Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Employers know that CCNP-certified job applicants have a real-world knowledge of networking.  They also know that Cisco awards big discounts to companies that hire Cisco-certified staff. 

After watching Jeremy Cioara's new CCNP 642-813 SWITCH training, you'll be a master-level consultant on Cisco switched networks. You'll also have brighter career prospects and be an important step closer to CCNP certification.

Jeremy covers everything you ever wanted to know about switching in this update to his existing BCMSN course.  In no time, you'll be designing your network for maximum uptime and preparing it for advanced services like WiFi, VoIP and Video over IP. 

Jeremy's training maps to Cisco CCNP certification exam 642-813....
Employers know that CCNP-certified job applicants have a real-world knowledge of networking.  They also know that Cisco awards big discounts to companies that hire Cisco-certified staff. 

After watching Jeremy Cioara's new CCNP 642-813 SWITCH training, you'll be a master-level consultant on Cisco switched networks. You'll also have brighter career prospects and be an important step closer to CCNP certification.

Jeremy covers everything you ever wanted to know about switching in this update to his existing BCMSN course.  In no time, you'll be designing your network for maximum uptime and preparing it for advanced services like WiFi, VoIP and Video over IP. 

Jeremy's training maps to Cisco CCNP certification exam 642-813.
1. Welcome to Cisco Switch: Watch Me First! (17 min)
2. The Switches Domain: Core Concepts and Design (42 min)
3. VLANs: Configuration and Verification (13 min)
4. VLANs: In-Depth Trunking (35 min)
5. VLANs: VLAN Trunking Protocol (33 min)
6. STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1 (23 min)
7. STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2 (34 min)
8. STP: Rapid Spanning Tree Concepts and Configuration (24 min)
9. EtherChannel: Aggregating Redundant Links (24 min)
10. L3 Switching: InterVLAN Routing Extraordinaire (28 min)
11. L3 Switching: Understanding CEF Optimization (16 min)
12. Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1 (43 min)
13. Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2 (23 min)
14. Campus Security: Basic Port Security and 802.1x (32 min)
15. Campus Security: VLAN and Spoofing Attacks (31 min)
16. Campus Security: STP Attacks and Other Security Considerations (15 min)
17. Campus VoIP: Overview, Considerations, and AutoQoS (44 min)
18. Wireless LAN: Foundation Concepts and Design Part 1 (26 min)
19. Wireless LAN: Foundation Concepts and Design Part 2 (22 min)
20. Wireless LAN: Frequencies and 802.11 Standards (34 min)
21. Wireless LAN: Understanding the Hardware (30 min)
22. The Switches Domain: Additional Life-Saving Technology (22 min)
23. Monitoring: Your Pulse on the Network (45 min)
24. Campus Security: VACLs (14 min)

Welcome to Cisco Switch: Watch Me First!

The Switches Domain: Core Concepts and Design

VLANs: Configuration and Verification

VLANs: In-Depth Trunking

VLANs: VLAN Trunking Protocol

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2

STP: Rapid Spanning Tree Concepts and Configuration

EtherChannel: Aggregating Redundant Links

L3 Switching: InterVLAN Routing Extraordinaire

L3 Switching: Understanding CEF Optimization

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2

00:00:00

We are continuing on to make our campus network redundant by using VRRP and GLBP. We are going to pick up here were we left off in the previous video. Wrapping up HSRP and moving into VRRP, essentially the same thing as HSRP, with a couple different commands.

00:00:19

And then we will look at what's different in GLBP. This is the newest protocol on the block that allows the load balancing. Of course, as always, we will be doing the configuration and verification of all of these protocols. VRRP, or the virtual router redundancy protocol, is a good place to start because as I mentioned this one is nearly identical to HSRP with different terms, that's my side title, terminology shift and just a couple slightly different features. So first

00:00:52

off active standby. Meaning in HSRP we have an active router and standby routers. The new terms are master and backup. If you remember we had VLAN-70 or interface VLAN-70 configured. This one was .2 over here. This one was VLAN-70 and this was .3. And this was in the previous HSRP video I am getting all this from. This I made the .2 the active HSRP router and this one the standby. Now I just call

00:01:20

it the master and the backup. The standby group, that's how we configured it in HSRP, now becomes the VRRP group, so slight terminology shift there. This one, the third one, is a feature. The master router can share the virtual IP address. So in HSRP we had .2 and .3 and they both responded for .1, this one being the active and this one being the standby. But in VRRP you can

00:01:49

actually set it up to where the master, or the active router, the number one router on the block, uses .1 as its actual IP address. The other's will have their IP addresses and take over for the .1 IP address if this one should go offline. Of course it is going to have that virtual MAC address in the same way.

