BCMSN Exam Certification Guide
.pdf
This chapter covers the following topics that you need to master for the CCNP BCMSN exam:
■Router Redundancy—This section discusses three protocols that are available on Catalyst switches to provide redundant router or gateway addresses. The protocols include HSRP, VRRP, and GLBP.
■Server Load Balancing—This section covers a technique that provides a virtual server address as a front end to an entire logical server farm. The server farm is composed of one or more real or physical servers. Client connections to the virtual server address are load balanced to the real servers.
■Verifying Redundancy and Load Balancing—This section provides a brief summary of the commands that verify the configuration and operation of HSRP, VRRP, GLBP, and SLB.
C H A P T E R 14
Router Redundancy and Load
Balancing
A multilayer switch can provide routing functions for devices on a network, as described in Chapter 13, “Multilayer Switching.” If that switch happens to fail, clients have no way to have their traffic forwarded; their gateway has gone away.
Other multilayer switches can be added into the network to provide redundancy in the form of redundant router or gateway addresses. This chapter describes the protocols that can be used for redundant router addresses, load balancing across multiple routers, and load balancing into a server farm.
“Do I Know This Already?” Quiz
The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.
The quiz, derived from the major sections in the “Foundation Topics” portion of the chapter, helps you determine how to spend your limited study time.
Table 14-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?” quiz questions that correspond to those topics.
Table 14-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundation Topics Section |
Questions Covered in This Section |
|
|
Router Redundancy: HSRP |
1–5 |
|
|
Router Redundancy: VRRP |
6–7 |
|
|
Router Redundancy: GLBP |
8–10 |
|
|
Server Load Balancing |
11–12 |
|
|
328 Chapter 14: Router Redundancy and Load Balancing
CAUTION The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might give you a false sense of security.
1.Which one of the following do multilayer switches share when running HSRP?
a.Routing tables
b.ARP cache
c.CAM table
d.IP address
2.What HSRP group uses the MAC address 0000.0c07.ac11?
a.Group 0
b.Group 7
c.Group 11
d.Group 17
3.Two routers are configured for an HSRP group. One router uses the default HSRP priority. What priority should be assigned to the other router to make it more likely to be the active router?
a.1
b.100
c.200
d.500
4.How many routers are in the Standby state in an HSRP group?
a.0
b.1
c.2
d.All but the active router
“Do I Know This Already?” Quiz 329
5.A multilayer switch is configured as follows:
interface fastethernet 1/1 no switchport
ip address 192.168.199.3 255.255.255.0 standby 1 ip 192.168.199.2
Which IP address should a client PC use as its default gateway?
a.192.168.199.1
b.192.168.199.2
c.192.168.199.3
d.Any of the above
6.Which one of the following is based on an IETF RFC standard?
a.HSRP
b.VRRP
c.GLBP
d.STP
7.What VRRP group uses the virtual MAC address 0000.5e00.01ff?
a.Group 0
b.Group 1
c.Group 255
d.Group 94
8.Which one of the following protocols is the best choice for load balancing redundant gateways?
a.HSRP
b.VRRP
c.GLBP
d.GVRP
9.Which one of the following GLBP functions answers ARP requests?
a.AVF
b.VARP
c.AVG
d.MVR
330Chapter 14: Router Redundancy and Load Balancing
10.By default, which of the following virtual MAC address will be sent to the next client that looks for the virtual gateway?
a.The GLBP interface’s MAC address
b.The next virtual MAC address in the sequence
c.The virtual MAC address of the least-used router
d.0000.0c07.ac00
11.In SLB, with what must a virtual server be linked?
a.A virtual address pool
b.A server farm
c.A real server
d.A list of clients
12.In SLB, what command specifies the IP address of a server in a server farm?
a.server-address 192.168.199.1
b.ip slb server 192.168.199.1
c.real 192.168.199.1
d.server-farm 192.168.199.1
The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to Chapter ‘Do I Know This Already?’ Quizzes and Q&A Sections.” The suggested choices for your next step are as follows:
■10 or less overall score—Read the entire chapter. This includes the “Foundation Topics,” “Foundation Summary,” and “Q&A” sections.
