The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active gateway and used to forward traffic whilst the rest are unused until the active one fails. In this tutorial, we will learn how GLBP works. The election is based on the priority of each gateway highest priority wins. If all of them have the same priority then the gateway with the highest real IP address becomes the AVG. For example in the topology above suppose all of the gateways have the same priority and GLBP is turned on at the same time on all gateways or they are configured with the preempt feature , R4 will be elected AVG because of its highest IP address
|Country:||United Arab Emirates|
|Published (Last):||4 December 2019|
|PDF File Size:||4.49 Mb|
|ePub File Size:||5.37 Mb|
|Price:||Free* [*Free Regsitration Required]|
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table. Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www. An account on Cisco. Multiple first-hop devices on the LAN combine to offer a single virtual first-hop IP device while sharing the IP packet forwarding load.
One member is elected to be the active device to forward packets sent to the virtual IP address for the group. The other devices in the group are redundant until the active device fails. These standby devices have unused bandwidth that the protocol is not using.
Although multiple virtual device groups can be configured for the same set of devices, the hosts must be configured for different default gateways, which results in an extra administrative burden. The advantage of GLBP is that it additionally provides load balancing over multiple devices gateways using a single virtual IP address and multiple virtual MAC addresses. The forwarding load is shared among all devices in a GLBP group rather than being handled by a single device while the other devices stand idle.
Each host is configured with the same virtual IP address, and all devices in the virtual device group participate in forwarding packets. GLBP members communicate between each other through hello messages sent every 3 seconds to the multicast address GLBP uses 3 different packet types to operate.
The packet types are Hello, Request, and Reply. The Hello packet is used to advertise protocol information. Hello packets are multicast, and are sent when any virtual gateway or virtual forwarder is in Speak, Standby or Active state. Request and Reply packets are used for virtual MAC assignment. They are both unicast messages to and from the active virtual gateway AVG. Client 1 has a default gateway IP address of Gateways are assigned the next MAC address in sequence. A virtual forwarder that has learned the virtual MAC address is referred to as a secondary virtual forwarder.
One gateway is elected as the AVG, another gateway is elected as the standby virtual gateway, and the remaining gateways are placed in a listen state. A new standby virtual gateway is then elected from the gateways in the listen state. Virtual forwarder redundancy is similar to virtual gateway redundancy with an AVF. If the AVF fails, one of the secondary virtual forwarders in the listen state assumes responsibility for the virtual MAC address. The new AVF is also a primary virtual forwarder for a different forwarder number.
GLBP migrates hosts away from the old forwarder number using two timers that start as soon as the gateway changes to the active virtual forwarder state. GLBP uses the hello messages to communicate the current state of the timers. The redirect time is the interval during which the AVG continues to redirect hosts to the old virtual forwarder MAC address. When the redirect time expires, the AVG stops using the old virtual forwarder MAC address in ARP replies, although the virtual forwarder will continue to forward packets that were sent to the old virtual forwarder MAC address.
The secondary holdtime is the interval during which the virtual forwarder is valid. When the secondary holdtime expires, the virtual forwarder is removed from all gateways in the GLBP group.
The expired virtual forwarder number becomes eligible for reassignment by the AVG. You can configure the priority of each backup virtual gateway with a value of 1 through using the glbp priority command.
If another device existed in the same GLBP group with a higher priority, then the device with the higher priority would be elected.
If both devices have the same priority, the backup virtual gateway with the higher IP address would be elected to become the active virtual gateway. By default, the GLBP virtual gateway preemptive scheme is disabled. A backup virtual gateway can become the AVG only if the current AVG fails, regardless of the priorities assigned to the virtual gateways.
You can enable the GLBP virtual gateway preemptive scheme using the glbp preempt command. Preemption allows a backup virtual gateway to become the AVG, if the backup virtual gateway is assigned a higher priority than the current AVG. The weighting assigned to a device in the GLBP group can be used to determine whether it will forward packets and, if so, the proportion of hosts in the LAN for which it will forward packets.
Thresholds can be set to disable forwarding when the weighting for a GLBP group falls below a certain value, and when it rises above another threshold, forwarding is automatically reenabled. The GLBP group weighting can be automatically adjusted by tracking the state of an interface within the device. If a tracked interface goes down, the GLBP group weighting is reduced by a specified value.
Different interfaces can be tracked to decrement the GLBP weighting by varying amounts. By default, the GLBP virtual forwarder preemptive scheme is enabled with a delay of 30 seconds. A backup virtual forwarder can become the AVF if the current AVF weighting falls below the low weighting threshold for 30 seconds.
You can disable the GLBP forwarder preemptive scheme using the no glbp forwarder preempt command or change the delay using the glbp forwarder preempt delay minimum command.
MD5 authentication provides greater security than the alternative plain text authentication scheme and protects against spoofing software. A keyed hash of an incoming packet is generated and, if the hash within the incoming packet does not match the generated hash, the packet is ignored. The key for the MD5 hash can either be given directly in the configuration using a key string or supplied indirectly through a key chain.
