3# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)# fhrp version vrrp v3
SW3(config)# interface vlan 22
19:46:13.798: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan22, changed state to up
SW3(config-if)# ip address 172.16.22.3 255.255.255.0
SW3(config-if)# vrrp 22 address-family ipv4
SW3(config-if-vrrp)# address 172.16.22.1
19:48:08.415: %VRRP-6-STATE: Vlan22 IPv4 group 22 state INIT -> BACKUP
18. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
VERIFICATION:
show vrrp [brief]
SW2# show vrrp brief
Interface Grp A-F Pri Time Own Pre State Master addr/Group addr
Vl22 22 IPv4 110 0 N Y MASTER 172.16.22.2(local) 172.16.22.1
SW2# show vrrp
Vlan22 - Group 22 - Address-Family IPv4
State is MASTER
State duration 51.640 secs
Virtual IP address is 172.16.22.1
Virtual MAC address is 0000.5E00.0116
Advertisement interval is 1000 msec
Preemption enabled
Priority is 110
Track object 1 state UP decrement 20
Master Router is 172.16.22.2 (local), priority is 110
Master Advertisement interval is 1000 msec (expires in 564 msec)
Master Down interval is unknown
FLAGS: 1/1
19. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
Global Load Balancing Protocol (GLBP)
As the name suggests, Gateway Load Balancing Protocol (GLBP) provides gateway redundancy and
load-balancing capability to a network segment.
It provides redundancy with an active/standby gateway, and it provides load-balancing capability by
ensuring that each member of the GLBP group takes care of forwarding the traffic to the appropriate
gateway.
All devices running GLBP elect an AVG (Active Virtual Gateway). There will be only one AVG for a
single group running GLBP but other devices can take over this rule if the AVG fails. The role of the
AVG is to assign a virtual MAC address to all other devices running GLBP. All devices will become
an AVF (Active Virtual Forwarder) including the AVG. Whenever a computer sends an ARP Request
the AVG will respond with one of the virtual MAC addresses of the available AVFs. Because of this
mechanism all devices running GLBP will be used to forward IP packets.
GLBP FEATURES
• GLBP members communicate between each other through hello messages sent every 3 seconds
to the multicast address 224.0.0.102, User Datagram Protocol (UDP) port 3222 (source and
destination).
• Load Sharing: You can configure GLBP in such a way that traffic from LAN clients can be shared
by multiple routers, thereby sharing the traffic load more equitably among available routers. The
load sharing available are:
-> Host-dependent: A host will be able to use the same virtual MAC address of an AVF as long as
it is reachable.
-> Round-robin: the AVG will hand out the virtual MAC address of AVF1, then AVF2, AVF3 and
gets back to AVF1 etc. This method is the default.
20. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
-> Weighted: If you want some AVFs to forward more traffic than others you can assign them a
different weight.
To specify the load-balancing method used by the AVG of the GLBP, use the "glbp load-
balancing[host-dependent | round-robin | weighted]" command in interface configuration
mode.
• Multiple Virtual Routers: GLBP supports up to 1024 virtual devices (GLBP groups) on
each physical interface of a device and up to four virtual forwarders per group.
• Preemption: Disabled by default.
• Authentication: You can use a simple text password authentication scheme between GLBP
group members to detect configuration errors. A router within a GLBP group with a different
authentication string than other routers will be ignored by other group members.
> To configure an authentication string for the GLBP, use the "glbp group authentication text
string"
• Tracking: You can track different interfaces to decrement the GLBP weighting by varying
amounts.
"track object-number interface type number {line-protocol | ip routing}"
GLBP Packet Types
GLBP uses 3 different packet types to operate. The packet types are Hello, Request, and
Reply. The Hello packet is used to advertise protocol information. Hello packets are
multicast, and are sent when any virtual gateway or virtual forwarder is in Speak, Standby or
Active state. Request and Reply packets are used for virtual MAC assignment. They are both
unicast messages to and from the active virtual gateway (AVG).
The GLBP contains two roles:
• Active virtual gateway (AVG): The participating routers elect one AVG per GLBP group to
respond to initial ARP requests for the VIP. For example, when a local PC sends an ARP request for
the VIP, the AVG is responsible for replying to the ARP request with the virtual MAC address of the
AVF.
• Active virtual forwarder (AVF): The AVF routes traffic received from assigned hosts. A
unique virtual MAC address is created and assigned by the AVG to the AVFs. The AVF is assigned to a
host when the AVG replies to the ARP request with the assigned AVF’s virtual MAC address. ARP
replies are unicast and are not heard by other hosts on that broadcast segment. When a host sends
traffic to the virtual AVF MAC, the current router is responsible for routing it to the appropriate
network. The AVFs are also recognized as Fwd instances on the routers.
GLBP supports four active AVFs and one AVG per GLBP group. A router can be an AVG and an AVF
at the same time. In the event of a failure of the AVG, there is not a disruption of traffic due to the
AVG role transferring to a standby AVG device. In the event of a failure of an AVF, another router
21. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
takes over the forwarding responsibilities for that AVF, which includes the virtual MAC address for
that instance.
STEPS TO CONFIGURE GLBP
The following steps detail how to configure a GLBP:
Step 1. Define the GLBP instance by using the command glbp instance-id ip vip-address.
Step 2. (Optional) Configure GLBP preemption to allow for a more preferred router to take the
active virtual gateway status from an inferior active GLBP router. Preemption is enabled with the
command glbp instance-id preempt.
Step 3. (Optional) Define the GLBP priority by using the command glbp instance-id priority priority.
