© Chris Carthern and William Wilson and Noel Rivera 2021
C. Carthern et al.Cisco Networkshttps://doi.org/10.1007/978-1-4842-6672-4_13

13. Introduction to Availability

Chris Carthern1  , William Wilson2 and Noel Rivera3
(1)
Bangkok, Krung Thep, Thailand
(2)
FPO, AP, USA
(3)
APO, AE, USA
 

This chapter discusses how to provide a high availability of systems, including network redundancy and fault tolerance. It covers protocols such as the Hot Standby Router Protocol (HSRP) , Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP) to increase network uptime. High availability is a requirement that companies use to keep mission-critical networks and applications available. Imagine if Amazon or Google had a four-hour outage. How much money would these companies lose because of this outage? Possibly millions of dollars. Thus, you see the importance of high availability.

High Availability

In today’s world, companies want their networks available 24 hours a day, every day of the year, which means that a minimum 99.999% availability is required. We have covered topics that relate to high availability in networks. Table 13-1 is an availability/downtime representation.
Table 13-1.

Availability Table

Availability

Downtime per Year

Downtime per Month

99.999999%

315.569 milliseconds

26.297 milliseconds

99.999990%

3.15 seconds

262.97 milliseconds

99.999900%

31.5 seconds

2.59 seconds

99.999000%

5.26 minutes

2.16 minutes

99.990000%

52.56 minutes

4.32 minutes

99.900000%

8.76 hours

43.8 minutes

99.000000%

3.65 days

7.2 hours

98.000000%

7.3 days

14.4 hours

Other options for increasing availability were discussed in previous chapters. Chapter 1 discussed the Cisco hierarchal model, which is displayed in Figure 13-1.
../images/336497_2_En_13_Chapter/336497_2_En_13_Fig1_HTML.jpg
Figure 13-1.

Cisco hierarchal model

You can increase availability by creating multiple links to each device, based on the level of redundancy and availability needed, and your company’s budget. This way, if one link fails, the users or services are still available. Links connecting the access layer to the distribution layer should be trunked and port channels should be configured to increase availability. Port channels and STP were discussed in Chapter 5. Recall that port channels are used to logically link multiple physical ports together to increase bandwidth and provide redundancy. Why do we use STP? STP is used to prevent loops in our networks, which increases our availability as resources are saved and should be used if you have redundant links. Trunking was discussed in Chapter 5. Chapter 6 covered routing protocols. A dynamic routing protocol should also be used to provide fast convergence when links fail.

Device reliability can be increased by using redundant devices, including core routers and switches. You limit a total outage if you have multiple core routers, including multiple connections to the Internet. You also need to remember little things such as power. Use devices that have multiple power supplies and connect the power supplies to different power sources, so if one source fails, the device does not fail. Let’s not forget about power generators as a source of power in the event of a catastrophic power loss.

Layer 3 Multipathing

Ethernet uses the Spanning Tree Protocol to shut down redundant paths and leave only a single active path from the root to remote ports. You can design for redundancy, but you can’t take advantage of all your bandwidth. This is because Ethernet does not have protections built into the frame for it to die when the frame is looped. Layer 3 protocols are designed to allow forwarding on multiple paths. When there is a routing loop, the time to live (TTL) in an IP packet will prevent it from looping past the maximum TTL.

Most routing protocols support Equal Cost Multipathing (ECMP). That means if a router sees paths that appear equal, it will split the load between each path. By default, most routing protocols will support four equal cost paths, but it can be changed. Some routing protocols also support Unequal Cost Multipathing (UCMP). These protocols will split the traffic in proportion to the metrics. BGP and EIGRP are examples of protocols with UCMP support.

In environments where full use of your bandwidth was required, the available options used to be either manually splitting the VLANs to different paths using PVST or MST or pushing layer 3 to the access layer. In modern networks, we have another solution. Virtual Extensible LANs (VXLANs) allow you to push layer 3 down to the access layer switches while maintaining scalable layer 2 domains. VXLANs encapsulate layer 2 traffic in tunnels. Layer 3 routing is used for the underlay. From the perspective of the end hosts, they are on the same broadcast domain as hosts in the same VXLAN even if they are four router hops away. VXLANs are heavily used in the data center. We cover VXLAN configuration in Chapter 19.

Even with technologies such as VXLANs that can extend a layer 2 network over a layer 3 underlay, we need to evaluate why we need the hosts on the same network. Some applications have a requirement for being in the same broadcast domain or need to be able to fail over between sites without changing their IP address. Another common reason is access control. Traditional access control is tied to a network’s layer 3 interface. Modern networks can use security group tags (SGTs). SGTs associate authenticated users or hosts to tags. The access controls are applied to the tag instead of the network. If you only needed to push layer 2 to the access layer for security reasons, you would change your design to push layer 3 to the access layer and enforce network access control with SGTs. With this design, you have the multipath advantages of routing without losing the segregation provided by VLANs.