The key string cannot exceed characters in length. GLBP has three authentication schemes:. The authentication schemes differ on the device and in the incoming packet. Text authentication strings differ on the device and in the incoming packet.
ISSU provides the ability to upgrade or downgrade from one supported Cisco IOS release to another while continuing to forward packets and maintain sessions, thereby reducing planned outage time. The ability to upgrade or downgrade is achieved by running different software versions on the active RP and standby RP for a short period of time to maintain state information between RPs.
This feature allows the system to switch over to a secondary RP running upgraded or downgraded software and continue forwarding packets without session loss and with minimal or no packet loss. This feature is enabled by default. GLBP can detect when a device is failing over to the secondary router processor RP and continue in its current group state. SSO functions in networking devices usually edge devices that support dual RPs. SSO also synchronizes critical state information between the RPs so that network state information is dynamically maintained between RPs.
To disable this feature, use the no glbp sso command in global configuration mode. You can configure GLBP in such a way that traffic from LAN clients can be shared by multiple devices, thereby sharing the traffic load more equitably among available devices. GLBP supports up to virtual devices GLBP groups on each physical interface of a device and up to four virtual forwarders per group. The redundancy scheme of GLBP enables you to preempt an active virtual gateway AVG with a higher priority backup virtual gateway that has become available.
Forwarder preemption works in a similar way, except that forwarder preemption uses weighting instead of priority and is enabled by default. A device within a GLBP group with a different authentication string than other devices will be ignored by other group members. You can alternatively use a simple text password authentication scheme between GLBP group members to detect configuration errors.
Perform this task to enable GLBP on an interface and verify its configuration and operation. GLBP is designed to be easy to configure. Each gateway in a GLBP group must be configured with the same group number, and at least one gateway in the GLBP group must be configured with the virtual IP address to be used by the group. All other required parameters can be learned.
After you identify a primary IP address, you can use the glbp group ip command again with the secondary keyword to indicate additional IP addresses supported by this group. Use the optional brief keyword to display a single line of information about each virtual gateway or virtual forwarder. In the following example, sample output is displayed about the status of the GLBP group, named 10, on the device:. Customizing the behavior of GLBP is optional. Be aware that as soon as you enable a GLBP group, that group is operating.
The holdtime argument specifies the interval in seconds before the virtual gateway and virtual forwarder information in the hello packet is considered invalid. The optional msec keyword specifies that the following argument will be expressed in milliseconds, instead of the default seconds. The default is seconds 10 minutes. The timeout argument specifies the interval in seconds before a secondary virtual forwarder becomes invalid.
The default is 14, seconds 4 hours. The zero value for the redirect argument cannot be removed from the range of acceptable values because preexisting configurations of Cisco IOS software already using the zero value could be negatively affected during an upgrade.
However, a zero setting is not recommended and, if used, results in a redirect timer that never expires. If the redirect timer does not expire, and the device fails, new hosts continue to be assigned to the failed device instead of being redirected to the backup. Use the optional delay and minimum keywords and the seconds argument to specify a minimum delay interval in seconds before preemption of the AVG takes place.
Use the number argument to specify the maximum number of clients the cache will hold for this GLBP group. The range is from 8 to Use the optional timeout minutes keyword and argument pair to configure the maximum amount of time a client entry can stay in the GLBP client cache after the client information was last updated. The range is from 1 to minutes one day. Exits interface configuration mode, and returns the device to global configuration mode.
Repeat Steps 1 through 6 on each device that will communicate. No prefix to the key argument or specifying 0 means the key is unencrypted. Specifying 7 means the key is encrypted. The key-string authentication key will automatically be encrypted if the service password-encryption global configuration command is enabled.
Gateway Load Balancing Protocol (GLBP)
It is a Cisco proprietary protocol which can perform both functions. It provides load Balancing over multiple routers using single virtual IP address and multiple virtual Mac address. AVG will provide the virtual Mac address by using Round Robin algorithm or other algorithms that have been applied. In this way, all devices running GLBP are used to forward traffic. Virtual Gateway Redundancy : To detect a gateway failure, GLBP members communicate with each other through hello messages, sent in every 3-seconds to the multicast address
First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3S
In this tutorial, we are going to show you all the steps required to configure GLBP on a Cisco Switch using the command-line. Don't forget to subscribe to our youtube channel named FKIT. To access the console of a Cisco Switch model or , you will need to select the Serial Connection category and use the following options:. Using either the console, telnet or ssh, connect to the command-line of your switch and log in with a user who has administrative privileges. As a test, access the interface configuration mode and associate a switch port to the desired Vlan. Cisco Switch Playlist:.
GLBP & GLBP Basic Configuration
These controllers do not support association of multiple MAC addresses with the interface. Configuring basic GLBP is simple. This is the default gateway that would be configured on all the hosts in the The default mode for loadbalancing is round-robin.