There are three types of First Hop Redundancy Protocols (FHRP): HSRP, VRRP, and GLBP. HSRP and VRRP elect an active router to forward traffic for a virtual IP address, while GLBP allows multiple routers to act as active forwarders. Only GLBP supports load balancing traffic across multiple routers. All FHRP protocols run per VRF and VDC.

1. FHRP
www.silantia.com1
 There are 3 types of First Hop Redundancy Protocol (FHRP).
 HSRP version 1 and version 2
 VRRP
 GLBP
All above protocol run on per VRF and per VDC basis and all 3 can act as BFD
client.
Only one of these supports IPv6.
FHRP is L3 concept which requires M1 line cards to be present on VDC.

2. HSRP
www.silantia.com2
 Hot Standby Router Protocol
 Version 1
 Uses IP 224.0.0.2 and UDP port 1985 for Hello messages
 The virtual MAC address is in form of 0000.0C07.ACxy, where xy
is the HSRP group number in hex
 Supports up to 255 group
 Version 2
 Uses IP 224.0.0.102 for Hello messages
 Supports large number of HSRP group up to 4095
 The virtual MAC address is in form of 0000.0C9F.Fxyz, where
xyz is the HSRP group number in hex

3. HSRP
www.silantia.com3
 In NX-OS all HSRP configuration is done under hsrp <group#> in interface
configuration mode.
 One difference to remember is there is no Standby command all standby commands
in IOS are replaced with hsrp command.
 E.g. show standby brief is replaced with show hsrp brief in NX-OS.
 Always turn on “feature hsrp” before configuring anything. Turning on feature loads
HSRP commands and software module into NX-OS which will allows you configure
HSRP.

4. HSRP
www.silantia.com4
 Configuration example.
feature hsrp
interface Vlan100
no shutdown
no ip redirects
ip address 10.100.1.2/24
hsrp 100
preempt ! Pre-emption enabled.
priority 105 ! higher priority will become active forwarder and responds to ARP for
VIP with vMAC address.
ip 10.100.1.1 ! Defines VIP
track 1 ! Object tracking
track 1 interface Ethernet1/3 line-protocol

5. HSRP
www.silantia.com5
 Commands to verify HSRP is not show standby.
N7K11-pod1# show hsrp
Vlan100 - Group 100 (HSRP-V1) (IPv4)
Local state is Active, priority 105 (Cfged 105), may preempt
Forwarding threshold(for vPC), lower: 1 upper: 105
Hellotime 3 sec, holdtime 10 sec <--------Default timers
Next hello sent in 1.721000 sec(s)
Virtual IP address is 10.100.1.1 (Cfged)
Active router is local
Standby router is 10.100.1.3 , priority 100 expires in 3.991000 sec(s)
Authentication text "cisco“ <--------Default authentication string
Virtual mac address is 0000.0c07.ac64 (Default MAC)
2 state changes, last state change 00:49:12
Track object 1 state UP decrement 10 <--------Default priority decrement
value
IP redundancy name is hsrp-Vlan100-100 (default)

6. VPC and HSRP
www.silantia.com6
 Each vpc peer is a active HSRP forwarder regardless of their priority. i.e if any packet with
destination IP address as Virtual IP and MAC address as Virtual MAC address received on a
standby gateway it will be routed locally without going thru vpc peer.
 You no longer need to configure different priority value for different SVI or No need to configure
multiple HSRP group on single interface to load balance traffic.
 VPC also introduces a concept of peer-gateway. If peer-gateway is enabled then both vpc peers
forward traffic destined to each other’s MAC addresses.
 This whole slide will be explained in lab demo.

7. VPC and HSRP
www.silantia.com7
N7K12-pod1# sh mac address-table vlan 100
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
G 100 0000.0c07.ac64 static - F F vPC Peer-Link(R)
G 100 0022.5579.f742 static - F F sup-eth1(R)
* 100 0024.f714.c242 static - F F vPC Peer-Link
* 100 000d.ecb4.457c dynamic 840 F F Po10
N7K12-pod1(config)# vpc domain 70
N7K12-pod1(config-vpc-domain)# peer-gateway
N7K12-pod1# sh mac address-table vlan 100
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
G 100 0000.0c07.ac64 static - F F vPC Peer-Link(R)
G 100 0022.5579.f742 static - F F sup-eth1(R)
G 100 0024.f714.c242 static - F F vPC Peer-Link(R)
* 100 000d.ecb4.457c dynamic 960 F F Po10

8. VRRP
www.silantia.com8
 Virtual Router Redundancy Protocol
 Router with higher priority becomes Master and other becomes backup.
 VRRP allows to configure interface IP address as virtual IP for a group. However, you cannot then
configure priority value on that group and it becomes always pre-emptive.
 Packets received on a routed port destined for the VRRP virtual IP address terminates on the local
router, regardless of whether that router is the master VRRP router or a backup VRRP router.
 Up to 255 VRRP groups can be configured on single interface
 It uses 224.0.0.18 for hello messages with protocol number 112 .
 The valid priority range for a virtual router is from 1 to 254 (1 is the lowest priority and 254 is the
highest).

