Senior Acquisitions Editor: Kenyon Brown Development Editor: Kim Wimpsett
Yüklə 22,5 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Fault-tolerant solutions provide continued operation in the event of a device failure, and load-balancing solutions
- Hot Standby Router Protocol (HSRP)
- Virtual Router Redundancy Protocol (VRRP)
- Figure 16.9
- Figure 16.11
- Large Enterprise Network Outages with FHRPs
- Configuring and Verifying HSRP
- Standby router is 10.1.1.2, priority 100 (expires in 7.448 sec) Priority 110 (configured 110)
- 1 110 Active local 10.1.1.2 10.1.1.10
- Table 16.1
|
Figure 16.8 FHRPs use a virtual router with a virtual IP address and virtual MAC address. It’s the responsibility of the redundancy protocol to decide which physical router will actively forward traffic and which one will be placed on
standby in case the active router fails. Even if the active router fails, the transition to the standby router will be transparent to the hosts because the virtual router, which is identified by the virtual IP and MAC addresses, is now used by the standby router. The hosts never change default gateway information, so traffic keeps flowing.
There are three important redundancy protocols, but only HSRP is covered on the CCNA objectives now:
favorite protocol ever! Don’t buy just one router; buy up to eight routers to provide the same service, and keep seven as backup in case of failure! HSRP is a Cisco proprietary protocol that provides a redundant gateway for hosts on a local subnet, but this isn’t a load-balanced solution. HSRP allows you to configure two or more routers into a standby group that shares an IP address and MAC address and provides a default gateway. When the IP and MAC addresses are independent from the routers’ physical addresses (on a virtual interface, not tied to a specific interface), HSRP can swap control of an address if the current forwarding and active router fails. But there is actually a way you can sort of achieve load balancing with HSRP—by using multiple VLANs and designating a specific router active for one VLAN, then an alternate router as active for the other VLAN via trunking. This still isn’t a true load-balancing solution and it’s not nearly as solid as what you can achieve with GLBP!
redundant—but again, not load-balanced—gateway for hosts on a local subnet. It’s an open standard protocol that functions almost identically to HSRP.
Gateway Load Balancing Protocol (GLBP) For the life of me I can’t figure out how GLBP isn’t a CCNA objective anymore! GLBP doesn’t just stop at providing us with a redundant gateway; it’s a true load-balancing solution for routers. GLBP allows a maximum of four routers in each forwarding group. By default, the active router directs the traffic from
hosts to each successive router in the group using a round-robin algorithm. The hosts are directed to send their traffic toward a specific router by being given the MAC address of the next router in line to be used.
Hot Standby Router Protocol (HSRP) Again, HSRP is a Cisco proprietary protocol that can be run on most, but not all, of Cisco’s router and multilayer switch models. It defines a standby group, and each standby group that you define includes the following routers: Active router Standby router Virtual router Any other routers that maybe attached to the subnet The problem with HSRP is that with it, only one router is active and two or more routers just sit there in standby mode and won’t be used unless a failure occurs—not very cost effective or efficient! Figure 16.9 shows how only one router is used at a time in an HSRP group. The standby group will always have at least two routers participating in it. The primary players in the group are the one active router and one standby router that communicate to each other using multicast Hello messages. The Hello messages provide all of the required communication for the routers. The Hellos contain the information required to accomplish the election that determines the active and standby router positions. They also hold the key to the failover process. If the standby router stops receiving Hello packets from the active router, it then takes over the active router role, as shown in Figure 16.9 and
Figure 16.10 .
