Table of contents
HSRP (Cisco Private Protocol)
HSRP basic concepts
HSRP (Host Standby Router Protocol) is the host backup routing protocol
In the figure below, HSRP is enabled on the interfaces connecting the two devices to the PC (these two interfaces are on the same network segment). Once enabled, Hello messages will be actively sent, active and backup negotiation will be performed, and an Active Router and a Standby will be selected. Router, the main device is responsible for forwarding data. When the main device goes Down, the backup device takes over to forward data.
Which device should the gateway on PC be written to?
After enabling HSRP, you also need to virtualize an IP address (this address can be manually configured, or automatically learned through the peer's Hello - there must be a section for manual configuration). At this time, the virtual addresses of the active and standby are the same, and the PC's The gateway fills in this virtual IP address (the virtual IP address is in the same network segment as the HSRP interface)
And after configuring/generating the virtual IP address, a virtual MAC will be automatically generated (the virtual MAC of the active and standby devices are also consistent, but only the active device will use this virtual MAC to forward data)
For the PC, the switch between the active and standby devices is transparent, because for the PC, the IP and MAC of the gateway are consistent before and after the switch between the active and standby switches.
Virtual MAC generation rules
0000.0c07.ac01
0000.0c Supplier identification
07.ac represents the virtual MAC address generated by the HSRP protocol
01 HSRP backup group number (HSRP Group)
HSRP Group
A device can have multiple HSRP Groups, and can play different roles in different HSRP Groups (an interface can also have multiple HSRP Groups, and multiple virtual IP addresses of the same network segment can be configured)
For example, when two devices form an HSRP backup group, you can configure device 1 as the master device of group 1 and the backup device of group 2; configure device 2 as the backup device of group 1 and the master device of group 2; at this time, the two devices All devices can forward device traffic (device 1 forwards the traffic of group 1, and device 2 forwards the traffic of group 2 to achieve load balancing of traffic)
preempt
Preemption is not enabled by default
HSRP working process
When the HSRP protocol is enabled, both devices will send Hello messages (the destination address is the multicast address 224.0.0.2)
Then elect the primary and backup devices based on the content of the Hello message.
Contents of Hello message
Priority (default 100, the higher the priority - if the priorities are the same, the one configured with a virtual IP address will be the master device)
IP address (if virtual IP addresses are configured, the larger the IP address, the higher the priority)
Hello sending interval Default 3s
Hello keep-alive time Default 10s
Virtual IP address
HSRP status
Initial Initial state, this is the state when HSRP is turned on
Learn learning status, learning virtual IP (one end manually specifies the virtual IP, and the other end does not specify it. At this time, the other end can learn the virtual IP address through the Hello message sent by the peer—that is, after the peer reaches Speak and sends the Hello message We learn the virtual IP address in this state)
Listen Listening state, the local end will change to this state when it learns the virtual IP address.
Speak communication state, the local end starts sending Hello messages to elect the primary and backup devices (Hello messages will not be sent in the first three states)
Standby master device status
Active device status
HSRP reliability
HSRPmultidirectional
working principle
When the uplink port of the main device fails, the main device will send HSRP redirection
Subsequent downlink data will be redirected to the backup device (the user's ARP entry for the virtual IP address will be modified, and the MAC address corresponding to the virtual IP will be changed to the real physical MAC of the backup device)
Problems
After redirection at this time, when the backup device fails, the user will not be able to forward the device (because the ARP entry is forcibly changed to the physical MAC of the backup device interface, not the virtual MAC)
Solution
Therefore, when HSRP is enabled on the interface, the sending of HSTP redirect messages will be automatically prohibited.
When HSRP redirection is disabled, if the upstream port of the primary device fails, the downstream device forwards the traffic to the primary device, and then the primary device forwards the traffic to the backup device to complete the data forwarding (when the data packet comes back, it is directly forwarded from the backup device to the downstream device ). It is transparent to the user at this time
At this time, track tracking technology was proposed
Track uplink interface, when it is found that the track interface is down, the HSRP priority of the device will be reduced (default minus 10)
At this time, when the backup device finds that the priority is higher than that of the primary device, it chooses to preempt the primary device.
HSRP related configuration
Under the interface:
standby backup group number ip virtual IP address Enable HSRP
Standby number preempt Turn on preemption
Standby 1 track serial 1 10 Track serial 1 port, attenuation value is 10
Standby 1 timers 5 15 Set the sending interval and keep-alive time of hello messages
standby use-bia The configuration interface supports the configuration of one more backup group (the virtual MAC used by this backup group is the real MAC address of the physical interface)
GLBP protocol
GLBP (Gateway Load Balancing Protocol) Gateway Load Balancing Protocol
GLBPThe difference between HSRP and VRRP
Redundant Backup Network—Explanation of Basic Concepts of VRRP-CSDN Blog
- 1. HSRP and VRRP require multiple groups to achieve load sharing, while GLBP does not involve the concept of groups. By generating a virtual IP address corresponding to multiple virtual MAC addresses, the traffic to a single gateway is distributed on multiple routers.
- 2. GLBP can automatically reroute when any failure occurs
- 3. The device that turns on GLBP sends a hello message every 3 seconds, and the sending address is 224.0.0.102
- 4. GLBP messages are based on UDP port number 3222.
Two concepts of GLBP
AVF: Virtual forwarding is activated (devices running GLBP are called AVF)
AVG: Virtual gateway activated (select an AVG among all AVFs)
AVGchoice selection
High priority is given priority to
High IP addresses are the main ones
AVGeffect
1. After the AVG is elected, the AVG allocates virtual MAC to the AVF device (the virtual MAC of each device is inconsistent)
2. After receiving an ARP request for a virtual IP address from a customer, only the AVG device will respond (the MAC responded is not necessarily its own virtual MAC, but may also be the virtual MAC assigned by itself for other AVFs)
Allow users' data traffic load sharing
AVGHow to solve the problem when the device uplink is Down
If the uplink of the AVG device is Down, it will transfer its virtual MAC to other AVF devices (at this time, the transferred AVF device will have one virtual IP address corresponding to multiple virtual MAC addresses)
GLBPConfiguration (automatically delivered by virtual MAC)
Under the interface
glbp number ip virtual IP address
glpb number priority priority
glbp number timers msec 100 msec 700