9. VRRP
www.silantia.com9
 Configuration
feature vrrp
interface Vlan101
no shutdown
no ip redirects
ip address 10.101.1.1/24
vrrp 101
address 10.101.1.1 <---Same VIP as SVI’s IP address
no shutdown

10. VRRP
www.silantia.com10
 Verification
N7K11-pod1# show vrrp detail
Vlan101 - Group 101 (IPV4)
State is Master
Virtual IP address is 10.101.1.1
Priority 255, Configured 100
Forwarding threshold(for VPC), lower: 1 upper: 100
Advertisement interval 1
Preemption enabled
Virtual MAC address is 0000.5e00.0165
Master router is Local

11. GLBP
www.silantia.com11
 Gateway Load Balancing Protocol
 Each member of GLBP group is active forwarder.
 Only one router elected as Active virtual gateway. The AVG assigns a virtual MAC address to
each member of the GLBP group. The AVG also answers Address Resolution Protocol (ARP)
requests for the virtual IP address.
 Each router is a active virtual forwarder (AVF) which forwards traffic received on VIP and vMAC.
 Packets received on a routed port destined for the GLBP virtual IP address terminate on the
local router, regardless of whether that router is the active GLBP router or a redundant GLBP
router.
 Cisco NX-OS does not support GLBP for IPv6

12. GLBP
www.silantia.com12
 Three types of load balancing that you can configure
 load-balancing [host-dependent | round-robin | weighted]
 Round-robin—GLBP cycles through the virtual MAC addresses sent in ARP replies, load
balancing the traffic across all the AVFs.
 Weighted—AVG uses the advertised weight for an AVF to decide the load directed to the AVF. A
higher weight means that the AVG directs more traffic to the AVF.
 Host dependent—GLBP uses the MAC address of the host to determine which virtual MAC
address to direct the host to use. This algorithm guarantees that a host gets the same virtual
MAC address if the number of virtual forwarders does not change.

13. GLBP
www.silantia.com13
 GLBP configuration example
feaure glbp
interface Vlan102
no shutdown
no ip redirects
ip address 10.102.1.3/24
glbp 102
ip 10.102.1.1
preempt

14. GLBP
www.silantia.com14
 You can configure manual weight on each forwarder. Note that this weight parameter does not
influence priority value which is used to elect AVG.
N7K-pod1(config)# track 2 interface ethernet 2/2 ip routing
N7K-pod1(config)# interface vlan102
N7K-pod1(config-if)# glbp 1
N7K-pod1(config-if-glbp)# weighting 110 lower 95 upper 105
N7K-pod1(config-if-glbp)# weighting track 2 decrement 20
N7K-pod1(config-if-glbp)# forwarder preempt delay minimum 60

15. GLBP
www.silantia.com15
 GLBP configuration example
N7K12-pod1# sh glbp | no-more
Extended-hold (NSF) is Disabled
Vlan102 - Group 102
State is Active
3 state change(s), last state change(s) 00:29:37
Virtual IP address is 10.102.1.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 53 msec
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption enabled, min delay 0 sec
Active is local
Standby is 10.102.1.2, priority 100 (expires in 7.547 sec)
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0022.5579.F742 (10.102.1.3) local
0024.F714.C242 (10.102.1.2)
There are 2 forwarders (1 active)
Forwarder 1
State is Active
2 state change(s), last state change 00:29:27
MAC address is 0007.B400.6601 (default)
Owner ID is 0022.5579.F742
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Forwarder 2
State is Listen
1 state change(s), last state change 00:29:24
MAC address is 0007.B400.6602 (learnt)
Owner ID is 0024.F714.C242
Redirection enabled, 597.547 sec remaining (maximum 600 sec)
Time to live: 14397.547 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 10.102.1.2 (primary), weighting 100 (expires in 7.547 sec)

16. GLBP
www.silantia.com16
 One popular design with GLBP and fabricpath which can provide upto 4 active virtual
forwarder on spine switches.
AVF AVF AVF AVF
AVGSpine switches
Leaf switches
Fabricpath

17. FHRP
www.silantia.com17
 Q & A