Configuring GLBP Cisco

Configuring Glbp Cisco-PDF Download

  • Date:21 Apr 2020
  • Views:29
  • Downloads:0
  • Pages:28
  • Size:1.54 MB

Share Pdf : Configuring Glbp Cisco

Download and Preview : Configuring Glbp Cisco


Report CopyRight/DMCA Form For : Configuring Glbp Cisco


Description:

Configuring GLBP GatewayLoadBalancingProtocol GLBP protectsdatatrafficfromafaileddeviceorcircuit likeHot StandbyRouterProtocol HSRP andVirtualRouterRedundancyProtocol

Transcription:

Configuring GLBP,Prerequisites for GLBP,Prerequisites for GLBP. Before configuring GLBP ensure that the devices can support multiple MAC addresses on the physical. interfaces For each GLBP forwarder to be configured an additional MAC address is used. Information About GLBP,GLBP Overview, GLBP provides automatic device backup for IP hosts configured with a single default gateway on an IEEE. 802 3 LAN Multiple first hop devices on the LAN combine to offer a single virtual first hop IP device while. sharing the IP packet forwarding load Other devices on the LAN act as redundant GLBP devices that will. become active if any of the existing forwarding devices fail. GLBP performs a similar function for the user as HSRP and VRRP HSRP and VRRP allow multiple devices. to participate in a virtual device group configured with a virtual IP address One member is elected to be the. active device to forward packets sent to the virtual IP address for the group The other devices in the group. are redundant until the active device fails These standby devices have unused bandwidth that the protocol is. not using Although multiple virtual device groups can be configured for the same set of devices the hosts. must be configured for different default gateways which results in an extra administrative burden The. advantage of GLBP is that it additionally provides load balancing over multiple devices gateways using a. single virtual IP address and multiple virtual MAC addresses The forwarding load is shared among all devices. in a GLBP group rather than being handled by a single device while the other devices stand idle Each host. is configured with the same virtual IP address and all devices in the virtual device group participate in. forwarding packets GLBP members communicate between each other through hello messages sent every 3. seconds to the multicast address 224 0 0 102 UDP port 3222 source and destination. GLBP Packet Types, GLBP uses 3 different packet types to operate The packet types are Hello Request and Reply The Hello. packet is used to advertise protocol information Hello packets are multicast and are sent when any virtual. gateway or virtual forwarder is in Speak Standby or Active state Request and Reply packets are used for. virtual MAC assignment They are both unicast messages to and from the active virtual gateway AVG. GLBP Active Virtual Gateway, Members of a GLBP group elect one gateway to be the active virtual gateway AVG for that group Other. group members provide backup for the AVG if the AVG becomes unavailable The AVG assigns a virtual. MAC address to each member of the GLBP group Each gateway assumes responsibility for forwarding. packets sent to the virtual MAC address assigned to it by the AVG These gateways are known as active. virtual forwarders AVFs for their virtual MAC address. The AVG is also responsible for answering Address Resolution Protocol ARP requests for the virtual IP. address Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC. Prior to Cisco IOS Release 15 0 1 M1 and 12 4 24 T2 when the no glbp load balancing command is. configured the AVG always responds to ARP requests with the MAC address of its AVF. First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP,GLBP Virtual MAC Address Assignment.