00:02:10

So they all take over for the MAC address not to cause any ARP cache timer issues as well. So I don't know if I like that or not, but it's a cool feature. I guess you don't have to use it, but it's there for you to actual assign the virtual IP as the real IP address for one of the routers; the one that is the master, or the top dog on the stack. Last one is that VRRP came out five

00:02:36

years later than HSRP. So it has better timers by default. A one second hello time and then three times a hello is the downtime, plus what's know as the skew. So, if you remember in HSRP I was saying by default it was once every three seconds. Then I said, "Well you can tune it down to a 1 second hello" and I recommended a 4 second down time or hold down timer because that will allow you to miss three full hello's before taking over and considering them down; because if we said 3 second was the down timer than we would only be able to miss two hellos.

00:03:16

So VRRP made it a little better by adding this think known as the skew timer. This is weird; the formula for it. But what it is you have the dead timer, or hold down time, being three times the hello. So that's 3 seconds for the dead timer, plus the skew which is 256 minus the priority of the router. So we will say default priority

00:03:43

of 100 so that's 156 divided by 256. And by the way all of these are in milliseconds. So, that would be 156 milliseconds divided by 256 equals some random number that it adds on to the timer. It would be some partial millisecond value of, you know I will just throw one out there, .015 or something like that. So it actually waits slightly longer

00:04:14

than 3 seconds before considering somebody down, allowing that third hello the time to get in and make its way in there and be processed before it takes over as the master router. To demonstrate VRRP I am going to be using my 2800 series router because Cisco decided not to implement VRRP or GLBP for that matter on the 3550 series switches; again, one of those good reasons to know about HSRP, because it is supported on about all Cisco platforms. So three steps and they are nearly identical

00:04:50

to HSRP. We configure a VRRP group just like a standby group. Optimize the settings that deal with the timers and so on. It's a little easier than VRRP and I will show you that. And then we can verify those settings. So let me bring up my router. I am just going to go under, and remember on a router it is the same exact thing as a switch. It's just we are using a real interface

00:05:11

instead of a virtual one. So I am going to go under my fastethernet0/0 and let me just do a VRRP. And we type in our group number just like HSRP. So I will say VRRP 20, group number 20. And then underneath there, just about the same settings you can see event tracking.

00:05:30

That's for our interface tracking. Shutdown to turn it off, IP preempt priority, same commands. So I am just going to type in IP address and let's do 172.30.4.90 enter. And that creates the VRRP group. From there we can set our preempt, you know VRRP 20 preempt options. We can set our priorities exactly the same as HSRP.

00:05:59

I don't want to repeat too much of the information so let me show you what's different; the timers in VRRP. If I type in VRRP 20 timers you are going to see that we have two settings, advertise and learn. Now we just saw in the previous slides that VVRP's

00:06:19

hello timer by default is once every second and the dead timer is once ever, well I should day, once every three times the hello timer right. The reason it is that is because you can't actually set the down timer. Meaning when we were playing with HSRP we

00:06:37

had the option to go in and say I will set the hello timer and I will set my hold down timer or dead timer. And VVRP you don't have that option. We just set the hello timer and it figures out the dead timer based on what we said. Furthermore we have two options: advertise and learn. The good news is we only have

00:06:58

to set the timers on the master device, meaning the one that is the primary for the group. All the other's by default are set to learn so they will learn their hello timer and figure out their dead timer based on what the master is using. That is a bonus compared to

00:07:18

HSRP because in HSRP you have to go and make sure the timers are the same on all the routers. So let me just show you. If this is the master router I just say, "Advertise". We have our option of using seconds or we can drop down to the milliseconds. So I will say "Advertise in milliseconds". And then I can type

00:07:34

in how, what my low level milliseconds are. Oh, take a look at that; can't go as low as HSRP, that's 15 milliseconds. So we will say, you know, once ever 100 milliseconds it's going to send out a hello. And notice no option for a hold down timer. We just hit enter and it figures out the hold down timer for us. Likewise all the other's default states are on learn as I

00:07:56

was mentioning. So they are going to learn that hello timer from the master. To verify this I can just go back and do a show VRRP and that's it. Similar output to HSRP. You can see the state is master instead of the active router. Virtual IP address, virtual

00:08:13

MAC address. Different group of MAC addresses that it is using. Advertisement interval is right there. The preemption is turned on by default. I didn't uh, did I type that in? Wait a second. Yes I did type that in. Because I was thinking, "That's not on

00:08:28

by default". So it is on by default, priority master router. That's me, priority is this and I am advertising once every this number of seconds. And the down timer is .909 seconds. Now I know I was saying it's three times the hello timer and it is. This is just he master saying, "If I'm finding that

00:08:48

some process has crashed on me in less than a second, I am going to, uh, adjust, adjust my priority and let somebody else take over". This is a cool feature of VRRP. If, if the master notices one if it's tracked interfaces goes down. For instance, we talked about interface tracking and HSRP when we said that it decrements the priority. When we are running in

00:09:19

VRRP it will actually set its priority to zero. That's one of the options we can do which immediately all the other routers are going to see the priority completely zero out on the master and the next one up in line is going to take over immediately. So again, just like we saw when we demonstrated HSRP it was a flawless transition between routers.