First Hop Redundancy Protocol (FHRP)

FHRP is a group of protocols that provide redundancy by allowing a router or switch to automatically take over if another one fails. The three protocols discussed in this chapter are HSRP, VRRP, and GLBP.

HSRP

HSRP was developed by Cisco (proprietary) to solve problems dealing with router redundancy. HSRP provides automatic failover of routers. To configure HSRP, routers must share the same virtual IP and MAC addresses. The virtual IP (VIP) address is the gateway for end devices. Only one of the routers is active and receives and forwards packets. If the primary router fails, the standby router takes over the VIP and MAC addresses and receives and forwards packets. HSRPv1 uses multicast address 224.0.0.2 and HSRPv2 uses 224.0.0.102 to communicate with each router. HSRPv2 increases the number of groups available and provides a few other efficiency announcements over HSRPv1.

Figure 13-2 is an example of configuring HSRP.
../images/336497_2_En_13_Chapter/336497_2_En_13_Fig2_HTML.jpg
Figure 13-2.

HSRP example

The standby ip command is used to configure an interface as a part of an HSRP group.

The default priority of a router is 100; the router with the highest priority becomes the VIP. We show the different commands that can be completed by issuing standby on an interface:
IOU2(config-if)#standby ?
  <0-255>         group number
  authentication  Authentication
  bfd             Enable HSRP BFD
  delay           HSRP initialisation delay
  follow          Name of HSRP group to follow
  ip              Enable HSRP IPv4 and set the virtual IP address
  ipv6            Enable HSRP IPv6
  mac-address     Virtual MAC address
  mac-refresh     Refresh MAC cache on switch by periodically sending packet
                  from virtual mac address
  name            Redundancy name string
  preempt         Overthrow lower priority Active routers
  priority        Priority level
  redirect        Configure sending of ICMP Redirect messages with an HSRP
                  virtual IP address as the gateway IP address
  timers          Hello and hold timers
  track           Priority tracking
  use-bia         HSRP uses interface's burned in address
  version         HSRP version
If no group is specified, the default HSRP group is 0.
IOU2 Configuration
IOU2(config)#int e0/0
IOU2(config-if)#ip add 172.16.1.2 255.255.255.0
IOU2(config-if)#standby ip 172.16.1.1
IOU2(config-if)#standby preempt delay minimum 30
IOU2(config-if)#standby preempt

The interface IP address is on the same network as the VIP address. The standby ip command is followed by the IP address of the VIP.

The standby preempt command is used to instruct the router that if a router comes online in the HSRP group with a higher priority than the current VIP, it will become the active VIP.
IOU3 Configuration
IOU3(config)#int e0/0
IOU3(config-if)#ip add 172.16.1.3 255.255.255.0
IOU3(config-if)#standby ip 172.16.1.1
IOU3(config-if)#standby preempt
IOU3(config-if)#standby preempt delay minimum 30
IOU3(config-if)#standby priority 90
The standby priority command can be used to set the priority of the router. The show standby command can be used to display information about the HSRP status of a router. You see the state of the router, its VIP address, its priority, its group number, and active and standby routers.
 IOU2#show standby
Ethernet0/0 - Group 0
  State is Active
    2 state changes, last state change 00:22:00
  Virtual IP address is 172.16.1.1
  Active virtual MAC address is 0000.0c07.ac00
    Local virtual MAC address is 0000.0c07.ac00 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.336 secs
  Preemption enabled
  Active router is local
  Standby router is 172.16.1.3, priority 90 (expires in 9.152 sec)
  Priority 100 (default 100)
  Group name is "hsrp-Et0/0-0" (default)
Figure 13-3 is a little bit different diagram than the previous example. Let’s say router IOU4 is the gateway to our ISP and the Internet.
../images/336497_2_En_13_Chapter/336497_2_En_13_Fig3_HTML.jpg
Figure 13-3.

HSRP example 2

What happens if the connection of router IOU2’s E0/1 to the Internet goes down, but it is the active router for our LAN VIP? Users will not be able to connect to the Internet. How does HSRP address this? HSRP allows you to track interface E0/1, so if it goes down, you set IOU3 to become the active VIP.
IOU2(config-if)#standby track 1 decrement 12
IOU2(config)#track 1 interface ethernet 0/1 line-protocol
The standby track command is used to associate a tracked object to the HSRP group. If no HSRP group is entered after the standby command, the default group of 0 is assumed.
IOU2(config-if)#standby ?
  <0-255>         group number

The track command is used to tell the router that if interface E0/1’s line protocol drops, then its priority will decrement by 12, which makes IOU3 the active VIP since its priority is 90 and IOU2’s becomes 88. If no decrement is entered, the default of 10 is assumed.

