From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

OECG – Chapter 5

758 Words. Plan about 5 minute(s) to read this.

Moving on from ICMP & getting an address, we now move on to how to move out of our local subnet. For starters then, let’s discuss some protocols that were created because most devices on a network are statically configured with a single gateway.

  • HSRP – Hot Standby Router Protocol, Cisco proprietary.
    • HSRP allows two or more Cisco routers to share a virtual IP and MAC amongst them. One router will be the “active” router, with a second router being the “standby” router.
    • By default, the active router will send out hellos to the other routers in the HSRP group every 3 seconds. If after 10 seconds there are no received Hellos, then a standby router will become active.
    • Routers in HSRP groups have priorities, default of 100, range 1-255. Routers with higher priorities will become active routers over lower priorities.
    • It’s possible to have a router decrement his priority by track an interface; in other words, if a router has an interface go down, he’ll decrement his HSRP priority (handy if you want outbound traffic to fail to a different router if the router you prefer has his WAN link drop).
    • An active router becomes active by winning an election, but if there’s already a active HSRP speaker on the network, you need preemption enabled for the new interface to become active, assuming his priority is higher.
    • The HSRP virtual MAC is 0000.OC07.ACxx, where xx is the hex for the HSRP standby group number you assigned.
    • The HSRP virtual IP address needs to match on each configured router. In addition, the virtual IP must be in the same subnet as the “real” IP assigned to the interface, plus that virtual IP can’t be the same as any of the real IP’s. (If you missed that, to run HSRP, you need at least 3 available IP’s.)
    • You can run multiple HSRP groups on the same interface. This allows you to do some “administrative” (read: painful) load-balancing by pointing one group of hosts to one virtual IP as the default gateway, and another group of host to the other, while still maintaining your redundancy. It’s less painful if you use 2 DHCP servers on the network and tweak their scope options with the different gateways.
    • Although not in the book, I’ll mention that you don’t really need to run HSRP on point to point links, even if you’ve got 4 routers there. A dynamic routing protocol will take care of everything, and will even load balance the links. I’ve seen lots of guys just out of habit configure HSRP on a point to point link where all the participants are going to run EIGRP or OSPF. Heck, even a couple of static routes might be better. HSRP is just a waste in that circumstance.
    • HSRP sample IOS code where you end up with 2 gateways, 192.168.100.1 & 192.168.100.254 Router 1 active for .1, router 2 active for .254, both tracking their serial interfaces:
      • ROUTER1 – interface Vlan100
        • ip address 192.168.100.2 255.255.255.0
        • standby 100 ip 192.168.100.1
        • standby 100 priority 105
        • standby 100 preempt
        • standby 100 track Serial0/0
        • standby 101 ip 192.168.100.254
        • standby 101 track Serial0/1
      • ROUTER2 – interface Vlan100
        • ip address 192.168.100.3 255.255.255.0
        • standby 100 ip 192.168.100.1
        • standby 100 track Serial0/0
        • standby 101 ip 192.168.100.254
        • standby 101 priority 105
        • standby 101 preempt
        • standby 101 track Serial0/1
  • VRRP – virtual router redundancy protocol, RFC 3768. It’s pretty much the same as HSRP, but has some differences:
    • VRRP uses a multicast virtual MAC of 0000.5E00.01xx where xx is the VRRP group number.
    • VRRP doesn’t support interface tracking.
    • VRRP will preempt by default (HSRP does NOT preempt by default, you have to turn it on).
    • VRRP uses the term “Master” as opposed to “Active”.
  • GLBP – gateway load balancing protocol, Cisco proprietary. One of the issues with HSRP and VRRP is that they don’t load-balance for you. You can do the secondary standby group technique, but that’s not really the same thing as a protocol that intelligently load-balances your traffic for you. GLBP fills this gap:
    • Hosts still point to a single gateway address.
    • GLBP will load-balance their traffic across as many as 4 GLBP routers in the group.
    • The GLBP active virtual gateway (AVG) assigns each GLBP router in the group a virtual MAC using the format of 0007.B400.xxyy where xx is the GLBP group number, and yy is a different number for each router (01 through 04).
    • The AVG then listens for ARP request for the gateway, and will respond with one of the as many as 4 different virtual MAC’s. So different hosts on the network will get different MAC’s, essentially load balancing. Which would work great if there’s a lot of hosts on the network, not so well if you’ve got just a few.
    • More GLBP.