In Cisco IOS Release 15 0 1 M1 and 12 4 24 T2 and later releases when the no glbp load balancing. command is configured if the AVG does not have an AVF it preferentially responds to ARP requests with. the MAC address of the first listening virtual forwarder VF which will causes traffic to route via another. gateway until that VF migrates back to being the current AVG. In the figure below Router A or Device A is the AVG for a GLBP group and is responsible for the virtual. IP address 10 21 8 10 Router A is also an AVF for the virtual MAC address 0007 b400 0101 Router B or. Device B is a member of the same GLBP group and is designated as the AVF for the virtual MAC address. 0007 b400 0102 Client 1 has a default gateway IP address of 10 21 8 10 and a gateway MAC address of. 0007 b400 0101 Client 2 shares the same default gateway IP address but receives the gateway MAC address. 0007 b400 0102 because Router B is sharing the traffic load with Router A. Figure 1 GLBP Topology, If Router A becomes unavailable Client 1 will not lose access to the WAN because Router B will assume. responsibility for forwarding packets sent to the virtual MAC address of Router A and for responding to. packets sent to its own virtual MAC address Router B will also assume the role of the AVG for the entire. GLBP group Communication for the GLBP members continues despite the failure of a device in the GLBP. GLBP Virtual MAC Address Assignment, A GLBP group allows up to four virtual MAC addresses per group The AVG is responsible for assigning. the virtual MAC addresses to each member of the group Other group members request a virtual MAC address. after they discover the AVG through hello messages Gateways are assigned the next MAC address in sequence. A virtual forwarder that is assigned a virtual MAC address by the AVG is known as a primary virtual forwarder. Other members of the GLBP group learn the virtual MAC addresses from hello messages A virtual forwarder. that has learned the virtual MAC address is referred to as a secondary virtual forwarder. First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP,GLBP Virtual Gateway Redundancy,GLBP Virtual Gateway Redundancy. GLBP operates virtual gateway redundancy in the same way as HSRP One gateway is elected as the AVG. another gateway is elected as the standby virtual gateway and the remaining gateways are placed in a listen. If an AVG fails the standby virtual gateway will assume responsibility for the virtual IP address A new. standby virtual gateway is then elected from the gateways in the listen state. GLBP Virtual Forwarder Redundancy, Virtual forwarder redundancy is similar to virtual gateway redundancy with an AVF If the AVF fails one of. the secondary virtual forwarders in the listen state assumes responsibility for the virtual MAC address. The new AVF is also a primary virtual forwarder for a different forwarder number GLBP migrates hosts. away from the old forwarder number using two timers that start as soon as the gateway changes to the active. virtual forwarder state GLBP uses the hello messages to communicate the current state of the timers. The redirect time is the interval during which the AVG continues to redirect hosts to the old virtual forwarder. MAC address When the redirect time expires the AVG stops using the old virtual forwarder MAC address. in ARP replies although the virtual forwarder will continue to forward packets that were sent to the old virtual. forwarder MAC address, The secondary holdtime is the interval during which the virtual forwarder is valid When the secondary.
holdtime expires the virtual forwarder is removed from all gateways in the GLBP group The expired virtual. forwarder number becomes eligible for reassignment by the AVG. GLBP Gateway Priority, GLBP gateway priority determines the role that each GLBP gateway plays and what happens if the AVG. Priority also determines if a GLBP device functions as a backup virtual gateway and the order of ascendancy. to becoming an AVG if the current AVG fails You can configure the priority of each backup virtual gateway. with a value of 1 through 255 using the glbp priority command. In the GLBP Topology figure if Router A or Device A the AVG in a LAN topology fails an election. process takes place to determine which backup virtual gateway should take over In this example Router B. or Device B is the only other member in the group so it will automatically become the new AVG If another. device existed in the same GLBP group with a higher priority then the device with the higher priority would. be elected If both devices have the same priority the backup virtual gateway with the higher IP address would. be elected to become the active virtual gateway, By default the GLBP virtual gateway preemptive scheme is disabled A backup virtual gateway can become. the AVG only if the current AVG fails regardless of the priorities assigned to the virtual gateways You can. enable the GLBP virtual gateway preemptive scheme using the glbp preempt command Preemption allows. a backup virtual gateway to become the AVG if the backup virtual gateway is assigned a higher priority than. the current AVG, First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP,GLBP Gateway Weighting and Tracking. GLBP Gateway Weighting and Tracking, GLBP uses a weighting scheme to determine the forwarding capacity of each device in the GLBP group The.