The priority is a value between 0 and 255.
Step 4. (Optional) Define the GLBP timers by using the command glbp instance-id timers {hello-
seconds | msec hello-milliseconds} {hold-seconds | msec hold-milliseconds}.
Step 5. (Optional) Establish GLBP authentication by using the command glbp instance-
id authentication {text text-password | md5 {key-chain key-chain | key-string key-string}}.
GLBP Configurations:
SW2 and SW3 configure GLBP for VLAN 30 (172.16.30.0/24), with 172.16.30.1 as the VIP gateway.
SW2# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)# interface vlan 30
SW2(config-if)# ip address 172.16.30.2 255.255.255.0
SW2(config-if)# glbp 30 ip 172.16.30.1
05:41:15.802: %GLBP-6-STATECHANGE: Vlan30 Grp 30 state Speak -> Active
SW2(config-if)#
05:41:25.938: %GLBP-6-FWDSTATECHANGE: Vlan30 Grp 30 Fwd 1 state Listen -> Active
SW2(config-if)# glbp 30 preempt
SW3# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)# interface vlan 30
SW3(config-if)# ip address 172.16.30.3 255.255.255.0
SW3(config-if)# glbp 30 ip 172.16.30.1
05:41:32.239: %GLBP-6-FWDSTATECHANGE: Vlan30 Grp 30 Fwd 2 state Listen -> Active
SW3(config-if)# glbp 30 preempt
The command show glbp brief shows high-level details of the GLBP group, including the interface,
group, active AVG, standby AVG, and statuses of the AVFs.
SW2# show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Vl30 30 - 100 Active 172.16.30.1 local 172.16.30.3
22. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
Vl30 30 1 - Active 0007.b400.1e01 local -
Vl30 30 2 - Listen 0007.b400.1e02 172.16.30.3 -
SW3# show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Vl30 30 - 100 Standby 172.16.30.1 172.16.30.2 local
Vl30 30 1 - Listen 0007.b400.1e01 172.16.30.2 -
Vl30 30 2 - Active 0007.b400.1e02 local -
The command show glbp displays additional information, including the timers, preemption settings,
and statuses for the AVG and AVFs for the GLBP group.
SW2# show glbp
Vlan30 - Group 30
State is Active
1 state change, last state change 00:01:26
Virtual IP address is 172.16.30.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.664 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption enabled, min delay 0 sec
Active is local
Standby is 172.16.30.3, priority 100 (expires in 7.648 sec)
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
70b3.17a7.7b65 (172.16.30.3)
70b3.17e3.cb65 (172.16.30.2) local
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:01:16
MAC address is 0007.b400.1e01 (default)
Owner ID is 70b3.17e3.cb65
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Forwarder 2
State is Listen
MAC address is 0007.b400.1e02 (learnt)
Owner ID is 70b3.17a7.7b65
Redirection enabled, 597.664 sec remaining (maximum 600 sec)
Time to live: 14397.664 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 172.16.30.3 (primary), weighting 100 (expires in 8.160 sec)
By default, GLBP balances the load of traffic in a round-robin fashion. However, GLBP supports three
methods of load balancing traffic:
23. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
-> Host-dependent: A host will be able to use the same virtual MAC address of an AVF as long as it is
reachable.
-> Round-robin: the AVG will hand out the virtual MAC address of AVF1, then AVF2, AVF3 and gets
back to AVF1 etc. This method is the default.
-> Weighted: If you want some AVFs to forward more traffic than others you can assign them a
different weight.
The load-balancing method can be changed with the command glbp instance-id load-
balancing{host-dependent | round-robin | weighted}.
The weighted load-balancing method has the AVG direct traffic to the AVFs based on the percentage
of weight a router has over the total weight of all GLBP routers.
Increasing the weight on more capable, bigger routers allows them to take more traffic than smaller
devices. The weight can be set for a router with the command glbp instance-id weighting weight.
SW2(config)# interface vlan 30
SW2(config-if)# glbp 30 load-balancing weighted
SW2(config-if)# glbp 30 weighting 20
SW3(config)# interface vlan 30
SW3(config-if)# glbp 30 load-balancing weighted
SW3(config-if)# glbp 30 weighting 80
Verification:
SW2# show glbp
Vlan30 - Group 30
State is Active
1 state change, last state change 00:04:55
Virtual IP address is 172.16.30.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.160 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption enabled, min delay 0 sec
Active is local
Standby is 172.16.30.3, priority 100 (expires in 9.216 sec)
Priority 100 (default)
Weighting 20 (configured 20), thresholds: lower 1, upper 20
Load balancing: weighted
Group members:
70b3.17a7.7b65 (172.16.30.3)
70b3.17e3.cb65 (172.16.30.2) local
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:04:44
MAC address is 0007.b400.1e01 (default)
Owner ID is 70b3.17e3.cb65
Redirection enabled
Preemption enabled, min delay 30 sec
24. TRAINER: SAGAR | NetworkJourney.com | www.youtube.com/c/NetworkJourney | LinkedIN
CCNP ENTERPRISE 2020 LAB WORKBOOK|| TRAINER: SAGAR || WWW.YOUTUBE.COM/C/NETWORKJOURNEY
Active is local, weighting 20
Forwarder 2
State is Listen
MAC address is 0007.b400.1e02 (learnt)
Owner ID is 70b3.17a7.7b65
Redirection enabled, 599.232 sec remaining (maximum 600 sec)
Time to live: 14399.232 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 172.16.30.3 (primary), weighting 80 (expires in 9.408 sec)