00:09:40

That's the scoop with VRRP. And I don't want to go too long on that just because it is nearly identical to HSRP in the config. GLBP, the Gateway Load Balancing Protocol on the other hand, is a little bit different. So it merits some discussion of what those differences are. In GLBP we have the ability to load balance

00:10:03

between our gateways. Instead of having one active and one standby, or in the VRRP terms, one master and the other's backup. The GLBP can have a multi active scenario where both of them are responding to requests. Now that can be completely equal load balancing like you take 50 and I'll take 50. Or we could end up having unequal load balancing. For example maybe, I know this

00:10:29

is a switch so it's kind of hard to compare on this one. But if we were in a routed world, maybe you had one with a T, a dual T1 line, how's that, or two T1 lines that are bound together through multi-link PPP? A backup router has a single T1 line that is just straight to the internet. Well what we can do is

00:10:47

set up GLBP to where it will naturally load balance essentially two-thirds of the traffic to the dual T1 connection and a third of the traffic over to the single T1. So you can do some intelligent load balancing here. And the way it works is its awesome, check

00:11:03

this out. When GLBP is set up you set up a single VIP with multiple MAC addresses. Now right there that's a difference from the VRRP and HSRP that we saw before. In that world we had a single VIP and a single virtual MAC address as well. That everybody kind

00:11:23

of took the responsibility for as routers dropped off. So if the master died the backup would take over the master's IP and MAC address, not so here. Look at the picture. We have a single virtual IP, 70.1. Multiple virtual MAC addresses representing the different routers.

00:11:44

Now this is the way it works. You will have a single active virtual gateway or an AVG that acts as the point man for the network. Now let me explain what the point man does. The point man manages the MAC address pools. It knows about all the other virtual MAC

00:12:04

addresses that the, I guess you could call them "backup routers" are using. Now they are not really backup routers anymore because they are actively forwarding traffic so let me follow through with a packet trace here. Let's say this guy's default gateway;

00:12:18

this server right here is set to 70.1. The first time he accesses an internet destination it's going to send out a what? ARP message right, who is 172.30.70.1? This router gets the ARP message and say's, "Oh that's me, let me send you my virtual MAC address". Now this is the AVG, the

00:12:39

active virtual gateway for the network. So it sends back the virtual MAC address for itself. Meanwhile this server over here says, "I want to access the internet ARP to what 70.1". It goes to the active virtual gateway again. So, the follow, I guess follow my arrow here. It is coming over here because this is

00:12:58

the router taking responsibility for that single virtual IP address, but when it replies to the ARP message. Are you seeing what direction we are going here? It's going to give the virtual MAC address of its buddy. It's going to be like, "Hey I am, swoosh" and it

00:13:15

just shuffles over to the virtual MAC address of one of the load balance gateway's. It will naturally do that based on the scale that you have set up. Meaning you can just use a Round Robin system. Maybe, you know, this one goes first. This one goes second.

00:13:30

You have got a third one that goes third. Then it loops back around, first one, second one, third one. Just go in a completely Round Robin. We could set it up in a host dependent system to where it's based on the MAC addresses of the host trying to make sure every MAC address that requests gets a different virtual MAC address. For instance, this came from one MAC address and

00:13:50

it's going to go up to this host. And then maybe the next MAC address goes to the next host. So it differentiates based on the MAC address that is asking for the virtual MAC of GLBP. Or you could do a weighted load balancing algorithm. You could just say, "I want two thirds of the MAC addresses to be returned to be this one, and one third to be returned to this one". And naturally

00:14:18

do some unequal load balancing between your gateways and that goes back to my scenario with the two T1 lines on the one router. And the one T1 line on the other. Now I am sure if you think through it you are going to go, "Well, is that really exact load balancing"? No, no it's not at all. Because for instance, you

00:14:37

know, maybe the one-third group or the single T1 line returned to its MAC address to some host that's just going to hammer it. I mean they are going to do a five 5 GB file transfer over that T1 line, meanwhile this one just sent two responses to two MAC addresses that were going to look at USA Today.com and just view the website. I mean there

00:15:01

is obviously going to be a skew in the traffic requests in that case, but it is a type of load balancing. You are going to get utilization on all of those T1 interfaces verses if we had VRRP or, or HSRP. The other one would just sit there being idle until, until the primary one failed. So I would argue in that sense GLBP is a little bit