weighting assigned to a device in the GLBP group can be used to determine whether it will forward packets. and if so the proportion of hosts in the LAN for which it will forward packets Thresholds can be set to. disable forwarding when the weighting for a GLBP group falls below a certain value and when it rises above. another threshold forwarding is automatically reenabled. The GLBP group weighting can be automatically adjusted by tracking the state of an interface within the. device If a tracked interface goes down the GLBP group weighting is reduced by a specified value Different. interfaces can be tracked to decrement the GLBP weighting by varying amounts. By default the GLBP virtual forwarder preemptive scheme is enabled with a delay of 30 seconds A backup. virtual forwarder can become the AVF if the current AVF weighting falls below the low weighting threshold. for 30 seconds You can disable the GLBP forwarder preemptive scheme using the no glbp forwarder. preempt command or change the delay using the glbp forwarder preempt delay minimum command. GLBP MD5 Authentication, GLBP MD5 authentication uses the industry standard MD5 algorithm for improved reliability and security. MD5 authentication provides greater security than the alternative plain text authentication scheme and protects. against spoofing software, MD5 authentication allows each GLBP group member to use a secret key to generate a keyed MD5 hash that. is part of the outgoing packet A keyed hash of an incoming packet is generated and if the hash within the. incoming packet does not match the generated hash the packet is ignored. The key for the MD5 hash can either be given directly in the configuration using a key string or supplied. indirectly through a key chain The key string cannot exceed 100 characters in length. A device will ignore incoming GLBP packets from devices that do not have the same authentication. configuration for a GLBP group GLBP has three authentication schemes. No authentication,Plain text authentication,MD5 authentication. GLBP packets will be rejected in any of the following cases. The authentication schemes differ on the device and in the incoming packet. MD5 digests differ on the device and in the incoming packet. Text authentication strings differ on the device and in the incoming packet. GLBP supports In Service Software Upgrade ISSU ISSU allows a high availability HA system to run in. Stateful Switchover SSO mode even when different versions of Cisco IOS software are running on the active. and standby Route Processors RPs or line cards, First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP, ISSU provides the ability to upgrade or downgrade from one supported Cisco IOS release to another while.
continuing to forward packets and maintain sessions thereby reducing planned outage time The ability to. upgrade or downgrade is achieved by running different software versions on the active RP and standby RP. for a short period of time to maintain state information between RPs This feature allows the system to switch. over to a secondary RP running upgraded or downgraded software and continue forwarding packets without. session loss and with minimal or no packet loss This feature is enabled by default. For detailed information about ISSU see the Cisco IOS In Service Software Upgrade Process in the Cisco. IOS High Availability Configuration Guide, For detailed information about ISSU on the 7600 series devices see the ISSU and eFSU on Cisco 7600 Series. Routers document, With the introduction of the GLBP SSO functionality GLBP is stateful switchover SSO aware GLBP can. detect when a device is failing over to the secondary router processor RP and continue in its current group. SSO functions in networking devices usually edge devices that support dual RPs SSO provides RP redundancy. by establishing one of the RPs as the active processor and the other RP as the standby processor SSO also. synchronizes critical state information between the RPs so that network state information is dynamically. maintained between RPs, Without SSO awareness if GLBP is deployed on a device with redundant RPs a switchover of roles between. the active RP and the standby RP results in the device relinquishing its activity as a GLBP group member and. then rejoining the group as if it had been reloaded The GLBP SSO feature enables GLBP to continue its. activities as a group member during a switchover GLBP state information between redundant RPs is maintained. so that the standby RP can continue the device s activities within the GLBP during and after a switchover. This feature is enabled by default To disable this feature use the no glbp sso command in global configuration. For more information see the Stateful Swithover document in the Cisco IOS High Availability Configuration. GLBP Benefits,Load Sharing, You can configure GLBP in such a way that traffic from LAN clients can be shared by multiple devices. thereby sharing the traffic load more equitably among available devices. Multiple Virtual Devices, GLBP supports up to 1024 virtual devices GLBP groups on each physical interface of a device and up to.