Figures 13-4 is a packet capture of an HSRP packet sent to multicast address 224.0.0.2.
../images/336497_2_En_13_Chapter/336497_2_En_13_Fig4_HTML.jpg
Figure 13-4.

HSRP packet capture

As you can see in Figure 13-4, the HSRP packet has information such as its state, priority, group, and VIP.

Authentication can be used to increase the security of HSRP.

The command used to add authentication is standby authentication:
IOU2(config-if)#standby authentication ?
  WORD  Plain text authentication string (8 chars max)
  md5   Use MD5 authentication
  text  Plain text authentication
IOU2(config-if)#standby authentication Apress
The preceding command uses a password in clear text, whereas the following command uses MD5 to encrypt the password:
IOU2(config-if)#standby authentication md5 ?
  key-chain   Set key chain
  key-string  Set key string
IOU2(config-if)#standby authentication md5 key-string Apress

VRRP

VRRP provides a similar solution to router redundancy. VRRP is not proprietary; it is used by many vendors. VRRP provides automatic failover for routers to increase the availability and reliability of routing paths. One router is designated the master router, and the other is the backup router. Backup routers only take over the master role if the master router fails. VRRP uses multicast address 224.0.0.18 to communicate with each router. The VRRP configuration is very similar to that of HSRP. Figure 13-5 shows an example of configuring VRRP on two routers.
../images/336497_2_En_13_Chapter/336497_2_En_13_Fig5_HTML.jpg
Figure 13-5.

VRRP example

In the example VRRP configuration, you will use group 20. Note that the commands for HSRP and VRRP are very similar. Use the preempt, track, priority, and authentication commands in this example VRRP configuration. If you are using IOS-XE 16, you must enable VRRP with the global command fhrp version vrrp v3 before it is available on an interface.
IOU2 Configuration
IOU2(config)#int e0/0
IOU2(config-if)#ip add 192.168.1.2 255.255.255.0
IOU2(config-if)#vrrp 20 ip 192.168.1.1
IOU2(config-if)#vrrp 20 priority 110
IOU2(config-if)#vrrp 20 preempt
IOU2(config-if)#vrrp 20 track 1 decrement 15
IOU2(config-if)#vrrp 20 authentication md5 key-string test
IOU2(config-if)#exit
IOU2(config)#track 1 interface ethernet 0/1 line-protocol
IOU3 Configuration
IOU3(config)#int e0/0
IOU3(config-if)#ip add 192.168.1.3 255.255.255.0
IOU3(config-if)#vrrp 20 ip 192.168.1.1
IOU3(config-if)#vrrp 20 priority 100
IOU3(config-if)#vrrp 20 preempt
IOU3(config-if)#vrrp 20 authentication md5 key-string test

VRRP version 2 is being phased out. In modern versions of IOS-XE, you need to enable VRRPv2 in global configuration mode using fhrp version vrrp v3. Devices that only support VRRPv3 will not show any interface commands until it is enabled in global configuration. The configuration on the interface differs slightly from earlier versions of VRRP. Use vrrp <group number> address-family ipv4 to enter sub-configuration mode under an interface. Once in VRRP interface sub-configuration, most of the same commands apply, but remove the vrrp <group number> before the command.

To view information about the status of VRRP, use the show vrrp command. Notice the different options that can be entered after the show vrrp command:
IOU2#sh vrrp ?
  all        Include groups in disabled state
  brief      Brief output
  interface  VRRP interface status and configuration
  |          Output modifiers
  <cr>
IOU2#sh vrrp all
Ethernet0/0 - Group 20
  State is Master
  Virtual IP address is 192.168.1.1
  Virtual MAC address is 0000.5e00.0114
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 110
    Track object 1 state Up decrement 15
  Authentication MD5, key-string
  Master Router is 192.168.1.2 (local), priority is 110
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.570 sec
Using the show vrrp all command, you can see information such as the interfaces that are participating in VRRP, the group number, the state of the switch, the VIP address, and the priority, tracking, and authentication applied to VRRP. If you would like to see most of the information mentioned, simply use the show vrrp brief command, as shown in the next example:
IOU2#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Et0/0              20  110 3570        Y  Master  192.168.1.2     192.168.1.1

