Fhrp notes

1,577 views

Published on

NX-OS FHRP for CCIE DC prep

Published in: Education, Technology
  • Be the first to comment

Fhrp notes

  1. 1. FHRP www.silantia.com1  There are 3 types of First Hop Redundancy Protocol (FHRP).  HSRP version 1 and version 2  VRRP  GLBP All above protocol run on per VRF and per VDC basis and all 3 can act as BFD client. Only one of these supports IPv6. FHRP is L3 concept which requires M1 line cards to be present on VDC.
  2. 2. HSRP www.silantia.com2  Hot Standby Router Protocol  Version 1  Uses IP 224.0.0.2 and UDP port 1985 for Hello messages  The virtual MAC address is in form of 0000.0C07.ACxy, where xy is the HSRP group number in hex  Supports up to 255 group  Version 2  Uses IP 224.0.0.102 for Hello messages  Supports large number of HSRP group up to 4095  The virtual MAC address is in form of 0000.0C9F.Fxyz, where xyz is the HSRP group number in hex
  3. 3. HSRP www.silantia.com3  In NX-OS all HSRP configuration is done under hsrp <group#> in interface configuration mode.  One difference to remember is there is no Standby command all standby commands in IOS are replaced with hsrp command.  E.g. show standby brief is replaced with show hsrp brief in NX-OS.  Always turn on “feature hsrp” before configuring anything. Turning on feature loads HSRP commands and software module into NX-OS which will allows you configure HSRP.
  4. 4. HSRP www.silantia.com4  Configuration example. feature hsrp interface Vlan100 no shutdown no ip redirects ip address 10.100.1.2/24 hsrp 100 preempt ! Pre-emption enabled. priority 105 ! higher priority will become active forwarder and responds to ARP for VIP with vMAC address. ip 10.100.1.1 ! Defines VIP track 1 ! Object tracking track 1 interface Ethernet1/3 line-protocol
  5. 5. HSRP www.silantia.com5  Commands to verify HSRP is not show standby. N7K11-pod1# show hsrp Vlan100 - Group 100 (HSRP-V1) (IPv4) Local state is Active, priority 105 (Cfged 105), may preempt Forwarding threshold(for vPC), lower: 1 upper: 105 Hellotime 3 sec, holdtime 10 sec <--------Default timers Next hello sent in 1.721000 sec(s) Virtual IP address is 10.100.1.1 (Cfged) Active router is local Standby router is 10.100.1.3 , priority 100 expires in 3.991000 sec(s) Authentication text "cisco“ <--------Default authentication string Virtual mac address is 0000.0c07.ac64 (Default MAC) 2 state changes, last state change 00:49:12 Track object 1 state UP decrement 10 <--------Default priority decrement value IP redundancy name is hsrp-Vlan100-100 (default)
  6. 6. VPC and HSRP www.silantia.com6  Each vpc peer is a active HSRP forwarder regardless of their priority. i.e if any packet with destination IP address as Virtual IP and MAC address as Virtual MAC address received on a standby gateway it will be routed locally without going thru vpc peer.  You no longer need to configure different priority value for different SVI or No need to configure multiple HSRP group on single interface to load balance traffic.  VPC also introduces a concept of peer-gateway. If peer-gateway is enabled then both vpc peers forward traffic destined to each other’s MAC addresses.  This whole slide will be explained in lab demo.
  7. 7. VPC and HSRP www.silantia.com7 N7K12-pod1# sh mac address-table vlan 100 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID ---------+-----------------+--------+---------+------+----+------------------ G 100 0000.0c07.ac64 static - F F vPC Peer-Link(R) G 100 0022.5579.f742 static - F F sup-eth1(R) * 100 0024.f714.c242 static - F F vPC Peer-Link * 100 000d.ecb4.457c dynamic 840 F F Po10 N7K12-pod1(config)# vpc domain 70 N7K12-pod1(config-vpc-domain)# peer-gateway N7K12-pod1# sh mac address-table vlan 100 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID ---------+-----------------+--------+---------+------+----+------------------ G 100 0000.0c07.ac64 static - F F vPC Peer-Link(R) G 100 0022.5579.f742 static - F F sup-eth1(R) G 100 0024.f714.c242 static - F F vPC Peer-Link(R) * 100 000d.ecb4.457c dynamic 960 F F Po10
  8. 8. VRRP www.silantia.com8  Virtual Router Redundancy Protocol  Router with higher priority becomes Master and other becomes backup.  VRRP allows to configure interface IP address as virtual IP for a group. However, you cannot then configure priority value on that group and it becomes always pre-emptive.  Packets received on a routed port destined for the VRRP virtual IP address terminates on the local router, regardless of whether that router is the master VRRP router or a backup VRRP router.  Up to 255 VRRP groups can be configured on single interface  It uses 224.0.0.18 for hello messages with protocol number 112 .  The valid priority range for a virtual router is from 1 to 254 (1 is the lowest priority and 254 is the highest).
