" Redundancy is not Load Balancing"
Basic network design is :
but we know that this network does not have any redundancy , what if any swich link fail???
workstations are not able to reach the server
so we need new design :
The standby 1 timers command configures the two HSRP timers. The first setting 4 sets the Hello timer to 4 seconds. The second setting 12 sets the holddown timer to 12 seconds. Remember, by default, Hello packets are sent every 3 seconds. Only the Standby router listens to Hello packets from the Active router. If the Standby router does not hear any Hellos from the Active router for the holddown period, then it will assume the Active router is down. In general, the holddown timer should be three times the Hello timer (the default holddown time is 10 seconds). HSRP Hello packets are sent to the multicast address 224.0.0.2 over UDP port 1985.
Each router in the HSRP group retains the address configured on its local interface. However, the HSRP group itself is assigned a virtual IP address. Host devices use this virtual address as their default gateway. To configure the virtual HSRP IP address:
Switch(config)# int fa0/10
Switch(config-if)# standby 1 ip 192.168.1.5
Multiple virtual HSRP IP addresses can be used:
Switch(config-if)# standby 1 ip 192.168.1.5
Switch(config-if)# standby 1 ip 192.168.1.6 secondary
The HSRP group is also assigned a virtual MAC address. By default, a reserved MAC address is used:
0000.0c07.acxx …where xx is the HSRP group number in hexadecimal. For example, if the
HSRP Group number was 8, the resulting virtual MAC address would be: 0000.0c07.ac08
The HSRP virtual MAC address can be manually specified:
Switch(config-if)# standby 1 mac-address 0000.00ab.12ef
Authentication can be configured for HSRP. All HSRP routers in the group must be configured with the same authentication string. To specify a cleartext authentication string:
Switch(config-if)# standby 1 authentication CISCO
To specify an MD5-hashed authentication string:
Switch(config-if)# standby 1 authentication md5 key-string 7 CISCO
HSRP can track interfaces. If the tracked interface fails, the router’s (or multilayer switch’s) priority is decreased by a specific value.
Switch2(config-if)# standby 1 track fa0/12 50
For the comparison between various FHRP plz refer to this link::
Lab: LAB ON HSRP :
Lab Task:
For vlan 10 R2(DSW1) is the Active gateway , and R3(DSW2) is Standy gateway , but for vlan 20
active gateway is DSW2 and standby gateway is DSW1.
result should be like this : for DSW1
DSW1(config-if)#do sh stan bri
*Mar 1 00:28:18.135: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Speak -> Standby
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl10 10 100 P Active local 10.1.10.2 10.1.10.111
Vl20 20 50 P Standby 10.1.20.1 local 10.1.20.111
Basic network design is :
but we know that this network does not have any redundancy , what if any swich link fail???
workstations are not able to reach the server
so we need new design :
wow !! we create our first redundant design , and using multiple links for fail over with help of STP protocol. but what if core switch fail...so we need device redundancy as well>
now we move to the best redundancy approach where we have both the link as well as device redundancy !! wow , are we done ???
Problem with this design is that still workstations have single exit point or gateway so they are not able to do the load-balance ...
solution for this is that we need such type of protocol which are not on any interface but logically bind with the physical address of L3 switch .
The gateway represents a single point of failure on this network. If that gateway fails, users will lose access to all resources beyond that gateway. This lack of redundancy may be unacceptable on business-critical systems that require maximum uptime.
Cisco devices support three protocols that provide this transparent
redundancy:
• Hot Standby Router Protocol (HSRP)
• Virtual Router Redundancy Protocol (VRRP)
• Gateway Load Balancing Protocol (GLBP)
In this section we are going to use HSRP , our final solution for network design will look like:
so we achieve to this particular target , but first we must understand some technical terms used in HSRP .
Hot Standby Router Protocol (HSRP)
Cisco developed a proprietary protocol named Hot Standby Router Protocol (HSRP) that allows multiple routers or multilayer switches to masquerade as a single gateway. This is accomplished by assigning a virtual IP address to all routers participating in HSRP. All routers are assigned to a single HSRP group (numbered 0-255). Note however, that most Catalyst switches will support only 16 configured HSRP groups. HSRP routers are elected to specific roles:
• Active Router – the router currently serving as the gateway.