four virtual forwarders per group,Preemption, The redundancy scheme of GLBP enables you to preempt an active virtual gateway AVG with a higher. priority backup virtual gateway that has become available Forwarder preemption works in a similar way. except that forwarder preemption uses weighting instead of priority and is enabled by default. First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP,How to Configure GLBP,Authentication. GLBP supports the industry standard message digest 5 MD5 algorithm for improved reliability security. and protection against GLBP spoofing software A device within a GLBP group with a different authentication. string than other devices will be ignored by other group members You can alternatively use a simple text. password authentication scheme between GLBP group members to detect configuration errors. How to Configure GLBP,Enabling and Verifying GLBP, Perform this task to enable GLBP on an interface and verify its configuration and operation GLBP is designed. to be easy to configure Each gateway in a GLBP group must be configured with the same group number and. at least one gateway in the GLBP group must be configured with the virtual IP address to be used by the. group All other required parameters can be learned. Before You Begin, If VLANs are in use on an interface the GLBP group number must be different for each VLAN. SUMMARY STEPS,2 configure terminal,3 interface type number.
4 ip address ip address mask secondary,5 glbp group ip ip address secondary. 7 show glbp interface type interface number group state brief. DETAILED STEPS,Command or Action Purpose,Step 1 enable Enables privileged EXEC mode. Enter your password if prompted,Device enable, Step 2 configure terminal Enters global configuration mode. Device configure terminal, First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP,Enabling and Verifying GLBP,Command or Action Purpose.
Step 3 interface type number Specifies an interface type and number and enters interface. configuration mode, Step 4 ip address ip address mask secondary Specifies a primary or secondary IP address for an interface. Device config if ip address 10 21 8 32,255 255 255 0. Step 5 glbp group ip ip address secondary Enables GLBP on an interface and identifies the primary IP address. of the virtual gateway, Example After you identify a primary IP address you can use the glbp. Device config if glbp 10 ip 10 21 8 10 group ip command again with the secondary keyword to. indicate additional IP addresses supported by this group. Step 6 exit Exits interface configuration mode and returns the device to global. configuration mode,Device config if exit, Step 7 show glbp interface type interface number Optional Displays information about GLBP groups on a device. group state brief, Use the optional brief keyword to display a single line of.
information about each virtual gateway or virtual forwarder. Device config show glbp 10, In the following example sample output is displayed about the status of the GLBP group named 10 on the. Device show glbp 10,GigabitEthernet0 0 0 Group 10,State is Active. 2 state changes last state change 23 50 33,Virtual IP address is 10 21 8 10. Hello time 5 sec hold time 18 sec,Next hello sent in 4 300 secs. Redirect time 600 sec forwarder time out 7200 sec,Authentication text stringabc.
Preemption enabled min delay 60 sec,Active is local. Standby is unknown,Priority 254 configured, Weighting 105 configured 110 thresholds lower 95 upper 105. Track object 2 state Down decrement 5,Load balancing host dependent. First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP,Customizing GLBP,There is 1 forwarder 1 active. Forwarder 1,State is Active,1 state change last state change 23 50 15.
MAC address is 0007 b400 0101 default,Owner ID is 0005 0050 6c08. Redirection enabled,Preemption enabled min delay 60 sec. Active is local weighting 105,Customizing GLBP, Customizing the behavior of GLBP is optional Be aware that as soon as you enable a GLBP group that group. is operating It is possible that if you first enable a GLBP group before customizing GLBP the device could. take over control of the group and become the AVG before you have finished customizing the feature. Therefore if you plan to customize GLBP it is a good idea to do so before enabling GLBP. SUMMARY STEPS,2 configure terminal,3 interface type number. 4 ip address ip address mask secondary,5 glbp group timers msec hellotime msec holdtime.
