CCNP 3 v3'0 Module 6

1

• CCNP 3 v3.0 Module 6
• Redundancy

2
Overview

• Upon completion of this module, the student will
  be able to perform tasks related to the
  following
• Implementing Module Redundancy in a
  Multilayer Switched Network.
• Implementing Router Redundancy in a
  Switched Network.
• HSRP Operations.
• HSRP Configuration.

3
Implementing Module Redundancy in a Multilayer
Switched Network
4
Introducing redundancy

• Redundancy - Multiple paths to the destinations
  can avoid single point of failure.
• Resiliency - Fast recovery upon failure.
• Besides, network services are distributed
  geographically.

5
Implementing redundant supervisor engines in
Catalyst switches

• When installing two supervisor engines, the first
  one to come online becomes the active module. The
  second supervisor engine goes into standby mode.

• The active supervisor engine processes all
  administrative and management functions. These
  include SNMP, CLI console, telnet, Spanning-Tree
  Protocol, CDP, and VTP functions.

6
Implementing redundant supervisor uplink modules
in Catalyst switches

• Supervisor III uplink ports are modular.
  Modularity lets the administrator install the
  uplink module to deliver current bandwidth
  requirements.
• Modularity also ensures an easy migration path.

7
Implementing redundant distributed forwarding
cards in Catalyst switches

• The Distributed Forwarding Card (DFC) complements
  the centralized forwarding of the Catalyst 6500
  Supervisor Engine 2 by distributing the
  centralized forwarding intelligence to each
  DFC-enabled line card module.

8
Implementing redundant power supplies

• If one supply malfunctions, the other supply can
  take over the entire system load.
• When two power supplies of equal wattage are
  used, each provides approximately half of the
  required power to the system.
• Load sharing and redundancy are enabled
  automatically. No software configuration is
  required.

9
Implementing Router Redundancy in a Switched
Network
10
Router redundancy operation

• Proxy ARP discovers the MAC address of the new
  router in the segment.
• Default gateway use alternate default gateway
  defined in the host.
• Dynamic Routing Protocol run RIP/OSPF in the
  host to discover new routes..
• DHCP besides IP address, the host also get a
  default gateway.

11
ICMP Router Discovery Protocol (IRDP)

• Some newer IP hosts use IRDP (RFC 1256) to find a
  new router when a route becomes unavailable.
• A host that uses IRDP listens for hello multicast
  messages from the router that the host is
  configured to use. The host switches to an
  alternate router when the host no longer receives
  those hello messages.
• Enabling IRDP Processing
• The only required task for configuring IRDP
  routing on a specified interface is to enable
  IRDP processing on an interface. Use the
  following command in interface configuration
  mode
• Router(config-if)ip irdp
• Troubleshooting IRDP
• Use the debug ip icmp command to display
  information on ICMP transactions. This command
  helps determine whether the router is sending or
  receiving ICMP messages. Use this command when
  troubleshooting an end-to-end connection problem.
  The no form of this command disables debugging
  output.
• Routerno debug ip icmp

12
Hot Standby Router Protocol (HSRP)

• One way to achieve near 100 network uptime is to
  use HSRP (RFC 2281).
• By sharing an IP address (Virtual IP) and a MAC
  address (Virtual MAC), a set of two or more
  routers can operate as a single router called a
  virtual router.
• This set is known as an HSRP group or a standby
  group. If the Active router fails, the Standby
  router takes over as the Active router. Hosts
  continue to forward IP packets to a consistent IP
  and virtual MAC address and the changeover
  between routes is transparent to the end
  workstation.

13
Virtual Router Redundancy Protocol (VRRP)

• Both HSRP and VRRP enable two or more devices to
  work together in a group, sharing a single
  virtual IP address.
• In HSRP, both the active and standby routers send
  periodic hello messages. In VRRP, only the master
  sends periodic messages, known as advertisements.
• Cisco recommends using HSRP for superior
  convergence characteristics. Use VRRP only when
  local subnet interoperability is required with
  other vendors.