GLBP

GLBP is a proprietary protocol developed by Cisco to overcome other redundancy issues while adding load balancing features. Load balancing is achieved by adding weight parameters that determine which router is used as a gateway. An Active Virtual Gateway (AVG) is elected for each group, and the other routers are backups. The second-best AVG is set in a standby state, waiting in the event of a failure of the AVG. The AVG assigns a virtual MAC address to each router in the GLBP group, creating up to four Active Virtual Forwarders (AVFs). Every AFV is responsible for receiving and forwarding packets sent to its address. GLBP routers use multicast address 224.0.0.102 to send hello packets to each member. An example of GLBP is shown in Figure 13-6.
../images/336497_2_En_13_Chapter/336497_2_En_13_Fig6_HTML.jpg
Figure 13-6.

GLBP example

In the following example, you will configure two routers as gateways and will load balance 50% of traffic between the two routers. Load balancing can be accomplished using round-robin, host-dependent methods, or weighted load balancing. In this example, you will use weighted balancing. Weighted load balancing does not actually load balance traffic, but allows for routers to serve as a default gateway for a percentage of the host. If one of the hosts is a server that is highly used, then that router will still probably use a higher percentage of the traffic load. Host-dependent methods allow for the same virtual MAC address to always deliver to the same host MAC address. In this setup, the hosts can use the same physical gateway, as long as it is online:
IOU2(config-if)#glbp 10 load-balancing ?
  host-dependent  Load balance equally, source MAC determines forwarder choice
  round-robin     Load balance equally using each forwarder in turn
  weighted        Load balance in proportion to forwarder weighting
  <cr>

The GLBP 10 weighting 50 command tells the router to use 50% of the bandwidth traffic load. The default weight of 100 is not specified. If both are 50, then the MAC address of each router is sent equally.

The GLBP 10 weighting 50 lower 35 upper 40 command is the same as the previous command, except that it sets a threshold on the weight of the router. If the weight falls below 35, the router stops participating in GLBP.

The Track 1 interface e0/1 line-protocol command tells the router that interface e0/1 is being monitored to determine if the weight needs to be decremented, and the router stops being used as a forwarder if this occurs.
IOU2 Configuration
IOU2(config)#int e0/0
IOU2(config-if)#ip add 192.168.21.2 255.255.255.0
IOU2(config-if)#glbp 10 ip 192.168.21.1
IOU2(config-if)#glbp 10 preempt
IOU2(config-if)#glbp 10 priority 110
IOU2(config-if)#glbp 10 weighting 50
IOU2(config-if)#glbp 10 load-balancing weighted
IOU2(config-if)#glbp 10 weighting 50 lower 35 upper 40
IOU2(config-if)#glbp 10 authentication md5 key-string test
IOU2(config-if)#glbp 10 weighting track 1 decrement 20
IOU2(config-if)#exit
IOU2(config)#track 1 interface e0/1 line-protocol
IOU3 Configuration
IOU3(config)#int e0/0
IOU3(config-if)#ip add 192.168.21.3 255.255.255.0
IOU3(config-if)#glbp 10 ip 192.168.21.1
IOU3(config-if)#glbp 10 preempt
IOU3(config-if)#glbp 10 priority 90
IOU3(config-if)#glbp 10 weighting 50
IOU3(config-if)#glbp 10 load-balancing weighted
IOU3(config-if)#glbp 10 weighting 50 lower 35 upper 40
IOU3(config-if)#glbp 10 authentication md5 key-string test
IOU3(config-if)#glbp 10 weighting track 1 decrement 15
IOU3(config-if)#exit
IOU3(config)#track 1 interface e0/1 line-protocol
Enter the show GLBP command to show information related to GLBP, including the active and standby devices, the priority, weighting, tracking, and load balancing:
IOU2#show glbp
Ethernet0/0 - Group 10
  State is Active
    1 state change, last state change 00:01:58
  Virtual IP address is 192.168.21.1
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.024 secs
  Redirect time 600 sec, forwarder timeout 14400 sec
  Authentication MD5, key-string
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is 192.168.21.3, priority 90 (expires in 8.128 sec)
  Priority 110 (configured)
  Weighting 50 (configured 50), thresholds: lower 35, upper 40
    Track object 1 state Up decrement 15
  Load balancing: weighted
  Group members:
    aabb.cc00.0200 (192.168.21.2) local
    aabb.cc00.0300 (192.168.21.3) authenticated
  There are 2 forwarders (1 active)
  Forwarder 1
    State is Active
      1 state change, last state change 00:01:47
    MAC address is 0007.b400.0a01 (default)
    Owner ID is aabb.cc00.0200
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 50
  Forwarder 2
    State is Listen
    MAC address is 0007.b400.0a02 (learnt)
    Owner ID is aabb.cc00.0300
    Redirection enabled, 598.144 sec remaining (maximum 600 sec)
    Time to live: 14398.144 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 192.168.21.3 (primary), weighting 50 (expires in 9.376 sec)
The following is a list of the other information that can be deduced from the show GLBP command:
IOU2#sh glbp ?
  BVI           Bridge-Group Virtual Interface
  Ethernet      IEEE 802.3
  active        Groups in active state
  brief         Brief output
  capability    GLBP capability
  client-cache  Client cache
  detail        Detailed output
  disabled      Groups in disabled state
  init          Groups in init state
  listen        Groups in listen state
  standby       Groups in standby or speak states
  |             Output modifiers
  <cr>
The show GLBP brief command displays abbreviated information of the show GLBP command:
IOU2#sh glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Et0/0       10   -   110 Active   192.168.21.1    local           192.168.21.3
Et0/0       10   1   -   Active   0007.b400.0a01  local           -
Et0/0       10   2   -   Listen   0007.b400.0a02  192.168.21.3    -

