Monday, August 15, 2011

Configuring FHRP - GLBP

In my previous blogtorial we saw how we can configure HSRP. One downfall for using HSRP is that you can only use one router at a time. What if you wanted to use both R1 and R4 for load-balancing and failover? This is where Gateway Load Balancing Protocol comes in. Note that GLBP is Cisco proprietary. 

Consider the simple topology below. 

Objectives:
  • Configure R1 and R4 in a GLBP group with authentication
  • Configure R1 to be Active Virtual Gateway (AVG) and R4 to be Active Virtual Forwarder (AVF)
Relevant configurations are posted below. 

R1 should be configured as AVG. Active virtual gateway (AVG) in a GLBP group (only one is elected) is responsible for answering ARP requests for the virtual IP(s). By default it does so in a round robin fashion, though it can be changed. Let's get R1 configured with the appropriate settings. 

R1#sh run int gig1/0
interface GigabitEthernet1/0
 ip address 192.168.1.1 255.255.255.0
 negotiation auto

** Floating Virtual IP address **

 glbp 1 ip 192.168.1.254

** Increase the default priority (100) to 150 so R1 can assume the AVG role ** 

 glbp 1 priority 150

** Enable preempt and delay it 30 secs **

 glbp 1 preempt delay minimum 30

**Configure authentication ** 

 glbp 1 authentication md5 key-string GLBP-RULES

And as I stated before these are your options for load balancing and I am leaving mine in the default round-robin. 

R1(config-if)#glbp 1 load-balancing ?
  host-dependent  Load balance equally, source MAC determines forwarder choice
  round-robin     Load balance equally using each forwarder in turn
  weighted        Load balance in proportion to forwarder weighting
  <cr>

Let's get DHCP configured on R1. 

R1#sh run | sec dhcp
ip dhcp pool DEFAULT_DHCP
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.254
   dns-server 192.168.1.254

Now let's get R4 configured and verify. 

R4#sh run int gig1/0
interface GigabitEthernet1/0
 ip address 192.168.1.4 255.255.255.0
 negotiation auto
 glbp 1 ip 192.168.1.254
 glbp 1 authentication md5 key-string GLBP-RULES
end

Everything should be working as configured. Let's verify. 


Note that R1 state is Active meaning it is the Active Virtual Gateway (AVG). Also take note of the mac addresses '0007.b400.0101' and '0007.b400.0102'.

0007.b4xx.xxzz is a well known GLBP mac address. The xxxx represents 6 zero bits followed by a 10bit GLBP group number. The zz represents a 8 bit GLBP AVF (Active Virtual Forwarder) Number. 

R1 has 0007.b400.0101 as its mac address because it belongs to GLBP group 1 and its AVF # is 1. 
R4 has 0007.b400.0102 as its mac address because it belongs to GLBP group 2 and its AVF # is 2. 

Notice on R2 that 192.168.1.254 mac address is 0007.b400.0101 and on R3 192.168.1.254 mac address is 0007.b400.0102. This is because R1 is using round-robin to load-balance between R1 and R4. 

I would recommend reading GLBP articles on Cisco's website so you can learn more about tracking, weighting, redirect timers and other advanced parameters to tweak GLBP. 

Many more articles to come so stay tuned and "Join this site" on the right.