Figure 16.9 HSRP active and standby routers Figure 16.10 Example of HSRP active and standby routers swapping interfaces As soon as the active router stops responding to Hellos, the standby router automatically becomes the active router and starts responding to host requests. Virtual MAC Address A virtual router in an HSRP group has a virtual IP address and a virtual MAC address. So where does that virtual MAC come from? The virtual IP address isn’t that hard to figure out; it just has to be a unique IP address on the same subnet as the hosts defined in the configuration. But MAC addresses are a little different, right? Or are they? The answer is yes—sort of. With HSRP, you create a totally new, made-up MAC address in addition to the IP address. The HSRP MAC address has only one variable piece in it. The first 24 bits still identify the vendor who manufactured the device (the organizationally unique identifier, or OUI). The next 16 bits in the address tell us that the MAC address is a well-known HSRP MAC address. Finally, the last 8 bits of the address are the hexadecimal representation of the HSRP group number. Let me clarify all this with an example of what an HSRP MAC address would look like: 0000.0c07.ac0a The first 24 bits (0000.0c) are the vendor ID of the address; in the case of HSRP being a Cisco protocol, the ID is assigned to Cisco. The next 16 bits (07.ac) are the well-known HSRP ID. This part of the address was assigned by Cisco in the protocol, so it’s always easy to recognize that this address is for use with HSRP. The last 8 bits (0a) are the only variable bits and represent the HSRP group number that you assign. In this case, the group number is 10 and converted to hexadecimal when placed in the MAC address, where it becomes the 0a that you see. You can see this displayed with every MAC address added to the ARP cache of every router in the HSRP group. There will be the translation from the IP address to the MAC address, as well as the interface on which it’s located. HSRP Timers Before we get deeper into the roles that each of the routers can have in an HSRP group, I want to define the HSRP timers for HSRP to function because they ensure communication between the routers, and if something goes wrong, they allow the standby router to take over. The HSRP timers include hello, hold, active, and standby. Hello timer The hello timer is the defined interval during which each of the routers send out Hello messages. Their default interval is 3 seconds and they identify the state that each router is in. This is important because the particular state determines the specific role of each router and, as a result, the actions each will take within the group. Figure 16.11 shows the Hello messages being sent and the router using the hello timer to keep the network flowing in case of a failure. This timer can be changed, and people used to avoid doing so because it was thought that lowering the hello value would place an unnecessary load on the routers. That isn’t true with most of the routers today; in fact, you can configure the timers in milliseconds, meaning the failover time can be in milliseconds! Still, keep in mind that increasing the value will make the standby router wait longer before taking over for the active router when it fails or can’t communicate.
HSRP Hellos Hold timer The hold timer specifies the interval the standby router uses to determine whether the active router is offline or out of communication. By default, the hold timer is 10 seconds, roughly three times the default for the hello timer. If one timer is changed for some reason, I recommend using this multiplier to adjust the other timers too. By setting the hold timer at three times the hello timer, you ensure that the standby router doesn’t take over the active role every time there’s a short break in communication. Active timer The active timer monitors the state of the active router. The timer resets each time a router in the standby group receives a Hello packet from the active router. This timer expires based on the hold time value that’s set in the corresponding field of the HSRP Hello message. Standby timer The standby timer is used to monitor the state of the standby router. The timer resets anytime a router in the standby group receives a Hello packet from the standby router and expires based on the hold time value that’s set in the respective Hello packet. Large Enterprise Network Outages with FHRPs Years ago when HSRP was all the rage, and before VRRP and GLBP, enterprises used hundreds of HSRP groups. With the hello timer set to 3 seconds and a hold time of 10 seconds, these timers worked just fine and we had great redundancy with our core routers. However, as we’ve seen in the last few years and certainly will see in the future, 10 seconds is now a lifetime! Some of my customers have been complaining with the failover time and loss of connectivity to their virtual server farm. So lately I’ve been changing the timers to well below the defaults. Cisco had changed the timers so you could use sub-second times for failover. Because these are multicast packets, the overhead that is seen on a current high-speed network is almost nothing. The hello timer is typically set to 200 msec and the hold time is 700 msec. The command is as follows: (config-if)#Standby 1 timers msec 200 msec 700 This almost ensures that not even a single packet is lost when there is an outage. Group Roles Each of the routers in the standby group has a specific function and role to fulfill. The three main roles are as virtual router, active router, and standby router. Additional routers can also be included in the group. Virtual router As its name implies, the virtual router is not a physical entity. It really just defines the role that’s held by one of the physical routers. The physical router that communicates as the virtual router is the current active router. The virtual router is nothing more than a separate IP address and MAC address to which packets are sent. Active router The active router is the physical router that receives data sent to the virtual router address and routes it onward to its various destinations. As I mentioned, this router accepts all the data sent to the MAC address of the virtual router in addition to the data that’s been sent to its own physical MAC address. The active router processes the data that’s being forwarded and will also answer any ARP requests destined for the virtual router’s IP address.