Multilinks

We have not covered serial links on routers because they are used infrequently today, but we will go over configuring multilink interfaces to provide high availability and redundancy on these interfaces. Multilinks allow you to bundle multiple PPP-encapsulated WAN links into one logical interface. This is a great way to add load balancing across a link and to allow redundancy in the event that one link fails. Multilinks require both ends to have the same configuration. Use Figure 13-7 to create a PPP multilink. Apress has ordered two E1 connections from its service provider. Each E1 provides a speed of 2.048 Mb/s. By creating a multilink, you can bundle the two E1s to create a single logical link with a speed of 4.096 Mb/s.
../images/336497_2_En_13_Chapter/336497_2_En_13_Fig7_HTML.jpg
Figure 13-7.

Multilink example

In this example, you will create a multilink using network 192.168.1.0/30 between IOU1 and IOU2:

  • The interface multilink # command creates the logical multilink interface.

  • The encapsulation ppp command sets the encapsulation of the interface to PPP.

  • The ppp multilink command enables multilink on an interface.

  • The ppp multilink group # command enables an interface to join the designated multilink group interface.

IOU1 Configuration
IOU1(config)#int multilink1
IOU1(config-if)#no shut
IOU1(config-if)#ip add 192.168.1.1 255.255.255.252
IOU1(config-if)#ppp multilink
IOU1(config-if)#ppp multilink group 1
IOU1(config-if)#int s2/0
IOU1(config-if)#no ip address
IOU1(config-if)#encapsulation ppp
IOU1(config-if)#ppp multilink
IOU1(config-if)#ppp multilink group 1
IOU1(config-if)#int s2/1
IOU1(config-if)#no ip address
IOU1(config-if)#encapsulation ppp
IOU1(config-if)#ppp multilink
IOU1(config-if)#ppp multilink group 1
IOU2 Configuration
IOU2(config)#int multilink1
IOU2(config-if)#no shut
IOU2(config-if)#ip add 192.168.1.2 255.255.255.252
IOU2(config-if)#ppp multilink
IOU2(config-if)#ppp multilink group 1
IOU2(config-if)#int s2/0
IOU2(config-if)#no ip address
IOU2(config-if)#encapsulation ppp
IOU2(config-if)#ppp multilink
IOU2(config-if)#ppp multilink group 1
IOU2(config-if)#int s2/1
IOU2(config-if)#no ip address
IOU2(config-if)#encapsulation ppp
IOU2(config-if)#ppp multilink
IOU2(config-if)#ppp multilink group 1
IOU2#sh int s2/0
Serial2/0 is up, line protocol is up
  Hardware is M4T
  MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open, multilink Open
  Link is a member of Multilink bundle Multilink1, crc 16, loopback not set
If you look at one of the serial interfaces in the multilink, you can see the encapsulation:
IOU1#show interface multilink1
Multilink1 is up, line protocol is up
  Hardware is multilink group interface
  Internet address is 192.168.1.1/30
  MTU 1500 bytes, BW 3088 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open, multilink Open
  Open: IPCP, CDPCP, loopback not set
IOU1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/9 ms

You have successfully pinged the other end of the multilink and verified connectivity.

