VRRP and GLBP Concepts
Now that you have a thorough understanding of the purpose, functions, and concepts of HSRP, this third major section of the chapter examines the two other FHRPs: VRRP and GLBP. Both provide the same primary functions as HSRP. VRRP has more similarities with HSRP, while GLBP goes beyond HSRP with better load-balancing features.
Virtual Router Redundancy Protocol (VRRP)
HSRP and VRRP emerged in the 1990s when TCP/IP and routers first became common in corporate networks. As is often the case, Cisco saw a need, but with no standards-based solution, so they defined HSRP as a proprietary solution for first hop router redundancy. Later, the IETF created VRRP, providing similar features. However, unlike many stories of Cisco-proprietary pre-standard features, HSRP has not faded into history; you will still find both HSRP and VRRP support in many Cisco product families.
For similarities, note that VRRP supports all the same functions as HSRP, as described earlier in this chapter. The purpose remains to provide a standby backup for the default router function, preemption if desired, and load balancing the default router role by using multiple VRRP groups.
The differences come with default settings, protocol details, and addresses used. Table 16-4 lists some comparison points between HSRP, VRRP, and GLBP (ignore GLBP for now.)
Table 16-4 Comparing Features of the Three FHRP Options
Acronym |
HSRPv2 |
VRRPv3 |
GLBP |
|---|---|---|---|
Cisco Proprietary |
Yes |
No |
Yes |
VIP must differ from the routers’ interface IP addresses |
Yes |
No |
Yes |
Preemption off by default |
Yes |
No |
Yes |
Allows preemption (or not) |
Yes |
Yes |
Yes |
Default priority value (decimal) |
100 |
100 |
100 |
Supports tracking to change the priority |
Yes |
Yes |
Yes |
Supports IPv4 and IPv6 |
Yes |
Yes |
Yes |
Active/active load balancing with multiple active routers in one group |
No |
No |
Yes |
IPv4 multicast address used |
224.0.0.102 |
224.0.0.18 |
224.0.0.102 |
Group numbers supported in IOS |
0–4095 |
1–255 |
0–1023 |
Virtual MAC address pattern |
0000.0c9f.fxxx |
0000.5e00.01xx |
0007.b40x.xxrr |
You can configure VRRP so that it appears to work like HSRP. Two or more VRRP routers form a group within one subnet. VRRP routers define one VIP, use multicast messages to communicate with each other, use an active/standby approach, select the active router with the same logic as HSRP, allow tracking, and fail over when the master (active) router fails. (Note that VRRP uses the terms master and backup rather than active and standby.)
One difference comes in the choice of VIP. You can use the same IP address as one of the VRRP routers’ interface addresses or, like HSRP, use another IP address in the subnet. For example, the HSRP discussion around Figures 16-5 and 16-6 used VIP 10.1.1.1, with router addresses 10.1.1.9 and 10.1.1.8. You could do the same with VRRP or use 10.1.1.9 (the same IP address as router R1’s interface IP address).
){kind=link}
){kind=link}
VRRP has protocol differences as well. It uses a multicast IPv4 address (224.0.0.18) for its messages. While it uses a single virtual MAC per group, the MAC address follows a different pattern. VRRP configuration uses decimal group numbers from 1 to 255 decimal. The virtual MAC uses the equivalent two-digit hex group number at the end of the virtual MAC, with VRRP routers choosing their virtual MAC based on this pattern:
VRRPv3: 0000.5e00.01xx, where xx is the hex group number
GLBP Concepts
Cisco-proprietary GLBP, defined after HSRP and VRRP, provides the same benefits as HSRP and VRRP but with different implementation details. But it also includes different internals that allow much more effective load balancing. So, while used for redundancy (the R in FHRP), GLBP also adds robust load balancing, per its name.
This GLBP section begins with comparisons to the other FHRPs and then discusses its improved approach to load balancing.
Similarities of GLBP, HSRP, and VRRP
GLBP provides redundancy for the default router function while hiding that redundancy from the hosts using that default router address. But most of the core features follow a familiar theme:
It uses a virtual IP address (VIP), which is the address used by endpoints as their default router.
It identifies the best router in the group based on the highest priority.
It allows for the preemption of the best router when a new router with a better (higher) priority joins the group.