00:15:27

better. Now the other routers in this scenario, just to define the rest of the terms, are considered Active Virtual Forwarder's or AVF's. So you have one AVG for the network and all the rest will be considered AVF's. I love these acronyms. It reminds me of like, uh, some kind of

00:15:46

big gun. Would you take a look at this AVG that I got here? That's pretty cool Bob. I mean, I don't know why. Those, those acronyms just kind of hit me, as like, just a cool man acronym. Anyway, AVG's are backed up. That's your AVG there. It is backed up so you have backup routers in the picture that will take over that role if the AVG does die. Again it's a priority based system

00:16:14

so if a AVG goes down the next one in line will take over the function and start dishing out the virtual MAC addresses as needed. Oh, I am sorry for getting so excited about this stuff. It's just, it's really neat. I mean, when you think about the concepts

00:16:29

about how they are working it is just like brilliant. Who would have thought of that? So anyway, to set up GLBP, I am going to use my 2800 series router again because the 3550 switches don't support it. They are HSRP only. So let me jump into the 2,800, 2801 router I have got running right here. And I am going to go under the interface fastethernet0/0. Now I have turned off VRRP since we don't need it anymore. GLBP

00:16:55

as you might imagine is enabled. Just like VRRP, GLBP followed by a group number. You can see we can have a large number of groups. I can't imagine using that many. We will just use group number one for this example. Similar commands to VRRP and HSRP. I just type in, for instance, I start off with the IP address, uh, and we will say 17230.4.70 on this router. I am on a different subnet over here. So this

00:17:26

is going to be the virtual IP that all the host's share and respond for. Now a couple of different paradigm shifts I am going to need you to make. We're used to typing in priority to say this is the active router. This is the backup router or master and

00:17:42

backup, or active and standby I should say. So in this sense there is no active router or standby router because all of them are participating. They are load balancing. So the priority as it relates to GLBP elects who will be the AVG. I got your AVG right there, AVG 300. Now the higher priority, the better your are, so let's say we put 150. Everybody else is the default of 100 so they will become the active virtual forwards whereas this one will become the active virtual gateway that dishes out the MAC addresses to everybody else. If this

00:18:20

router goes down the next highest priority will take over. If there is a time priority the next highest IP address ends up winning that time. A similar thing for the timers; GLBP 1 timers, then we have our hello timers and, um, uh, down timers that we can set with GLBP. You see one more option on there. The redirect

00:18:42

which is a timeout value for failed forwarders. Meaning if we, uh, have MAC addresses for forwarders, active virtual forwarders that are no longer online this is how long it will take us to time them out and stop giving out their MAC addresses. And, and

00:19:01

essentially cause them to not be used by the host anymore to time out of their ARP cache and so on. So, hello interval, dead interval, milliseconds, seconds. Same thing as before. Um, one other option that we have of course is IPV6. This is kind of cool. Since this protocol was released in 2005 IPV6 was becoming more and more viable by then so now it is an option. You can

00:19:24

use it for IPV6, but look at this; load balancing. By default GLBP uses the Round Robin load balancing algorithm. So we will give the first MAC address to the first host, second MAC address to the second host and so on through that list. I mentioned these before, but just to highlight them: host dependent means that the same MAC address will always go to the same virtual forwarder. For instance if a host with MAC address of all zeros

00:19:54

11AA comes in he is guaranteed to always get the same virtual forwarder to access the internet. Verses Round Robin if we use this one and that MAC address came in maybe the first time he will get one router and then the second time after his ARP cache has timed out he is going to get the second router, or the third router. You know, going down the line because it's Round Robin.

00:20:16

Weighted is where you can proportion what balance of MAC addresses will be sent for certain forwarders in the network. Now if you use weighted, that's, that's were I am going to draw the line here because you will have to set up your weighting algorithm.

00:20:31

Actually all of these options I am talking about right now are not even part of the official, uh, BCMSN test objectives if you will. You just need to know what GLBP is and how to turn it on to do its default load balancing with Round Robin. But all of these other options I wanted to show

00:20:53

you. But when you get into the weighting that's where it gets a little bit sticky because you need to go through and set up weighting maximum values, certain tracking for the interfaces and if, if this interface fails how much less weight are you going to end up taking or if another router fails how much weight are you going to take. You have an upper and a lower balance

00:21:14

on your weight. So there is a lot of criteria that you go into and set up for this weighting. So I will just leave that for your own self study on that. Most likely you are going to be using the Round Robin or host dependent options anyway. So once GLP, GLBP has been set up you just exit out to global config mode and type in show GLBP. Very similar to what it was with

00:21:39

VRRP and HSRP. You can see the default timers. I haven't changed them. Since Cisco created this it is the same as HSRP. You can tune those down if you feel comfortable. You can see, you know, all of the redirect timers. What group members there are and if you have more than one group member you are going to see the other virtual MAC addresses that it's created for them. Um, information

