Wednesday, October 5, 2016

1 comment

GLBP Configuration

In this topic let’s take a look how to set it up GLBP.
              Here we have a couple of routers. Router R1 and R2, we want R1 to be the Active Virtual Gateway the AVG, that’s gonna be handing out Virtual Mac-addresses to the AVF’s, both routers are going to be AVF the Active Virtual Forwarder’s and remember that the default Load-Balancing algorithms is Round-Robin.

Let Start off with on Router R1: -                                                                                  
          Ø R1(config)#interface fastethernet 0/0
Ø  R1(config-if)#description CONNECTED WITH SW1
Ø  R1(config-if)#glbp 10 ip
ü  10:- GLBP Group Number
ü -Virtual IP Address
ü  That will educate this interface about the Virtual IP address
Ø  R1(config-if)#glbp 10 priority 110
ü  Setting “Higher Priority” on R1 will AVG
Ø  R1(config-if)#glbp 10 preempt
ü  If I lose whatever reason in my AVG Role but then condition that caused me to lose that AVG Role was fixed it got repaired, am ready to become AVG again. I want to Reclaim my Active Role, and make that happen we need to use “Preempt Option”
Ø  R1(config-if)#glbp 10 authentication md5 key-string $3cr3T
ü  $3cr3T:- Authentication Password

GLBP initial Configuration on Router R2: -
Ø R2(config)#interface fastethernet 0/0
Ø  R2(config-if)#description CONNECTED WITH SW1
Ø  R2(config-if)#glbp 10 ip  
Ø  R2(config-if)#glbp 10 preempt
Ø  R2(config-if)#glbp 10 authentication md5 key-string $3cr3T

Verification & Troubleshooting Commands: -
Ø  R2#show glbp brief
                                      1st line in output is talking about that Active Virtual Gateway. We saying that R2 is currently the Standby State for the AVG. We got Priority of 100.The Virtual IP Address that we servicing is, and the Active Router which is R1 is
                  2nd line, we are current in Listen state for “0007.b400.0a01” Virtual Mac-Address and the AVF for this Virtual Mac-Address is, that’s R1
                 3rd line, however we(R2) are Active for this Virtual Mac-Address “0007.b400.0a02” and the Active Router is local (R2). That’s the information for forwarder 1 and forwarder 2.

We can get more information about these by a doing: -
Ø  R2#show glbp                               
                                   Meaning that when Active Virtual Gateway is handing out Virtual Mac-Addresses it’s going to hand out these Virtual mac-address equally.

Forwarder 1:-
                    We (R2) are currently in the Listen State. We can see that R1( is Active and Virtual Mac-Address being servicing is “0007.b400.0a01”.

Forwarder 2:-
                          We (R2) are Active for Forwarder 2 and “0007.b400.0a02” is Virtual Mac-Address that we servicing. We are Active for Forwarder2.

Now go to R1: -
Ø  R1#show glbp brief
                                We can see in 2nd line that, we (R1) are Active for this “0007.b400.0a01” Virtual Mac-Address.
                  And in 3rd line, we are listen for the “0007.b400.a002” Virtual Mac-address.

Now Let’s GLBP in Action
I have a router that acting as PC
Ø  Go to PC1
Ø  PC#traceroute
ü  You can see our first Hop is, our default gateway “”, that’s R1
Ø  PC1#show arp
ü  We can see that the Mac-Address corresponding to, which is configured as our default gateway for this “0007.b400.0a01” Virtual Mac-Address. This is the Virtual Mac-address being service by forwarder1 and right now R1 is the Active Virtual Forwarder servicing the Mac-Address.

Let’s go to PC2 and use Same command
Ø  PC2#traceroute
ü  Take a look to “next-hop”, it’s “

Ø  PC2#show arp
ü  It’s says that “” has a mac-address that ends in “02”, Remember with PC1 the very same IP address had a mac-address ending with “01”. This is the evidence that GLBP is doing its Job. Router R1 acting is Active Virtual Gateway responded with different answers to the very same questions, both PC1 and PC2 said “Hey! Can you tell me the Mac-Address corresponding to” and first time R1 said “Sure! This mac-address is “0007.b400.0a01”.

ü  Then PC2 asked the very same question and R1 responded with a different answer says “Sure! It’s “0007.b400.0a02 Virtual Mac-Address”.
                         GLBP is giving us automatically load-balancing. Of course we get more that the just load-balancing. This is also giving us redundancy. Let’s prove that.