■11 or 12 overall score—If you want more review on these topics, skip to the “Foundation Summary” section, and then go to the “Q&A” section at the end of the chapter. Otherwise, move to Chapter 15, “Multicast.”
Router Redundancy in Multilayer Switching 331
Foundation Topics
Router Redundancy in Multilayer Switching
Multilayer switches can act as IP gateways for connected hosts by providing gateway addresses at VLAN SVIs and Layer 3 physical interfaces. These switches can also participate in routing protocols, just as traditional routers do.
For high availability, multilayer switches should offer a means to prevent one switch (gateway) failure from isolating an entire VLAN. This chapter discusses several approaches to providing router redundancy including the following:
■Hot Standby Router Protocol (HSRP)
■Virtual Router Redundancy Protocol (VRRP)
■Gateway Load Balancing Protocol (GLBP)
Packet Forwarding Review
When a host must communicate with a device on its local subnet, it can generate an Address Resolution Protocol (ARP) request, wait for the ARP reply, and exchange packets directly. However, if the far end is located on a different subnet, the host must rely on an intermediate system (a router, for example) to relay packets to and from that subnet.
A host identifies its nearest router, also known as the default gateway or next hop, by its IP address. If the host understands something about routing, it recognizes that all packets destined off-net must be sent to the gateway’s MAC address, rather than the far end’s MAC address. Therefore, the host first sends an ARP request to find the gateway’s IP address. Then, packets can be relayed to the gateway directly without having to look for ARP entries for individual destinations.
If the host is not so savvy about routing, it might still generate ARP requests for every off-net destination, hoping that someone will answer. Obviously, the off-net destinations cannot answer because they never receive the ARP requests; these requests are not forwarded across subnets. Rather, you can configure the gateway to provide a proxy ARP function so that it will reply to ARP requests with its own MAC address, as if the destination itself had responded.
Now the issue of gateway availability becomes important. If the gateway router for a subnet or VLAN goes down, packets have no way to be forwarded off the local subnet. Several protocols are available that allow multiple routing devices to share a common gateway address so that if one goes down, another can pick up the active gateway role. The sections that follow describe these protocols.
332 Chapter 14: Router Redundancy and Load Balancing
Hot Standby Router Protocol (HSRP)
HSRP is a Cisco-proprietary protocol developed to allow several routers (or multilayer switches) to appear as a single gateway address. RFC 2281 describes this protocol in more detail.
Basically, each of the routers that provides redundancy for a given gateway address is assigned to a common HSRP group. One router is elected as the primary, or active, HSRP router, another is elected as the standby HSRP router, and all the others remain in the listen HSRP state. The routers exchange HSRP hello messages at regular intervals, so they can remain aware of each other’s existence, as well as that of the active router.
NOTE HSRP sends its hello messages to the multicast destination 224.0.0.2 (“all routers”) using UDP port 1985.
An HSRP group can be assigned an arbitrary group number, from 0 to 255. If you configure HSRP groups on several VLAN interfaces, it can be handy to make the group number the same as the VLAN number. However, most Catalyst switches support only up to 16 unique HSRP group numbers. If you have more than 16 VLANs, you will quickly run out of group numbers. An alternative is to make the group number the same (that is, 1) for every VLAN interface. This is perfectly valid because the HSRP groups are only locally significant on an interface. HSRP Group 1 on interface VLAN 10 is unique from HSRP Group 1 on interface VLAN 11.
HSRP Router Election
HSRP election is based on a priority value (0 to 255) that is configured on each router in the group. By default, the priority is 100. The router with the highest priority value (255 is highest) becomes the active router for the group. If all router priorities are equal or set to the default value, the router with the highest IP address on the HSRP interface becomes the active router. To set the priority, use the following interface configuration command:
Switch(config-if)# standby group priority priority
When HSRP is configured on an interface, the router progresses through a series of states before becoming active. This forces a router to listen for others in a group and see where it fits into the pecking order. The HSRP state sequence is Disabled, Init, Listen, Speak, Standby, and, finally, Active.
Only the standby (second highest priority) router monitors the hello messages from the active router. By default, hellos are sent every 3 seconds. If hellos are missed for the duration of the holdtime timer (default 10 seconds, or 3 times the hello timer), the active router is presumed down. The standby router is then clear to assume the active role. If other routers are sitting in the Listen state, the
334 Chapter 14: Router Redundancy and Load Balancing
Keep in mind that the only way another router can take over the active role after interface tracking reduces the priority is if the following two conditions are met:
■Another router now has a higher HSRP priority.
■That same router is using preempt in its HSRP configuration.
Without preemption, the active role cannot be given to any other router.
HSRP Gateway Addressing
Each router in an HSRP group has its own unique IP address assigned to an interface. This address is used for all routing protocol and management traffic initiated by or destined to the router. In addition, each router has a common gateway IP address, the virtual router address, that is kept alive by HSRP. This address is also referred to as the HSRP address or the standby address. Clients can point to that virtual router address as their default gateway, knowing that a router always keeps that address active. Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet.
You can assign the HSRP address with the following interface command:
Switch(config-if)# standby group ip ip-address [secondary]
When HSRP is used on an interface that has secondary IP addresses, you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address.
Naturally, each router keeps a unique MAC address for its interface. This MAC address is always associated with the unique IP address configured on the interface. For the virtual router address, HSRP defines a special MAC address of the form 0000.0c07.acxx, where xx represents the HSRP group number as a two-digit hex value. For example, HSRP Group 1 appears as 0000.0c07.ac01; HSRP Group 16 appears as 0000.0c07.ac10, and so on.
Figure 14-1 shows a simple network where two multilayer switches use HSRP Group 1 to provide the redundant gateway address 192.168.1.1. Catalyst A is the active router, with priority 200, and answers the ARP request for the gateway address. Because Catalyst B is in the standby state; it is never used for traffic sent to 192.168.1.1. Instead, only Catalyst A performs the gateway routing function, and only its uplink to the access layer is utilized.
Router Redundancy in Multilayer Switching 335
Figure 14-1 Typical HSRP Scenario with One HSRP Group
VLAN 50 |
|
|
VLAN 50 |
||||
192.168.1.10 |
|
|
192.168.1.11 |
||||
MAC: 0000.aaaa.aaaa |
MAC: 0000.bbbb.bbbb |
||||||
Catalyst A |
|
|
HSRP 1: |
|
|
Catalyst B |
|
|
|
|
|
||||
|
|
192.168.1.1 |
|
|
|||
|
|
|
|
|
|
||
|
|
MAC: 0000.0c07.ac01 |
|
|
|||
ARP Replies |
Active |
Standby |
|
|
|
||
for |
|
|
|
||||
|
(100) |
|
|
|
|||
192.168.1.1 |
|
(200) |
|
|
|
||
All Traffic
Through 192.168.1.1
VLAN 50
Gateway: 192.168.1.1
Gateway ARP: 0000.0c07.ac01
Load Balancing with HSRP
Consider a network where HSRP is used on two distribution switches to provide a redundant gateway address for access layer users. Only one of the two becomes the active HSRP router; the other remains in standby. All the users send their traffic to the active router, over the uplink to the active router. The standby router and its uplink essentially sit idle until a router failure occurs.
Load balancing traffic across two uplinks to two HSRP routers with a single HSRP group is not possible. Then, how is it possible to load balance with HSRP? The trick is to use two HSRP groups:
■One group assigns an active router to one switch.
■The other group assigns another active router to the other switch.
In this way, two different virtual router or gateway addresses can be used simultaneously. The rest of the trick is to make each switch function as the standby router for its partner’s HSRP group. In other words, each router is active for one group and standby for the other group.