14
Gateway Load Balancing Protocol (GLBP)

• Besides redundancy, GLBP also allows a group of
  routers to share the load of the default gateway
  on a LAN. This is achieved by sending different
  ARP reply to different hosts.

15
Single Router Mode (SRM) redundancy

• SRM redundancy is another alternative to having
  both Multilayer Switch Feature Card (MSFC) in a
  chassis active at the same time.
• Using SRM redundancy, only the designated router
  MSFC is visible to the network at any given time.
  The non-designated router is booted up completely
  and participates in configuration
  synchronization, which is automatically enabled
  when entering SRM.
• Unlike the MSFC high availability method, the
  configuration of the non-designated router is
  exactly the same as the designated router, but
  its interfaces are kept in a "line down" state
  and are not visible to the network.
• Processes, such as routing protocols, are created
  on the non-designated router and the designated
  router. All non-designated router interfaces are
  in a "line down" state and do not send or receive
  updates from the network.
• When the designated router fails, the
  non-designated router changes its state to become
  the designated router and the interface states
  change to "link up". The router builds its
  routing table while the existing Supervisor
  engine switch processor entries are used to
  forward Layer 3 traffic.
• After the newly designated router builds its
  routing table, the entries in the switch
  processor are updated.

16
Server Load Balancing (SLB)

• SLB is an IOS-based solution defining a virtual
  server that represents a group of real servers in
  a server farm. This environment connects clients
  to the IP address of a single virtual server.
• When a client initiates a connection to the
  virtual server, the SLB function chooses a real
  server for the connection based on a load
  balancing algorithm. The network gains
  scalability and availability when virtual servers
  represent server farms.
• The addition of new servers and the removal or
  failure of existing servers can occur at any time
  without affecting the availability of the virtual
  server.
• Supported Platforms
• Catalyst 6000 Series
• Cisco 7200 Series

17
HSRP Operations
18
HSRP Operations

• Components Active router, standby router, and a
  virtual or phantom router.

19
HSRP operations

• The active router does the forwarding of data
  packets and transmits hello messages. The standby
  router takes the active role if the active router
  fails.
• The standby router also transmits hello messages
  to other routers in the HSRP group.
• The virtual router does not really exist. It
  simply represents a consistently available router
  with an IP address and a MAC address to the hosts
  on a network.
• It is possible that several other routers exist
  in an HSRP standby group. These other routers
  will monitor HSRP hello messages but do not
  respond. They function as normal routers that
  forward packets sent to them but do not forward
  packets addressed to the virtual router. These
  additional HSRP routers remain in the "init"
  state.
• If both the active and standby routers fail, all
  other routers in the group will contend for the
  active and standby roles. The router with the
  lowest MAC address becomes the active router
  unless a HSRP priority is configured, then the
  router with higher priority becomes active (See
  the diagram).
• The default priority for an HSRP router is 100.

20
The virtual router MAC address

• The MAC address used by the virtual router is
  made up of the followings
• Vendor ID Comprised of the first three
  bytes of the MAC address.
• HSRP code Two bytes (07.ac), MAC address
  is for an HSRP virtual router.
• Group ID The last byte of the MAC address
  is the group ID number.
• To display the virtual IP and MAC address use the
  command show standby

21
HSRP messages

• HSRP messages are encapsulated in UDP packets and
  use port number 1985.
• HSRP messages use the physical interface IP
  address as the source.
• The HSRP messages are sent to the destination
  multicast address (224.0.0.2). It is used to
  communicate to all routers, with TTL set to one.
• Op Code indicates type of messages, 0Hello,
  1Coup (sent when a router wants to become the
  active router), 2Resign (sent when a router no
  longer wants to be the active router)
• Holdtime valid time of Hello message. Priority
  elect active/standby routers.
• Group identifies standby group. Authentication
  data clear text 8 character password.
• Virtual address IP address of the virtual
  router. State - active/standby/init.