• Standby Router – the backup router to the Active Router.
• Listening Router – all other routers participating in HSRP.
Only one Active and one Standby router are allowed per HSRP group. HSRP routers regularly send Hello packets (by default, every 3 seconds) to ensure all routers are functioning. If the current Active Router fails, the Standby Router is made active, and a new Standby is elected. The role of an HSRP router is dictated by its priority. The priority can range from 0 – 255, with a default of 100. The router with the highest (a higher value is better) priority is elected the Active Router; the router with the
second highest priority becomes the Standby Router. If all priorities are equal, whichever router has the highest IP Address on its HSRP interface is elected the Active Router.
HSRP States
A router or multilayer switch configured for HSRP will progress through
several states before settling into a role:
• Disabled – the interfaces is not configured for HSRP, or is
administratively shut down.
• Init – this is the starting state when an interface is first brought up.
• Learn – the router is waiting to hear hellos from the Active Router, to
learn the configured Virtual Address.
• Listen – the router has learned the Virtual IP address, but was not
elected the Active or Standby Router.
• Speak – the router is currently participating in an Active Router
election, and is sending Hello packets.
• Standby – the router is acting as a backup to the Active Router.
Standby routers monitor and send hellos to the Active Router.
• Active – the router is currently accepting and forwarding user traffic,
using the Virtual IP address. The Active Router actively exchanges
hellos with the Standby Router.
By default, HSRP Hello packets are sent every 3 seconds.
Routers in a listening state will only listen for and not periodically send
hello packets. While the HSRP is fully converged, only the Active and
Standby Routers will send hellos. Routers will also send out hellos when
Speaking, or electing the Active and Standby routers.
When electing the Active and Standby routers, the routers will enter a
Speaking state. HSRP hellos are used to complete the election process.
Thus, the three states which send out hello packets as follows:
• Speak
• Standby
• Active
HSRP Configuration
All HSRP configuration is completed on the interface that is accepting
traffic on behalf of host devices.
To configure the priority of a router:
Switch(config)# interface fa0/10
Switch(config-if)# standby 1 priority 150
The standby 1 command specifies the HSRP group that interface belongs to. The priority 150 parameter changes the actual priority value. Remember that a higher value is preferred, and that the default priority is 100. However, if a new router is added to the HSRP group, and it has the best
priority, it will not automatically assume the role of the Active router. In fact, the first router to be powered on will become the Active router, even if it has the lowest priority!
To force the highest-priority router to assume the role of Active router:
Switch(config-if)# standby 1 preempt delay 10
The standby 1 preempt command allows this switch to force itself as the Active router, if it has the highest priority. The optional delay 10 parameter instructs the router to wait 10 seconds before assuming an Active status. HSRP routers send out Hello packets to verify each other’s status:
Switch(config-if)# standby 1 timers 4 12
Each router in the HSRP group retains the address configured on its local interface. However, the HSRP group itself is assigned a virtual IP address. Host devices use this virtual address as their default gateway. To configure the virtual HSRP IP address:
Switch(config)# int fa0/10
Switch(config-if)# standby 1 ip 192.168.1.5
Multiple virtual HSRP IP addresses can be used:
Switch(config-if)# standby 1 ip 192.168.1.5
Switch(config-if)# standby 1 ip 192.168.1.6 secondary
The HSRP group is also assigned a virtual MAC address. By default, a reserved MAC address is used:
0000.0c07.acxx …where xx is the HSRP group number in hexadecimal. For example, if the
HSRP Group number was 8, the resulting virtual MAC address would be: 0000.0c07.ac08
The HSRP virtual MAC address can be manually specified:
Switch(config-if)# standby 1 mac-address 0000.00ab.12ef
Authentication can be configured for HSRP. All HSRP routers in the group must be configured with the same authentication string. To specify a cleartext authentication string:
Switch(config-if)# standby 1 authentication CISCO
To specify an MD5-hashed authentication string:
Switch(config-if)# standby 1 authentication md5 key-string 7 CISCO
HSRP can track interfaces. If the tracked interface fails, the router’s (or multilayer switch’s) priority is decreased by a specific value.