00:22:02

about me, forwarder one state is active. I am the one forwarding that, so as more routers join this group the output will just grow to reflect more group members. And depending on what load balancing I am using it's going to load balance between those group members differently. I hope that paints a good picture

00:22:22

for you of how to set up redundancy in the campus. Either on your layer three switches or as you just saw me doing, on Cisco routers. So to hit the high points and I guess wrap up both parts of the series. We talked about how good redundancy is that it's

00:22:37

of course great to have that. But what protocol should you use, HSRP, VRRP, GLBP? Um, well as you can see, number one look at what your equipment supports. Just about all Cisco devices support HSRP. Uh, the upper end ones or the brand new equipment will

00:22:54

support the newer protocol such as VRRP and GLBP. Uh, choosing a protocol isn't as important when you are looking between HSRP and VRRP as choosing what devices you have, because both of those protocols can do the same things, its just ones Cisco proprietary. When it comes to GLBP, that's the unique one of

00:23:16

the bunch where you have the load balancing capability that you can set up between your devices, again we are in a Cisco proprietary world when you move that direction because it was just released a few years back. So we looked at the config of all of those

00:23:31

and uh, set them up. I hope this has been informative for you and I would like to thank you for viewing. We are continuing on to make our campus network redundant by using VRRP and GLBP. We are going to pick up here were we left off in the previous video. Wrapping up HSRP and moving into VRRP,

00:00:15

essentially the same thing as HSRP, with a couple different commands. And then we will look at what's different in GLBP. This is the newest protocol on the block that allows the load balancing. Of course, as always, we will be doing the configuration and verification of all of these protocols.

00:00:33

VRRP, or the virtual router redundancy protocol, is a good place to start because as I mentioned this one is nearly identical to HSRP with different terms, that's my side title, terminology shift and just a couple slightly different features. So first off active standby. Meaning in HSRP we have an active router

00:00:56

and standby routers. The new terms are master and backup. If you remember we had VLAN-70 or interface VLAN-70 configured. This one was .2 over here. This one was VLAN-70 and this was .3. And this was in the previous HSRP video I am getting all this from. This I made the .2 the active HSRP router and this one the standby. Now I just call

00:01:20

it the master and the backup. The standby group, that's how we configured it in HSRP, now becomes the VRRP group, so slight terminology shift there. This one, the third one, is a feature. The master router can share the virtual IP address. So in HSRP we had .2 and .3 and they both responded for .1, this one being the active and this one being the standby. But in VRRP you can

00:01:49

actually set it up to where the master, or the active router, the number one router on the block, uses .1 as its actual IP address. The other's will have their IP addresses and take over for the .1 IP address if this one should go offline. Of course it is going to have that virtual MAC address in the same way.

00:02:10

So they all take over for the MAC address not to cause any ARP cache timer issues as well. So I don't know if I like that or not, but it's a cool feature. I guess you don't have to use it, but it's there for you to actual assign the virtual IP as the real IP address for one of the routers; the one that is the master, or the top dog on the stack. Last one is that VRRP came out five

00:02:36

years later than HSRP. So it has better timers by default. A one second hello time and then three times a hello is the downtime, plus what's know as the skew. So, if you remember in HSRP I was saying by default it was once every three seconds. Then I said, "Well you can tune it down to a 1 second hello" and I recommended a 4 second down time or hold down timer because that will allow you to miss three full hello's before taking over and considering them down; because if we said 3 second was the down timer than we would only be able to miss two hellos.

00:03:16

So VRRP made it a little better by adding this think known as the skew timer. This is weird; the formula for it. But what it is you have the dead timer, or hold down time, being three times the hello. So that's 3 seconds for the dead timer, plus the skew which is 256 minus the priority of the router. So we will say default priority

00:03:43

of 100 so that's 156 divided by 256. And by the way all of these are in milliseconds. So, that would be 156 milliseconds divided by 256 equals some random number that it adds on to the timer. It would be some partial millisecond value of, you know I will just throw one out there, .015 or something like that. So it actually waits slightly longer

00:04:14

than 3 seconds before considering somebody down, allowing that third hello the time to get in and make its way in there and be processed before it takes over as the master router. To demonstrate VRRP I am going to be using my 2800 series router because Cisco decided not to implement VRRP or GLBP for that matter on the 3550 series switches; again, one of those good reasons to know about HSRP, because it is supported on about all Cisco platforms. So three steps and they are nearly identical

00:04:50

to HSRP. We configure a VRRP group just like a standby group. Optimize the settings that deal with the timers and so on. It's a little easier than VRRP and I will show you that. And then we can verify those settings. So let me bring up my router. I am just going to go under, and remember on a router it is the same exact thing as a switch. It's just we are using a real interface

00:05:11

instead of a virtual one. So I am going to go under my fastethernet0/0 and let me just do a VRRP. And we type in our group number just like HSRP. So I will say VRRP 20, group number 20. And then underneath there, just about the same settings you can see event tracking.

00:05:30

That's for our interface tracking. Shutdown to turn it off, IP preempt priority, same commands. So I am just going to type in IP address and let's do 172.30.4.90 enter. And that creates the VRRP group. From there we can set our preempt, you know VRRP 20 preempt options. We can set our priorities exactly the same as HSRP.

00:05:59

I don't want to repeat too much of the information so let me show you what's different; the timers in VRRP. If I type in VRRP 20 timers you are going to see that we have two settings, advertise and learn. Now we just saw in the previous slides that VVRP's

00:06:19

hello timer by default is once every second and the dead timer is once ever, well I should day, once every three times the hello timer right. The reason it is that is because you can't actually set the down timer. Meaning when we were playing with HSRP we

00:06:37

had the option to go in and say I will set the hello timer and I will set my hold down timer or dead timer. And VVRP you don't have that option. We just set the hello timer and it figures out the dead timer based on what we said. Furthermore we have two options: advertise and learn. The good news is we only have

00:06:58

to set the timers on the master device, meaning the one that is the primary for the group. All the other's by default are set to learn so they will learn their hello timer and figure out their dead timer based on what the master is using. That is a bonus compared to

00:07:18

HSRP because in HSRP you have to go and make sure the timers are the same on all the routers. So let me just show you. If this is the master router I just say, "Advertise". We have our option of using seconds or we can drop down to the milliseconds. So I will say "Advertise in milliseconds". And then I can type

00:07:34

in how, what my low level milliseconds are. Oh, take a look at that; can't go as low as HSRP, that's 15 milliseconds. So we will say, you know, once ever 100 milliseconds it's going to send out a hello. And notice no option for a hold down timer. We just hit enter and it figures out the hold down timer for us. Likewise all the other's default states are on learn as I

00:07:56

was mentioning. So they are going to learn that hello timer from the master. To verify this I can just go back and do a show VRRP and that's it. Similar output to HSRP. You can see the state is master instead of the active router. Virtual IP address, virtual

00:08:13

MAC address. Different group of MAC addresses that it is using. Advertisement interval is right there. The preemption is turned on by default. I didn't uh, did I type that in? Wait a second. Yes I did type that in. Because I was thinking, "That's not on

00:08:28

by default". So it is on by default, priority master router. That's me, priority is this and I am advertising once every this number of seconds. And the down timer is .909 seconds. Now I know I was saying it's three times the hello timer and it is. This is just he master saying, "If I'm finding that

00:08:48

some process has crashed on me in less than a second, I am going to, uh, adjust, adjust my priority and let somebody else take over". This is a cool feature of VRRP. If, if the master notices one if it's tracked interfaces goes down. For instance, we talked about interface tracking and HSRP when we said that it decrements the priority. When we are running in

00:09:19

VRRP it will actually set its priority to zero. That's one of the options we can do which immediately all the other routers are going to see the priority completely zero out on the master and the next one up in line is going to take over immediately. So again, just like we saw when we demonstrated HSRP it was a flawless transition between routers.

00:09:40

That's the scoop with VRRP. And I don't want to go too long on that just because it is nearly identical to HSRP in the config. GLBP, the Gateway Load Balancing Protocol on the other hand, is a little bit different. So it merits some discussion of what those differences are. In GLBP we have the ability to load balance

00:10:03

between our gateways. Instead of having one active and one standby, or in the VRRP terms, one master and the other's backup. The GLBP can have a multi active scenario where both of them are responding to requests. Now that can be completely equal load balancing like you take 50 and I'll take 50. Or we could end up having unequal load balancing. For example maybe, I know this

00:10:29

is a switch so it's kind of hard to compare on this one. But if we were in a routed world, maybe you had one with a T, a dual T1 line, how's that, or two T1 lines that are bound together through multi-link PPP? A backup router has a single T1 line that is just straight to the internet. Well what we can do is

00:10:47

set up GLBP to where it will naturally load balance essentially two-thirds of the traffic to the dual T1 connection and a third of the traffic over to the single T1. So you can do some intelligent load balancing here. And the way it works is its awesome, check

00:11:03

this out. When GLBP is set up you set up a single VIP with multiple MAC addresses. Now right there that's a difference from the VRRP and HSRP that we saw before. In that world we had a single VIP and a single virtual MAC address as well. That everybody kind

00:11:23

of took the responsibility for as routers dropped off. So if the master died the backup would take over the master's IP and MAC address, not so here. Look at the picture. We have a single virtual IP, 70.1. Multiple virtual MAC addresses representing the different routers.