22
HSRP states

• HSRP defines six states in which an HSRP-enabled
  router can exist
• Initial beginning of the HSRP process.
  HSRP is not yet running. It is entered via a
  configuration change or when an interface first
  comes up.
• Learn The router has not determined the
  virtual IP address, and has not yet seen an
  authenticated hello message from the active
  router. In this state the router is still waiting
  to hear from the active router.
• Listen The router knows the virtual IP
  address, but is neither the active router nor the
  standby router. It listens for hello messages
  from those routers. Routers other than the active
  and standby router remain in the listen state.
• Speak The router sends periodic hello
  messages and is actively participating in the
  election of the active or standby router. A
  router cannot enter Speak state unless it has the
  virtual IP address.
• Standby The router is a candidate to
  become the next active router and sends periodic
  hello messages. Excluding transient conditions,
  there must be at most one router in the group in
  Standby state.
• Active The router is currently forwarding
  packets. It sends periodic hello messages.
  Excluding transient conditions, there must be at
  most one router in Active state in the HSRP group.

23
HSRP Configuration
24
Configuring HSRP

• To configure a router as a member of an HSRP
  standby group, enter the following command in
  interface configuration mode.
• Router(config-if)standby group-number ip
  virtual-ip-address
• group-number (Optional) Indicates the HSRP
  group to which this interface belongs. Default
  group is zero.
• ip-address Address of the virtual HSRP
  router.
• Sample configuration
• int fa0/0
• ip address 10.1.1.2 255.255.255.0
• standby 50 ip 10.1.1.1
• exit
• Ashow run
• ...
• interface FastEthernet0/0
• ...
• standby 50 ip 10.1.1.1
• ...

25
How HSRP addresses redundancy issues

• HSRP routers on a LAN segment or VLAN communicate
  among themselves to designate 3 possible router
  states
• active
• standby
• init
• The active router receives the packet sent to the
  virtual MAC address.
• The active router replies with the virtual MAC
  address to the ARP request.
• If the active router fails, the standby router
  will take over to deliver packets using the same
  Virtual IP and Virtual MAC, therefore it is
  transparent to users.
• If a third HSRP router was added to the LAN
  segment, this router would begin to act as the
  new standby router but remain in the "init"
  state.
• HSRP also works for proxy ARP. When an active
  HSRP router receives an ARP request for a node
  that is not on the local LAN, it replies with the
  virtual MAC address.
• If the router that originally sent the ARP reply
  later loses its connection, the new active router
  can still deliver the traffic.

26
HSRP standby priority

• Each standby group has its own active and standby
  routers. The network administrator can assign a
  priority value to each router in a standby group.
  This lets the administrator control the order in
  which active routers for that group are selected.
  To set the priority value of a router, enter the
  following command in interface configuration
  mode.
• Router(config-if)standby group-number priority
  priority-value
• group-number (Optional) Indicates the HSRP
  standby group. The range is 0 to 255.
• priority-value Indicates the number that
  prioritizes a potential hot standby router. The
  range is 0 to 255 with a default of 100.
• The router in an HSRP group with the highest
  priority becomes the forwarding router. The
  tiebreaker for matching priority is higher number
  IP address.
• Example
• A(config-if)standby 50 priority 150
• This makes router A interface has a priority
  value of 150 in HSRP standby group 50.

27
HSRP standby preempt

• The standby router assumes the active router role
  when the active router fails or is removed from
  service. This new active router remains as the
  forwarding router even when the former active
  router with the higher priority regains service
  in the network.
• The former active router can be configured to
  resume the forwarding router role from a router
  with a lower priority. To enable a router to
  resume the forwarding router role, enter the
  following command in interface configuration
  mode
• Router(config-if)standby group-number
  preempt
• When the standby preempt command is issued, the
  interface changes to the appropriate state.
• The following message is automatically generated
  as soon as the router becomes active in the
  network
• 3w1d STANDBY-6-STATECHANGE STANDBY 50
  FastEthernet0/0 state standby ? Active

28
HSRP hello timers

• An HSRP enabled router sends hello messages to
  indicate that the router is running and is
  capable of becoming either the active or standby
  router.
• The hello message contains the priority of the
  router, hellotime and holdtime.
• The hellotime value indicates the interval
  between the hello messages.
• The holdtime value contains the amount of time
  that the current hello message is considered
  valid.
• If an active router sends a hello message, then
  receiving routers consider that hello message to
  be valid for one holdtime.
• The holdtime value should be at least three times
  the value of the hellotime.
• Both the hellotime and the holdtime parameters
  are configurable
• Router(config-if)standby group-number timers
  hellotime holdtime
• group-number (Optional) Group number on the
  interface to which the timers apply. The default
  is zero.
• hellotime Hello interval in seconds (1255,
  default3)
• holdtime Time before the active or standby
  router is declared to be down (1255, default
  10)
• Example. The following set the interface hello
  time to 5s and hold time to 15s
• A(config-if)standby 50 timers 5 15

29
HSRP interface tracking

• If Router A fa0/1 downs, Router A loses the
  direct connection to the backbone.
• The fa0/0 on Router A is still active, so packets
  destined for the core would still be sent to
  Router A and forwarded in turn to Router B,
  regardless of HSRP.
• To prevent this inefficient traffic flow, setup
  tracking in an HSRP interface
• standby group-number track intf-type number
  priority

Example standby 50 track fa0/1 55 If fa0/0 on
Router A goes down, the HSRP priority of the
router is lowered by 55. Because this is lower
than the default priority being used by Router B,
Router B takes over as the active router,
providing optimal flow to the backbone.
30
Verify HSRP configuration

• To display the status of the HSRP router, enter
  the following command in privileged EXEC mode
• Routershow standby intf-type number group
  brief
• Type-number (Optional) Indicates the target
  interface type and number for which output is
  displayed.
• Group (Optional) Indicates a specific HSRP
  group on the interface for which output is
  displayed.
• Brief (Optional) Displays a single line of
  output summarizing each standby group.
• If none of the optional interface parameters are
  used, the show standby command will display HSRP
  information for all interfaces

31
HSRP over trunk links

• Running HSRP over ISL allows users to configure
  redundancy between multiple routers that are
  configured as front ends for VLAN IP subnets. By
  configuring HSRP over ISL, situations in which a
  single point of failure causes traffic
  interruptions can be eliminated.
• To configure HSRP over an ISL link between VLANs,
  perform the followings
• 1. Define the encapsulation format
• 2. Define an IP address
• 3. Enable HSRP
• HSRP is also supported over 802.1Q trunks.

32
Troubleshooting HSRP

• Prior to IOS release 12.1, the HSRP debugging
  command was relatively simple. To enable HSRP
  debugging, the debug standby command would be
  used to enable output of HSRP state and packet
  information for all standby groups on all
  interfaces.
• A debug condition was added in IOS release
  12.0(2.1) that allows the output from the standby
  debug command to be filtered based upon interface
  and group number. The command utilizes the debug
  condition paradigm introduced in IOS release
  12.0, as follows debug condition standby
  interface group. The interface specified must be
  a valid interface capable of supporting HSRP.
• The debug conditions may be set for groups that
  do not exist, thereby allowing capture of debug
  information during the initialization of a new
  group.
• The standby debug order must be configured for
  any debug output to be produced. If no standby
  debug conditions are specified output is produced
  for all groups on all interfaces. Configuring at
  least one standby debug condition will cause the
  output to be filtered.

33
Summary

• IRDP, HSRP, VRRP, GLBP, SRM, and SLB are used in
  router redundancy operation.
• HSRP is a Cisco proprietary feature.
• High reliability is becoming increasingly crucial
  for mission-critical communications.
• Hardware redundancy in Catalyst switches can be
  achieved by implementing redundant supervisor
  engines, supervisor uplink modules, distributed
  forwarding cards and redundant power supplies.