The show ppp multilink command can be used also to display information about a multilink:
IOU2#show ppp multilink
Multilink1
  Bundle name: IOU1
  Remote Endpoint Discriminator: [1] IOU1
  Local Endpoint Discriminator: [1] IOU2
  Bundle up for 00:00:11, total bandwidth 3088, load 1/255
  Receive buffer limit 24000 bytes, frag timeout 1000 ms
    0/0 fragments/bytes in reassembly list
    0 lost fragments, 2 reordered
    0/0 discarded fragments/bytes, 0 lost received
    0x4 received sequence, 0x4 sent sequence
  Member links: 2 active, 0 inactive (max 255, min not set)
    Se2/0, since 00:00:11
    Se2/1, since 00:00:09
No inactive multilink interfaces

Availability Exercises

This section introduces exercises that will reinforce information covered in the chapter.

Exercise 1: HSRP
Configure HSRP based on the following diagram. Configure IOU2 to be the active VIP since it has two interfaces to the Internet. Also configure so that if both Internet-facing interfaces’ line protocols drop, IOU3 will become the active VIP. Shut down both Internet-facing interfaces on IOU2 and provide verification that IOU3 takes over as the active VIP.
../images/336497_2_En_13_Chapter/336497_2_En_13_Figa_HTML.jpg
Exercise 2: VRRP
Configure VRRP based on the following diagram. Configure IOU2 to be the active VIP. Also configure so that if both of IOU2’s interface e0/1 line protocols drop, then IOU3 will become the active VIP; and if IOU3’s interface e0/1 line protocol drops, then IOU2 will become the active VIP. Shut down the Internet-facing interface on IOU2 and provide verification that IOU3 takes over as the active VIP. Configure MD5 authentication using a key string named test.
../images/336497_2_En_13_Chapter/336497_2_En_13_Figb_HTML.jpg
Exercise 3: GLBP
Configure GLBP based on the following diagram. Configure IOU2 to be the active AVG. Also configure that if IOU2’s interface e0/1 line protocol drops, then IOU3 becomes the active AVG, and if IOU3’s interface e0/1 line protocol drops, then IOU2 becomes the active AVG. Shut down the Internet-facing interface on IOU2 and provide verification that the weighting decrements appropriately. Add authentication using MD5 and string Apress. Also configure weighting so that IOU2 uses 50%, IOU3 uses 25%, and IOU5 uses 25% of weighting.
../images/336497_2_En_13_Chapter/336497_2_En_13_Figc_HTML.jpg

Exercise Answers

This section provides answers to the questions from the “Availability Exercises” section in this chapter.

Exercise 1

IOU2 Configuration
IOU2(config)#Int e0/0
IOU2(config-if)#Ip add 192.168.1.1 255.255.255.0
IOU2(config-if)#standby ip 192.168.1.3
IOU2(config-if)#standby preempt
IOU2(config-if)#standby priority 110
IOU2(config-if)#standby track 1 decrement 5
IOU2(config-if)#standby track 2 decrement 5
IOU2(config-if)#track 1 interface ethernet 0/1 line-protocol
IOU2(config-track)#track 2 interface ethernet 0/2 line-protocol
You created two separate tracks that each decrement the priority by five if interface e0/1 or e0/2 drops.
IOU3 Configuration
IOU3(config)#Int e0/0
IOU3(config-if)#Ip add 192.168.1.2 255.255.255.0
IOU3(config-if)#standby ip 192.168.1.3
IOU3(config-if)#standby preempt
IOU3(config-if)#standby priority 103

If both e0/1 and e0/2 interfaces drop on IOU2, the priority is 110 – 5 – 5 = 90. The priority of IOU3 is 103, so it becomes the active VIP. Let’s prove it by shutting down interfaces e0/1 and e0/2 on IOU2.