6 glbp group timers redirect redirect timeout, 7 glbp group load balancing host dependent round robin weighted. 8 glbp group priority level,9 glbp group preempt delay minimum seconds. 10 glbp group client cache maximum number timeout minutes. 11 glbp group name redundancy name,13 no glbp sso,DETAILED STEPS. Command or Action Purpose,Step 1 enable Enables privileged EXEC mode. Enter your password if prompted,Device enable, Step 2 configure terminal Enters global configuration mode.
Device configure terminal, First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP,Customizing GLBP,Command or Action Purpose. Step 3 interface type number Specifies an interface type and number and enters interface configuration. Device config interface fastethernet, Step 4 ip address ip address mask secondary Specifies a primary or secondary IP address for an interface. Device config if ip address,10 21 8 32 255 255 255 0. Step 5 glbp group timers msec hellotime msec Configures the interval between successive hello packets sent by the AVG. holdtime in a GLBP group, The holdtime argument specifies the interval in seconds before the.
Example virtual gateway and virtual forwarder information in the hello packet. Device config if glbp 10 timers 5 is considered invalid. The optional msec keyword specifies that the following argument. will be expressed in milliseconds instead of the default seconds. Step 6 glbp group timers redirect redirect timeout Configures the time interval during which the AVG continues to redirect. clients to an AVF The default is 600 seconds 10 minutes. Example The timeout argument specifies the interval in seconds before a. Device config if glbp 10 timers secondary virtual forwarder becomes invalid The default is 14 400. redirect 1800 28800 seconds 4 hours, Note The zero value for the redirect argument cannot be removed from. the range of acceptable values because preexisting configurations. of Cisco IOS software already using the zero value could be. negatively affected during an upgrade However a zero setting. is not recommended and if used results in a redirect timer that. never expires If the redirect timer does not expire and the device. fails new hosts continue to be assigned to the failed device instead. of being redirected to the backup, Step 7 glbp group load balancing host dependent Specifies the method of load balancing used by the GLBP AVG. round robin weighted,Device config if glbp 10,load balancing host dependent. Step 8 glbp group priority level Sets the priority level of the gateway within a GLBP group. First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP,Customizing GLBP,Command or Action Purpose. The default value is 100,Device config if glbp 10 priority.
Step 9 glbp group preempt delay minimum Configures the device to take over as AVG for a GLBP group if it has a. seconds higher priority than the current AVG,This command is disabled by default. Use the optional delay and minimum keywords and the seconds. Device config if glbp 10 preempt, delay minimum 60 argument to specify a minimum delay interval in seconds before. preemption of the AVG takes place, Step 10 glbp group client cache maximum number Optional Enables the GLBP client cache. timeout minutes,This command is disabled by default. Example Use the number argument to specify the maximum number of clients. the cache will hold for this GLBP group The range is from 8 to 2000. Device config if glbp 10, client cache maximum 1200 timeout 245 Use the optional timeout minutes keyword and argument pair to.
configure the maximum amount of time a client entry can stay in the. GLBP client cache after the client information was last updated The. range is from 1 to 1440 minutes one day, Note For IPv4 networks Cisco recommends setting a GLBP client. cache timeout value that is slightly longer than the maximum. expected end host Address Resolution Protocol ARP cache. timeout value, Step 11 glbp group name redundancy name Enables IP redundancy by assigning a name to the GLBP group. The GLBP redundancy client must be configured with the same. Example GLBP group name so the redundancy client and the GLBP group. Device config if glbp 10 name abc123 can be connected. Step 12 exit Exits interface configuration mode and returns the device to global. configuration mode,Device config if exit, Step 13 no glbp sso Optional Disables GLBP support of SSO. Device config no glbp sso, First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP, Configuring GLBP MD5 Authentication Using a Key String.
Configuring GLBP MD5 Authentication Using a Key String. SUMMARY STEPS,2 configure terminal,3 interface type number. 4 ip address ip address mask secondary, 5 glbp group number authentication md5 key string 0 7 key. 6 glbp group number ip ip address secondary, 7 Repeat Steps 1 through 6 on each device that will communicate. 9 show glbp,DETAILED STEPS,Command or Action Purpose. Step 1 enable Enables privileged EXEC mode,Enter your password if prompted.