00:11:44

Now this is the way it works. You will have a single active virtual gateway or an AVG that acts as the point man for the network. Now let me explain what the point man does. The point man manages the MAC address pools. It knows about all the other virtual MAC

00:12:04

addresses that the, I guess you could call them "backup routers" are using. Now they are not really backup routers anymore because they are actively forwarding traffic so let me follow through with a packet trace here. Let's say this guy's default gateway;

00:12:18

this server right here is set to 70.1. The first time he accesses an internet destination it's going to send out a what? ARP message right, who is 172.30.70.1? This router gets the ARP message and say's, "Oh that's me, let me send you my virtual MAC address". Now this is the AVG, the

00:12:39

active virtual gateway for the network. So it sends back the virtual MAC address for itself. Meanwhile this server over here says, "I want to access the internet ARP to what 70.1". It goes to the active virtual gateway again. So, the follow, I guess follow my arrow here. It is coming over here because this is

00:12:58

the router taking responsibility for that single virtual IP address, but when it replies to the ARP message. Are you seeing what direction we are going here? It's going to give the virtual MAC address of its buddy. It's going to be like, "Hey I am, swoosh" and it

00:13:15

just shuffles over to the virtual MAC address of one of the load balance gateway's. It will naturally do that based on the scale that you have set up. Meaning you can just use a Round Robin system. Maybe, you know, this one goes first. This one goes second.

00:13:30

You have got a third one that goes third. Then it loops back around, first one, second one, third one. Just go in a completely Round Robin. We could set it up in a host dependent system to where it's based on the MAC addresses of the host trying to make sure every MAC address that requests gets a different virtual MAC address. For instance, this came from one MAC address and

00:13:50

it's going to go up to this host. And then maybe the next MAC address goes to the next host. So it differentiates based on the MAC address that is asking for the virtual MAC of GLBP. Or you could do a weighted load balancing algorithm. You could just say, "I want two thirds of the MAC addresses to be returned to be this one, and one third to be returned to this one". And naturally

00:14:18

do some unequal load balancing between your gateways and that goes back to my scenario with the two T1 lines on the one router. And the one T1 line on the other. Now I am sure if you think through it you are going to go, "Well, is that really exact load balancing"? No, no it's not at all. Because for instance, you

00:14:37

know, maybe the one-third group or the single T1 line returned to its MAC address to some host that's just going to hammer it. I mean they are going to do a five 5 GB file transfer over that T1 line, meanwhile this one just sent two responses to two MAC addresses that were going to look at USA Today.com and just view the website. I mean there

00:15:01

is obviously going to be a skew in the traffic requests in that case, but it is a type of load balancing. You are going to get utilization on all of those T1 interfaces verses if we had VRRP or, or HSRP. The other one would just sit there being idle until, until the primary one failed. So I would argue in that sense GLBP is a little bit

00:15:27

better. Now the other routers in this scenario, just to define the rest of the terms, are considered Active Virtual Forwarder's or AVF's. So you have one AVG for the network and all the rest will be considered AVF's. I love these acronyms. It reminds me of like, uh, some kind of

00:15:46

big gun. Would you take a look at this AVG that I got here? That's pretty cool Bob. I mean, I don't know why. Those, those acronyms just kind of hit me, as like, just a cool man acronym. Anyway, AVG's are backed up. That's your AVG there. It is backed up so you have backup routers in the picture that will take over that role if the AVG does die. Again it's a priority based system

00:16:14

so if a AVG goes down the next one in line will take over the function and start dishing out the virtual MAC addresses as needed. Oh, I am sorry for getting so excited about this stuff. It's just, it's really neat. I mean, when you think about the concepts

00:16:29

about how they are working it is just like brilliant. Who would have thought of that? So anyway, to set up GLBP, I am going to use my 2800 series router again because the 3550 switches don't support it. They are HSRP only. So let me jump into the 2,800, 2801 router I have got running right here. And I am going to go under the interface fastethernet0/0. Now I have turned off VRRP since we don't need it anymore. GLBP

00:16:55

as you might imagine is enabled. Just like VRRP, GLBP followed by a group number. You can see we can have a large number of groups. I can't imagine using that many. We will just use group number one for this example. Similar commands to VRRP and HSRP. I just type in, for instance, I start off with the IP address, uh, and we will say 17230.4.70 on this router. I am on a different subnet over here. So this

00:17:26

is going to be the virtual IP that all the host's share and respond for. Now a couple of different paradigm shifts I am going to need you to make. We're used to typing in priority to say this is the active router. This is the backup router or master and