Its job is to monitor the status of the HSRP group and quickly take over packet-forwarding responsibilities if the active router fails or loses communication. Both the active and standby routers transmit Hello messages to inform all other routers in the group of their role and status.
are members of the group but don’t take the primary roles of either active or standby states. These routers monitor the Hello messages sent by the active and standby routers to ensure that an active and standby router exists for the HSRP group that they belong to. They will forward data that’s specifically addressed to their own IP addresses, but they will never forward data addressed to the virtual router unless elected to the active or standby state. These routers send “speak” messages based on the hello timer interval that informs other routers of their position in an election.
By now, you probably understand why having a virtual router on a LAN is a great idea. You also know why it’s a very good thing that the active router can change dynamically, giving us much needed redundancy on our inside network. But what about the links to the upstream network or the Internet connection off of those HSRP-enabled routers? And how will the inside hosts know if an outside interface goes down or if they are sending packets to an active router that can’t route to a remote network? Key questions and HSRP do provide a solution for them; it’s called interface tracking. Figure 16.12 shows how HSRP-enabled routers can keep track of the interface status of the outside interfaces and how they can switch the inside active router as needed to keep the inside hosts from losing connectivity upstream.
Interface tracking setup If the outside link of the active router goes down, the standby router will take over and become the active router. There is a default priority of 100 on routers configured with an HSRP interface, and if you raise this priority (we’ll do this in a minute), it means your router has a higher priority to become the active router. The reason I am bringing this up now is because when a tracked interface goes down, it decrements the priority of this router.
Configuring and verifying the different FHRPs can be pretty simple, especially regarding the Cisco objectives, but as with most technologies, you can quickly get into advanced configurations and territory with the different FHRPs if you’re not careful, so I’ll show you exactly what you need to know. The Cisco objectives don’t cover much about the configuration of FHRPs, but verification and troubleshooting is important, so I’ll use a simple configuration on two routers here. Figure 16.13 shows the network I’ll use to demonstrate HSRP. Figure 16.13 HSRP configuration and verification This is a simple configuration for which you really need only one command: standby group ip virtual_ip. After using this single mandatory command, I’ll name the group and set the interface on router HSRP1 so it wins the election and becomes the active router by default. HSRP1#
HSRP1(config)# int fa0/0 HSRP1(config-if)# standby ? <0-255> group number authentication Authentication delay HSRP initialisation delay ip Enable HSRP and set the virtual IP address mac-address Virtual MAC address name Redundancy name string preempt Overthrow lower priority Active routers priority Priority level
redirect Configure sending of ICMP Redirect messages with an HSRP virtual IP address as the gateway IP address timers Hello and hold timers track Priority tracking use-bia HSRP uses interface's burned in address version HSRP version HSRP1(config-if)# standby 1 ip 10.1.1.10 HSRP1(config-if)# standby 1 name HSRP_Test HSRP1(config-if)# standby 1 priority ? <0-255> Priority value HSRP1(config-if)# standby 1 priority 110 000047: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby 000048: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active110 There are quite a few commands available to use in an advanced setting with the standby
command, but we’ll stick with the simple commands that follow the Cisco objectives. First, I numbered the group (1), which must be the same on all routers sharing HSRP duties; then I added the virtual IP address shared by all routers in the HSRP group. Optionally, I named the group and then set the priority of HSRP1 to 110, and I left HSRP2 to a default of 100. The router with the highest priority will win the election to become the active router. Let’s configure the HSRP2 router now: HSRP2#
HSRP2(config)# int fa0/0 HSRP2(config-if)# standby 1 ip 10.1.1.10 HSRP2(config-if)# standby 1 name HSRP_Test *Jun 23 21:40:10.699:%HSRP-5-STATECHANGE:FastEthernet0/0 Grp 1 state Speak -> Standby I really only needed the first command—naming it was for administrative purposes only. Notice that the link came up and HSRP2 became the standby router because it had the lower priority of 100 (the default). Make a note that this priority comes into play only if both routers were to come up at the same time. This means that HSRP2 would be the active router, regardless of the priority, if it comes up first. Let’s take a look at the configurations with the show standby and show
standby brief commands: HSRP1(config-if)# do show standby FastEthernet0/0 - Group 1 State is Active 2 state changes, last state change 00:03:40 Virtual IP address is 10.1.1.10 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.076 secs Preemption disabled Active router is local Standby router is 10.1.1.2, priority 100 (expires in 7.448 sec) Priority 110 (configured 110) IP redundancy name is "HSRP_Test" (cfgd) HSRP1(config-if)#
P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa0/0
1 110 Active local 10.1.1.2 10.1.1.10 Notice the group number in each output—it’s a key troubleshooting spot! Each router must be configured in the same group or they won’t work. Also, you can see the virtual MAC and configured virtual IP address, as well as the hello time of 3 seconds. The standby and virtual IP addresses are also displayed. HSRP2’s output tells us that it’s in standby mode: HSRP2(config-if)# do show standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Fa0/0 1 100 Standby 10.1.1.1 local 10.1.1.10 HRSP2(config-if)# Notice so far that you have seen HSRP states of active and standby, but watch what happens when I disable Fa0/0: HSRP1#
config t HSRP1(config)# interface Fa0/0 HSRP1(config-if)# shutdown *Nov 20 10:06:52.369: %HSRP-5-STATECHANGE: Ethernet0/0 Grp 1 state Active -> Init
The HSRP went into Init
state, meaning it’s trying to initialize with a peer. The possible interface states for HSRP are shown in Table 16.1 .