Device enable, Step 2 configure terminal Enters global configuration mode. Device configure terminal, Step 3 interface type number Configures an interface type and enters interface configuration. Device config interface Ethernet0 1, Step 4 ip address ip address mask secondary Specifies a primary or secondary IP address for an interface. Device config if ip address 10 0 0 1,255 255 255 0. Step 5 glbp group number authentication md5 key string Configures an authentication key for GLBP MD5 authentication. The key string cannot exceed 100 characters in length. First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP, Configuring GLBP MD5 Authentication Using a Key Chain.
Command or Action Purpose, No prefix to the key argument or specifying 0 means the. Example key is unencrypted, Device config if glbp 1 authentication md5 Specifying 7 means the key is encrypted The key string. key string d00b4r987654321a authentication key will automatically be encrypted if the. service password encryption global configuration,command is enabled. Step 6 glbp group number ip ip address secondary Enables GLBP on an interface and identifies the primary IP. address of the virtual gateway,Device config if glbp 1 ip 10 0 0 10. Step 7 Repeat Steps 1 through 6 on each device that will. communicate,Step 8 end Returns to privileged EXEC mode.
Device config if end, Step 9 show glbp Optional Displays GLBP information. Use this command to verify your configuration The key. Example string and authentication type will be displayed if. Device show glbp configured, Configuring GLBP MD5 Authentication Using a Key Chain. Perform this task to configure GLBP MD5 authentication using a key chain Key chains allow a different key. string to be used at different times according to the key chain configuration GLBP will query the appropriate. key chain to obtain the current live key and key ID for the specified key chain. First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP, Configuring GLBP MD5 Authentication Using a Key Chain. SUMMARY STEPS,2 configure terminal,3 key chain name of chain. 4 key key id,5 key string string,8 interface type number.
9 ip address ip address mask secondary, 10 glbp group number authentication md5 key chain name of chain. 11 glbp group number ip ip address secondary, 12 Repeat Steps 1 through 10 on each device that will communicate. 14 show glbp,15 show key chain,DETAILED STEPS,Command or Action Purpose. Step 1 enable Enables privileged EXEC mode,Enter your password if prompted. Device enable, Step 2 configure terminal Enters global configuration mode.
Device configure terminal, Step 3 key chain name of chain Enables authentication for routing protocols and identifies a. group of authentication keys and enters key chain,Example configuration mode. Device config key chain glbp2, Step 4 key key id Identifies an authentication key on a key chain. The value for the key id argument must be a number. Device config keychain key 100, First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S. Configuring GLBP, Configuring GLBP MD5 Authentication Using a Key Chain.
Command or Action Purpose, Step 5 key string string Specifies the authentication string for a key and enters. key chain key configuration mode, Example The value for the string argument can be 1 to 80. Device config keychain key key string uppercase or lowercase alphanumeric characters the. abc123 first character cannot be a numeral, Step 6 exit Returns to key chain configuration mode. Device config keychain key exit,Step 7 exit Returns to global configuration mode. Device config keychain exit, Step 8 interface type number Configures an interface type and enters interface configuration.
Device config interface Ethernet0 1, Step 9 ip address ip address mask secondary Specifies a primary or secondary IP address for an interface. Device config if ip address 10 21 0 1,255 255 255 0. Step 10 glbp group number authentication md5 key chain Configures an authentication MD5 key chain for GLBP MD5. name of chain authentication, The key chain name must match the name specified in. Example Step 3,Device config if glbp 1 authentication md5. key chain glbp2, Step 11 glbp group number ip ip address secondary Enables GLBP on an interface and identifies the primary IP.
address of the virtual gateway,Device config if glbp 1 ip 10 21 0 12. Step 12 Repeat Steps 1 through 10 on each device that will. communicate, First Hop Redundancy Protocols Configuration Guide Cisco IOS XE Release 3S.

Related Books