  9. 9. VRRP www.silantia.com9  Configuration feature vrrp interface Vlan101 no shutdown no ip redirects ip address 10.101.1.1/24 vrrp 101 address 10.101.1.1 <---Same VIP as SVI’s IP address no shutdown
  10. 10. VRRP www.silantia.com10  Verification N7K11-pod1# show vrrp detail Vlan101 - Group 101 (IPV4) State is Master Virtual IP address is 10.101.1.1 Priority 255, Configured 100 Forwarding threshold(for VPC), lower: 1 upper: 100 Advertisement interval 1 Preemption enabled Virtual MAC address is 0000.5e00.0165 Master router is Local
  11. 11. GLBP www.silantia.com11  Gateway Load Balancing Protocol  Each member of GLBP group is active forwarder.  Only one router elected as Active virtual gateway. The AVG assigns a virtual MAC address to each member of the GLBP group. The AVG also answers Address Resolution Protocol (ARP) requests for the virtual IP address.  Each router is a active virtual forwarder (AVF) which forwards traffic received on VIP and vMAC.  Packets received on a routed port destined for the GLBP virtual IP address terminate on the local router, regardless of whether that router is the active GLBP router or a redundant GLBP router.  Cisco NX-OS does not support GLBP for IPv6
  12. 12. GLBP www.silantia.com12  Three types of load balancing that you can configure  load-balancing [host-dependent | round-robin | weighted]  Round-robin—GLBP cycles through the virtual MAC addresses sent in ARP replies, load balancing the traffic across all the AVFs.  Weighted—AVG uses the advertised weight for an AVF to decide the load directed to the AVF. A higher weight means that the AVG directs more traffic to the AVF.  Host dependent—GLBP uses the MAC address of the host to determine which virtual MAC address to direct the host to use. This algorithm guarantees that a host gets the same virtual MAC address if the number of virtual forwarders does not change.
  13. 13. GLBP www.silantia.com13  GLBP configuration example feaure glbp interface Vlan102 no shutdown no ip redirects ip address 10.102.1.3/24 glbp 102 ip 10.102.1.1 preempt
  14. 14. GLBP www.silantia.com14  You can configure manual weight on each forwarder. Note that this weight parameter does not influence priority value which is used to elect AVG. N7K-pod1(config)# track 2 interface ethernet 2/2 ip routing N7K-pod1(config)# interface vlan102 N7K-pod1(config-if)# glbp 1 N7K-pod1(config-if-glbp)# weighting 110 lower 95 upper 105 N7K-pod1(config-if-glbp)# weighting track 2 decrement 20 N7K-pod1(config-if-glbp)# forwarder preempt delay minimum 60
  15. 15. GLBP www.silantia.com15  GLBP configuration example N7K12-pod1# sh glbp | no-more Extended-hold (NSF) is Disabled Vlan102 - Group 102 State is Active 3 state change(s), last state change(s) 00:29:37 Virtual IP address is 10.102.1.1 Hello time 3 sec, hold time 10 sec Next hello sent in 53 msec Redirect time 600 sec, forwarder time-out 14400 sec Preemption enabled, min delay 0 sec Active is local Standby is 10.102.1.2, priority 100 (expires in 7.547 sec) Priority 100 (default) Weighting 100 (default 100), thresholds: lower 1, upper 100 Load balancing: round-robin Group members: 0022.5579.F742 (10.102.1.3) local 0024.F714.C242 (10.102.1.2) There are 2 forwarders (1 active) Forwarder 1 State is Active 2 state change(s), last state change 00:29:27 MAC address is 0007.B400.6601 (default) Owner ID is 0022.5579.F742 Preemption enabled, min delay 30 sec Active is local, weighting 100 Forwarder 2 State is Listen 1 state change(s), last state change 00:29:24 MAC address is 0007.B400.6602 (learnt) Owner ID is 0024.F714.C242 Redirection enabled, 597.547 sec remaining (maximum 600 sec) Time to live: 14397.547 sec (maximum 14400 sec) Preemption enabled, min delay 30 sec Active is 10.102.1.2 (primary), weighting 100 (expires in 7.547 sec)
  16. 16. GLBP www.silantia.com16  One popular design with GLBP and fabricpath which can provide upto 4 active virtual forwarder on spine switches. AVF AVF AVF AVF AVGSpine switches Leaf switches Fabricpath
  17. 17. FHRP www.silantia.com17  Q & A

×