Switch2(config-if)# standby 1 track fa0/12 50
For the comparison between various FHRP plz refer to this link::
http://routerjockey.com/2010/10/21/hsrp-vrrpd-and-glbp-compared/
Lab: LAB ON HSRP :
Lab Task:
For vlan 10 R2(DSW1) is the Active gateway , and R3(DSW2) is Standy gateway , but for vlan 20
active gateway is DSW2 and standby gateway is DSW1.
result should be like this : for DSW1
DSW1(config-if)#do sh stan bri
*Mar 1 00:28:18.135: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Speak -> Standby
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl10 10 100 P Active local 10.1.10.2 10.1.10.111
Vl20 20 50 P Standby 10.1.20.1 local 10.1.20.111
for DSW2
DSW2#sh standby br
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl10 10 50 P Standby 10.1.10.1 local 10.1.10.111
Vl20 20 100 P Active local 10.1.20.2 10.1.20.111
detail configurations:
!this is R1
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip route 10.1.10.0 255.255.255.0 10.1.10.1
ip route 10.1.20.0 255.255.255.0 10.1.20.1
!
!
ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
!this is R2
!
hostname DSW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.1.10.1 255.255.255.0
standby 10 ip 10.1.10.111
standby 10 preempt
!
interface Vlan20
ip address 10.1.20.2 255.255.255.0
standby 20 ip 10.1.20.111
standby 20 priority 50
standby 20 preempt
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
! this is R3
!
hostname DSW2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.1.10.2 255.255.255.0
standby 10 ip 10.1.10.111
standby 10 priority 50
standby 10 preempt
!
interface Vlan20
ip address 10.1.20.1 255.255.255.0
standby 20 ip 10.1.20.111
standby 20 preempt
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
!this is client1-vlan10 or R4
!
interface FastEthernet0/0
ip address 10.1.10.5 255.255.255.0
no ip route-cache
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
ip default-gateway 10.1.10.111
ip forward-protocol nd
!
! this is client1-vlan20 or R5
!
interface FastEthernet0/0
ip address 10.1.20.5 255.255.255.0
no ip route-cache
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
ip default-gateway 10.1.20.111
ip forward-protocol nd
!
output on R2:
DSW1#sh standby
Vlan10 - Group 10
State is Active
2 state changes, last state change 00:22:56
Virtual IP address is 10.1.10.111
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.804 secs
Preemption enabled
Active router is local
Standby router is 10.1.10.2, priority 50 (expires in 7.444 sec)
Priority 100 (default 100)
IP redundancy name is "hsrp-Vl10-10" (default)
Vlan20 - Group 20
State is Standby
10 state changes, last state change 00:04:03
Virtual IP address is 10.1.20.111
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.000 secs
Preemption enabled
Active router is 10.1.20.1, priority 100 (expires in 6.940 sec)
Standby router is local
Priority 50 (configured 50)
IP redundancy name is "hsrp-Vl20-20" (default)
DSW1#sh standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl10 10 100 P Active local 10.1.10.2 10.1.10.111
Vl20 20 50 P Standby 10.1.20.1 local 10.1.20.111
output on R3:
DSW2#sh standby
Vlan10 - Group 10
State is Standby
13 state changes, last state change 00:04:49
Virtual IP address is 10.1.10.111
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.788 secs
Preemption enabled
Active router is 10.1.10.1, priority 100 (expires in 8.172 sec)
Standby router is local
Priority 50 (configured 50)
IP redundancy name is "hsrp-Vl10-10" (default)
Vlan20 - Group 20
State is Active
2 state changes, last state change 00:21:56
Virtual IP address is 10.1.20.111
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.220 secs
Preemption enabled
Active router is local
Standby router is 10.1.20.2, priority 50 (expires in 9.060 sec)
Priority 100 (default 100)
IP redundancy name is "hsrp-Vl20-20" (default)
DSW2#sh standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl10 10 50 P Standby 10.1.10.1 local 10.1.10.111
Vl20 20 100 P Active local 10.1.20.2 10.1.20.111
No comments:
Post a Comment