Let’s go to R2 and shutdown the interface fastethernet 0/0.
Ø  R2(config)#interface fastetherent 0/0
Ø  R2(config-if)#shutdown

Let’s go back to R1 and, see if it is now actively servicing those 2 mac-addresses
Ø  R1#show glbp brief
               ü  Both mac-addresses are still being servicing. We are Active for both of those Virtual mac-address on the AVF the R1.and go back to PC2, which had been using R2 to get to the internet.
Ø  PC2#traceroute
ü  Now it is using very same mac-address, that we use earlier but going to different Router
Ø  PC2#show arp

ü  You can see information is not changed. It still knows the same mac-address but now the same mac-address is being servicing by R1. Now going to R1 and take a look.
Ø  R1#show glbp

Here we got couple of timers that we did not have with HSRP and VRRP.
Ø  We have the “Redirect time” and the “Forwarder time-out

Ø  Redirect time: -Redirect timer says “how long then Active Virtual Gateway will respond to “ARP Queries” with the Virtual mac-address of failed AVF”, another word “This is the “0007.b400.0a02” Virtual mac-address of a failed AVF, and default time of “600 seconds” says “how long this AVG is going to be handing out 0007.b400.0a02” mac-address.

Ø  Forwarder time-out: - how long a backup AVF which is R1, in case it says “how long the backup AVF’s is going to accept frames destined for this virtual mac-address (0007.b400.0a02)”, of a failed AVF’ this case how long R1 going to accept frames destined for “0007.b400.0a02” Virtual mac-address and default timer is “14400 seconds”.

Weighting: -
Currently each of these Routers have a default weight of 100.We can change that.
Ø  R1(config)#interface fastetherent 0/0
 Let’s say we do not want to handout R1’s Virtual mac-address as often, as we handing out R2’s Virtual mac-address.
Ø  R1(config-if)#glbp 10 weighting 50
ü  50: - give the value
Ø  R1(config-if)#glbp 10 load-balancing weighted
ü  This will enable the Weighted load-balancing algorithm
Conclusion: - We would want Router R2’s virtual mac-address handed out twice is often, as Router R1’s Virtual mac-address, because 100 is 2 times 50.and default weight is 100.

Interface tracking: -
                        We can actually be mixing “Object tracking” and “interface tracking” with this weighting. Let’s configure Router R2.
                                          We can reduce the weight based on network condition, infect we can reduce the weight down to a point, where we don’t want the Virtual mac-address ever be given out. Here what we can do it.default weight is 100.

Ø  R2(config)#interface fastetherent 0/0
Ø  R2(config-if)#glbp 10 weighting 100 lower 50 upper 80
ü  10: -GLBP Group number
ü  100: -default weight
ü  50: -lower watermark threshold
ü  80: -upper watermark threshold
                               I might say that based on network condition, I want to reduce the weight of this interface by a certain amount, and i am saying if I drop below the 50, not even equal 50, but I drop below the 50, then i no longer want to be Active Virtual Forwarder, my weight is too low, do not hand out, my Virtual mac-address, if that network condition improves little bit above 50, is not going to settling make me an AVF, once i drop below 50, i need to exceed my upper watermark, I need to exceed 80 to once again be an AVF.

Now Apply this on Object tracking for implementation.
                       Create a tracking object and even though GLBP does not directly support interface tracking like HSRP did, it can like we saw with VRRP haven Object that tracks the interface state.

Ø  R2(config)#track 1 interface serial 1/0 line-protocol
ü  Creating track object 1 for tracking the Serial interface. Now implement
Ø  R2(config)#interface fastethernet 0/0
Ø  R2(config-if)#glbp 10 weighting track 1 decrement 51
ü  10:-GLBP Group number
ü  1:-Track Number
ü  51:- Decrement Value
                            Track 1: - that track the serial interface, tracking object goes down, I want to decrement my weighting which is currently 100, i want decrement by 51, taking 50 away from 100, if just decremented by 50, that would not be enough. I got actually drop below that number to no longer want to be an AVF.
Let’s tested now, go into interface serial 1/0
Ø  R2(config)#interface serial 1/0
Ø  R2(config-if)#shutdown
                                           By doing this the tracking object is going to go into the down state, and when it goes to down state, that’s gonna cause the weighting on fastetherent0/0 to be decremented by the value of 51, we were reducing the current weight of 100, by 51 which is gonna give it up new weighting value of 49, based on command if we lower then 50, then no longer want to be a AVF, for our Virtual mac-address, we gonna transition out of that role.

Ø  R2#show glbp brief
Ø  R1#show glbp brief
Ø  R2#show glbp            

That’s the look, how glbp can by default do load-balancing for us, it gonna do round-robin load-balancing by default. We saw that, we can adjust that with our weighting. It also giving us redundancy.

Having trouble with GLBP, Kindly Read again, and you will better understand.

If You Like the Post. Don’t forget to “Subscribe/Share/Comment”. Thank You.

1 comment:

  1. Great Article
    Cyber Security Projects

    projects for cse

    Networking Security Projects

    JavaScript Training in Chennai


    Training in Chennai

    The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals,

    Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer.

    Angular Training