It supports tracking, which dynamically lowers one router’s priority, allowing another router to preempt the first based on conditions like an interface failure.
It sends messages using multicasts but uses a different address: 224.0.0.102.
GLBP uses virtual MAC addresses differently than the other FHRPs as part of the underlying support for load balancing. Like HSRP and VRRP, a GLBP group has one VIP. Unlike HSRP and VRRP, the routers in a group do not use one virtual MAC address whose function resides with the one active router. Instead, GLBP uses a unique virtual MAC address per GLBP router.
The MAC address value includes three hex digits to represent the decimal GLBP group number, with the unique last two digits (01, 02, 03, or 04) representing the four allowed GLBP routers in a group. The MAC address pattern is 0007.b40x.xxrr. For instance, for two routers in the same GLBP group:
Router R1: 0007:b400:1401 (Decimal group 20, which is hex group 014, assigned router number 01)
Router R2: 0007:b400:1402 (Decimal group 20, which is hex group 014, assigned router number 02)
GLBP Active/Active Load Balancing
With a name like Gateway Load Balancing Protocol, load balancing should be a key feature. The term gateway refers to the alternate term for default router (default gateway), so by name, GLBP claims to load balance across the default routers in a subnet—and it does.
GLBP manipulates the hosts’ IP ARP tables in a subnet so that some hosts forward packets to one router and some to another. As usual, all the hosts use the same VIP as their default router address. Under normal conditions, with multiple GLBP routers working in the subnet, GLBP spreads the default router workload across all GLBP group members. When one of those routers fails, GLBP defines the methods by which the remaining router or routers take over the role of the failed router.
To achieve this active/active load balancing, one GLBP performs the role of GLBP active virtual gateway (AVG). The AVG handles all ARP functions for the VIP. Knowing the virtual MAC addresses of all the routers in the group, the AVG replies to some ARP Requests with one virtual MAC and some with the other. As a result, some hosts in the subnet send frames to the Ethernet MAC address of one of the routers, with different hosts sending their frames to the MAC address of the second router.
All routers serve as a GLBP active virtual forwarder (AVF) to support load balancing. All the AVFs sit ready to receive Ethernet frames addressed to their unique virtual MAC address and to route the encapsulated packets as usual. Note that one router serves as both AVG and AVF.
Figures 16-9 and 16-10 show the results of two ARP Reply messages from AVG R1. First, Figure 16-9 shows how a GLBP balances traffic for host A based on the ARP Reply sent by the AVG (R1). The two AVF routers support virtual IP address 10.1.1.1, with the hosts using that address as their default router setting.
The figure shows three messages, top to bottom, with the following action:
Host A has no ARP table entry for its default router, 10.1.1.1, so host A sends an ARP Request to learn 10.1.1.1’s MAC address.
The GLBP AVG, R1 in this case, sends back an ARP Reply. The AVG includes its virtual MAC address in the ARP Reply, VMAC1.
Host A encapsulates future IP packets in Ethernet frames destined for VMAC1, so they arrive at R1 (also an AVF).
)
Figure 16.9 GLBP Directs Host A by Sending Back the ARP Reply with R1’s VMAC1
To balance the load, the AVG answers each new ARP Request with the MAC addresses of alternating routers. Figure 16-10 continues the load-balancing effect with host B’s ARP Request for 10.1.1.1. The router acting as AVG (R1) still sends the ARP Reply, but this time with R2’s virtual MAC (VMAC2).
)
Figure 16.10 GLBP Directs Host B by Sending Back the ARP Reply with R2’s VMAC2
Here are the steps in the figure:
Host B sends an ARP Request to learn 10.1.1.1’s MAC address.
The GLBP AVG (R1) sends back an ARP Reply, listing VMAC2, R2’s virtual MAC address.
Host B encapsulates future IP packets in Ethernet frames destined for VMAC2, so they arrive at R2.
Finally, to capture a few related points beyond this GLBP example, note that GLBP uses priority, preemption, and tracking. However, those rules apply to the AVG only; all GLBP routers serve as AVFs. So, if the AVG fails, the remaining routers in a GLBP group elect a new AVG.
That model requires additional logic to deal with AVF failures. When a router serving as only an AVF fails, the AVG recognizes the failure and causes a still-functional AVF to begin receiving frames sent to the failed AVF’s virtual MAC address.