HSRP states
Initial
(INIT) This is the state at the start. This state indicates that HSRP does not run. This state is entered through a configuration change or when an interface first becomes available. Learn The router has not determined the virtual IP address and has not yet seen an authenticated Hello message from the active router. In this state, the router still waits to hear from the active router. Listen
The router knows the virtual IP address, but the router is neither the active router nor the standby router. It listens for Hello messages from those routers. Speak
The router sends periodic Hello messages and actively participates in the election of the active and/or standby router. A router cannot enter speak state unless the router has the virtual IP address. Standby The router is a candidate to become the next active router and sends periodic Hello messages. With the exclusion of transient conditions, there is, at most, one router in the group in standby state.
Active The router currently forwards packets that are sent to the group virtual MAC address. The router sends periodic Hello messages. With the exclusion of transient conditions, there must be, at most, one router in active state in the group. There is one other command that I want to cover. If you’re studying and want to understand HSRP, you should learn to use this debug
command and have your active and standby routers move. You’ll really get to see what is going on. HSRP2#
debug standby *Sep 15 00:07:32.344:HSRP:Fa0/0 Interface UP *Sep 15 00:07:32.344:HSRP:Fa0/0 Initialize swsb, Intf state Up *Sep 15 00:07:32.344:HSRP:Fa0/0 Starting minimum intf delay (1 secs)
*Sep 15 00:07:32.344:HSRP:Fa0/0 Grp 1 Set virtual MAC 0000.0c07.ac01 type: v1 default *Sep 15 00:07:32.344:HSRP:Fa0/0 MAC hash entry 0000.0c07.ac01, Added Fa0/0 Grp 1 to list *Sep 15 00:07:32.348:HSRP:Fa0/0 Added 10.1.1.10 to hash table *Sep 15 00:07:32.348:HSRP:Fa0/0 Grp 1 Has mac changed? cur 0000.0c07.ac01 new 0000.0c07.ac01 *Sep 15 00:07:32.348:HSRP:Fa0/0 Grp 1 Disabled -> Init *Sep 15 00:07:32.348:HSRP:Fa0/0 Grp 1 Redundancy "hsrp-Fa0/0-1" state Disabled -> Init *Sep 15 00:07:32.348:HSRP:Fa0/0 IP Redundancy "hsrp-Fa0/0-1" added *Sep 15 00:07:32.348:HSRP:Fa0/0 IP Redundancy "hsrp-Fa0/0-1" update, Disabled -> Init *Sep 15 00:07:33.352:HSRP:Fa0/0 Intf min delay expired *Sep 15 00:07:39.936:HSRP:Fa0/0 Grp 1 MAC addr update Delete from SMF 0000.0c07.ac01 *Sep 15 00:07:39.936:HSRP:Fa0/0 Grp 1 MAC addr update Delete from SMF 0000.0c07.ac01 *Sep 15 00:07:39.940:HSRP:Fa0/0 ARP reload Yüklə 22,5 Mb. Dostları ilə paylaş:
|