00:17:42

backup, or active and standby I should say. So in this sense there is no active router or standby router because all of them are participating. They are load balancing. So the priority as it relates to GLBP elects who will be the AVG. I got your AVG right there, AVG 300. Now the higher priority, the better your are, so let's say we put 150. Everybody else is the default of 100 so they will become the active virtual forwards whereas this one will become the active virtual gateway that dishes out the MAC addresses to everybody else. If this

00:18:20

router goes down the next highest priority will take over. If there is a time priority the next highest IP address ends up winning that time. A similar thing for the timers; GLBP 1 timers, then we have our hello timers and, um, uh, down timers that we can set with GLBP. You see one more option on there. The redirect

00:18:42

which is a timeout value for failed forwarders. Meaning if we, uh, have MAC addresses for forwarders, active virtual forwarders that are no longer online this is how long it will take us to time them out and stop giving out their MAC addresses. And, and

00:19:01

essentially cause them to not be used by the host anymore to time out of their ARP cache and so on. So, hello interval, dead interval, milliseconds, seconds. Same thing as before. Um, one other option that we have of course is IPV6. This is kind of cool. Since this protocol was released in 2005 IPV6 was becoming more and more viable by then so now it is an option. You can

00:19:24

use it for IPV6, but look at this; load balancing. By default GLBP uses the Round Robin load balancing algorithm. So we will give the first MAC address to the first host, second MAC address to the second host and so on through that list. I mentioned these before, but just to highlight them: host dependent means that the same MAC address will always go to the same virtual forwarder. For instance if a host with MAC address of all zeros

00:19:54

11AA comes in he is guaranteed to always get the same virtual forwarder to access the internet. Verses Round Robin if we use this one and that MAC address came in maybe the first time he will get one router and then the second time after his ARP cache has timed out he is going to get the second router, or the third router. You know, going down the line because it's Round Robin.

00:20:16

Weighted is where you can proportion what balance of MAC addresses will be sent for certain forwarders in the network. Now if you use weighted, that's, that's were I am going to draw the line here because you will have to set up your weighting algorithm.

00:20:31

Actually all of these options I am talking about right now are not even part of the official, uh, BCMSN test objectives if you will. You just need to know what GLBP is and how to turn it on to do its default load balancing with Round Robin. But all of these other options I wanted to show

00:20:53

you. But when you get into the weighting that's where it gets a little bit sticky because you need to go through and set up weighting maximum values, certain tracking for the interfaces and if, if this interface fails how much less weight are you going to end up taking or if another router fails how much weight are you going to take. You have an upper and a lower balance

00:21:14

on your weight. So there is a lot of criteria that you go into and set up for this weighting. So I will just leave that for your own self study on that. Most likely you are going to be using the Round Robin or host dependent options anyway. So once GLP, GLBP has been set up you just exit out to global config mode and type in show GLBP. Very similar to what it was with

00:21:39

VRRP and HSRP. You can see the default timers. I haven't changed them. Since Cisco created this it is the same as HSRP. You can tune those down if you feel comfortable. You can see, you know, all of the redirect timers. What group members there are and if you have more than one group member you are going to see the other virtual MAC addresses that it's created for them. Um, information

00:22:02

about me, forwarder one state is active. I am the one forwarding that, so as more routers join this group the output will just grow to reflect more group members. And depending on what load balancing I am using it's going to load balance between those group members differently. I hope that paints a good picture

00:22:22

for you of how to set up redundancy in the campus. Either on your layer three switches or as you just saw me doing, on Cisco routers. So to hit the high points and I guess wrap up both parts of the series. We talked about how good redundancy is that it's

00:22:37

of course great to have that. But what protocol should you use, HSRP, VRRP, GLBP? Um, well as you can see, number one look at what your equipment supports. Just about all Cisco devices support HSRP. Uh, the upper end ones or the brand new equipment will

00:22:54

support the newer protocol such as VRRP and GLBP. Uh, choosing a protocol isn't as important when you are looking between HSRP and VRRP as choosing what devices you have, because both of those protocols can do the same things, its just ones Cisco proprietary. When it comes to GLBP, that's the unique one of

00:23:16

the bunch where you have the load balancing capability that you can set up between your devices, again we are in a Cisco proprietary world when you move that direction because it was just released a few years back. So we looked at the config of all of those

Campus Security: Basic Port Security and 802.1x

Campus Security: VLAN and Spoofing Attacks

Campus Security: STP Attacks and Other Security Considerations

Campus VoIP: Overview, Considerations, and AutoQoS

Wireless LAN: Foundation Concepts and Design Part 1

Wireless LAN: Foundation Concepts and Design Part 2

Wireless LAN: Frequencies and 802.11 Standards

Wireless LAN: Understanding the Hardware

The Switches Domain: Additional Life-Saving Technology

Monitoring: Your Pulse on the Network

Campus Security: VACLs

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 11 hrs 24 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003