First, you verify that IOU2 is the active router and the priority is currently 110:
IOU2#sh standby
Ethernet0/0 - Group 0
  State is Active
    2 state changes, last state change 00:04:13
  Virtual IP address is 192.168.1.3
  Active virtual MAC address is 0000.0c07.ac00
    Local virtual MAC address is 0000.0c07.ac00 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.216 secs
  Preemption enabled
  Active router is local
  Standby router is 192.168.1.2, priority 103 (expires in 10.528 sec)
  Priority 110 (configured 110)
    Track object 1 state Up decrement 5
    Track object 2 state Up decrement 5
  Group name is "hsrp-Et0/0-0" (default)
IOU2(config)#int e0/1
IOU2(config-if)#shut
IOU2(config-if)#
*Mar 11 22:46:55.795: %TRACK-6-STATE: 1 interface Et0/1 line-protocol Up -> Down
You can see that our track is being followed as you shut interface e0/1 down on IOU2. Now let’s check the priority again:
IOU2#sh standby
Ethernet0/0 - Group 0
  State is Active
    2 state changes, last state change 00:06:14
  Virtual IP address is 192.168.1.3
  Active virtual MAC address is 0000.0c07.ac00
    Local virtual MAC address is 0000.0c07.ac00 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.128 secs
  Preemption enabled
  Active router is local
  Standby router is 192.168.1.2, priority 103 (expires in 10.528 sec)
  Priority 105 (configured 110)
    Track object 1 state Down decrement 5
    Track object 2 state Up decrement 5
  Group name is "hsrp-Et0/0-0" (default)
The priority is changed; now let’s shut down e0/2:
IOU2(config)#int e0/2
IOU2(config-if)#shut
*Mar 11 22:48:49.326: %TRACK-6-STATE: 2 interface Et0/2 line-protocol Up -> Down
*Mar 11 22:48:50.030: %HSRP-5-STATECHANGE: Ethernet0/0 Grp 0 state Active -> Speak
IOU2#sh standby
Ethernet0/0 - Group 0
  State is Speak
    3 state changes, last state change 00:00:10
  Virtual IP address is 192.168.1.3
  Active virtual MAC address is 0000.0c07.ac00
    Local virtual MAC address is 0000.0c07.ac00 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.656 secs
  Preemption enabled
  Active router is 192.168.1.2, priority 103 (expires in 10.928 sec)
  Standby router is unknown
  Priority 100 (configured 110)
    Track object 1 state Down decrement 5
    Track object 2 state Down decrement 5
  Group name is "hsrp-Et0/0-0" (default)

You can see that IOU3 has become the active router and that the priority of IOU2 has changed to 100.

Exercise 2

IOU2 Configuration
IOU2(config)#Int e0/0
IOU2(config-if)#ip add 192.168.5.2 255.255.255.0
IOU2(config-if)#vrrp 40 ip 192.168.5.1
IOU2(config-if)#vrrp 40 priority 110
IOU2(config-if)#vrrp 40 preempt
IOU2(config-if)#vrrp 40 track 1 decrement 15
IOU2(config-if)#vrrp 40 authentication md5 key-string test
IOU2(config-if)#exit
IOU2(config)#track 1 interface ethernet 0/1 line-protocol
You know that IOU2 must be the active VIP. You configured IOU2 with a priority of 110 and a track decrement of 15, which means the priority of IOU3 must be between 96 and 109. The VRRP group is 40, as in the diagram, and the VIP is 192.168.5.1.
IOU3 Configuration
IOU3(config)#int e0/0
IOU3(config-if)#ip add 192.168.5.3 255.255.255.0
IOU3(config-if)#vrrp 40 ip 192.168.5.1
IOU3(config-if)#vrrp 40 priority 105
IOU3(config-if)#vrrp 40 preempt
IOU3(config-if)#vrrp 40 track 1 decrement 15
IOU3(config-if)#vrrp 40 authentication md5 key-string test
IOU3(config-if)#exit
IOU3(config)#track 1 interface ethernet 0/1 line-protocol
IOU3 was created with a priority of 105 and uses the preempt command, so that if the ISP-facing interface drops on IOU2, IOU3 becomes the master. Now you run a show vrrp brief on both IOU2 and IOU3 to verify that IOU2 is the master:
IOU2#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Et0/0              40  110 3570       Y  Master  192.168.5.2     192.168.5.1
Now you shut down the ISP-facing interface on IOU2 and verify that IOU2 becomes the backup:
IOU2(config-if)#int e0/1
IOU2(config-if)#shut
*Mar 11 23:29:48.369: %VRRP-6-STATECHANGE: Et0/0 Grp 40 state Master -> Backup
IOU2#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Et0/0              40  95  3570       Y  Backup  192.168.5.3     192.168.5.1

You have verified that IOU2 was the master router until you shut down interface e0/1 and then IOU3 became the master router.

