You want to use a first hop redundancy protocol that automatically load-balances among the participating routers.
You configure GLBP on an interface using the glbp command:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface FastEthernet0/0 Router1(config-if)#ip address 172.22.1.3 255.255.255.0 Router1(config-if)#glbp 1 ip 172.22.1.1 Router1(config-if)#exit Router1(config)#end Router1#
As with HSRP and VRRP, you must configure other members of the same GLBP group to use the same virtual IP address:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#interface FastEthernet0/0 Router2(config-if)#ip address 172.22.1.2 255.255.255.0 Router2(config-if)#glbp 1 ip 172.22.1.1 Router2(config-if)#exit Router2(config)#end Router2#
In Recipe 22.4, we showed a way of using HSRP to load-balance between two active redundant routers on a LAN segment. There are two reasons why this solution was somewhat less than ideal, though. First, it required configuring different default gateway addresses on half of the end devices on a LAN segment. And second, the load balancing must be done by hand and is completely static. GLBP provides a much more elegant solution to the same problem that doesn't have these shortcomings.
In the examples, we have enabled GLBP with a single command, simply defining the group number and virtual IP address:
Router1(config-if)#glbp 1 ip 172.22.1.1
This makes the router into an Active Virtual Forwarder (AVF) for group number 1. The AVF routers will elect an Active Virtual Gateway (AVG), which will manage the functioning of the group. The AVG distributes MAC address to AVFs. The AVG also responds to ARP requests for the virtual IP address, including one of the AVF MAC addresses in the response. In this way, every ARP request gets a single unique response, but different devices on the network segment still wind up using different routers.
GLBP has 1,024 possible group numbers, ranging from 0 through 1,023. Unlike HSRP, though, you cannot leave out the group number to accept a default value.
You can look at GLBP status on a router by using the show glbp command:
Router1#show glbp State is Active 4 state changes, last state change 01:55:47 Virtual IP address is 172.22.1.1 Hello time 3 sec, hold time 10 sec Next hello sent in 2.912 secs Redirect time 600 sec, forwarder time-out 14400 sec Preemption disabled Active is local Standby is 172.22.1.2, priority 100 (expires in 7.912 sec) Priority 100 (default) Weighting 100 (default 100), thresholds: lower 1, upper 100 Load balancing: round-robin There are 2 forwarders (1 active) Forwarder 1 State is Listen 6 state changes, last state change 00:00:42 MAC address is 0007.b400.0101 (learnt) Owner ID is 000e.d7d6.4d80 Redirection enabled, 597.908 sec remaining (maximum 600 sec) Time to live: 14397.908 sec (maximum 14400 sec) Preemption enabled, min delay 30 sec Active is 172.22.1.2 (primary), weighting 100 (expires in 7.908 sec) Arp replies sent: 6 Forwarder 2 State is Active 3 state changes, last state change 01:56:18 MAC address is 0007.b400.0102 (default) Owner ID is 000e.d7d6.1060 Redirection enabled Preemption enabled, min delay 30 sec Active is local, weighting 100 Arp replies sent: 5 Router1#
There is a lot of information in this output, but you rarely need all of it. Most of the time you just want to know about which routers are active and what MAC addresses they are using. Fortunately, you can add the brief keyword to see only these details:
Router1#show glbp brief Interface Grp Fwd Pri State Address Active router Standby router Fa0/0 1 - 100 Active 172.22.1.1 local 172.22.1.2 Fa0/0 1 1 7 Listen 0007.b400.0101 172.22.1.2 - Fa0/0 1 2 7 Active 0007.b400.0102 local - Router1#
The first line in this output, after the column header information, describes the AVG for the group. In the example, this router is the AVG (local), and the router whose physical IP address is 172.22.1.2 is the backup AVG, should this one fail.
The other two lines show the AVFs for the group. We see that the other router, the one with physical IP address 172.22.1.2, is using the MAC address 0007.b400.0101, and that this router is in an active state and is using a MAC address of 0007.b400.0102.
The word in the second line, Listen, is potentially confusing because it doesn't mean that the other router is in a Listen state. It actually means that this router is in a Listen state for this MAC address. If the other router becomes unavailable, this one will take over its MAC address, in addition to the one that it is already using.
You can configure priorities and preemption with GLBP in exactly the same way as HSRP:
Router2(config)#interface FastEthernet0/0 Router2(config-if)#ip address 172.22.1.2 255.255.255.0 Router2(config-if)#glbp 1 ip 172.22.1.1 Router2(config-if)#glbp 1 priority 120 Router2(config-if)#glbp 1 preempt
These commands only affect AVG election, though, so they are less critical than we previously saw for HSRP or VRRP. It usually doesn't matter so much which router is the AVG, because all of the routers are forwarding.
More importantly, though, you can configure authentication. Until IOS Version 12.3(2)T, only text authentication was available:
Router1(config)#interface FastEthernet0/0 Router1(config-if)#glbp 1 authentication text COOKBOOK
Starting in 12.3(2)T, you can use the considerably more secure MD5 algorithm to encrypt your GLBP authentication keys:
Router1(config)#interface FastEthernet0/0 Router1(config-if)#glbp 1 authentication md5 key-string 0 OREILLY
Cisco offers three different load-balancing algorithms for use with GLBP:
Router1(config)#interface FastEthernet0/0 Router1(config-if)#glbp 1 load-balancing ? host-dependent Load balance equally, source MAC determines forwarder choice round-robin Load balance equally using each forwarder in turn weighted Load balance in proportion to forwarder weighting Router1(config-if)#
The default load-balancing method is round-robin, which means that the AVG will simply alternate among the AVF MACs. Each time it receives an ARP request for the virtual IP address, the AVG will respond with the MAC of the next AVF.
The host-dependent keyword means that the AVG will base the selection of AVF on the MAC address of the device sending the ARP request. In this way, as long as the number of AVF devices in the group remains constant, each end device will always see the same MAC address in response to its ARP request. This is useful if you have problems with updating ARP tables properly on some of the devices on a segment.
Finally, the weighted keyword means that the AVG will respond to ARP requests according to a weighting factor. So if one of the routers in the GLBP group is connected to a faster link than the others, you could give it a higher weighting. This will cause the AVG to use the corresponding MAC address in ARP responses more often, allowing you to utilize the faster link more effectively.
You can adjust the weight factors for different AVF routers by using the weighting keyword. This allows you to set a static weight value as follows:
Router1(config)#interface FastEthernet0/0 Router1(config-if)#glbp 1 weight 150
The default weighting is 100, and you can specify any value between 1 and 254. Suppose, for example, that you have two AVFs, one with the default weighting of 100 and the other with a weight of 150. Then the AVG will give out the MAC address of the AVF with the higher weight three times for every two times it uses the one with the default weight.
Alternatively, you can make the weighting factor track other objects or interfaces by using the track command:
Router1(config)#interface FastEthernet0/0 Router1(config-if)#glbp 1 weight 10 decrement 25 Router1(config-if)#exit Router1(config)#track 10 interface Serial0/0 ip routing Router1(config-track)#exit
By default, the weighting factor will decrement by 10 when the tracked object changes state. In this example, however, we have changed this default decrement value to 25.
Please refer to Recipe 22.3 for more information on the track command.
Recipe 22.3; Recipe 22.4
Router Configuration and File Management
User Access and Privilege Levels
Handling Queuing and Congestion
Tunnels and VPNs
NTP and Time
Router Interfaces and Media
Simple Network Management Protocol
First Hop Redundancy Protocols
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications