Transcription
First Hop Redundancy Protocols (FHRP)byRaghad Faisal AlshehriA thesis submitted to the Computer Engineering and Science ofFlorida Institute of Technologyin partial fulfillment of the requirementsfor the degree ofMaster of Computer Information SystemsinComputer Sciences DepartmentMelbourne, FloridaMay, 2019
We the undersigned committee hereby approve the attached thesisFirst Hop Redundancy Protocols (FHRP)byRaghad Faisal AlshehriDavid LeVan, Ph.D.Assistant ProfessorComputer SciencesMarius Silaghi, Ph.D.Associate ProfessorComputer SciencesTiauw Hiong Go, Ph.D.Associate ProfessorAerospace EngineeringPhilip Bernhard, Ph.D.Associate Professor and Department HeadComputer Engineering and Sciences
AbstractTitle: First Hop Redundancy ProtocolsAuthor: Raghad AlshehriAdvisor: David LeVan, Ph. D.When a network is designed, the most important thing that is always kept in mind is thefactor of availability. However, a lot of researchers are still working on managing andimplementing more dependable networks are resilient to severe failovers and can cope upunder immense traffic loads. With that being said, a lot of questions still need to be answeredaccording to the financial and implementation point of view. Correspondingly, the currentstudy aims at answering all these questions and providing with the best optimal solutions todeploy dependable networks primary aimed towards hardening and enforcing varioustechniques and protocols in the gateway router.[1]Gateway routers are of main concern because all the connectivity depends on them, if thegateway router goes down, the entire network goes down and becomes un-available. So, toaddress the specific issue, adding redundancy in the network was proposed and severalvendors such as CISCO started working on them and came up with a couple of protocolsthat enable network redundancy and prevents failovers. Similarly, the current study is allabout studying various aspects of these protocols and presenting with various optimalsolutions around these protocols that are easily implementable and attainable. The currentstudy would try to answer several questions regarding these protocols and theirimplementation. However, the main focus would be on these three primary protocols suchas Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP) andGateway Load Balancing Protocol (GLBP).iii
Table of ContentsTable of Contents . ivList of Figures . viList of Tables . viiAcknowledgement . viiiChapter 1 .1Introduction . 1Problem Statement . 2Chapter 2 First Hop Redundancy Protocols (FHRP) .42.1 Hot Standby Router Protocols (HSRP) . 42.1.1 How it is work . 42.1.2 Configuration . 52.1.3 Enabling HSRP Support for ICMP Redirect Messages . 62.2 Virtual Router Redundancy Protocol (VRRP) . 72.2.1 How it is work . 72.2.2 Configuration . 82.2.2.1 Enable VRRP . 102.2.2.2 Configure VRRP in Object Tracking . 102.2.2.3 VRRP message . 112.3 Gateway Load Balancing Protocols (GLBP) . 122.3.1 How it is work . 122.3.2 Configuration . 14Chapter 3 Implementation .193.1 Basic Concept of FHRP . 193.2 General FHRP Operation . 213.3 Plan of Operation . 22iv
3.3.1 Virtual Router Redundancy Protocol (VRRP) . 223.3.1.1 Basic Concept of VRRP . 223.3.1.2 The VRRP working process is as follow . 233.3.1.3 Experiment . 243.3.2 Hot Standby Router Protocol (HSRP) . 313.3.2.1 Basic Concept of HSRP. 313.3.2.2 The HRP working process is as follow . 313.3.2.3 Experiment . 323.4 Testing . 37A.VRRP Testing . 37B.HSRP Testing . 38Chapter 4 Performance .404.1 High availability . 404.1.1 Why it is important . 404.1.2 Which Protocol are used . 41A.HSRP . 41B.VRRP . 414.1.3 Different between two protocols . 424.2 Comparing Performance . 424.3 Working behavior and best practices of HSRP . 44Conclusion.45References .46v
List of FiguresFigure 1 .2Figure 2 VRRP .7Figure 3 GLBP Topology .13Figure 4 FHRP Overview.20Figure 5 FHRP Overview.21Figure 6 VRRP Network .24Figure 7 VRRP Network .24Figure 8 VRRP Diagram .25Figure 9 VRRP Configuration .26Figure 10 .28Figure 11 .29Figure 12 VRRP Status .30Figure 13 HSRP Diagram .32Figure 14 HSRP Status .35Figure 15 HSRP Status .35Figure 16 HSRP Standby .36Figure 17 HSRP Wireshark .37vi
List of TablesTable 1.5Table 2.8Table 3.14Table 4.42Table 5.43vii
AcknowledgementFirst of all, I would like to thank the lord of the worlds, Allah, the one who is mostdeserving of thanks and praise, and who directed me to the path of knowledge andwisdom in my educational journey and life in general.Foremost, I would like to express my sincere gratitude to my advisor David LeVanfor the continuous support of my study and research, for his patience, motivation,enthusiasm, and immense knowledge. His guidance helped me in all the time ofresearch and writing of this thesis. I could not have imagined having a better advisorand mentor for my FHRP study.Besides my advisor, I would like to thank the rest of my thesis committee: Professor.Go, and Professor. Silaghi for their encouragement, insightful comments.My sincere thanks also to my parents Mr. Faisal Alshehri and Mrs. Thuraya ALQubaisi, for raising me, standing behind me, helping me and supporting me in thepursuit of my graduate studies from one of the top programs for computer sciencemajors at the First place and supporting me spiritually throughout my life.Last but not the least, I would like to thank my Sisters, my Brothers, and my Friends,for their motivation and patience during my academic journey.viii
1Chapter 1IntroductionThere are three major first hop redundancy protocols provided by CISCO, however,they lie in two different categories and the protocols are named HSRP, VRRP, andGLBP. Correspondingly, HSRP and VRRP lie under the same category as theyprovide backup redundancy on Layer 3 Gateway routers, furthermore, the mainfunctionality involves the placement of a backup gateway router which enables byitself under un-availability of the main gateway router. However, GLBP works in adifferent fashion as it involves the active usage of backup or redundant gatewayrouters parallel to the main gateway router as the load is shared and balanced amongmultiple instances instead of relying on a single unit and coming up with a backup.The current study would evaluate and present the multiple aspects of these protocolsunder the parameters of cost, applicability and efficiency.[1]
2Figure 1Problem StatementFirst Hop Redundancy Protocol (FHRP) can be defined as a set of protocols thatincorporate backup and provide redundancy to the network gateway in-case it goesdown or is temporarily unavailable at the moment. The primary purpose of thisprotocol was to facilitate Ethernet as well as Token Ring networks. Moreover, it hasalso been analyzed that all the devices on a network are preconfigured to identify thegateway router which connects them with the outside network or the internet, themachines contain a default gateway address which directly points towards thegateway router. However, the problem escalates when the primary gateway router
3fails to cope up or fails due to certain reasons and the devices don’t know about thebackup or redundant router to contact. This problem occurs when there is no properconfiguration of the protocol that specifically handles this job.Correspondingly, the solution to this problem is the employment of First HopRedundancy Protocols which would enable the use of backup of load balancingrouters on the go. In due context, the current study is aimed towards exploring thecharacteristics and deployment point of views of the main three redundancyprotocols which are HSRP, VRRP, and GLBP.The current study specifically aims to answer following researchquestions: Which protocol is suitable according to a particular environment? How to effectively configure the protocols How long would it take to changeover to the backup router What are the specific requirements to implement the protocol? How exactly the communication happens between the master and backuprouter. What exactly would happen if the primary router goes down What are the benefits of adding redundancy in the network?
4Chapter 2First Hop Redundancy Protocols (FHRP)2.1 Hot Standby Router Protocols (HSRP)HSRP is developed by CISCO and it is one of their proprietary protocols which isspecifically designed to incorporate non-disruptive failover and support redundancyin the network. However, if the network is deprived of this particular protocol, eachand every station on the network would be separately configured to communicatewith a specific router in case of a failure, although this technique would not provideus with redundancy but would limit the number of stations that would be affectedunder failure of the gateway. [1]Furthermore, if HSRP is configured properly and backup gateways are installed,there would be a single virtual IP that would be assigned to the stations or the systemsand they would automatically communicate with the backup router if the primaryone goes down [2].2.1.1 How it is workWorking mechanism of this protocol is quite efficient as different routers in theHSRP domain would communicate with the primary live router which would beresponsible of controlling all the live incoming and outgoing traffic. Similarly, thebackup routers would constantly communicate with the primary router on themulticast address of 224.0.0.2 so that they would be able to detect on time if the
5primary router fails or goes down. In due context, the backup routers wouldautomatically take charge if the primary one goes down, however, the end userswon’t face any sort of delay as the same process of selecting a standby router wouldbe repeated and a new backup would be selected.[1]2.1.2 ConfigurationTable 1StepsCommand1configure terminal23PurposeInterface interface-id Enter interface configuration mode and enter theLayer 3 interface on which you want to enableHSRP.standby version{1 2 }(Optional) Configure the HSRP version on theinterface. 4Enter global configuration mode.1— Select HSRPv1.2— Select HSRPv2.If you do not enter this command or do notspecify a keyword, the interface runs the defaultHSRP version, HSRP v1.standby [groupCreate (or enable) the HSRP group using itsnumber] ip [ ipnumber and virtual IP address.address [secondary ]]1. (Optional) group-number —The groupnumber on the interface for which HSRPis being enabled. The range is 0 to 255;the default is 0. If there is only one
6HSRP group, you do not need to enter agroup number.2. (Optional on all but one interface) ipaddress —The virtual IP address of thehot standby router interface. You mustenter the virtual IP address for at leastone of the interfaces; it can be learnedon the other interfaces.3. (Optional) secondary —The IP addressis a secondary hot standby routerinterface. If neither router is designatedas a secondary or standby router and nopriorities are set, the primary IPaddresses are compared and the higherIP address is the active router, with thenext highest as the standby router.5end6showstandby [interfaceid [group ]]copy running-configstartup-config7Return to privileged EXEC mode.Verify the configuration.(Optional) Save your entries in theconfiguration file.2.1.3 Enabling HSRP Support for ICMP Redirect MessagesWhen the interfaces are configured to work with HSRP, it by default enables the ICMPredirection. ICMP is a major Layer 3 protocol which is used to check the end to endconnection and detect any sort of errors in the path. Moreover, it also presents us with variousIP processing information and diagnostic information, likewise, the filtering of outgoingICMP redirection messages is done by HSRP which further includes the changing to andHSRP virtual IP address rather than the next hop IP.[3]
72.2 Virtual Router Redundancy Protocol (VRRP)VRRP is an open standard that can be used in environments where equipment frommultiple vendors exists. Its operation is similar to HSRP but differs in a couple ofways.[1]Figure 2 VRRP2.2.1 How it is work
8In VRRP, the working mechanism is almost same, however, in HSRP, the backuprouter was selected automatically by the protocol whereas, in VRRP, a specific groupof routers is selected and configured by the network admin along with the selectionof backup router. In this protocol, there is a specific physical interface of the masterrouter which would be used by the entire subnet to communicate, alongside thebackup routers would also communicate via different interface and would take theresponsibilities of the gateway if it fails. However, the IP would remain static andthe master would automatically take back the control once it recovers from thefailover.[2]2.2.2 ConfigurationTable 2Sr CommandNoMethodExample1enableThis step enablesprivileged of EXECmode. It enters thepasswords if correct.router enable2configure terminalThis step enters theglobal configurationmode.router# configureterminal3interface typenumberThis step enters aninterface configuration.Router (config) #interface GigabitEthernet0/0/0
94ip address ipaddress maskThis step configure the IP Router (config-if) # ipaddress for the interface. address 172.16.6.5255.255.255.05vrrp groupdescription textIt assigns the textdescription to a VRRPgroup.Router (config-if) # vrrp10 description workinggroup6vrrp group prioritylevelIt sets a router prioritylevel within the VRRPgroup. Here a defaultpriority is 100Router (config-if) # vrrp10 priority 1107vrrp grouppreempt [delayminimum seconds]This step configures arouter to take over as thevirtual router master forthe VRRP group if it hashigher priority than acurrent virtual routermaster.Router (config-if) # vrrp10 preempt delayminimum 3808vrrp group timersadvertise [msec]intervalThis step configures aninterval between thesuccessiveadvertisements by avirtual router master inthe VRRP master.Router (config-if) # vrrp10 timers advertise 1109vrrp group timerslearnIt configures a router,Router (config-if) # vrrpwhen it acted as the10 timers learnvirtual router backup forthe VRRP group, that tolearn an advertisementintervals used by a virtualrouter master.
1010exitThis exit interfaceconfiguration.Router (config-if) # exit11copy runningconfig startupconfigThis saves theconfiguration.Router # copy runningconfig startup-config2.2.2.1 Enable VRRPSteps Command1enable2configure terminal3interface type number4ip address ip-address mask5Vrrp group ip ip-address [secondary]6End7Show vrrp [ brief group]8Show vrrp interface type number [brief]2.2.2.2 Configure VRRP in Object TrackingSteps Command1enable
112configure terminal3Tract object-number interface type number {lineprotocol ip routing}4Interface type number5Vrrp group ip ip-address [secondary]6Vrrp group priority level7Vrrp group track object-number [decrement priority]8end9Show track [object-number]2.2.2.3 VRRP messageAs the due research observed, all of the communication done on VRRP is donethrough multicast addresses which implies that VRRP can be used on any sort ofLAN which is capable of supporting multicasting. However, there is a specificmulticast address assigned by IANA specifically for this purpose which is244.0.0.18, it is used by all the routers communicating over VRRP and the actualpackets incoming or outgoing between them are actually encapsulated or catered byIP packets. Furthermore, VRRP messages include VRRP state messages, VRRPpriority messages and VRID information is also shared [3].Also, there is a major difference between VRPR and HSRP is that all of thesemessages are distributed form the primary router towards the backup routers which
12are always in passive listening mode and as soon as they stop listening form theprimary router, they assume it as a failover and take the charge.[4]There are four fields in IP header that are important for VRRP. Thesefields are: Time To Live (TTL) Protocol type Source IP Address Destination IP Address2.3 Gateway Load Balancing Protocols (GLBP)GLBP is observed as another efficient redundancy protocol which is designed byCISCO and is their proprietary item which means that it is limited to work withCISCO devices and not interoperable. However, there are a couple of functionalitiesprovided by GLBP which is not offered by the other two protocols is the active loadbalancing as the backup routers are actively communicating and sharing the load ofthe gateway router to maintain the availability.[3]2.3.1 How it is workIn GLBP, all the routers are actively taking part and are in group which is capable ofactive traffic forwarding. However, the configuration mechanism is a little bitdifferent because it includes the selection of an AVG (Active Virtual Gateway) whilethe other routers are considered and selected as backup routers. Also, in this defined
13group, the AVG is responsible of assigning physical MAC addresses to the backuprouters and all of the backup routers are called as AVF (Active Virtual Forwarder).Furthermore, the AVG is also responsible of responding and replying to all of theARP requests sent by the stations in the subnet and on the basis of these requests,assigning a specific AVF to that particular part of the subnet to handle the traffic.[4]However, the default gateway router IP would be same across all the stations in thesubnet and when the station sends an ARP, the AVG would reply back with a virtualMAC of the backup router to balance the load so that the particular station wouldcontact the AVF in the future and the load on the AVG is automatically balanced.[1]Figure 3 GLBP Topology
142.3.2 ConfigurationTable 3Command or ActionSte enablep1Example:Router enableSte configure terminalp2Example:PurposeEnables privileged EXECmode. Enter your passwordif prompted.Enters globalconfiguration mode.Router# configure terminalSte interface type numberp3Example:Specifies an interfacetype and number andenters interfaceconfiguration mode.Router(config)# interface fastethernet 0/0Ste ip address ip-addressmask [secondary]p4Example:Specifies a primary orsecondary IP address foran interface.Router(config-if)#ip address 10.21.8.32255.255.255.0 Refer to the"Configuring IPAddressing" chapter ofthe Release 12.2 CiscoIOS IP ConfigurationGuide for information onconfiguring IP addresses.
15Ste glbp group authentication text stringp5Example:Router(config-if)# glbp 10 authentication textstringxyzSte glbp group forwarder preempt [delayp 6 minimum seconds]Example:Authenticates GLBPpackets received fromother routers in the group. If you configureauthentication, all routerswithin the GLBP groupmust use the sameauthentication string.Configures the router totake over as AVF for aGLBP group if it has ahigher priority than thecurrent AVF.Router(config-if)# glbp 10 forwarder preempt This command isdelay minimum 60enabled by default with adelay of 30 seconds. Use theoptional delay and minimum keywords andthe seconds argument tospecify a minimum delayinterval in seconds beforepreemption of the AVFtakes place.Ste glbp group load-balancing [hostp 7 dependent round-robin weighted]Specifies the method ofload balancing used bythe GLBP AVG.Example:Router(config-if)# glbp 10 load-balancinghost-dependentSte glbp group preempt [delayp 8 minimum seconds]Example:Configures the router totake over as AVG for aGLBP group if it has a
16Router(config-if)# glbp 10 preempt delayminimum 60higher priority than thecurrent AVG. This command isdisabled by default. Use theoptional delay and minimum keywords andthe seconds argument tospecify a minimum delayinterval in seconds beforepreemption of the AVGtakes place.Ste glbp group priority levelp9Example:Router(config-if)# glbp 10 priority 254Ste glbp group timers [msec] hellotime [msec]holp 1 dtime0Example:Router(config-if)# glbp 10 timers 5 18Sets the priority level ofthe gateway within aGLBP group. The default value is100.Configures the intervalbetween successive hellopackets sent by the AVGin a GLBP group. The holdtime argumentspecifies the interval inseconds before the virtualgateway and virtualforwarder information inthe hello packet isconsidered invalid. Theoptional msec keywordspecifies that thefollowing argument will
17be expressed inmilliseconds, instead ofthe default seconds.Ste glbp group timers redirect redirect timeoutp11 Example:Router(config-if)# glbp 10 timers redirect1800 28800Configures the timeinterval during which theAVG continues toredirect clients to anAVF. The timeout argumentspecifies the interval inseconds before asecondary virtualforwarder becomesinvalid.Note The zero value forthe redirect argumentcannot be removed fromthe range of acceptablevalues becausepreexisting configurationsof Cisco IOS softwarealready using the zerovalue could be negativelyaffected during anupgrade. However, beadvised that a zero settingis not recommended and,if used, results in aredirect timer that neverexpires. If the redirecttimer does not expire,then when a router fails,new hosts continue to beassigned to the failedrouter instead of beingredirected to the backup.
18Ste exitp12 Example:Router(config-if)# exitExits interfaceconfiguration mode, andreturns the router toglobal configurationmode.
19Chapter 3Implementation3.1 Basic Concept of FHRPFirst Hop means that any packet traveling out the network has its gateway as its firsthop. The Gateway redundancy protocol is used. IP routing redundancy is designedto allow for transparent fail-over at the first-hop IP router. Each HSRP and VRRPallows or allows multiple devices to work in a group, sharing a single IP address, avirtual IP address. First Hop means that any packet that travels the network has as itsfirst hop its gateway.[8]The virtual IP address is configured in each end user's workstation as a defaultgateway address and is cached in the host's Address Resolution Protocol (ARP)cache. In an HSRP or VRRP group, one router is elected to handle all requests sentto the virtual IP address. With HSRP, this is the active router. An HSRP group hasone active router, at least one standby router, and perhaps many listening routers. AVRRP group has one master router and one or more backup routers.[6]“First Hop Redundancy Protocol, which means they allow you to configure morethan one physical router, but it can still be seen as a single router. First Hop meansthat any packet traveling out the network has its gateway as its first hop. It is protocolused for Gateway redundancy”.[10]
20Figure 4 FHRP Overview
21Figure 5 FHRP Overview3.2 General FHRP OperationFirst, we describe First-hop redundancy protocol as a general operation. The basicprinciple is that clustered redundant routers form an FHRP group that acts as a singlevirtual router with an IP address of its own. within the group, a single router is electedas the coordinator based on announced priority. higher priority means superiorwillingness to turn out to be a coordinator.[9]In the case of equal priorities between two candidates, a router with the higher IPaddress is preferred. The election process may be preemptive or non-preemptive.Preemption means that the router with the highest priority always acquires the roleof coordinator even if the coordinator already exists.[9]
223.3 Plan of Operation3.3.1 Virtual Router Redundancy Protocol (VRRP)3.3.1.1 Basic Concept of VRRPIt is optional to customize VRRP behavior. Be aware that this group operates as soonas you enable a VRRP group. It is possible that if you first enable a VRRP groupbefore customizing VRRP, before you finish customizing the feature, the routercould take over group control and become the virtual router master. So if you'replanning to customize VRRP, it's a good ide
Redundancy Protocols which would enable the use of backup of load balancing routers on the go. In due context, the current study is aimed towards exploring the characteristics and deployment point of views of the main three redundancy protocols which are HSRP, VRRP, and GLBP. The current study specifically aims to answer following research