Exercise 3

IOU2 Configuration
IOU2(config)#Int e0/0
IOU2(config-if)#Ip add 192.168.10.2 255.255.255.0
IOU2(config-if)#Glbp 20 ip 192.168.10.1
IOU2(config-if)#Glbp 20 preempt
IOU2(config-if)#Glbp 20 priority 110
IOU2(config-if)#Glbp 20 load-balancing weighted
IOU2(config-if)#Glbp 20 weighting 50 lower 35 upper 40
IOU2(config-if)#Glbp 20 authentication md5 key-string Apress
IOU2(config-if)#Glbp 20 weighting track 1 decrement 20
IOU2(config-if)#exit
IOU2(config)#Track 1 interface e0/1 line-protocol
You have configured GLBP group 20 on IOU2 and assigned a priority of 110 and a decrement of 20 if the line protocol drops on e0/1. Weighted load balancing is being used, and IOU2 is set to 50%, as instructed. Also, you can see that authentication is configured with key string Apress.
IOU3 Configuration
IOU3(config)#Int e0/0
IOU3(config-if)#Ip add 192.168.10.3 255.255.255.0
IOU3(config-if)#Glbp 20 ip 192.168.10.1
IOU3(config-if)#Glbp 20 preempt
IOU3(config-if)#Glbp 20 load-balancing weighted
IOU3(config-if)#Glbp 20 weighting 25 lower 15 upper 20
IOU3(config-if)#Glbp 20 authentication md5 key-string Apress
IOU3(config-if)#Glbp 20 weighting track 1 decrement 15
IOU3(config-if)#exit
IOU3(config)#Track 1 interface e0/1 line-protocol
IOU3 has the same configuration parameters as IOU2, except that it is using 25% of the load balance and it is assigned a decrement of 15 if its e0/1 interface goes down:
IOU5 Configuration
IOU5(config)#int e0/0
IOU5(config-if)#Ip add 192.168.10.4 255.255.255.0
IOU5(config-if)#glbp 20 ip 192.168.10.1
IOU5(config-if)#glbp 20 preempt
IOU5(config-if)#glbp 20 load-balancing weighted
IOU5(config-if)#glbp 20 weighting 25 lower 15 upper 20
IOU5(config-if)#glbp 20 authentication md5 key-string Apress
IOU5(config-if)#glbp 20 weighting track 1 decrement 15
IOU5(config-if)#exit
IOU5(config)#Track 1 interface e0/1 line-protocol

IOU5 has the same configuration parameters as IOU3.

Using the show GLPB command, you can see that the weighting before interface e0/1 is shut down on IOU2 is 50:
IOU2#show glbp
Ethernet0/0 - Group 20
  State is Active
    1 state change, last state change 00:01:38
  Virtual IP address is 192.168.10.1
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.832 secs
  Redirect time 600 sec, forwarder timeout 14400 sec
  Authentication MD5, key-string
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is 192.168.10.4, priority 100 (expires in 9.312 sec)
  Priority 110 (configured)
  Weighting 50 (configured 50), thresholds: lower 35, upper 40
    Track object 1 state Up decrement 15
  Load balancing: weighted
  Group members:
    aabb.cc00.0200 (192.168.10.2) local
    aabb.cc00.0300 (192.168.10.3) authenticated
    aabb.cc00.0500 (192.168.10.4) authenticated
  There are 3 forwarders (1 active)
  Forwarder 1
    State is Active
      1 state change, last state change 00:01:27
    MAC address is 0007.b400.1401 (default)
    Owner ID is aabb.cc00.0200
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 50
  Forwarder 2
    State is Listen
    MAC address is 0007.b400.1402 (learnt)
    Owner ID is aabb.cc00.0300
    Redirection enabled, 599.680 sec remaining (maximum 600 sec)
    Time to live: 14399.680 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 192.168.10.3 (primary), weighting 25 (expires in 10.432 sec)
  Forwarder 3
    State is Listen
    MAC address is 0007.b400.1403 (learnt)
    Owner ID is aabb.cc00.0500
    Redirection enabled, 599.328 sec remaining (maximum 600 sec)
    Time to live: 14399.328 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 192.168.10.4 (primary), weighting 25 (expires in 9.856 sec)
Now you can provide verification by shutting down interface e0/1 on IOU2:
IOU2(config)#int e0/1
IOU2(config-if)#shut
*Mar 12 01:18:30.029: %TRACK-6-STATE: 1 interface Et0/1 line-protocol Up -> Down
IOU2#sh glbp
Ethernet0/0 - Group 20
  State is Active
    1 state change, last state change 00:38:33
  Virtual IP address is 192.168.10.1
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.856 secs
  Redirect time 600 sec, forwarder timeout 14400 sec
  Authentication MD5, key-string
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is 192.168.10.4, priority 100 (expires in 9.184 sec)
  Priority 110 (configured)
  Weighting 30, low (configured 50), thresholds: lower 35, upper 40
    Track object 1 state Down decrement 20
  Load balancing: weighted

The weighting is 30 after interface e0/1 is shut down, because it was decremented by 20. You have verified that our configuration worked properly.

Summary

This chapter talked about the importance of high availability and redundancy. Most companies consider high availability a high priority for their services. You have learned how to configure HSRP, GLBP, VRRP, and multilinks. All of these can be used to allow redundant network links, which provide high availability of resources. Remember that GLBP not only provides redundancy but also load balances between routers.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.28.197